Jump to content

Kev

Active Members
  • Posts

    1026
  • Joined

  • Days Won

    55

Kev last won the day on January 17

Kev had the most liked content!

7 Followers

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Kev's Achievements

Experienced

Experienced (11/14)

  • Reacting Well Rare
  • Dedicated Rare
  • First Post Rare
  • Collaborator Rare
  • Posting Machine Rare

Recent Badges

473

Reputation

  1. Kev

    apk2url

    apk2url easily extracts URL and IP endpoints from an APK file and performs filtering into a .txt output. This is suitable for information gathering by the red team, penetration testers and developers to quickly identify endpoints associated with an application. NOTE: Why use apk2url? When compared with APKleaks, MobSF and AppInfoScanner, apk2url identifies a significantly higher number of endpoints. Running apk2url NOTE: apk2url requires apktool and jadx which can be easily installed with apt. Please refer to the dependencies section. git clone https://github.com/n0mi1k/apk2url ./apk2url.sh /path/to/apk/file.apk UPDATE v1.2 now supports directory input for multiple APKs! ./apk2url.sh /path/to/apk-directory/ You can also install directly for easy access by running ./install.sh. After that you can run apk2url anywhere: By default there are 2 output files in the "endpoints" directory: <apkname>_endpoints.txt - Contains endpoints with full URL paths <apkname>_uniq.txt - Contains unique endpoint domains and IPs By default, the program does not log the Android file name/path where endpoints are discovered. To enable logging, run as follows: apk2url /path/to/apk/file.apk log *Tested on Kali 2023.2 and Ubuntu 22.04 Dependencies Use apt for easy installation of these tools required by apk2url: sudo apt install apktool sudo apt install jadx Demonstration Disclaimer This tool is for educational and testing purposes only. Do not use it to exploit the vulnerability on any system that you do not own or have permission to test. The authors of this script are not responsible for any misuse or damage caused by its use. Download: git clone https://github.com/n0mi1k/apk2url.git Source
  2. Complete comprehensive archive of all 1,863 exploits added to Packet Storm in 2023. Content: ³ 202301-exploits ³ 2adgb20-disclose.txt ³ academylms511-xss.txt ³ activeecommercecms650-sql.txt ³ activeecommercecms650-xss.txt ³ activematrimonialcms35-insecure.txt ³ activematrimonialcms36-sql.txt ³ adminabulgaria10-sql.txt ³ adminseg2155-idor.txt ³ amazcartlescms34-xss.txt ³ askey-escalate.txt ³ bdweblinklms1115-idor.txt ³ blesta541-insecure.txt ³ bootcommerce321-sql.txt ³ bootcommerce321-xss.txt ³ cacti_unauthenticated_cmd_injection.rb.txt ³ carrentalscript30-sql.txt ³ chikoi10-sql.txt ³ chikoinewmvcshop10-xss.txt ³ cicms7-sql.txt ³ citrixclient-disclose.txt ³ cmsglobalpctech10-insecure.txt ³ control_web_panel_login_cmd_exec.rb.txt ³ corpatechcms2-sql.txt ³ CVE-2022-44149.py.txt ³ cwp7-exec.txt ³ dcastaliacms12-idor.txt ³ deprixapro75-insecure.txt ³ deprixaprocms325-insecure.txt ³ eatself115-sql.txt ³ ecartmves1-insecure.txt ³ ecartweb400-insecure.txt ³ ecartweb500-xss.txt ³ enci41-sql.txt ³ erpgosaas39-csvinject.txt ³ erpgosaascrm33-upload.txt ³ flex522-insecure.txt ³ foloosishopping557-insecure.txt ³ foodordersystem2-shell.txt ³ get41-disclose.txt ³ gic10-sql.txt ³ goldfilledcrm20-upload.txt ³ GS20230102143226.tgz ³ GS20230102143415.tgz ³ GS20230103153417.tgz ³ GS20230106134403.tgz ³ GS20230109135640.tgz ³ GS20230110134636.tgz ³ GS20230110135120.tgz ³ GS20230111153522.tgz ³ GS20230112140635.tgz ³ GS20230113150343.txt ³ GS20230113150649.tgz ³ GS20230117164337.tgz ³ GS20230117164548.tgz ³ GS20230118170140.txt ³ HNS-2022-01-dtprintinfo.txt ³ incrementercms01-insecure.txt ³ infobool30-sql.txt ³ infokart11-sql.txt ³ inlislite32-insecure.txt ³ inouthomestay22-sql.txt ³ inoutjobsportal222-sql.txt ³ inoutjobsportal222-xss.txt ³ inoutmusic511-sql.txt ³ inoutmvsc323-sql.txt ³ inoutmvsc323-xss.txt ³ inoutrealestate213-sql.txt ³ inoutse1013-xss.txt ³ ivanti_csa_unauth_rce_cve_2021_44529.rb.txt ³ jettweb3-sql.txt ³ jettwebreadyrentacar4-xss.txt ³ kesioncms15-addadmin.txt ³ kesioncms15160902-insecure.txt ³ KIS-2023-01.txt ³ KIS-2023-02.txt ³ KIS-2023-03.txt ³ KIS-2023-04.txt ³ laravel9470-disclose.txt ³ linear_emerge_unauth_rce_cve_2019_7256.rb.txt ³ listserv17-idor.txt ³ listserv17-xss.txt ³ medisensehealthcaresolcrm20-xsrf.txt ³ mremoteng17620-escalate.txt ³ netchess21-overflow.txt ³ ofoo2-shell.txt ³ ofoo2-sql.txt ³ ofos20-exec.txt ³ ofos20-sql.txt ³ ofos20-xss.txt ³ oracledbmetadata-exposure.txt ³ oracledbmsredact-bypass.txt ³ oracleuap-bypass.txt ³ phpjabbersacs32-xss.txt ³ phpjabbersbds32-xss.txt ³ phpjabberscpbs20-xss.txt ³ phpjabbersetss10-xss.txt ³ phpjabberspls31-sql.txt ³ phpjabberspls31-xss.txt ³ phpjabberstts10-sql.txt ³ phpjabberstts10-xss.txt ³ prms10-bypass.txt ³ raptor_dtprintlibXmas.c ³ rt-sa-2022-002.txt ³ SA-20230117-2.txt ³ slims952-xss.txt ³ SYSS-2022-047.txt ³ tikiwikicms250-xss.txt ³ TRSA-2203-01.txt ³ wolfssl-overread.txt ³ wpmmm222-disclose.txt ³ wpprofilebuilder305-sql.txt ³ wproyalelemntor1359-insecure.txt ³ wpsliderrevolution412-traversal.txt ³ wpsliderrevolution413-traversal.txt ³ wpsliderrevolution465-shell.txt ³ wpsliderrevolution465-traversal.txt ³ wpsliderrevolution492-traversal.txt ³ wpsliderrevolution4xx-shell.txt ³ wpsliderrevoluvation308-traversal.txt ³ wptouch375-redirect.txt ³ wptouch382-redirect.txt ³ wptouch4347-redirect.txt ³ wptouchpro3091-redirect.txt ³ wptouchpro334-redirect.txt ³ xcash15-insecure.txt ³ yjh3-sql.txt ³ yjh3-xss.txt ³ yuvaneducationcrm30-sql.txt ³ zstore654-xss.txt ³ zstore660-xss.txt ³ 202302-exploits ³ 101newsbymk10-sql.txt ³ acdme78-sqlexecxsstraversal.txt ³ adms10-escalate.txt ³ adms10-sql.txt ³ argondashboard112-sql.txt ³ atrocore1525-shell.txt ³ bestposms10-shell.txt ³ bestposms10-sql.txt ³ bestposms10-xss.txt ³ CDSR-20230213-0.txt ³ chikoi10-traversal.txt ³ chikoi10-xss.txt ³ churchcrm453-sql.txt ³ cisco_rv340_lan.rb.txt ³ CVE-2022-45701.py.txt ³ cve_2022_1043_io_uring_priv_esc.rb.txt ³ cve_2022_3699_lenovo_diagnostics_driver.rb.txt ³ demanzomatrimony15-xsrf.txt ³ empc17-sql.txt ³ empc17-xss.txt ³ etms10-escalate.txt ³ etms10-sql.txt ³ f5_create_user.rb.txt ³ fortra_goanywhere_rce_cve_2023_0669.rb.txt ³ froxlor_log_path_rce.rb.txt ³ gitlab_github_import_rce_cve_2022_2992.rb.txt ³ globalinfotechcms10-sql.txt ³ GS20230206163255.tgz ³ GS20230206163837.tgz ³ GS20230209162439.tgz ³ GS20230210152355.tgz ³ GS20230210152910.tgz ³ GS20230210153345.tgz ³ GS20230210153626.tgz ³ GS20230224194934.tgz ³ GS20230227151433.tgz ³ kardexmlogvcc5712-exec.txt ³ kshitish20-insecure.txt ³ mac_dirty_cow.rb.txt ³ manageengine_adselfservice_plus_saml_rce_cve_2022_47966.rb.txt ³ manageengine_endpoint_central_saml_rce_cve_2022_47966.rb.txt ³ manageengine_servicedesk_plus_saml_rce_cve_2022_47966.rb.txt ³ materialdashboard2-sql.txt ³ mefidot22-insecure.txt ³ mefidot22-sql.txt ³ mgs10-escalate.txt ³ mgs10-sql.txt ³ Monitorrv1.7.6_RCE.py.txt ³ nagios_xi_configwizards_authenticated_rce.rb.txt ³ NWSSA-001-2023.txt ³ NWSSA-002-2023.txt ³ onlineeyewearshop10-sql.txt ³ oracle12102-escalate.txt ³ pfblockerng2146-exec.txt ³ pyload_js2py_exec.rb.txt ³ SA-20230214-0.txt ³ salestrackerssytem10-sql.txt ³ sfos10-sql.txt ³ tomcat_ubuntu_log_init_priv_esc.rb.txt ³ vmwgfx_fd_priv_esc.rb.txt ³ weby125-xsrf.txt ³ wpqsm808-delete.txt ³ wpqsm808-xsrf.txt ³ wprealestate7theme334-abuse.txt ³ wprealestate7theme334-xsrf.txt ³ wprealestate7theme334-xss.txt ³ wpwoodmarttheme710-inject.txt ³ wpwoodmarttheme711-xsrf.txt ³ xworm21-dos.txt ³ ycrs10-sql.txt ³ zabbix627-escalate.txt ³ ZSL-2023-5744.txt ³ ZSL-2023-5745.txt ³ ZSL-2023-5746.txt ³ ZSL-2023-5747.txt ³ ZSL-2023-5748.txt ³ ZSL-2023-5749.txt ³ ZSL-2023-5750.txt ³ ZSL-2023-5751.txt ³ ZSL-2023-5752.txt ³ ZSL-2023-5753.txt ³ ZSL-2023-5754.txt ³ 202303-exploits ³ 101newsportal10-sql.txt ³ abantecart132-exec.txt ³ adobeconnect1145-disclose.txt ³ aerocms001-shellinject.txt ³ aerocms001-sql.txt ³ atomcms20noauth-sql.txt ³ beautysalon10-shell.txt ³ bitbucket700-exec.txt ³ bitbucket_env_var_rce.rb.txt ³ bludit3141-shell.txt ³ boxbilling42215-exec.txt ³ bsms100-xss.txt ³ cacti1222-exec.txt ³ clanspherecms20114-xss.txt ³ composrcms10039-exec.txt ³ coolermastermasterplus185-unquotedpath.txt ³ covenant05-exec.txt ³ crowdstrikefa64415806-bypass.txt ³ CVE-2023-23397_EXPLOIT_0DAY-main.zip ³ cve-2023-24217.py.txt ³ cve_2023_21768_afd_lpe.rb.txt ³ desktopcentral910-ssrfcrlf.txt ³ dlinkdir819a1-dos.txt ³ dlinkdnr322l-exec.txt ³ dreamercms400-sql.txt ³ dsl124-disclose.txt ³ eqems220-sql.txt ³ eveng50113-xss.txt ³ explorer32135531-overflow.txt ³ extplorer2114-bypassexec.txt ³ fastly-disclose.txt ³ flatcorecms211-xss.txt ³ forcepoint680-escalate.txt ³ forti721-bypass.txt ³ fortinac_keyupload_file_write.rb.txt ³ frhed160-overflow.txt ³ gestionaleopen120000-unquotedpath.txt ³ googlechrome109-insecure.txt ³ grafana624-inject.txt ³ GS20230306144436.txt ³ GS20230313141819.tgz ³ GS20230316143751.tgz ³ GS20230317134218.tgz ³ GS20230317135224.tgz ³ GS20230317135918.tgz ³ GS20230317140600.tgz ³ GS20230320131339.tgz ³ hashicorpconsul10-exec.txt ³ hddhealth420112-unquotedpath.txt ³ hexworkshop67-dos.txt ³ hrms10-sql.txt ³ hrms10noauth-sql.txt ³ hss10un-sql.txt ³ ibooking108-shell.txt ³ impresscms143-sql.txt ³ inbitmessenger490-exec.txt ³ inbitmessenger490-overflow.txt ³ jms10-shell.txt ³ jms10-sql.txt ³ joomla427-disclose.rb.txt ³ labelstudio150-ssrf.txt ³ lavalite900-traversal.txt ³ lavasoftwc410409-unquotedpath.txt ³ linksysax32001100-exec.txt ³ lucee_scheduled_job.rb.txt ³ maneam0003324-xml.txt ³ mediaconta3723-unquotedpath.txt ³ mgs10-xss.txt ³ modxrevolution283pl-exec.txt ³ monitorr_webshell_rce_cve_2020_28871.rb.txt ³ moodlelms40-xss.txt ³ mssql-passwordhash.txt ³ mts10-xss.txt ³ mybbactivethreads130-xss.txt ³ mybbexportuser20-xss.txt ³ mybbexternalredirectwarning13-xss.txt ³ mybbforums1826-xss.txt ³ netbsd_hfs-main.zip ³ nvflare-deserialize.txt ³ odv19c-access.txt ³ ogts10-sql.txt ³ openbsd_tcpip_overflow-main.zip ³ open_web_analytics_rce.rb.txt ³ opo10-sql.txt ³ opoo10-sql.txt ³ opswatmetadc4211-escalate.txt ³ optergy_bms_backdoor_rce_cve_2019_7276.rb.txt ³ oracledb-disclose.txt ³ oracle_ebs_rce_cve_2022_21587.rb.txt ³ ossa10-sqlxssexec.txt ³ outline160-unquotedpath.txt ³ pom10-shell.txt ³ pom10-sql.txt ³ pom10-xss.txt ³ pythoncgidoc-xss.txt ³ qubesmiragefirewall083-dos.txt ³ rconfig397-sql.txt ³ realestatecrmpro57-sql.txt ³ realtimeautomation460mcbs5214-xss.txt ³ reqlogic113-xss.txt ³ resourcehacker36092-overflow.txt ³ rhms10-xss.txt ³ rielloups-bypass.txt ³ rpicamera10-bypass.txt ³ RSA_NETWITNESS_EDR_AGENT_INCORRECT_ACCESS_CONTROL_CVE-2022-47529.txt ³ rukovoditel321-xss.txt ³ SA-20230228-0.txt ³ SA-20230306-0.txt ³ scdbg10-dos.txt ³ shopify-xss.txt ³ sipxopenfire2104-exec.txt ³ smf211-exec.txt ³ sms695-dos.txt ³ solarwinds_amqp_deserialization.rb.txt ³ stms10-xss.txt ³ subrioncms421tooltip-xss.txt ³ sugarcrm_webshell_cve_2023_22952.rb.txt ³ sugarsync413-unquotedpath.txt ³ supermailer1120-dos.txt ³ supremabiostar2816-sql.txt ³ tapoc310130-bypass.txt ³ textpattern488-exec.txt ³ tftpd32se460-unquotedpath.txt ³ tomcat_rhel_based_temp_priv_esc.rb.txt ³ tunnelid-dos.txt ³ univiewnvr301-xss.txt ³ virtualreception10-traversal.txt ³ webgrind11-xssexec.txt ³ WebPower-UPS-DDOS.py.txt ³ webtareas24-shell.txt ³ webtareas24-xss.txt ³ webtareas24unauth-sql.txt ³ wifimouse1832-exec.txt ³ wkhtmltopdf0126-ssrf.txt ³ wondersharedrfone1296-escalate.txt ³ wpallimport367-exec.txt ³ wpforms178-xss.txt ³ wpjetpack114-xss.txt ³ wpnexforms79-sql.txt ³ wpnxmserverstack086-lfixss.txt ³ wpprofilebuilder390-missingauthz.txt ³ wptml-sql.txt ³ wpwatugnpubwoo-xss.txt ³ wpwoocommerce710-exec.txt ³ xskipperproxy013237-ssrf.txt ³ ycr10-sql.txt ³ ycrs10-xss.txt ³ youphptube78-lfi.txt ³ zoneminder-xssxsrf.txt ³ zwiiicms12204-exec.txt ³ zyxel_multiple_devices_zhttp_lan_rce.rb.txt ³ 202304-exploits ³ actfax1010-unquotedpath.txt ³ admanagerplus7122-exec.txt ³ adms10-accesscontrol.txt ³ agmsp10-sql.txt ³ agmsp10-xss.txt ³ aigitalwireless-exec.txt ³ aigitalwireless-xss.txt ³ aimonebvc204-overflow.txt ³ altenergypcsc125-exec.txt ³ answerdev103-accounttakeover.txt ³ apache24x-overflow.txt ³ apachetomcat101-dos.txt ³ arcsoftphotostudio600172-unquotedpath.txt ³ aspemail5602-escalate.txt ³ bangresto10-xss.txt ³ bangresto10multi-sql.txt ³ bgerp2231-xss.txt ³ binwalk232-exec.txt ³ bludit400rc2-escalate.txt ³ brainycp10-exec.txt ³ btcpaysever174-inject.txt ³ BulletProof_FTP_Server_2019.0.0.51.py.txt ³ buspassms10-xss.txt ³ cemv1407-xss.txt ³ chatgpt-xss.txt ³ chitorcms112-sql.txt ³ chitorcms112name-sql.txt ³ chromacam4030-unquotedpath.txt ³ churchcrm451-sql.txt ³ churchcrm453event-sql.txt ³ cialms514-xss.txt ³ citrix231111-escalate.txt ³ CVE-2022-44268-master.zip ³ CVE-2023-27350-main.zip ³ cwp709811147-exec.txt ³ dellemcpc5500-disclose.txt ³ dlinkdir846-exec.txt ³ dompdf121-exec.txt ³ dotclear2253-shell.txt ³ easynas110-exec.txt ³ ebankit6-dos.txt ³ ebankit6-xss.txt ³ elsismartfloor333-xss.txt ³ entaberp10-disclose.txt ³ erpnext1229-xss.txt ³ esetservice160260-unquotedpath.txt ³ ffsts550-disclose.txt ³ ffsts550-discloseidor.txt ³ filereplicationpro750-escalate.txt ³ filezilla3631-dllhijack.txt ³ flatnux20210325-exec.txt ³ fortirecorder643-dos.txt ³ froxlor203-exec.txt ³ fuxa11131186-exec.txt ³ gdideescms391-disclose.txt ³ geovisiongvadr2701-bypass.txt ³ gitlab153-exec.txt ³ glpi1002-sqlexec.txt ³ glpiactivity310-lfi.txt ³ glpicartography600-shell.txt ³ glpiinventory101-lfi.txt ³ glpime402-lfi.txt ³ gnuscreen490-escalate.txt ³ goanywhereeh711-exec.txt ³ GS20230410171218.tgz ³ GS20230410171551.tgz ³ GS20230410171746.tgz ³ GS20230413153431.tgz ³ GS20230413153910.tgz ³ GS20230418165507.tgz ³ GS20230421170737.tgz ³ GS20230421171253.tgz ³ GS20230421173314.tgz ³ gta3vcsf11-overflow.txt ³ hospitalrun100beta-escalate.txt ³ hotkeyclipboard2106-unquotedpath.txt ³ ibmasperafaspex441-deserialize.txt ³ ibminstana2x-missingauth.txt ³ icingaweb210-disclose.txt ³ internrs10-sql.txt ³ iwysiwygeditor54-shelltraversal.txt ³ kardexmlogmcc5712-exec.txt ³ kodexplorer449-xsrfshell.txt ³ ldaptbssp162-accounttakeover.txt ³ liferayportal625-insecure.txt ³ lrn208-exec.txt ³ mac1200r-traversal.txt ³ marsstealer83-takeover.txt ³ meadt15021118007-unquotedpath.txt ³ millegpg5592-escalate.txt ³ mma913-traversallfi.txt ³ modoboa204-takeover.txt ³ monitorr176-xss.txt ³ msexcel-spoof.txt ³ msexcel2302-exec.txt ³ msword-exec.txt ³ mts10-sql.txt ³ mvogms10-exec.txt ³ mybb1832-exec.txt ³ nacos203-accesscontrol.txt ³ netiqmfpe51-exec.txt ³ nokiaonensd17-escalate.txt ³ nokieonends209-escalate.txt ³ notrinoserp07-sql.txt ³ oahms10-xssdelete.txt ³ oas10-xss.txt ³ obs10process-sql.txt ³ ocls10-shell.txt ³ ocsing2300-unquotedpath.txt ³ opo10-shell.txt ³ paloaltocortexxsoar650-xss.txt ³ papercutngmg2204-bypass.txt ³ paradoxssipr512-dos.txt ³ pdfkit0872-exec.txt ³ pentahobaserveree9300428-sstiexec.txt ³ perfsonar445-xsrf.txt ³ pfsensece260-bypass.txt ³ photoshow30-exec.txt ³ phprestaurants10-sqlxss.txt ³ piwigo1360-xss.txt ³ polrurl230-takeover.txt ³ postgresql961-exec.txt ³ ppms1032-shell.txt ³ projectsendr1605-exec.txt ³ provideserver144-xssxsrfexec.txt ³ qdpm9x-xss.txt ³ repriserlm142bl4-xss.txt ³ rfm995-exec.txt ³ rms10-sql.txt ³ roxyfileman145-shell.txt ³ roxywi6100-exec.txt ³ roxywi6100-improperauth.txt ³ roxywi6110-exec.txt ³ rukovoditel331-exec.txt ³ schneiderelectric10-idor.txt ³ securepointutm12-disclose.txt ³ securepointutm12x-memoryleak.txt ³ serendipity240-shell.txt ³ serendipity240-xss.txt ³ sleuthkit4111-exec.txt ³ smg1074-xss.txt ³ snitzforum10-sql.txt ³ sophoswa43104-exec.txt ³ spip_rce_form.rb.txt ³ splashtop871120010-unquotedpath.txt ³ sqlmonitor12131893-xss.txt ³ stms10-disclose.txt ³ stms10-sql.txt ³ stms10oneclick-xss.txt ³ sudo1912p1-escalate.txt ³ swaggerui413-misrepresent.txt ³ telit-cinterion.tgz ³ tendan300f312010148-header.txt ³ titanftp2-traversal.txt ³ tplinktlwr902ac-exec.txt ³ trainsmart1044-sql.txt ³ TSI-ADV032023.txt ³ ums1321-xss.txt ³ unidata_udadmin_auth_bypass.rb.txt ³ unidata_udadmin_password_stack_overflow.rb.txt ³ unifiedremote3130-exec.txt ³ uptimekuma1196-xss.txt ³ vmware_workspace_one_access_cve_2022_22960.rb.txt ³ vmware_workspace_one_access_vmsa_2022_0011_chain.rb.txt ³ websitebaker2133-xss.txt ³ wimaxswc5100w-exec.txt ³ wondersharefilmora12292233-unquotedpath.txt ³ wpah11-xss.txt ³ wpdataaccess537-escalate.txt ³ wpfilemanager69-shell.txt ³ wplla171-xss.txt ³ wpmetformelementorcfb312-xss.txt ³ wppaidmembershipspro298-sql.txt ³ wpsimplefirewall17017-xss.txt ³ wpweaver-xss.txt ³ x2crm69-xss.txt ³ xcms183-exec.txt ³ yui2tv282-xss.txt ³ zcbszbbszpbs414-xss.txt ³ ZSL-2023-5755.txt ³ ZSL-2023-5756.txt ³ ZSL-2023-5757.txt ³ ZSL-2023-5758.txt ³ ZSL-2023-5759.txt ³ ZSL-2023-5760.txt ³ ZSL-2023-5761.txt ³ ZSL-2023-5762.txt ³ ZSL-2023-5763.txt ³ ZSL-2023-5764.txt ³ ZSL-2023-5765.txt ³ ZSL-2023-5766.txt ³ ZSL-2023-5767.txt ³ ZSL-2023-5768.txt ³ ZSL-2023-5769.txt ³ ZSL-2023-5770.txt ³ 202305-exploits ³ 1twoecommerce10-missingauth.txt ³ 2023ocr10-sql.txt ³ acart10-disclose.txt ³ acrepairservices10-sql.txt ³ admidio425-inject.txt ³ adobe_coldfusion_rce_cve_2023_26360.rb.txt ³ affiliateme501-sql.txt ³ ahm1256-unquotedpath.txt ³ aigitalwnr-bypass.txt ³ apachesuperset200-bypass.txt ³ applezeedayc20-sql.txt ³ applezeedaysc100-sql.txt ³ argondashboard2-sql.txt ³ bestposmgmtsys10-shell.txt ³ blogmagzcms10-xss.txt ³ bluditcms3141-xss.txt ³ camaleoncms270-ssti.txt ³ cameleoncms274-xss.txt ³ CDSR-20230511-0.txt ³ chitorcms112rollno-sql.txt ³ churchcrm454-xss.txt ³ civicrm559alpha1-xss.txt ³ cmaps80-sql.txt ³ cmaps80-xss.txt ³ cmaps890r-xss.txt ³ codebacker10-missingauth.txt ³ codebakers10-sql.txt ³ codigome101-exec.txt ³ CVE-2023-25394.pdf ³ CVE-2023-26818.pdf ³ e107232-xss.txt ³ easyphpwd141-exectraversal.txt ³ ebankit6-smsspoof.txt ³ ebiztechnocrats-sql.txt ³ emv21-xss.txt ³ epsonsx510w-dos.txt ³ escanmgmtconsole14014002281-sql.txt ³ escanmgmtconsole14014002281-xss.txt ³ esetforwarder160260-unquotedpath.txt ³ esg25-sql.txt ³ esg25-xss.txt ³ fg7stack_poc.py.txt ³ ficoomdm481-xss.txt ³ filethingie257-shell.txt ³ filmora12-unquotedpath.txt ³ fis10-sql.txt ³ flex1080-dos.txt ³ fss390024t4s-escalate.txt ³ fusioninvoice202310-xss.txt ³ gaanagawaana10-sql.txt ³ gaanagawaana10-xss.txt ³ getsimplecms3316-shell.txt ³ ggmp10-sqlxss.txt ³ ginmarkdowneditor074-exec.txt ³ glpi957-enumerate.txt ³ GS20230504142541.tgz ³ GS20230504142933.tgz ³ GS20230504143512.tgz ³ GS20230504144557.txt ³ GS20230505165717.tgz ³ GS20230509154909.tgz ³ GS20230511150756.tgz ³ GS20230511151023.tgz ³ GS20230511151556.tgz ³ GS20230511151850.tgz ³ GS20230511152144.tgz ³ GS20230511152456.tgz ³ GS20230511152747.tgz ³ GS20230511153336.tgz ³ GS20230511154004.tgz ³ GS20230511154513.tgz ³ GS20230531163207.txt ³ GS20230531163517.txt ³ housekit10-sql.txt ³ housekit10-xss.txt ³ hubstaff1614-dllhijack.txt ³ hyiplab21-insecure.txt ³ invscout_rpm_priv_esc.rb.txt ³ ivanti_avalanche_filestoreconfig_upload.rb.txt ³ jedox202025-xss.txt ³ jedox202025csp-exec.txt ³ jedox202025gs-exec.txt ³ jedox202025iac-disclose.txt ³ jedox202242-disclose.txt ³ jedox202242erpc-traversalexec.txt ³ jedox202242rpc-exec.txt ³ jobsportal36-insecure.txt ³ leadprocrm10-sql.txt ³ lostfound10-missingauth.txt ³ manageengine_adaudit_plus_authenticated_rce.rb.txt ³ mgsn127730010-unquotedpath.txt ³ millhouseproject1414-shell.txt ³ millhouseproject1414-xss.txt ³ mobilemouse3604v2-exec.txt ³ mobiletrans4011-weakpermissions.txt ³ newmvcshop10-sql.txt ³ oahm2022202310-sql.txt ³ ocms22-xss.txt ³ openemr701-bypassbrute.txt ³ opos10-shell.txt ³ optoma1080pstx-bypass.txt ³ oraclerman-missing.txt ³ papercut2204-exec.txt ³ pentaho_business_server_authbypass_and_ssti.rb.txt ³ phpfusion91030-xss.txt ³ phpmyfaq3112-inject.txt ³ pjsimplecms50-sql.txt ³ pjsimplecms50-xss.txt ³ pluckcms4718-xss.txt ³ pnpscada2x-sql.txt ³ podcastgenerator329-xss.txt ³ prestashop804-csvinject.txt ³ printerlogic10757-bypassxsssql.txt ³ projectsendr1605-disclose.txt ³ quicklancer10-sql.txt ³ reviveadserver541-xss.txt ³ rockmongo117-xss.txt ³ rolloutui05-xss.txt ³ roxywi6100ipb-exec.txt ³ rt-sa-2023-003.txt ³ rt-sa-2023-004.txt ³ rt-sa-2023-005.txt ³ SA-20230502-0.txt ³ SA-20230515-0.txt ³ SA-20230516-0.txt ³ SA-20230517-0.txt ³ SCHUTZWERK-SA-2022-001.txt ³ SCHUTZWERK-SA-2023-001.txt ³ scmmanager160-xss.txt ³ scrms2023-sql.txt ³ scs20150916-exec.rb.txt ³ seofriendly10-xss.txt ³ siemenssimatics71200cpu-xsrf.txt ³ sitemagiccms443-shell.txt ³ smartschool10-sql.txt ³ softexpertsuite213-lfi.txt ³ softofpm1120-dllhijack.txt ³ spms10-sql.txt ³ ssmt10-sql.txt ³ sudoedit_bypass_priv_esc.rb.txt ³ taw12-missingauth.txt ³ textpattern488-disclose.txt ³ therossiemp1414-shell.txt ³ trendmicroosc10-escalate.txt ³ twg25-exec.txt ³ twg25-xss.txt ³ ulicms20231-createadmin.txt ³ ulicms20231-shell.txt ³ ulicms20231-xss.txt ³ vaskarcourier320-insecure.txt ³ votab10-sql.txt ³ votab10-xss.txt ³ wbcecms161-xss.txt ³ wbizdesk12-sql.txt ³ wbizdesk12-xss.txt ³ wbizdesk12idtk-sql.txt ³ webkulqloapps152-xss.txt ³ wftpd325-disclose.txt ³ wolfcms0831-shell.txt ³ wpbackupmigration128-disclose.txt ³ wpbccb2101-xss.txt ³ wpcore620-traversalxssxsrf.txt ³ wpdownloadmanager3270-xss.txt ³ wpreviewx1613-escalate.txt ³ yanknote3521-exec.txt ³ zenphoto16-xss.txt ³ ZSL-2023-5771.txt ³ ZSL-2023-5772.txt ³ ZSL-2023-5773.txt ³ ZSL-2023-5774.txt ³ ZSL-2023-5775.txt ³ ZSL-2023-5776.txt ³ zyxel_lfi_unauth_ssh_rce.rb.txt ³ 202306-exploits ³ 3cxossippbxt203-xss.txt ³ aac20-disclose.txt ³ abc18-xss.txt ³ acart20-disclose.txt ³ acelleem3015-upload.txt ³ acelleem4025-upload.txt ³ acjwebdesigner10-sql.txt ³ acjwebdesigner10-xss.txt ³ acm10-insecure.txt ³ acmt227-sql.txt ³ aconcms12-insecure.txt ³ activeecomcms650-xss.txt ³ activenewspaper20-inject.txt ³ adisconloganalyzer415-xss.txt ³ afb20-upload.txt ³ afs21-xss.txt ³ aims100-sql.txt ³ alhotphparticlecms10-xsrf.txt ³ altisacms521-sql.txt ³ amcms14-inject.txt ³ amcms15-inject.txt ³ amcms16-inject.txt ³ amcms24-traversal.tt ³ amp305-disclose.txt ³ amss20-insecure.txt ³ amss42-insecure.txt ³ anuranansbadmin2-insecure.txt ³ apache_druid_cve_2023_25194.rb.txt ³ apccms305-xss.txt ³ apport-dosoverflow.tgz ³ apus10-xss.txt ³ asupershop152-inject.txt ³ atm411-sql.txt ³ atm55-addadmin.txt ³ atm57-disclose.txt ³ avs30-rfilfi.txt ³ avs82-rfilfi.txt ³ azureapacheambari-spoof.txt ³ barebonescms202-xss.txt ³ bbmachineforum10-xss.txt ³ bboardforum10-xss.txt ³ biigorder2-sql.txt ³ bludit-download.txt ³ cas10-xss.txt ³ cimg-exec.tgz ³ classifiedsads104-sql.txt ³ cloudpanel222-traversal.txt ³ cls18-xss.txt ³ cmmtcsw11-xss.txt ³ cmvdpm10-xss.txt ³ courselapcsw10-xss.txt ³ crmplatform18-xss.txt ³ CVE-2017-0141.tgz ³ CVE-2017-13782.tgz ³ CVE-2017-13904.tgz ³ CVE-2018-1000140.tgz ³ CVE-2018-11776.tgz ³ CVE-2018-4259.tgz ³ CVE-2018-4407.tgz ³ CVE-2018-5388.tgz ³ CVE-2019-13115.tgz ³ CVE-2019-17498.tgz ³ CVE-2019-3560.tgz ³ CVE-2019-3828.tgz ³ CVE-2019-6986.tgz ³ CVE-2020-11239.tgz ³ CVE-2020-12049.tgz ³ CVE-2020-12861.tgz ³ CVE-2020-15972.tgz ³ CVE-2020-6449.tgz ³ CVE-2021-30528.tgz ³ CVE-2021-30632.tgz ³ CVE-2021-3560.tgz ³ CVE-2021-37975.tgz ³ CVE-2021-3939.tgz ³ CVE-2021-4115.tgz ³ CVE-2022-22057.tgz ³ CVE-2023-2283.tgz ³ CVE-2023-34096-exploit.py.txt ³ CVE-2023-34362-master.zip ³ CVE_2022_1134.tgz ³ CVE_2022_20186.tgz ³ CVE_2022_25664.tgz ³ CVE_2022_38181.tgz ³ CVE_2022_46395.tgz ³ cve_2023_21839_weblogic_rce.rb.txt ³ delta_electronics_infrasuite_deserialization.rb.txt ³ diafancms60-xss.txt ³ easyanswer101-xsrf.txt ³ easyanswer101-xss.txt ³ ejpms10-sql.txt ³ elearningses10-sql.txt ³ emvetb10-xss.txt ³ ere10-sql.txt ³ ere10-xss.txt ³ esp10-sql.txt ³ eventbookingcalendar18-xss.txt ³ eventscript21-xss.txt ³ expertjpms10-xss.txt ³ expertxjobsportalrb10-xss.txt ³ faqscript23-xss.txt ³ fastcmsblogging310-xss.txt ³ fcredbullsalzburg519r-auth.txt ³ fes10-shell.txt ³ flexense10624-overflow.rb.txt ³ fmas232-exec.txt ³ funeralscript31-xss.txt ³ gbscript22-xss.txt ³ GHSL-2020-165.tgz ³ GHSL-2023-005.tgz ³ groomify10-sql.txt ³ GS20230619145910.tgz ³ GS20230627135655.txt ³ GS20230630140844.txt ³ GS20230630141055.txt ³ gzas18-xss.txt ³ gzelp18-xss.txt ³ gzfs18-xss.txt ³ gzhbs18-xss.txt ³ gzmhbs18-xss.txt ³ hisecos04001-escalate.txt ³ hms10-xss.txt ³ hvciscan-dllhijack.txt ³ inlislite31-insecure.txt ³ instagram287002285-dos.txt ³ jobboard10-shell.txt ³ jobpilot261-sql.txt ³ kesioncmsasp95-addadmin.txt ³ kesioncmsx20-addadmin.txt ³ kesioncmsx95-addadmin.txt ³ learndesk10-xss.txt ³ macroexpert49-unquotedpath.txt ³ magentoecom240-disclose.txt ³ magicai155r-xss.txt ³ manageengine_admanager_plus_cve_2023_29084_auth_cmd_injection.rb.txt ³ mclnet4358788-disclose.txt ³ menorahrestaurant100-insecure.txt ³ motocms343-sql.txt ³ moveit_cve_2023_34362.rb.txt ³ movierocket10-xss.txt ³ mrmver10-xss.txt ³ ms365mso-exec.txt ³ msexcel365mso-exec.txt ³ msoffice-exec.txt ³ msonenote2305-spoof.txt ³ mssharepoint-spoof.txt ³ mswindows1122h2-escalate.txt ³ mvcshop05-traversal.txt ³ mvcshop05-xss.txt ³ mybbfavicon10-xss.txt ³ nchei-takeover.txt ³ netxpertscms01-sql.txt ³ newsletterscript24-xss.txt ³ newsscriptpro24-xss.txt ³ nmbloglite21-xss.txt ³ nmphphotelsite20-xss.txt ³ nmtjs10-xss.txt ³ nodcms341-xss.txt ³ nokiaasika71352-disclose.txt ³ oagp10-upload.txt ³ oesp10-xsrf.txt ³ oicms8-sql.txt ³ omnicart340-xss.txt ³ onestcrm10-xss.txt ³ oscommerce4-lfi.txt ³ osghs10-xss.txt ³ osp109142602-lfi.txt ³ osp109142602-traversal.txt ³ osp109142602-xss.txt ³ otas10-sql.txt ³ p2scms01-xss.txt ³ pannresidencecms73-xsrf.txt ³ papercut_ng_auth_bypass.rb.txt ³ pesprocms197-addadmin.txt ³ photogallery20-xss.txt ³ photoswipe537-filedownload.txt ³ phpanalyzer204-insecure.txt ³ phpcardealer30-xss.txt ³ phpfk80-xss.txt ³ phpjabbersfs30-pxss.txt ³ phpjabbersfs30-xss.txt ³ phpjabberskbb30-xss.txt ³ phpjabberssbs41-xss.txt ³ phplive31-xss.txt ³ phpmail50-xss.txt ³ phponlineschool10-xss.txt ³ piyanas01-xsrf.txt ³ pls10-xss.txt ³ polycombtoeconn4400-overflowmitm.txt ³ prestashopwinbizpayment-poorcontrol.txt ³ projectsendr1605-csvinject.txt ³ projectsendr1605-xss.txt ³ prologin19-idor.txt ³ PSTrojanFile.txt ³ ptclab35-insecure.txt ³ purledp10-idor.txt ³ pyload050-exec.txt ³ qhrealestatecms13-xss.txt ³ qjportal61-xss.txt ³ qlfreelancemp24-xss.txt ³ QSA-RenderDoc.txt ³ Qualcomm-NPU.tgz ³ quickadcms73-xsrf.txt ³ rentequipmpr10-xss.txt ³ restcafewebsitecms200-insecure.txt ³ rocketlms17-xss.txt ³ rt-sa-2022-004.txt ³ rukovoditel331-csvinject.txt ³ scriptio14-xss.txt ³ simpleblog32-xss.txt ³ simpleforum27-xss.txt ³ smartofficeweb2028-discloseidor.txt ³ spip421-exec.txt ³ spip423-sql.txt ³ sscms10-xss.txt ³ stms10-inject.txt ³ symantecsmwa1252-xss.txt ³ symmetricom_syncserver_rce.rb.txt ³ systemknvr-exec.txt ³ tbs18-xss.txt ³ tendaac6ac1200-xss.txt ³ terramaster_unauth_rce_cve_2020_35665.rb.txt ³ terramaster_unauth_rce_cve_2021_45837.rb.txt ³ terramaster_unauth_rce_cve_2022_24990.rb.txt ³ textpatterncms488-exec.txt ³ theshop25-sql.txt ³ thinucmsblogsystem15-sql.txt ³ thinucmsblogsystem15-xss.txt ³ totalcms174-shell.txt ³ totalcms174-xss.txt ³ trms10-bypass.txt ³ tsbc18-xss.txt ³ ub103beta-shell.txt ³ usbfdc4100-unquotedpath.txt ³ vrs18-xss.txt ³ wgticket10-xss.txt ³ wizcyb20-sql.txt ³ wpabandonedcart5142-bypass.txt ³ wpaclwc5142-bypass.txt ³ wpbackupwordpress38-disclose.txt ³ wpbookit237-bypass.txt ³ wpcircleprogress10-xss.txt ³ wpdirectorist754-idor.txt ³ wpduplicator-disclose.txt ³ wpduplicator405-disclose.txt ³ wpenvato207-disclose.txt ³ wpfilemanagerpro717-disclose.txt ³ wpfmp831-disclose.txt ³ wpggb183-ssrf.txt ³ wpgooglemaps9017-disclose.txt ³ wpkero2386-sql.txt ³ wplearndashlms460-idor.txt ³ wpslr764-bypass.txt ³ wpstickysocial101-xsrfxss.txt ³ wpsupersocializer71352-xss.txt ³ wpthememedic100-weakcontrol.txt ³ wpthemeworkreap222-exec.txt ³ wptouchpro4-disclose.txt ³ wptreepageview167-xss.txt ³ wpunyson2728-disclose.txt ³ wpupdraft061-disclose.txt ³ xenforo2213-xss.txt ³ xoopscms2510-xss.txt ³ ziprarfileextractor57-xss.txt ³ ZSL-2023-5777.txt ³ ZSL-2023-5778.txt ³ ZSL-2023-5779.txt ³ ZSL-2023-5780.txt ³ zstore654-disclose.txt ³ zyxel_ike_decoder_rce_cve_2023_28771.rb.txt ³ 202307-exploits ³ aatheshsoftcms030-xss.txt ³ abbflowx400-disclose.txt ³ abcphp-uploadxss.txt ³ abdl213-xss.txt ³ academylms515-xss.txt ³ acmt227-sqlupload.txt ³ acmt227-xss.txt ³ activess15-inject.txt ³ admidio4210-exec.txt ³ adminabulgaria10-insecure.txt ³ adveriscms30-xss.txt ³ agvirtuesgaleria20-sql.txt ³ ahmcms301-sql.txt ³ ahmlms20-insecure.txt ³ ahmlms20-xsrf.txt ³ ahrm16-idor.txt ³ ahsb223-upload.txt ³ aicteindialms30-sql.txt ³ alkaconopencms150-xss.txt ³ amazons3droppy146-shell.txt ³ ams516-sql.txt ³ amslogistics22-sql.txt ³ amss52109-sql.txt ³ angularjsfm151-shell.txt ³ anuranansbadmin20-sql.txt ³ apache_rocketmq_update_config.rb.txt ³ apnatrademarkcms25-sql.txt ³ apphpmicrocms101-inject.txt ³ applezeedcms20-insecure.txt ³ applezeedcms20-sql.txt ³ arabinfotechcms20-xss.txt ³ arabinfotechcms201-xss.txt ³ archoncms314-xss.txt ³ ariadnacms03-xss.txt ³ arlisistem30-sql.txt ³ articart201-xssredirect.txt ³ artistrylimitedlms05-insecure.txt ³ artistrylimitedlms05-sql.txt ³ asanhamayeshcms346-traversal.txt ³ asikcms109-lfi.txt ³ asikcms109-rfi.txt ³ asscms102-xsrf.txt ³ atomcms20-traversal.txt ³ attestimonialscms12-missingauth.txt ³ avgas75-unquotedpath.txt ³ avidimedia20-insecure.txt ³ backdropcms1251-xss.txt ³ balajicms103-sql.txt ³ bannermgmtcms10-disclose.txt ³ bbamcms11-idor.txt ³ bbook57-upload.txt ³ bdcms2-disclose.txt ³ bdschoolslms102-xss.txt ³ bdsfl164-disclose.txt ³ beautysalonms10-sql.txt ³ bfcms10-sql.txt ³ bg5lib-xss.txt ³ bigwareshop23-xss.txt ³ bigwareshopcms21-idor.txt ³ bismi20-idor.txt ³ bkmobilecms150-sql.txt ³ blackboard202-disclose.txt ³ blackcatcms14-shell.txt ³ blackcatcms14-xss.txt ³ blogator093-xss.txt ³ blogatorscript093-insecure.txt ³ bloly13-addadmin.txt ³ bloly13-sql.txt ³ bloodbank10-idor.txt ³ bloodbank10-xss.txt ³ bloodbank11-sql.txt ³ bloodbank11-xss.txt ³ bluelaat10-idor.txt ³ bmitbms21-sql.txt ³ bmitcms10-insecure.txt ³ bobec092019-sql.txt ³ bookingwiz55-disclose.txt ³ bookingwizz550-sql.txt ³ boomchat30-shell.txt ³ brcms10-disclose.txt ³ brigadasoftcms21-sql.txt ³ brightcubelms201-sql.txt ³ brsiscms102-sql.txt ³ brsiscms102-xss.txt ³ brsscms21-sql.txt ³ bslsw232-escalate.txt ³ bslswphpt232-xss.txt ³ buzzynvlpv131-insecure.txt ³ buzzynvlpv132-insecure.txt ³ buzzynvlpv14-insecure.txt ³ buzzynvlpv2-insecure.txt ³ buzzynvlpv251-insecure.txt ³ buzzynvlpv252-insecure.txt ³ bwcms19-sql.txt ³ bwdcmcms011-sql.txt ³ c3imcms20-xss.txt ³ cakephptestsuite270-xss.txt ³ candooscms20-sql.txt ³ carlisting16-sql.txt ³ carlisting16-xss.txt ³ carrentalscript18-xss.txt ³ catpopstbcms40-xss.txt ³ cbmsgms460-insecure.txt ³ cbmsgms460-sql.txt ³ cbscms120-insecure.txt ³ cbts10-lfi.txt ³ ccomeventscms0102-shell.txt ³ ccomeventscms0102-sql.txt ³ ccreip10-sql.txt ³ ccreip10-xss.txt ³ cheveretocms370-hpp.txt ³ chipsacms102-xss.txt ³ chrome_webgpu_crash.txt ³ ciscoucsimcsupervisor2200-bypass.txt ³ ciuiscrm107-addadmin.txt ³ ciuiscrm107-lfi.txt ³ clarityppm1430298-xss.txt ³ clipshare414-xss.txt ³ cmbc15-sql.txt ³ cmsbmpm100-xss.txt ³ cmscb100-xsrf.txt ³ cmsctwebcreative10-xss.txt ³ cmsdcreations10-sql.txt ³ cmsdosma50-idor.txt ³ cmsemlakscripti2-xss.txt ³ cmsengeplus201-xss.txt ³ cmsgrafia7-sql.txt ³ cmsiqdigital20-xss.txt ³ cmsjerusalemwf13-traversal.txt ³ cmsmadesimple2217-exec.txt ³ cmsmadesimple2217-ssti.txt ³ cmsmadesimple2217-xss.txt ³ cmsnaivescripters301-xss.txt ³ cmsnak12-insecure.txt ³ cmsnexinengine20-insecure.txt ³ cmsninesol10-xss.txt ³ cmsporviax20-sql.txt ³ cmssaudisoftech502-sql.txt ³ cmsshop1-xss.txt ³ cmssirfth206-xss.txt ³ cmstssest100-sql.txt ³ cmsusd14-shell.txt ³ cmsusd14-xss.txt ³ cmvcshoplms210-sql.txt ³ copyparty182-traversal.txt ³ copyparty186-xss.txt ³ daillytools-exec.txt ³ dbdecomm206-sql.txt ³ dlinkdap1325-idor.txt ³ dmc20-disclose.txt ³ ecommerce115-xss.txt ³ epmcrm50-xss.txt ³ exrate10-xss.txt ³ fes10-sql.txt ³ finounce10-xss.txt ³ foodyfriend10-uploadxss.txt ³ frappe1340-exec.txt ³ fuguhub81-exec.txt ³ gamejackal5-unquotedpath.txt ³ gilacms1109-exec.txt ³ greenshot1210-exec.txt ³ GS20230702181333.tgz ³ GS20230704140821.tgz ³ GS20230705144631.tgz ³ GS20230717133256.tgz ³ hvhsdsa71024-sql.txt ³ icingaweb210-exec.txt ³ icogenie10-xss.txt ³ inoutbcfe30-sql.txt ³ inoutseaie11-xss.txt ³ insurance12-xss.txt ³ iobcae20-sql.txt ³ iobcep101-sql.txt ³ jms124-sql.txt ³ jobportalcms2302-sql.txt ³ jobseeker15-xss.txt ³ joomlabooking249-enumerate.txt ³ joomlafireboard13-sql.txt ³ joomlahikashop474-xss.txt ³ joomlahotelguide10-xss.txt ³ joomlaipropertyrealestate411-xss.txt ³ joomlajomestate40-sql.txt ³ joomlajsngruvepro210-traversal.txt ³ joomlasolidres2133-xss.txt ³ joomlavirtuemart26122-sql.txt ³ joomlavmsc4012-xss.txt ³ keepersecurity-dump.txt ³ lawyercms16-xss.txt ³ ldlp30-upload.txt ³ ldlp30-xss.txt ³ lfis10-sql.txt ³ masterylms12-xss.txt ³ minestack10-xss.txt ³ mojobox14-replay.txt ³ montage10-xss.txt ³ moodating12-xss.txt ³ mremoteng17731784nb-disclose.txt ³ msoffice36518230512220-exec.txt ³ msoutlook365-exec.txt ³ mtpws127-unquotedpath.txt ³ nedalcms12-sql.txt ³ netlifycms210192-xss.txt ³ newsportal40-sql.txt ³ nicecms208-insecure.txt ³ octobercms344-xss.txt ³ openfire_auth_bypass_rce_cve_2023_32315.rb.txt ³ opms10-shell.txt ³ perch32-exec.txt ³ perch32-xss.txt ³ pfsense_config_data_exec.rb.txt ³ phpfk92beta-sqlxss.txt ³ phpfm179-bypassshell.txt ³ pimpmylog1714-escalate.txt ³ piwigo1370-xss.txt ³ pluck4718-shell.txt ³ pluckcms4718-exec.txt ³ podcastgenerator329-ssrf.txt ³ poscodekop20-shell.txt ³ ppms1041-xss.txt ³ prestashop804-xss.txt ³ qatannapos10-sql.txt ³ QSA-OpenSSH.txt ³ quickaiopenai381-sql.txt ³ quickjob61-sql.txt ³ quickorder637-sql.txt ³ quickqr637-sql.txt ³ quickvcard21-sql.txt ³ raidenftpd244005-overflow.txt ³ recipepoint19-sql.txt ³ restcaferwcms200-xss.txt ³ RoomCast-TA-2400.pdf ³ rosariosis1084-csvinject.txt ³ rpmcrm241-lfi.txt ³ rt-sa-2023-001.txt ³ rudder_server_sqli_rce.rb.txt ³ rukovoditel341-xss.txt ³ SA-20230627-0.txt ³ SA-20230628-0.txt ³ SA-20230703-0.txt ³ SA-20230705-0.txt ³ sassbiller10-xss.txt ³ smartermail_rce.rb.txt ³ socg10-xss.txt ³ springcloud322-exec.txt ³ ssfinder36-sql.txt ³ ssialms193-xss.txt ³ statamic470-xss.txt ³ strawberry119-xss.txt ³ superstorefinder36-sql.txt ³ tplinktlwr740n-traversal.txt ³ tplinktlwr940n4-overflow.txt ³ travelable10-xss.txt ³ vacationrental18-xss.txt ³ vaidyamitra10-sql.txt ³ virtualfreer157-xss.txt ³ VL-2274.txt ³ VL-2276.txt ³ VL-2278.txt ³ VL-2285.txt ³ VL-2286.txt ³ VL-2317.txt ³ VL-2321.txt ³ VL-2323.txt ³ VL-2324.txt ³ VL-2327.txt ³ vmware_vrni_rce_cve_2023_20887.rb.txt ³ wbce161-xss.txt ³ wbcecms161-redirectxsrf.txt ³ wd_mycloud_unauthenticated_cmd_injection.rb.txt ³ WebPower-UPS-DDOS.py.txt ³ websitebaker2133-traversal.txt ³ websitebaker2133svg-xss.txt ³ weddingwonders10-xss.txt ³ wintercms122-xss.txt ³ wondercms06beta-disclose.txt ³ wpangradebook501-sql.txt ³ wpautocomplete104-sql.txt ³ wpbrutalai-sqlxsrf.txt ³ wpbrutalai-xss.txt ³ wpbrutalai2x-xss.txt ³ wpchurchopert47x-traversal.txt ³ wpduplicator387-disclose.txt ³ wpduplicator388-disclose.txt ³ wpeventsmanager561-sql.txt ³ wpfid18-xsrfssrf.txt ³ wpimageoptimization382-redirect.txt ³ wpkaptheme20-traversal.txt ³ wploginconfigurator21-xss.txt ³ wploginrebuilder-xss.txt ³ wpoxygentheme78-traversal.txt ³ wppbkc281-xss.txt ³ wppbkc296-redirect.txt ³ wppbkc296-xss.txt ³ wppgkc295-redirect.txt ³ wpprepostseo30-xss.txt ³ wpseoalert159-xss.txt ³ wpseoby10web-xss.txt ³ wpsruccss465-traversal.txt ³ wptablesome-xss.txt ³ wpupartsthemes49x-traversal.txt ³ wpuserreg302-shell.txt ³ wp_plugin_fma_shortcode_unauth_rce.rb.txt ³ wsua31-sql.txt ³ xampp824-unquotedpath.txt ³ xelcms11-xsrf.txt ³ xforupsfu10-sql.txt ³ xlagenda44-xsrf.txt ³ xoodigital210-xss.txt ³ yourdoctorcms14-idor.txt ³ zamancms10-xss.txt ³ zomplog39-exec.txt ³ zomplog39-pxss.txt ³ ZSL-2023-5781.txt ³ zuzcms10-xss.txt ³ 202308-exploits ³ aca2140-disclose.txt ³ academylms60-xss.txt ³ academylms61-uploadxss.txt ³ adisconloganalyzer4113-xss.txt ³ advantecheki12-xss.txt ³ amss61-sql.txt ³ amss611-sql.txt ³ apache_nifi_h2_rce.rb.txt ³ bdms10-xss.txt ³ bds32-sql.txt ³ bookingwizz601-disclose.txt ³ campcodesomws33-xss.txt ³ cca30-sql.txt ³ cct95-addadmin.txt ³ cdpiws325-xsrf.txt ³ chamilo_unauth_rce_cve_2023_34960.rb.txt ³ chatonesnps16-addadmin.txt ³ cheveretocms370-sql.txt ³ citrix_formssso_target_rce.rb.txt ³ cityvarietycms12-sql.txt ³ cityvarietylms22-xss.txt ³ cms351-sql.txt ³ cmsbmgii40-sql.txt ³ cmsbmgii40-xss.txt ³ cmsgeneticscentre401-sql.txt ³ cmspro50-sql.txt ³ cmssite10-escalate.txt ³ cmsusina223-xsrf.txt ³ codoforum34-upload.txt ³ codoforum521-upload.txt ³ comfexcms2010-sql.txt ³ comfexcms2010-xss.txt ³ composeitcms20-secrets.txt ³ composeitcms20-sql.txt ³ conferencemgmtsys351-sql.txt ³ connectixboards052-rfi.txt ³ connectixboards052-sql.txt ³ cooladmin120-sqlbypass.txt ³ couponscms400-redirect.txt ³ couponscms600-redirect.txt ³ couponscms700-redirect.txt ³ courierdeprixa25-xsrf.txt ³ cpcms102-xss.txt ³ cpg10-sql.txt ³ cpgpr8120-exec.txt ³ creditlite154-sql.txt ³ crmea90-traversal.txt ³ cryptolivecms10-sql.txt ³ csccms100-insecure.txt ³ csccms100-sql.txt ³ ctvdc142-download.txt ³ cvanavdawcms01-xss.txt ³ cyberinfinitecms10-sql.txt ³ dabcms100-xss.txt ³ datadrivencms041-disclose.txt ³ datalifeengine10-sql.txt ³ datoocds10-htmlinject.txt ³ datoocds10-insecure.txt ³ dbcinfotechcms20-reinstall.txt ³ dbcompcms12-xss.txt ³ dbgcms10-xss.txt ³ deprixa325-sql.txt ³ deprixa325-xsrf.txt ³ desenvolvidoc3imcms20-xss.txt ³ dexxcmshsb223-upload.txt ³ dieboldnvvc531-dllhijack.txt ³ digasell100-xss.txt ³ digiaselldsphps100-sql.txt ³ digishacms127-sql.txt ³ dmiscrilms20-sql.txt ³ doktephpsnp118-xss.txt ³ dolibarr1701-xss.txt ³ domacms10-xss.txt ³ doorgets12-disclose.txt ³ doorgetscms12-shell.txt ³ doorgetscms70-shell.txt ³ doorgetscms70admin-disclose.txt ³ doubleclickadmin1-xsrf.txt ³ driverpacksolutioncms1711108-xss.txt ³ dynamicjournalcms25-disclose.txt ³ e2distrcms2853-disclose.txt ³ eabws16-overflowxss.txt ³ easy2pilot7-sql.txt ³ easymemberpro30-idor.txt ³ easypxcms060204-xss.txt ³ ebizcms20-xsrf.txt ³ ecommgrowiseicms2-insecure.txt ³ ecommresp12-idor.txt ³ edencms102-xss.txt ³ efuncms50-xml.txt ³ ehatocms10-redirect.txt ³ ehatocms10-xss.txt ³ eitubeyoutubeapi3-sql.txt ³ eitubeyoutubeapi3-xss.txt ³ ejournalhomoeocms203-sql.txt ³ elevelcms10-sql.txt ³ elitecmspro201-sql.txt ³ elitius10-disclose.txt ³ emaarreagds57-shell.txt ³ emagicdcms60-exec.txt ³ emhcms01-xss.txt ³ emiswebschoolcms1-sql.txt ³ eneblurcms10-sql.txt ³ enmsagl116-disclose.txt ³ enum_azuresubdomains.rb.txt ³ epartenairelms100-xss.txt ³ epm11-disclose.txt ³ epmcrm31-insecure.txt ³ erimupload4-disclose.txt ³ etiscrm17-sql.txt ³ etiscrm17-traversal.txt ³ etiscrm17-xss.txt ³ eventlocationscms101-shell.txt ³ eventlocationscms101-xss.txt ³ evsanatiradyo10-insecure.txt ³ evsanatiradyo10-shell.txt ³ ewncms40-disclose.txt ³ ewp211-xss.txt ³ faramelkestatecms150-disclose.txt ³ fasttechcms10-sql.txt ³ fasttechcms10-xsrf.txt ³ fireshopacms23-upload.txt ³ fixbookrsmt22-disclose.txt ³ fixbookrsmt30-disclose.txt ³ flatapppad10-sql.txt ³ fleetcartles112-insecure.txt ³ flightpathlms482-idor.txt ³ flightpathlms482-xss.txt ³ flightpathlms50rc2-idor.txt ³ flightpathlms50rc2-xss.txt ³ fluentcms100-sql.txt ³ fmits20-sql.txt ³ foccuswebcms01-xss.txt ³ fogforum08-xss.txt ³ foodieecms101-idor.txt ³ foodieeofowa100-insecure.txt ³ foodieeofowa100-xss.txt ³ formalms14-disclose.txt ³ forumfiresoftboard030-xss.txt ³ freshrss1111-htmlinject.txt ³ gdi20-htmlinject.txt ³ gdi20-xss.txt ³ gdm2522-overflow.txt ³ geeklog210b1-disclose.txt ³ geeklog210b1-sql.txt ³ gensecurity40-sql.txt ³ gensecurity40-xss.txt ³ getsimplecms332-xss.txt ³ ggcorporatecms10-sql.txt ³ ggcorporatecms10-xss.txt ³ gmsmse10-sql.txt ³ gnomefiles434-escalate.txt ³ gomplayer23905360-mitm.txt ³ gracehrm103-traversal.txt ³ gravigracms10-sql.txt ³ grawlix151-xss.txt ³ grawlixcms111-xss.txt ³ greenshot_deserialize_cve_2023_34634.rb.txt ³ greeva20-sql.txt ³ groupoffice3421-traversal.txt ³ GS20230810151726.tgz ³ GS20230810152050.tgz ³ GS20230810152505.tgz ³ GS20230810152741.tgz ³ GS20230818142737.tgz ³ gustorecipesmgmt151-insecure.txt ³ gustorecipesmgmt151-xss.txt ³ h2_webinterface_rce.rb.txt ³ haascms10-xss.txt ³ haraj11-addadmin.txt ³ hasanmwb1-addadmin.txt ³ hasanmwb1-xss.txt ³ hellogtxtpcrm16-idor.txt ³ hesktrlcms1-xss.txt ³ highpluscms013-sql.txt ³ hloun100-insecure.txt ³ hmsrps157-xss.txt ³ hospitalhms2-sql.txt ³ hospitalhms27-sql.txt ³ hpboost40-addadmin.txt ³ hrmsaas219-insecure.txt ³ hsbookingcms279-sql.txt ³ hudaallahlinkercms10-xss.txt ³ humanresourcepms14-disclose.txt ³ humbertocaldascms013-xss.txt ³ humhub1313-traversal.txt ³ hyiprio21-upload.txt ³ i2softcms20-idor.txt ³ ibillingcrm450-idor.txt ³ igallery34db-disclose.txt ³ imaxcms10-sql.txt ³ imghosting12-xss.txt ³ innovinscms47-sql.txt ³ inosoftvisin7-escalate.txt ³ interphoto230-shell.txt ³ invasordiagonalcms10-xss.txt ³ iqmedyacms20-xss.txt ³ islamcms10-exec.txt ³ joomlajlexgb164-xss.txt ³ joomlajlexreview601-xss.txt ³ jorani103-xss.txt ³ jorani_path_trav.rb.txt ³ juniper-rce_cve-2023-36844-main.zip ³ KIS-2023-05.txt ³ KIS-2023-06.txt ³ KIS-2023-07.txt ³ KIS-2023-08.txt ³ KIS-2023-09.txt ³ KL-001-2023-001.txt ³ KL-001-2023-002.txt ³ KL-001-2023-003.txt ³ kolibri20-overflow.txt ³ lucee54217-xss.txt ³ maltrail053-exec.txt ³ maltrail_rce.rb.txt ³ metabase_setup_token_rce.rb.txt ³ moosocial318-xss.txt ³ odlm10-sql.txt ³ oidg10-sqlshell.txt ³ outsystemsss115330-dllhijack.txt ³ ovoompcms333-sql.txt ³ ozekismsgateway103208-fileread.txt ³ perchcms32-xss.txt ³ phoenixctcc2-xssdos.txt ³ phpjabbersbds32-xssxsrf.txt ³ phpjabbersprs10-xss.txt ³ phpjabbersvrs40-xsrf.txt ³ phpjabc50-xss.txt ³ phpjbrs11-sql.txt ³ phpjbrs11-xss.txt ³ phpjcb10-xss.txt ³ phpjncb10-xss.txt ³ phpjrpb20-xss.txt ³ phpjsbs10-xss.txt ³ phpjservicebs10-xss.txt ³ phpjtb20-xss.txt ³ phpvalleymj201-idor.txt ³ pyrocms39-ssti.txt ³ raspap_rce.rb.txt ³ requestsbaskets121-ssrf.txt ³ reyeeos12041614-mitm.txt ³ savantws31-overflow.txt ³ shellypro4pm0110-bypass.txt ³ socialcommerce316-xss.txt ³ spacartecomcm1903-sql.txt ³ spacartecomcms1903-xss.txt ³ subrion_cms_file_upload_rce.rb.txt ³ SYSS-2022-052.txt ³ SYSS-2022-054.txt ³ SYSS-2022-055.txt ³ SYSS-2023-011.txt ³ systemd246-escalate.txt ³ taskhubcrmtool286-sql.txt ³ tplinkarcherax21-exec.txt ³ TRSA-2303-01.txt ³ tsplus1600-insecure.txt ³ tsplus1600f-insecure.txt ³ tsplus160214-inscure.txt ³ urlums30-sql.txt ³ urlums30-xss.txt ³ uvdesk113-shell.txt ³ uvdesk114-xss.txt ³ videoflixcms13-insecure.txt ³ videoplay130-insecure.txt ³ videoprocms20-insecure.txt ³ videowhisperconf101-xss.txt ³ virtualsnipersdms10-sql.txt ³ virtuescpanelcms10-sql.txt ³ virtuscpanelcms10-sql.txt ³ vnms22-insecure.txt ³ vocbseco13-disclose.txt ³ voodochat13-xss.txt ³ voodoochat10rc1b-disclose.txt ³ wchat16-htmlinject.txt ³ webcalendar13-xsrf.txt ³ webcodercms10-sql.txt ³ webcomcms10-sql.txt ³ webeditioncms2988-exec.txt ³ webeditioncms2988-xss.txt ³ webincorpcms10-xss.txt ³ webinstamm13-disclose.txt ³ webportalpeoplecms28-redirect.txt ³ webportalpeoplecms28-xss.txt ³ webstock30-idor.txt ³ webutler32-shell.txt ³ webwizforums1206-disclose.txt ³ webwizforums1206-sql.txt ³ wolfcms081-addadmin.txt ³ wondercms06beta-rfi.txt ³ wpadihavatp23-sql.txt ³ wpadivahatravel23-xss.txt ³ wpcore562-xpath.txt ³ wpdfc17012-escalate.txt ³ wpeventoncalendar44-idor.txt ³ wpeventoncalendar44post-idor.txt ³ wpforminator1246-shell.txt ³ wpninjaforms3625-xss.txt ³ wppgswi377-bypass.txt ³ wpwpm264-escalate.txt ³ xlightftp3936-overflow.txt ³ xzengine17-addadmin.txt ³ yourdoctorcms15-idor.txt ³ ZSL-2023-5782.txt ³ ZSL-2023-5783.txt ³ ZSL-2023-5784.txt ³ 202309-exploits ³ 202308-exploits.tgz ³ academylms62-sql.txt ³ academylms62-xss.txt ³ adminltepihole518-access.txt ³ apache_airflow_dag_rce.rb.txt ³ atlasvpn103-disclose.txt ³ aunair160se-xssdos.txt ³ axigen10-xss.txt ³ bbdms22-xss.txt ³ cbs10-xss.txt ³ cinemabookingsystem10-xss.txt ³ clcknshop100-sql.txt ³ clicknshop100-xss.txt ³ cszcms130-xss.txt ³ CVE-2022-44898_MSIO64_xort.zip ³ CVE-2023-28809.tgz ³ CVE-2023-34039-main.zip ³ cve_2023_28252_clfs_driver.rb.txt ³ dlinkdph400se-disclose.txt ³ drupal1012-poison.txt ³ ebc40-xss.txt ³ elasticsearch853-overflow.txt ³ ers10-sql.txt ³ eventts10-xss.txt ³ filemagegateway1109-lfi.txt ³ firefox117-dos.txt ³ fosims10-sql.txt ³ freefloatftpserver10-overflow.txt ³ fundraisingscript10-sql.txt ³ gomplayer23905360-overflow.txt ³ GS20230902130835.tgz ³ GS20230904171659.txt ³ GS20230906164848.tgz ³ GS20230908204616.tgz ³ GS20230908204945.tgz ³ GS20230911161531.tgz ³ GS20230915134449.txt ³ GS20230929143528.tgz ³ humhunb1313-shell.txt ³ imcas162-xss.txt ³ imghosting13-htmlinject.txt ³ imghosting13-sql.txt ³ imghosting13-xss.txt ³ impresscms139-redirect.txt ³ impressiontechcms14-sql.txt ³ islamntcms210-addadmin.txt ³ islamntcms210-xss.txt ³ ismilesoftcms030-addadmin.txt ³ ismilesoftcms030-xss.txt ³ italiamediaskycms20-xsrf.txt ³ italiamediaskycms20-xss.txt ³ ivantiavalanche-exec.txt ³ ivanti_avalanche_mdm_bof.rb.txt ³ ivanti_sentry_misc_log_service.rb.txt ³ iwtimaginecms10-xss.txt ³ izdelavaids20-xss.txt ³ jetbrains_teamcity_rce_cve_2023_42793.rb.txt ³ jpc2cms10-sql.txt ³ jzdcms13-xss.txt ³ kaledordcms10-sql.txt ³ kalimatangms100-xss.txt ³ karnederiamrs53-traversal.txt ³ kibana_timelion_prototype_pollution_rce.rb.txt ³ kingoroot158-unquotedpath.txt ³ kleeja154-xss.txt ³ kloans145-insecure.txt ³ kolifadownloadcms12-htmlinject.txt ³ kpkcms10-sql.txt ³ kpotstealercms20-traversal.txt ³ kylincms130-sql.txt ³ lacabane10-sql.txt ³ lamanocms20-sql.txt ³ lamanocms20-xsrf.txt ³ lamanolms01-insecure.txt ³ lexmark_faxtrace_settings.rb.txt ³ lg_simple_editor_rce.rb.txt ³ logobeecms02-xss.txt ³ luxcalec323-xsrf.txt ³ mrbs10-sql.txt ³ ncbs10-xss.txt ³ nvclient50-overflow.txt ³ opencartcms4022-bruteforce.txt ³ openplc-crash.py.txt ³ opentsdb_key_cmd_injection.rb.txt ³ opoo-shell.rb.txt ³ oraclermancf-missing.txt ³ phpshoppingcart42-sql.txt ³ playtube301-disclose.txt ³ pmms1-sql.tgz ³ SA-20230829-0.txt ³ SA-20230918-0.txt ³ shuttlebs10-sql.txt ³ solarview_unauth_rce_cve_2023_23333.rb.txt ³ sonicwall_shell_injection_cve_2023_34124.rb.txt ³ soosyze200-upload.txt ³ splunk-takeover.txt ³ superstorefinder37-exec.txt ³ syncbreeze15224-dos.txt ³ SYSS-2023-002.txt ³ taskhub287-sql.txt ³ taskjub288-xss.txt ³ techviewla5570-traversal.txt ³ totolink_unauth_rce_cve_2023_30013.rb.txt ³ vmware_vrli_rce.rb.txt ³ vnms130-insecure.txt ³ webigniter28723-shell.txt ³ webigniter28723-xss.txt ³ winrar_cve_2023_38831.rb.txt ³ win_error_cve_2023_36874.rb.txt ³ wp2fac-inject.txt ³ wpeb420-inject.txt ³ wpelementor-inject.txt ³ wpmla309-lfiexec.tgz ³ wpmylogin-bruteforce.txt ³ wpnewsletter789-xss.txt ³ wpslimstat509-xsssql.txt ³ wpstatistics1315-sql.txt ³ X41-2023-001.txt ³ ZSL-2023-5785.txt ³ ZSL-2023-5786.txt ³ ZSL-2023-5787.txt ³ ZSL-2023-5788.tgz ³ 202310-exploits ³ 2023mcs641-xss.txt ³ aicteindialms30-xss.txt ³ apache_superset_cookie_sig_rce.rb.txt ³ atcom27xx-exec.txt ³ atlassian_confluence_rce_cve_2023_22515.rb.txt ³ boidcms200-shell.txt ³ cacti1224-exec.txt ³ chicvmsl456-idor.txt ³ churchcrm454-sql.txt ³ copperminegallery1625-exec.txt ³ cpms10-shell.txt ³ CVE-2023-4966.tgz ³ dawapharma10-sql.txt ³ eclassip25-sql.txt ³ eclassjunior40-sql.txt ³ gaatitrack102023-sql.txt ³ glpigzip945-exec.txt ³ GS20231005150730.tgz ³ GS20231005153526.tgz ³ GS20231005153811.tgz ³ GS20231005154016.tgz ³ GS20231016141539.tgz ³ GS20231016145204.tgz ³ GS20231016145420.tgz ³ GS20231016145748.tgz ³ GS20231023141516.tgz ³ junos_phprc_auto_prepend_file.rb.txt ³ kibana_upgrade_assistant_telemetry_rce.rb.txt ³ KIS-2023-10.txt ³ KIS-2023-11.txt ³ KIS-2023-12.txt ³ lfis10-idor.txt ³ minio220220729-traversal.txt ³ moodle43-xss.txt ³ mswin11apds-dllhijack.txt ³ nconvert7136-overflowdos.tgz ³ openplcwebserver3-dos.txt ³ oracledbshard-disclose.txt ³ QSA-glibc.txt ³ SA-20230925-0.txt ³ SA-20230927-0.txt ³ SA-20231005-0.txt ³ smartschool641-sql.txt ³ splunk_privilege_escalation_cve_2023_32707.rb.txt ³ Squid-Security-Audit-main.zip ³ torchserver_cve_2023_43654.rb.txt ³ vmware_vrni_known_privkey.rb.txt ³ webeditioncms2988-ssrf.txt ³ wpaichatbot489-sqltraversaldelete.txt ³ wpcfg255-xss.txt ³ wpcore631-exec.txt ³ wperp1122-sql.txt ³ wpkivicare320-xss.txt ³ wplitespeedcache56-xss.txt ³ wpmasterstudylms3017-create.txt ³ wproyalelementor1378-shell.txt ³ wpsonaarmusic47-xss.txt ³ ws_ftp_rce_cve_2023_40044.rb.txt ³ xampp330-overflow.txt ³ zms10-shell.txt ³ ZSL-2023-5789.txt ³ ZSL-2023-5790.txt ³ ZSL-2023-5791.txt ³ ZSL-2023-5792.txt ³ ZSL-2023-5793.txt ³ ZSL-2023-5794.txt ³ ZSL-2023-5795.txt ³ ZSL-2023-5796.txt ³ ZSL-2023-5797.txt ³ ZSL-2023-5798.txt ³ ZSL-2023-5799.txt ³ ZSL-2023-5800.txt ³ 202311-exploits ³ ajaxpro_deserialization_rce.rb.txt ³ apache_activemq_rce_cve_2023_46604.rb.txt ³ cephoenix10820-exec.py.txt ³ cephoenix10820-exec.txt ³ cephoenix10820-xss.txt ³ cisco_ios_xe_rce.rb.txt ³ cszcms130-exec.txt ³ cszcms130-shell.txt ³ CVE-2022-3436.py.txt ³ etcdbrowser87ae63d75260-traversal.txt ³ ewb3-sql.txt ³ ezvizstudio220-dllhijack.txt ³ f5_bigip_tmui_rce_cve_2020_5902.rb.txt ³ f5_bigip_tmui_rce_cve_2023_46747.rb.txt ³ fiie386-xslt.txt ³ gaatitrackcms10-xss.txt ³ GS20231113234953.tgz ³ GS20231113235758.tgz ³ GS20231114000351.tgz ³ GS20231128154206.tgz ³ jlms102-headerinject.txt ³ loytec-multi.txt ³ loyteclinx-disclosure.txt ³ loyteclinxconfigurator7410-insecure.txt ³ magento246-xslt.txt ³ magento246-xsltssi.txt ³ magnusbilling_unauth_rce_cve_2023_30258.rb.txt ³ maximamaxpropower-replay.txt ³ oscommerce4-xss.txt ³ penglead20-sql.txt ³ Ph0s-2023-001.txt ³ Ph0s-2023-002.txt ³ Ph0s-2023-003.txt ³ Ph0s-2023-004.txt ³ Ph0s-2023-005.txt ³ phpjabbersabc50-csvinject.txt ³ phpjabbersabc50-xss.txt ³ popojicms201-exec.txt ³ pyrocms301-xss.txt ³ SA-20231122-0.txt ³ SA-20231123-0.txt ³ sbs20-xss.txt ³ SYSS-2023-019.txt ³ travel10-sql.txt ³ wpcftaa112-sql.txt ³ wpuserpro511-bypassescalate.txt ³ wp_royal_elementor_addons_rce.rb.txt ³ zoneminder_snapshots.rb.txt ³ ZSL-2023-5801.txt ³ 202312-exploits apacheofbiz181209-exec.txt atlassian_confluence_unauth_backup.rb.txt boidcms201-xss.txt cephoenixcart10820-shell.txt craftcms_unauth_rce_cve_2023_41892.rb.txt CVE-2021-21220.tgz CVE-2023-3079-escape.tgz CVE-2023-3079-main.zip CVE-2023-43641.tgz dicomsrv-conq.py.txt docker_cgroup_escape.rb.txt ES2023-01.txt ES2023-02.txt ES2023-03.txt fortiwebvm740-crash.txt gaatitrackcms10-sql.txt gilacms1154-sql.txt glibc_tunables_priv_esc.rb.txt GS20231204130056.txt GS20231208152838.tgz GS20231208153209.tgz GS20231214133522.tgz hms40-sqlxssshellupload.txt HNS-2023-04-tinydir.txt KIS-2023-13.txt KIS-2023-14.txt kopagewb4415-shell.txt kwb4415-xss.txt lrms10-disclose.txt lrms10-shell.txt majordomo-exec.txt MICROSOFT_DEFENDER_ANTI_MALWARE_POWERSHELL_API_UNINTENDED_CODE_EXECUTION.txt oscommerce4-sql.txt oscommerce41360075-shell.txt phpjabbersabc50-htmlinject.txt phpjabbersabc50-ratelimit.txt phpjabbersas30-csvinject.txt phpjabbersas30-htmlinject.txt phpjabbersas30-ratelimit.txt phpjabbersas30-xss.txt phpjabberscarrental30-csvinject.txt phpjabberscarrental30-htmlinject.txt phpjabberscarrental30-xss.txt phpjabberscr30-ratelimit.txt phpjabberssbs20-csvinject.txt phpjabberstsbc40-csvinject.txt phpjabberstsbc40-htmlinject.txt phpjabberstsbc40-ratelimit.txt phpjabberstsbc40-xss.txt SA-20231128-0.txt SA-20231205-0.txt SA-20231206-0.txt SA-20231211-0.txt SBA-ADV-20220120-01.txt shopsite140-xss.txt splunk_xslt_authenticated_rce.rb.txt Terrapin-ssh.tgz typo311524-traversal.txt v8-sandbox-escape.tgz vinchin_backup_recovery_cmd_inject.rb.txt wbcecms161-exec.txt whatacart207-xss.txt WINDOWS_POWERSHELL_SINGLE_QUOTE_CODE_EXEC_EVENT_LOG_BYPASS.txt wpbackupmigration137-exec.txt wpbravotranslate12-sql.txt wpcftaa116-xsrf.txt wpphloxpro5140-xss.txt wptextmesms190-xsrf.txt ZSL-2023-5802.txt ZSL-2023-5803.txt ZSL-2023-5804.txt ZSL-2023-5805.txt ZSL-2023-5806.txt ZSL-2023-5807.txt Download: 2023-exploits.tgz (33.4 MB) Source
  3. Kev

