DB: 2023-06-08

2 changes to exploits/shellcodes/ghdb Apache 2.4.x - Buffer Overflow Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected Cross Site Scripting (XSS) USB Flash Drives Control 4.1.0.0 - Unquoted Service Path
2023-06-08 00:16:21 +00:00 · 2023-06-08 00:16:21 +00:00 · 12f9039552
commit 12f9039552
parent ccfd0c515d
2 changed files with 39 additions and 2 deletions
--- a/exploits/windows/local/51508.txt
+++ b/exploits/windows/local/51508.txt
@ -0,0 +1,36 @@
 # Exploit Title: USB Flash Drives Control 4.1.0.0 - Unquoted Service Path
 # Date: 2023-31-05
 # Exploit Author: Jeffrey Bencteux
 # Vendor Homepage: https://binisoft.org/
 # Software Link: https://binisoft.org/wfc
 # Version: 4.1.0.0
 # Tested on: Microsoft Windows 11 Pro
 # Vulnerability Type: Unquoted Service Path
 PS C:\> wmic service get name,displayname,pathname,startmode |findstr /i
 "auto" |findstr /i /v "c:\windows"
 USB Flash Drives Control       usbcs       C:\Program Files\USB Flash
 Drives Control\usbcs.exe       Auto
 PS C:\> sc.exe qc usbcs
 [SC] QueryServiceConfig SUCCESS
 SERVICE_NAME: usbcs
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files\USB Flash Drives
 Control\usbcs.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : USB Flash Drives Control
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem
 PS C:\> systeminfo
 OS Name:                   Microsoft Windows 11 Pro
 OS Version:                10.0.22621 N/A Build 22621
 OS Manufacturer:           Microsoft Corporation
 --
 Jeffrey BENCTEUX
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -11544,7 +11544,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 35786,exploits/multiple/webapps/35786.txt,"Ansible Tower 2.0.2 - Multiple Vulnerabilities",2015-01-14,"SEC Consult",webapps,multiple,80,2015-01-14,2015-01-14,0,OSVDB-116965;OSVDB-116964;OSVDB-116963;OSVDB-116962;OSVDB-116961;OSVDB-116960;OSVDB-116959;CVE-2015-1482;CVE-2015-1481;CVE-2015-1368,,,,,
 44220,exploits/multiple/webapps/44220.txt,"antMan < 0.9.1a - Authentication Bypass",2018-03-02,"Joshua Bowser",webapps,multiple,,2018-03-02,2018-03-09,0,CVE-2018-7739,,,,,
 50267,exploits/multiple/webapps/50267.txt,"Antminer Monitor 0.5.0 - Authentication Bypass",2021-09-06,Vulnz,webapps,multiple,,2021-09-06,2021-09-06,0,,,,,http://www.exploit-db.comantminer-monitor-0.5.0.zip,
-51193,exploits/multiple/webapps/51193.py,"Apache 2.4.x - Buffer Overflow",2023-04-01,"Sunil Iyengar",webapps,multiple,,2023-04-01,2023-04-01,0,CVE-2021-44790,,,,,
+51193,exploits/multiple/webapps/51193.py,"Apache 2.4.x - Buffer Overflow",2023-04-01,"Sunil Iyengar",webapps,multiple,,2023-04-01,2023-06-07,1,CVE-2021-44790,,,,,
 49927,exploits/multiple/webapps/49927.py,"Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution",2021-06-02,"Pepe Berba",webapps,multiple,,2021-06-02,2021-06-02,0,CVE-2020-13927;CVE-2020-11978,,,,,
 15710,exploits/multiple/webapps/15710.txt,"Apache Archiva 1.0 < 1.3.1 - Cross-Site Request Forgery",2010-12-09,"Anatolia Security",webapps,multiple,,2010-12-09,2010-12-09,1,CVE-2010-3449,,,,,http://www.anatoliasecurity.com/adv/as-adv-2010-001.txt
 12689,exploits/multiple/webapps/12689.txt,"Apache Axis2 Administration Console - (Authenticated) Cross-Site Scripting",2010-05-21,"Richard Brain",webapps,multiple,,2010-05-20,2016-12-19,0,OSVDB-64844;CVE-2010-2103,,,,,
