DB: 2025-04-14

52 changes to exploits/shellcodes/ghdb

Microchip TimeProvider 4100 (Configuration modules) 2.4.6 - OS Command Injection
Microchip TimeProvider 4100 Grandmaster (Banner Config Modules) 2.4.6 - Stored Cross-Site Scripting (XSS)
Microchip TimeProvider 4100 Grandmaster (Data plot modules) 2.4.6 - SQL Injection
Microchip TimeProvider 4100 (Configuration modules) 2.4.6 - OS Command Injection
Microchip TimeProvider 4100 Grandmaster (Banner Config Modules) 2.4.6 - Stored Cross-Site Scripting (XSS)
Microchip TimeProvider 4100 Grandmaster (Data plot modules) 2.4.6 - SQL Injection

Apache HugeGraph Server 1.2.0 - Remote Code Execution (RCE)

DataEase 2.4.0 - Database Configuration Information Exposure

Cosy+ firmware 21.2s7 - Command Injection

Angular-Base64-Upload Library 0.1.20 - Remote Code Execution (RCE)

K7 Ultimate Security K7RKScan.sys 17.0.2019 - Denial Of Service (DoS)
ABB Cylon Aspect 3.07.02 - File Disclosure (Authenticated)
ABB Cylon Aspect 3.08.01 - Remote Code Execution (RCE)
ABB Cylon Aspect 3.07.02 - File Disclosure
ABB Cylon Aspect 3.08.01 - Remote Code Execution (RCE)

Cisco Smart Software Manager On-Prem 8-202206 - Account Takeover

CyberPanel 2.3.6 - Remote Code Execution (RCE)

IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow

Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution (RCE)

KubeSphere 3.4.0 - Insecure Direct Object Reference (IDOR)

MagnusSolution magnusbilling 7.3.0 - Command Injection

Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover

Progress Telerik Report Server 2024 Q1 (10.0.24.305) - Authentication Bypass

Sonatype Nexus Repository 3.53.0-01 - Path Traversal

Watcharr 1.43.0 - Remote Code Execution (RCE)

Webmin Usermin 2.100 - Username Enumeration
ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials
ABB Cylon Aspect 3.08.01 - Arbitrary File Delete
ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials
ABB Cylon Aspect 3.08.01 - Arbitrary File Delete

AquilaCMS 1.409.20 - Remote Command Execution (RCE)

Artica Proxy 4.50 - Remote Code Execution (RCE)

Centron 19.04 - Remote Code Execution (RCE)

ChurchCRM 5.9.1 - SQL Injection

CodeAstro Online Railway Reservation System 1.0 - Cross Site Scripting (XSS)

CodeCanyon RISE CRM 3.7.0 - SQL Injection

Elaine's Realtime CRM Automation 6.18.17 - Reflected XSS

Feng Office 3.11.1.2 - SQL Injection
flatCore 1.5 - Cross Site Request Forgery (CSRF)
flatCore 1.5.5 - Arbitrary File Upload
flatCore 1.5 - Cross Site Request Forgery (CSRF)
flatCore 1.5.5 - Arbitrary File Upload

GetSimpleCMS 3.3.16 - Remote Code Execution (RCE)

Gnuboard5 5.3.2.8 - SQL Injection

LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection

Litespeed Cache 6.5.0.1 - Authentication Bypass

MiniCMS 1.1 - Cross Site Scripting (XSS)

MoziloCMS 3.0 - Remote Code Execution (RCE)

NEWS-BUZZ News Management System 1.0 - SQL Injection

PandoraFMS 7.0NG.772 - SQL Injection

phpIPAM 1.6 - Reflected Cross Site Scripting (XSS)

PZ Frontend Manager WordPress Plugin 1.0.5 - Cross Site Request Forgery (CSRF)

ResidenceCMS 2.10.1 - Stored Cross-Site Scripting (XSS)