    Useful stuff

    https://www.facebook.com/DIYCraftsAmerica/videos/making-a-256-gb-floppy-disk/352957490661779/
  4. Shadowserver sees possible in-the-wild exploitation of a critical Apache OFBiz vulnerability tracked as CVE-2023-49070. The Shadowserver Foundation has been seeing attempts to exploit a critical vulnerability affecting the Apache OFBiz open source enterprise resource planning (ERP) system. Apache OFBiz is leveraged by several ERP and other types of projects, including the widely used Atlassian Jira issue tracking and project management software. The nonprofit cybersecurity organization Shadowserver reported seeing signs of in-the-wild exploitation for an Apache OFBiz vulnerability tracked as CVE-2023-49070 shortly after details of a different OFBiz bug, CVE-2023-51467, were disclosed by SonicWall. SonicWall, whose researchers discovered CVE-2023-51467 during a root cause analysis of CVE-2023-49070, disclosed technical details on December 26. The security firm explained that CVE-2023-51467 is the result of an incomplete patch for CVE-2023-49070. Apache OFBiz developers were notified about CVE-2023-51467 and version 18.12.11 was released last week to fix the vulnerability. The security hole can be exploited to bypass authentication and achieve server-side request forgery (SSRF), enabling the attacker to obtain sensitive information and possibly to execute arbitrary code. Proof-of-concept (PoC) exploits have been publicly available for CVE-2023-49070 (the older flaw) and the Shadowserver Foundation on Thursday reported seeing “quite a few scans” targeting the vulnerability. The organization said the available PoCs have been used to look for vulnerable systems, and later clarified that attackers have also attempted to execute arbitrary code on impacted hosts. Shadowserver has urged organizations to ensure that their systems are patched against the newer vulnerability as well. According to the internet search engine Hunter, there were 170 internet-exposed OFBiz instances in early December, but that number has now dropped to just over 70. This is not the only critical Apache vulnerability targeted by threat actors in recent weeks. Hackers have also been scanning the internet for systems affected by CVE-2023-50164, a Struts 2 flaw that allows remote code execution. It also came to light recently that an Apache ActiveMQ vulnerability tracked as CVE-2023-46604 had been exploited as a zero-day. Via securityweek.com
  5. This is a small extension script to monitor suff.py, or the Simple Universal Fortigate Fuzzer, and to collect crashlogs for future analysis. Download: suff_monitor.py.txt Mirror: #!/usr/bin/env python3 # suff_monitor.py -- basic monitoring for fuzzing scenarios (suff/burp/mutiny) # # -- updates -- # 22.11.2023 @ 02:23 :: shame init version ready to go # 21.11.2023 @ 19:18 :: log me if you can # 21.11.2023 @ 15:14 :: added: time, sleep, log2fp # 21.11.2023 @ 01:19 :: started this lame code # # idea - run suff_monitor.py against the box you're testing (fgvm): # - add time to sleep and date to log updates # - log in (so same creds as for suff.py, postauth testing, etc) # - get ver/info -> log2file # ** (should be ready at this stage, so): ** # while true: # check_diag_deb(+log2file,+a) # sleep 1 # end_of_file # # ------------- # # for more details: # https://code610.blogspot.com/2023/12/monitoring-suff.html # https://code610.blogspot.com/2023/04/fuzzing-fortigate-7.html # https://github.com/c610/free/blob/master/suff-v0.1.py # https://github.com/c610/free/blob/master/fg7stack_poc.py # # from netmiko import Netmiko import sys,os import time import paramiko ################### ############## ######## #### ## # fplog = open('saveme.log','+a') command = 'diag debug crashlog show' # did you enable logs in your FGVM? def connect_to_crashlog(): # set up for the target try: fw_01 = { 'host':'192.168.56.231', 'username':'admin', 'password':'P@ssw0rd', 'device_type':'fortinet', 'timeout':3 } net_connect = Netmiko( **fw_01 ) print("+ Connected to FG!") print("+ logfile: savethis.log") fplog.write('----starting suff_monitor.py ----\n') fplog.write(net_connect) fplog.write('\n-- results below: --\n') # if we're connected: check diag debug crashlog (or any other you'd like to) send_logcheck_cfg = net_connect.send_config_set( command ) fplog.write(send_logcheck_cfg) fplog.write('\n---- next while loop ----\n') print("+ looks like we just sent this command:\n\t%s\n\n" % send_logcheck_cfg ) print("send_init_cfg finished") ## check crashlog finished except paramiko.ssh_exception.SSHException as e: print(" > connection error: %s" % e) except ConnectionResetError as e: print("> connection error2: %s" % e) except UnboundLocalError as e: print("UnboundLocalError: local variable 'net_connect' referenced before assignment") print("> unbound variable error: %s" % e) ## end of connect_to_crashlog() # ########## #### main ########## print('y0;[') print('starting: connect_to_crashlog()') while True: print('debug: connect_to_crashlog() starting...') connect_to_crashlog() print("... sleeping 1...") time.sleep(1) print('sleep done. next True iter...') #### print("finished main()") Source
  6. Posibil sa le gasesti pe aici. Spor la treabă!
  7. CMS theme detector. O cumperi.
  8. A sarit din slot. Thanks
  9. Salut? Am avut si in trecut aceasta problema insa acum a cazut desktop-ul de pe birou, primesc aceeasi eroare, sunt 3 beep-uri primul din lista este bateria, al doilea din lista cu 3 beep-ri este ca se poate fi ars un tranzistor ceva. Intrebarea ar fi: se potrivesc bateriile de la Acer, Lenovo, DELL si viceversa? Cumpar si pasta daca e cazut. Stima
  10. Daca nu e furat ai support https://www.getac.com/intl/help-support/getac-system-recovery/
  11. Salut, caut de ceva timp o aplicatoie call changing voice in timp real de la Madonna pana la Optimus Prime, in timp real, free, ce am gasit in G store sunt doar recordere si fake call... Stiu sigur ca sunt, m-a sunat un tovaras sa me intalnim la suc... Multumesc
  12. TrafficWatch TrafficWatch, a packet sniffer tool, allows you to monitor and analyze network traffic from PCAP files. It provides insights into various network protocols and can help with network troubleshooting, security analysis, and more. Protocol-specific packet analysis for ARP, ICMP, TCP, UDP, DNS, DHCP, HTTP, SNMP, LLMNR, and NetBIOS. Packet filtering based on protocol, source IP, destination IP, source port, destination port, and more. Summary statistics on captured packets. Interactive mode for in-depth packet inspection. Timestamps for each captured packet. User-friendly colored output for improved readability. Requirements Python 3.x scapy argparse pyshark colorama Installation Clone the repository: git clone https://github.com/HalilDeniz/TrafficWatch.git Navigate to the project directory: cd TrafficWatch Install the required dependencies: pip install -r requirements.tx Usage python3 trafficwatch.py --help usage: trafficwatch.py [-h] -f FILE [-p {ARP,ICMP,TCP,UDP,DNS,DHCP,HTTP,SNMP,LLMNR,NetBIOS}] [-c COUNT] Packet Sniffer Tool options: -h, --help show this help message and exit -f FILE, --file FILE Path to the .pcap file to analyze -p {ARP,ICMP,TCP,UDP,DNS,DHCP,HTTP,SNMP,LLMNR,NetBIOS}, --protocol {ARP,ICMP,TCP,UDP,DNS,DHCP,HTTP,SNMP,LLMNR,NetBIOS} Filter by specific protocol -c COUNT, --count COUNT Number of packets to display To analyze packets from a PCAP file, use the following command: python trafficwatch.py -f path/to/your.pcap To specify a protocol filter (e.g., HTTP) and limit the number of displayed packets (e.g., 10), use: python trafficwatch.py -f path/to/your.pcap -p HTTP -c 10 Options -f or --file: Path to the PCAP file for analysis. -p or --protocol: Filter packets by protocol (ARP, ICMP, TCP, UDP, DNS, DHCP, HTTP, SNMP, LLMNR, NetBIOS). -c or --count: Limit the number of displayed packets. Contributing Contributions are welcome! If you want to contribute to TrafficWatch, please follow our contribution guidelines. Contact If you have any questions, comments, or suggestions about Dosinator, please feel free to contact me: LinkedIn: Halil Ibrahim Deniz TryHackMe: Halilovic Instagram: deniz.halil333 YouTube: Halil Deniz Email: halildeniz313@gmail.com License This project is licensed under the MIT License. Download: TrafficWatch-main.zip or git clone https://github.com/HalilDeniz/TrafficWatch.git Source
      • 2
      • Upvote