@ -34120,7 +34120,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 8066,exploits/php/webapps/8066.txt,"YACS CMS 8.11 - 'update_trailer.php' Remote File Inclusion",2009-02-16,ahmadbady,webapps,php,,2009-02-15,2017-02-13,1,OSVDB-52041,,,,,
 44424,exploits/php/webapps/44424.txt,"Yahei PHP Prober 0.4.7 - Cross-Site Scripting",2018-04-09,ManhNho,webapps,php,,2018-04-09,2018-04-09,0,CVE-2018-9238,"Cross-Site Scripting (XSS)",,,http://www.exploit-db.comtz_e.zip,
 7131,exploits/php/webapps/7131.txt,"yahoo answers - 'id' SQL Injection",2008-11-16,snakespc,webapps,php,,2008-11-15,2017-01-02,1,OSVDB-49906;CVE-2008-5490,,,,,
-51198,exploits/php/webapps/51198.txt,"Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected Cross Site Scripting (XSS)",2023-04-01,"SITE Team",webapps,php,,2023-04-01,2023-04-01,0,CVE-2022-48197,,,,,
+51198,exploits/php/webapps/51198.txt,"Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected Cross Site Scripting (XSS)",2023-04-01,"SITE Team",webapps,php,,2023-04-01,2023-06-07,1,CVE-2022-48197,,,,,
 13845,exploits/php/webapps/13845.txt,"Yamamah - 'news' SQL Injection / Source Code Disclosure",2010-06-12,anT!-Tr0J4n,webapps,php,,2010-06-11,2016-10-27,0,CVE-2010-2336;CVE-2010-2335;CVE-2010-2334;CVE-2010-1300;OSVDB-65648;OSVDB-65479;OSVDB-63344,,,,http://www.exploit-db.comyamamah_v1.rar,
 13849,exploits/php/webapps/13849.txt,"Yamamah 1.0 - SQL Injection",2010-06-12,TheMaStEr,webapps,php,,2010-06-11,,1,CVE-2010-1300,,,,http://www.exploit-db.comyamamah_v1.rar,
 11947,exploits/php/webapps/11947.txt,"Yamamah 1.00 - Multiple Vulnerabilities",2010-03-30,indoushka,webapps,php,,2010-03-29,,0,OSVDB-63344;CVE-2010-2335;CVE-2010-1300,,,,http://www.exploit-db.comyamamah_v1.rar,
@ -41409,6 +41409,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 12469,exploits/windows/local/12469.rb,"Urgent Backup 3.20 / ABC Backup Pro 5.20 / ABC Backup 5.50 - '.zip' File (SEH)",2010-04-30,Lincoln,local,windows,,2010-04-29,,1,OSVDB-64213;CVE-2010-1686,,,,http://www.exploit-db.comabcbackupprosetup.exe,http://www.corelan.be:8800/advisories.php?id=CORELAN-10-034
 19323,exploits/windows/local/19323.c,"URL Hunter - Local Buffer Overflow (DEP Bypass)",2012-06-21,Ayrbyte,local,windows,,2012-06-21,2012-06-25,1,OSVDB-83362,,,http://www.exploit-db.com/screenshots/idlt19500/urlhunter.png,http://www.exploit-db.comurlhuntersetup.exe,
 16645,exploits/windows/local/16645.rb,"URSoft W32Dasm 8.93 - Disassembler Function Buffer Overflow (Metasploit)",2010-09-25,Metasploit,local,windows,,2010-09-25,2011-03-10,1,CVE-2005-0308;OSVDB-13169,"Metasploit Framework (MSF)",,,,
 51508,exploits/windows/local/51508.txt,"USB Flash Drives Control 4.1.0.0 - Unquoted Service Path",2023-06-07,"Jeffrey Bencteux",local,windows,,2023-06-07,2023-06-07,0,,,,,,
 41542,exploits/windows/local/41542.c,"USBPcap 1.1.0.0 (WireShark 2.2.5) - Local Privilege Escalation",2017-03-07,"Parvez Anwar",local,windows,,2017-03-07,2017-03-15,0,CVE-2017-6178,,,,,
 39888,exploits/windows/local/39888.txt,"Valve Steam 3.42.16.13 - Local Privilege Escalation",2016-06-06,"Gregory Smiley",local,windows,,2016-06-06,2016-06-06,0,CVE-2016-5237,,,,,
 17459,exploits/windows/local/17459.txt,"Valve Steam Client Application 1559/1559 - Local Privilege Escalation",2011-06-29,LiquidWorm,local,windows,,2011-06-29,2011-06-29,0,,,,,,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5022.php