d46ab98863
32 changes to exploits/shellcodes/ghdb Answerdev 1.0.3 - Account Takeover D-Link DIR-846 - Remote Command Execution (RCE) vulnerability Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure SOUND4 LinkAndShare Transmitter 1.1.2 - Format String Stack Buffer Overflow ERPNext 12.29 - Cross-Site Scripting (XSS) Liferay Portal 6.2.5 - Insecure Permissions GNU screen v4.9.0 - Privilege Escalation Apache Tomcat 10.1 - Denial Of Service PostgreSQL 9.6.1 - Remote Code Execution (RCE) (Authenticated) BTCPay Server v1.7.4 - HTML Injection. Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE) Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS) ImageMagick 7.1.0-49 - DoS bgERP v22.31 (Orlovets) - Cookie Session vulnerability & Cross-Site Scripting (XSS) Bus Pass Management System 1.0 - Stored Cross-Site Scripting (XSS) Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS) CKEditor 5 35.4.0 - Cross-Site Scripting (XSS) Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE) Froxlor 2.0.3 Stable - Remote Code Execution (RCE) ImageMagick 7.1.0-49 - Arbitrary File Read itech TrainSmart r1044 - SQL injection Online Eyewear Shop 1.0 - SQL Injection (Unauthenticated) PhotoShow 3.0 - Remote Code Execution projectSend r1605 - Remote Code Exectution RCE Responsive FileManager 9.9.5 - Remote Code Execution (RCE) zstore 6.6.0 - Cross-Site Scripting (XSS) Binwalk v2.3.2 - Remote Command Execution (RCE) XWorm Trojan 2.1 - Null Pointer Derefernce DoS Kardex Mlog MCC 5.7.12 - RCE (Remote Code Execution) Linux/x86_64 - bash Shellcode with xor encoding
9 lines
No EOL
257 B
Text
9 lines
No EOL
257 B
Text
# Exploit Title: Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE)
|
|
# Date: 2023-02-10
|
|
# Exploit Author: Andreas Finstad
|
|
# Version: < 14.4.1.29
|
|
# Tested on: Windows Server 2022
|
|
# CVE : CVE-2023-23286
|
|
POC:
|
|
|
|
https://f20.be/blog/provide-server-14-4 |