RosarioSIS 7.6 - SQL Injection

Roundcube Webmail 1.6.6 - Stored Cross Site Scripting (XSS)
Typecho 1.3.0 - Race Condition
Typecho 1.3.0 - Stored Cross-Site Scripting (XSS)
Typecho 1.3.0 - Race Condition
Typecho 1.3.0 - Stored Cross-Site Scripting (XSS)

X2CRM 8.5 - Stored Cross-Site Scripting (XSS)

Rejetto HTTP File Server 2.3m - Remote Code Execution (RCE)

Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure

Author: Exploit-DB

exploits/hardware/remote/52119.NA

@@ -1,4 +1,4 @@
-# Exploit Title: Microchip TimeProvider 4100 Grandmaster Config File - Remote Code Execution (RCE)
+# Exploit Title: Microchip TimeProvider 4100 (Configuration modules) 2.4.6 - OS Command Injection
 
 # Exploit Author: Armando Huesca Prida
 

exploits/hardware/remote/52120.NA

@@ -1,4 +1,4 @@
-# Exploit Title: Microchip TimeProvider 4100 Grandmaster (banner) - Stored XSS
+# Exploit Title: Microchip TimeProvider 4100 Grandmaster (Banner Config Modules) 2.4.6 - Stored Cross-Site Scripting (XSS)
 
 # Exploit Author: Armando Huesca Prida
 

exploits/hardware/remote/52122.NA

@@ -1,4 +1,4 @@
-# Exploit Title: Microchip TimeProvider 4100 Grandmaster - Unauthenticated SQL Injection
+# Exploit Title: Microchip TimeProvider 4100 Grandmaster (Data plot modules) 2.4.6 - SQL Injection
 
 # Exploit Author: Armando Huesca Prida, Marco Negro
 

exploits/java/webapps/52128.py

@@ -1,13 +1,11 @@
-################################################################
-############################                                   #
-#- Exploit Title: DataEase Database Creds Extractor            #
-#- Shodan Dork: http.html:"dataease"                           #
-#- FOFA Dork: body="dataease" && title=="DataEase"             #
-#- Exploit Author: ByteHunter                                  #
-#- Email: 0xByteHunter@proton.me                               #
-#- vulnerable Versions: 2.4.0-2.5.0                            #
-#- Tested on: 2.4.0                                            #
-#- CVE : CVE-2024-30269                                        #
+# Exploit Title: DataEase 2.4.0 - Database Configuration Information Exposure
+# Shodan Dork: http.html:"dataease"                           #
+# FOFA Dork: body="dataease" && title=="DataEase"             #
+# Exploit Author: ByteHunter                                  #
+# Email: 0xByteHunter@proton.me                               #
+# vulnerable Versions: 2.4.0-2.5.0                            #
+# Tested on: 2.4.0                                            #
+# CVE : CVE-2024-30269                                        #
 ############################                                   #
 ################################################################
 

exploits/java/webapps/52149.py

@@ -1,4 +1,4 @@
-# Exploit Title: Apache HugeGraph < 1.2.0 Remote Code Execution (Unauthenticated)
+# Exploit Title: Apache HugeGraph Server 1.2.0 - Remote Code Execution (RCE)
 # Exploit Author: Yesith Alvarez
 # Vendor Homepage: https://hugegraph.apache.org/docs/download/download/
 # Version: Apache HugeGraph 1.0.0 - 1.2.0

