exploit-db-mirror

bpmcdevitt/exploit-db-mirror

Fork 0

Commit graph

Author	SHA1	Message	Date
Offensive Security	679a62755b	DB: 2021-10-14 28 changes to exploits/shellcodes Cypress Solutions CTM-200/CTM-ONE - Hard-coded Credentials Remote Root (Telnet/SSH) Cypress Solutions CTM-200 2.7.1 - Root Remote OS Command Injection Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution Ahsay Backup 8.1.1.50 - Insecure File Upload and Code Execution (Authenticated) Simple Payroll System 1.0 - SQLi Authentication Bypass Dolibarr ERP/CRM 14.0.1 - Privilege Escalation Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload & Remote Code Execution (RCE) Budget and Expense Tracker System 1.0 - Remote Code Execution (RCE) (Unauthenticated) Budget and Expense Tracker System 1.0 - Arbitrary File Upload FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Hidden Backdoor Account (Write Access) FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation Company's Recruitment Management System 1.0 - 'Multiple' SQL Injection (Unauthenticated) Keycloak 12.0.1 - 'request_uri ' Blind Server-Side Request Forgery (SSRF) (Unauthenticated) Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution (RCE) Pharmacy Point of Sale System 1.0 - 'Add New User' Cross-Site Request Forgery (CSRF) Online Learning System 2.0 - 'Multiple' SQLi Authentication Bypass Simple Issue Tracker System 1.0 - SQLi Authentication Bypass Student Quarterly Grading System 1.0 - 'grade' Stored Cross-Site Scripting (XSS) Logitech Media Server 8.2.0 - 'Title' Cross-Site Scripting (XSS) Sonicwall SonicOS 7.0 - Host Header Injection Windows/x64 - Reverse TCP (192.168.201.11:4444) Shellcode (330 Bytes)	2021-10-14 05:02:11 +00:00
Offensive Security	794d9e4342	DB: 2021-10-08 8 changes to exploits/shellcodes Google SLO-Generator 2.0.0 - Code Execution Apache HTTP Server 2.4.49 - Path Traversal Apache HTTP Server 2.4.49 - Path Traversal & Remote Code Execution (RCE) Online DJ Booking Management System 1.0 - 'Multiple' Blind Cross-Site Scripting Online Traffic Offense Management System 1.0 - Multiple SQL Injection (Unauthenticated) Online Traffic Offense Management System 1.0 - Multiple XSS (Unauthenticated) Online Traffic Offense Management System 1.0 - Multiple RCE (Unauthenticated) Simple Online College Entrance Exam System 1.0 - SQLi Authentication Bypass Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode (415 bytes)	2021-10-08 05:02:10 +00:00
Offensive Security	bd08b79b4a	DB: 2021-10-07 4 changes to exploits/shellcodes Atlassian Jira Server/Data Center 8.16.0 - Arbitrary File Read Odine Solutions GateKeeper 1.0 - 'trafficCycle' SQL Injection Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure Apache HTTP Server 2.4.49 - Path Traversal	2021-10-07 05:02:12 +00:00

Author

SHA1

Message

Date

Offensive Security

679a62755b

DB: 2021-10-14

28 changes to exploits/shellcodes

Cypress Solutions CTM-200/CTM-ONE - Hard-coded Credentials Remote Root (Telnet/SSH)
Cypress Solutions CTM-200 2.7.1 - Root Remote OS Command Injection

Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution
Ahsay Backup 8.1.1.50 - Insecure File Upload and Code Execution (Authenticated)

Simple Payroll System 1.0 - SQLi Authentication Bypass

Dolibarr ERP/CRM 14.0.1 - Privilege Escalation

Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload & Remote Code Execution (RCE)

Budget and Expense Tracker System 1.0 - Remote Code Execution (RCE) (Unauthenticated)

Budget and Expense Tracker System 1.0 - Arbitrary File Upload
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Hidden Backdoor Account (Write Access)
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation
Company's Recruitment Management System 1.0 - 'Multiple' SQL Injection (Unauthenticated)
Keycloak 12.0.1 - 'request_uri ' Blind Server-Side Request Forgery (SSRF) (Unauthenticated)
Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution (RCE)
Pharmacy Point of Sale System 1.0 - 'Add New User' Cross-Site Request Forgery (CSRF)
Online Learning System 2.0 - 'Multiple' SQLi Authentication Bypass
Simple Issue Tracker System 1.0 - SQLi Authentication Bypass
Student Quarterly Grading System 1.0 - 'grade' Stored Cross-Site Scripting (XSS)
Logitech Media Server 8.2.0 - 'Title' Cross-Site Scripting (XSS)
Sonicwall SonicOS 7.0 - Host Header Injection

Windows/x64 - Reverse TCP (192.168.201.11:4444) Shellcode (330 Bytes)

2021-10-14 05:02:11 +00:00

Offensive Security

794d9e4342

DB: 2021-10-08

8 changes to exploits/shellcodes

Google SLO-Generator 2.0.0 - Code Execution

Apache HTTP Server 2.4.49 - Path Traversal
Apache HTTP Server 2.4.49 - Path Traversal & Remote Code Execution (RCE)
Online DJ Booking Management System 1.0 - 'Multiple' Blind Cross-Site Scripting
Online Traffic Offense Management System 1.0 - Multiple SQL Injection (Unauthenticated)
Online Traffic Offense Management System 1.0 - Multiple XSS (Unauthenticated)
Online Traffic Offense Management System 1.0 - Multiple RCE (Unauthenticated)
Simple Online College Entrance Exam System 1.0 - SQLi Authentication Bypass

Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode (415 bytes)

2021-10-08 05:02:10 +00:00

Offensive Security

bd08b79b4a

DB: 2021-10-07

4 changes to exploits/shellcodes

Atlassian Jira Server/Data Center 8.16.0 - Arbitrary File Read
Odine Solutions GateKeeper 1.0 - 'trafficCycle' SQL Injection
Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure
Apache HTTP Server 2.4.49 - Path Traversal

2021-10-07 05:02:12 +00:00

3 commits