exploits/multiple/hardware/52160.py

@@ -1,24 +1,4 @@
-Hey,
-
-Overview: The Ewon Cosy+ is a VPN gateway used for remote access and
-maintenance in industrial environments. The manufacturer describes the
-product as follows (see [1]): "The Ewon Cosy+ gateway establishes a secure
-VPN connection between the machine (PLC, HMI, or other devices) and the
-remote engineer. The connection happens through Talk2m, a highly secured
-industrial cloud service. The Ewon Cosy+ makes industrial remote access
-easy and secure like never before!" Due to improper neutralization of
-parameters read from a user-controlled configuration file, an authenticated
-attacker is able to inject and execute OS commands on the device.
-
-Vulnerability Details: Authenticated attackers are able to upload a custom
-OpenVPN configuration. This configuration can contain the OpenVPN
-paramaters "--up" and "--down", which execute a specified script or
-executable. Since the process itself runs with the highest privileges
-(root), this allows the device to be completely compromised.
-
-
-PoC:
-# Exploit Title: Ewon Cosy+ Command Injection
+# Exploit Title: Cosy+ firmware 21.2s7 - Command Injection
 # Google Dork: N/A
 # Date: 2024-8-20
 # Exploit Author: CodeB0ss
@@ -50,4 +30,22 @@ def configcreator(file_path):
 
 
 GitHub:
-https://github.com/codeb0ss/CVE-2024-33896-PoC
+https://github.com/codeb0ss/CVE-2024-33896-PoC
+
+Hey,
+
+Overview: The Ewon Cosy+ is a VPN gateway used for remote access and
+maintenance in industrial environments. The manufacturer describes the
+product as follows (see [1]): "The Ewon Cosy+ gateway establishes a secure
+VPN connection between the machine (PLC, HMI, or other devices) and the
+remote engineer. The connection happens through Talk2m, a highly secured
+industrial cloud service. The Ewon Cosy+ makes industrial remote access
+easy and secure like never before!" Due to improper neutralization of
+parameters read from a user-controlled configuration file, an authenticated
+attacker is able to inject and execute OS commands on the device.
+
+Vulnerability Details: Authenticated attackers are able to upload a custom
+OpenVPN configuration. This configuration can contain the OpenVPN
+paramaters "--up" and "--down", which execute a specified script or
+executable. Since the process itself runs with the highest privileges
+(root), this allows the device to be completely compromised.

exploits/multiple/remote/52121.py

@@ -1,6 +1,4 @@
-#!/bin/python3
-
-# Exploit Title: Unauthenticated RCE via Angular-Base64-Upload Library
+# Exploit Title: Angular-Base64-Upload Library 0.1.20 - Remote Code Execution (RCE)
 # Date: 10 October 2024
 # Discovered by : Ravindu Wickramasinghe | rvz (@rvizx9)
 # Exploit Author: Ravindu Wickramasinghe | rvz (@rvizx9)
@@ -26,6 +24,7 @@
 # It is your responsibility to ensure compliance with all applicable laws and regulations governing your use of this software.
 # Proceed with caution and use this code responsibly.
 
+#!/bin/python3
 
 import re
 import subprocess

exploits/multiple/remote/52158.py

@@ -1,4 +1,4 @@
-# Title:  K7 Ultimate Security < v17.0.2019 "K7RKScan.sys" Null Pointer Dereference
+# Exploit Title:  K7 Ultimate Security K7RKScan.sys 17.0.2019 - Denial Of Service (DoS)
 # Date: 13.08.2024
 # Author: M. Akil Gündoğan
 # Vendor Homepage: https://k7computing.com/

exploits/multiple/webapps/52097.NA

@@ -1,4 +1,4 @@
-# Exploit Title: IDOR Vulnerability in KubeSphere v3.4.0 & KubeSphere Enterprise v4.1.1
+# Exploit Title: KubeSphere 3.4.0 - Insecure Direct Object Reference (IDOR)
 # Date: 3 September
 # Exploit Author: Okan Kurtulus
 # Vendor Homepage: https://kubesphere.io

exploits/multiple/webapps/52101.py

@@ -1,4 +1,4 @@
-# Exploit Title: CVE-2024-4956: Unauthenticated Path Traversal in Nexus Repository Manager 3
+# Exploit Title: Sonatype Nexus Repository 3.53.0-01 - Path Traversal
 # Google Dork: header="Server: Nexus/3.53.0-01 (OSS)"
 # Date: 2024-09-22
 # Exploit Author: VeryLazyTech