  13. This archive contains all of the 305 exploits added to Packet Storm in August, 2023. Content: Directory of 2308-exploits 09/04/2023 06:53 AM <DIR> . 09/04/2023 06:53 AM <DIR> .. 08/07/2023 06:56 PM 1,403 aca2140-disclose.txt 08/03/2023 05:00 PM 1,173 academylms60-xss.txt 08/21/2023 07:23 PM 1,678 academylms61-uploadxss.txt 08/04/2023 05:46 PM 1,336 adisconloganalyzer4113-xss.txt 08/14/2023 08:13 PM 5,303 advantecheki12-xss.txt 08/01/2023 07:36 PM 1,353 amss61-sql.txt 08/08/2023 06:30 PM 1,354 amss611-sql.txt 08/30/2023 06:12 PM 11,046 apache_nifi_h2_rce.rb.txt 08/15/2023 06:20 PM 651 bdms10-xss.txt 08/25/2023 10:02 PM 2,139 bds32-sql.txt 08/14/2023 07:58 PM 1,725 bookingwizz601-disclose.txt 08/04/2023 05:39 PM 3,338 campcodesomws33-xss.txt 08/02/2023 06:49 PM 1,237 cca30-sql.txt 08/21/2023 07:19 PM 860 cct95-addadmin.txt 08/02/2023 06:47 PM 5,652 cdpiws325-xsrf.txt 08/24/2023 05:27 PM 7,835 chamilo_unauth_rce_cve_2023_34960.rb.txt 08/09/2023 06:39 PM 1,636 chatonesnps16-addadmin.txt 08/09/2023 06:39 PM 1,410 cheveretocms370-sql.txt 08/04/2023 06:49 PM 5,348 citrix_formssso_target_rce.rb.txt 08/01/2023 07:37 PM 1,203 cityvarietycms12-sql.txt 08/01/2023 07:38 PM 1,414 cityvarietylms22-xss.txt 08/07/2023 06:15 PM 1,533 cms351-sql.txt 08/08/2023 06:36 PM 1,436 cmsbmgii40-sql.txt 08/07/2023 06:25 PM 1,526 cmsbmgii40-xss.txt 08/07/2023 06:30 PM 1,568 cmsgeneticscentre401-sql.txt 08/02/2023 06:23 PM 1,539 cmspro50-sql.txt 08/01/2023 07:27 PM 1,699 cmssite10-escalate.txt 08/01/2023 07:25 PM 2,326 cmsusina223-xsrf.txt 08/01/2023 07:28 PM 1,574 codoforum34-upload.txt 08/07/2023 06:10 PM 1,717 codoforum521-upload.txt 08/01/2023 07:29 PM 1,575 comfexcms2010-sql.txt 08/02/2023 06:24 PM 1,609 comfexcms2010-xss.txt 08/01/2023 07:33 PM 1,433 composeitcms20-secrets.txt 08/02/2023 06:28 PM 1,545 composeitcms20-sql.txt 08/01/2023 07:33 PM 1,533 conferencemgmtsys351-sql.txt 08/01/2023 07:35 PM 1,540 connectixboards052-rfi.txt 08/02/2023 06:33 PM 1,559 connectixboards052-sql.txt 08/01/2023 07:41 PM 1,190 cooladmin120-sqlbypass.txt 08/02/2023 06:45 PM 1,624 couponscms400-redirect.txt 08/07/2023 06:24 PM 1,624 couponscms600-redirect.txt 08/09/2023 06:41 PM 1,624 couponscms700-redirect.txt 08/04/2023 06:16 PM 5,150 courierdeprixa25-xsrf.txt 08/02/2023 06:49 PM 1,631 cpcms102-xss.txt 08/22/2023 06:12 PM 1,934 cpg10-sql.txt 08/02/2023 07:09 PM 2,041 cpgpr8120-exec.txt 08/21/2023 07:21 PM 1,824 creditlite154-sql.txt 08/02/2023 06:50 PM 1,600 crmea90-traversal.txt 08/02/2023 06:51 PM 1,350 cryptolivecms10-sql.txt 08/15/2023 05:19 PM 1,573 csccms100-insecure.txt 08/07/2023 06:33 PM 1,527 csccms100-sql.txt 08/02/2023 06:45 PM 1,933 ctvdc142-download.txt 08/07/2023 06:33 PM 1,903 cvanavdawcms01-xss.txt 08/07/2023 06:35 PM 1,491 cyberinfinitecms10-sql.txt 08/09/2023 06:49 PM 1,679 dabcms100-xss.txt 08/08/2023 06:26 PM 2,387 datadrivencms041-disclose.txt 08/07/2023 06:54 PM 1,508 datalifeengine10-sql.txt 08/09/2023 06:44 PM 1,568 datoocds10-htmlinject.txt 08/15/2023 05:20 PM 1,448 datoocds10-insecure.txt 08/14/2023 07:54 PM 1,646 dbcinfotechcms20-reinstall.txt 08/07/2023 06:53 PM 1,557 dbcompcms12-xss.txt 08/09/2023 06:48 PM 1,402 dbgcms10-xss.txt 08/09/2023 06:47 PM 1,375 deprixa325-sql.txt 08/10/2023 05:31 PM 5,425 deprixa325-xsrf.txt 08/10/2023 05:33 PM 1,623 desenvolvidoc3imcms20-xss.txt 08/09/2023 06:51 PM 2,580 dexxcmshsb223-upload.txt 08/04/2023 06:04 PM 1,080 dieboldnvvc531-dllhijack.txt 08/11/2023 03:54 PM 1,610 digasell100-xss.txt 08/10/2023 05:38 PM 1,579 digiaselldsphps100-sql.txt 08/10/2023 05:41 PM 1,505 digishacms127-sql.txt 08/10/2023 05:43 PM 1,817 dmiscrilms20-sql.txt 08/10/2023 05:42 PM 1,381 doktephpsnp118-xss.txt 08/22/2023 06:19 PM 2,049 dolibarr1701-xss.txt 08/10/2023 05:33 PM 1,245 domacms10-xss.txt 08/22/2023 06:05 PM 2,068 doorgets12-disclose.txt 08/24/2023 05:09 PM 1,929 doorgetscms12-shell.txt 08/15/2023 05:23 PM 1,963 doorgetscms70-shell.txt 08/21/2023 07:07 PM 2,068 doorgetscms70admin-disclose.txt 08/08/2023 06:31 PM 4,547 doubleclickadmin1-xsrf.txt 08/10/2023 05:45 PM 1,600 driverpacksolutioncms1711108-xss.txt 08/10/2023 06:00 PM 2,535 dynamicjournalcms25-disclose.txt 08/10/2023 05:59 PM 1,560 e2distrcms2853-disclose.txt 08/31/2023 06:24 PM 18,046 eabws16-overflowxss.txt 08/14/2023 07:16 PM 1,360 easy2pilot7-sql.txt 08/11/2023 03:57 PM 1,517 easymemberpro30-idor.txt 08/14/2023 07:34 PM 2,052 easypxcms060204-xss.txt 08/14/2023 07:34 PM 8,071 ebizcms20-xsrf.txt 08/14/2023 07:56 PM 1,502 ecommgrowiseicms2-insecure.txt 08/14/2023 07:38 PM 1,445 ecommresp12-idor.txt 08/14/2023 07:39 PM 1,663 edencms102-xss.txt 08/15/2023 06:07 PM 3,435 efuncms50-xml.txt 08/08/2023 06:32 PM 1,249 ehatocms10-redirect.txt 08/09/2023 06:53 PM 1,400 ehatocms10-xss.txt 08/15/2023 06:09 PM 1,352 eitubeyoutubeapi3-sql.txt 08/16/2023 07:16 PM 1,589 eitubeyoutubeapi3-xss.txt 08/15/2023 06:09 PM 1,418 ejournalhomoeocms203-sql.txt 08/21/2023 07:09 PM 2,891 elevelcms10-sql.txt 08/15/2023 06:15 PM 1,533 elitecmspro201-sql.txt 08/15/2023 06:15 PM 1,246 elitius10-disclose.txt 08/21/2023 07:02 PM 1,592 emaarreagds57-shell.txt 08/09/2023 07:08 PM 1,133 emagicdcms60-exec.txt 08/16/2023 07:19 PM 1,612 emhcms01-xss.txt 08/08/2023 06:35 PM 1,426 emiswebschoolcms1-sql.txt 08/08/2023 06:37 PM 1,369 eneblurcms10-sql.txt 08/22/2023 05:58 PM 1,449 enmsagl116-disclose.txt 08/14/2023 08:05 PM 4,779 enum_azuresubdomains.rb.txt 08/16/2023 07:19 PM 1,639 epartenairelms100-xss.txt 08/11/2023 03:59 PM 1,475 epm11-disclose.txt 08/15/2023 06:11 PM 1,573 epmcrm31-insecure.txt 08/16/2023 07:20 PM 2,462 erimupload4-disclose.txt 08/16/2023 07:14 PM 1,579 etiscrm17-sql.txt 08/15/2023 05:27 PM 1,571 etiscrm17-traversal.txt 08/14/2023 07:39 PM 1,922 etiscrm17-xss.txt 08/21/2023 07:14 PM 1,588 eventlocationscms101-shell.txt 08/16/2023 07:21 PM 1,384 eventlocationscms101-xss.txt 08/16/2023 07:21 PM 1,452 evsanatiradyo10-insecure.txt 08/21/2023 07:15 PM 2,037 evsanatiradyo10-shell.txt 08/16/2023 07:23 PM 2,552 ewncms40-disclose.txt 08/11/2023 04:02 PM 1,603 ewp211-xss.txt 08/21/2023 07:17 PM 1,457 faramelkestatecms150-disclose.txt 08/23/2023 04:28 PM 1,492 fasttechcms10-sql.txt 08/24/2023 05:10 PM 3,856 fasttechcms10-xsrf.txt 08/22/2023 06:04 PM 1,827 fireshopacms23-upload.txt 08/22/2023 06:06 PM 1,621 fixbookrsmt22-disclose.txt 08/23/2023 04:30 PM 1,607 fixbookrsmt30-disclose.txt 08/11/2023 04:07 PM 1,361 flatapppad10-sql.txt 08/22/2023 06:07 PM 1,599 fleetcartles112-insecure.txt 08/22/2023 06:08 PM 1,657 flightpathlms482-idor.txt 08/23/2023 04:31 PM 1,714 flightpathlms482-xss.txt 08/24/2023 05:10 PM 1,657 flightpathlms50rc2-idor.txt 08/28/2023 05:30 PM 1,581 flightpathlms50rc2-xss.txt 08/22/2023 06:13 PM 1,479 fluentcms100-sql.txt 08/22/2023 06:00 PM 1,620 fmits20-sql.txt 08/22/2023 06:15 PM 1,511 foccuswebcms01-xss.txt 08/22/2023 06:15 PM 1,821 fogforum08-xss.txt 08/23/2023 04:37 PM 1,572 foodieecms101-idor.txt 08/23/2023 04:36 PM 1,688 foodieeofowa100-insecure.txt 08/29/2023 06:49 PM 1,705 foodieeofowa100-xss.txt 08/23/2023 04:48 PM 1,568 formalms14-disclose.txt 08/23/2023 04:49 PM 1,879 forumfiresoftboard030-xss.txt 08/23/2023 04:50 PM 1,474 freshrss1111-htmlinject.txt 08/25/2023 09:50 PM 1,723 gdi20-htmlinject.txt 08/28/2023 05:30 PM 1,746 gdi20-xss.txt 08/01/2023 07:44 PM 3,458 gdm2522-overflow.txt 08/23/2023 04:52 PM 1,617 geeklog210b1-disclose.txt 08/24/2023 05:26 PM 1,627 geeklog210b1-sql.txt 08/23/2023 04:52 PM 1,504 gensecurity40-sql.txt 08/24/2023 05:26 PM 1,701 gensecurity40-xss.txt 08/25/2023 09:49 PM 2,200 getsimplecms332-xss.txt 08/25/2023 09:47 PM 1,301 ggcorporatecms10-sql.txt 08/23/2023 04:50 PM 1,520 ggcorporatecms10-xss.txt 08/22/2023 06:11 PM 1,940 gmsmse10-sql.txt 08/08/2023 06:54 PM 795 gnomefiles434-escalate.txt 08/29/2023 07:54 PM 6,438 gomplayer23905360-mitm.txt 08/24/2023 05:25 PM 1,472 gracehrm103-traversal.txt 08/25/2023 09:53 PM 1,392 gravigracms10-sql.txt 08/29/2023 08:02 PM 1,785 grawlix151-xss.txt 08/25/2023 09:54 PM 1,655 grawlixcms111-xss.txt 08/17/2023 06:40 PM 2,367 greenshot_deserialize_cve_2023_34634.rb.txt 08/11/2023 04:06 PM 1,224 greeva20-sql.txt 08/25/2023 09:55 PM 1,563 groupoffice3421-traversal.txt 08/10/2023 06:19 PM 5,344 GS20230810151726.tgz 08/10/2023 06:23 PM 4,814 GS20230810152050.tgz 08/10/2023 06:26 PM 4,464 GS20230810152505.tgz 08/10/2023 06:29 PM 4,823 GS20230810152741.tgz 08/18/2023 05:28 PM 4,143 GS20230818142737.tgz 08/25/2023 09:56 PM 1,610 gustorecipesmgmt151-insecure.txt 08/28/2023 05:31 PM 1,660 gustorecipesmgmt151-xss.txt 08/16/2023 07:16 PM 8,039 h2_webinterface_rce.rb.txt 08/28/2023 05:31 PM 1,505 haascms10-xss.txt 08/28/2023 05:33 PM 1,523 haraj11-addadmin.txt 08/29/2023 06:44 PM 1,797 hasanmwb1-addadmin.txt 08/28/2023 05:33 PM 1,450 hasanmwb1-xss.txt 08/11/2023 04:08 PM 1,341 hellogtxtpcrm16-idor.txt 08/28/2023 05:34 PM 1,613 hesktrlcms1-xss.txt 08/28/2023 05:37 PM 1,366 highpluscms013-sql.txt 08/29/2023 06:45 PM 1,872 hloun100-insecure.txt 08/28/2023 05:40 PM 1,688 hmsrps157-xss.txt 08/28/2023 05:34 PM 1,409 hospitalhms2-sql.txt 08/28/2023 05:36 PM 1,617 hospitalhms27-sql.txt 08/29/2023 06:43 PM 1,409 hpboost40-addadmin.txt 08/29/2023 06:48 PM 1,517 hrmsaas219-insecure.txt 08/29/2023 06:50 PM 1,366 hsbookingcms279-sql.txt 08/29/2023 06:51 PM 1,925 hudaallahlinkercms10-xss.txt 08/29/2023 06:52 PM 1,659 humanresourcepms14-disclose.txt 08/29/2023 06:56 PM 1,643 humbertocaldascms013-xss.txt 08/29/2023 07:34 PM 1,535 humhub1313-traversal.txt 08/16/2023 07:31 PM 1,635 hyiprio21-upload.txt 08/11/2023 04:08 PM 1,430 i2softcms20-idor.txt 08/29/2023 07:35 PM 1,716 ibillingcrm450-idor.txt 08/29/2023 07:36 PM 2,404 igallery34db-disclose.txt 08/29/2023 07:37 PM 1,411 imaxcms10-sql.txt 08/29/2023 07:37 PM 1,613 imghosting12-xss.txt 08/31/2023 06:09 PM 1,502 innovinscms47-sql.txt 08/22/2023 06:23 PM 1,824 inosoftvisin7-escalate.txt 08/31/2023 06:04 PM 1,875 interphoto230-shell.txt 08/31/2023 06:05 PM 1,399 invasordiagonalcms10-xss.txt 08/30/2023 06:16 PM 1,585 iqmedyacms20-xss.txt 08/31/2023 06:05 PM 1,625 islamcms10-exec.txt 08/02/2023 06:58 PM 918 joomlajlexgb164-xss.txt 08/01/2023 08:42 PM 1,027 joomlajlexreview601-xss.txt 08/28/2023 05:39 PM 3,711 jorani103-xss.txt 08/21/2023 07:29 PM 5,356 jorani_path_trav.rb.txt 08/30/2023 06:01 PM 2,888 juniper-rce_cve-2023-36844-main.zip 08/23/2023 04:59 PM 1,592 KIS-2023-05.txt 08/23/2023 05:00 PM 1,610 KIS-2023-06.txt 08/23/2023 05:02 PM 3,683 KIS-2023-07.txt 08/23/2023 05:04 PM 1,768 KIS-2023-08.txt 08/23/2023 05:05 PM 1,495 KIS-2023-09.txt 08/18/2023 05:42 PM 6,778 KL-001-2023-001.txt 08/18/2023 05:44 PM 8,470 KL-001-2023-002.txt 08/18/2023 05:50 PM 6,545 KL-001-2023-003.txt 08/04/2023 06:00 PM 3,767 kolibri20-overflow.txt 08/09/2023 06:55 PM 1,907 lucee54217-xss.txt 08/11/2023 04:13 PM 1,142 maltrail053-exec.txt 08/17/2023 06:37 PM 4,233 maltrail_rce.rb.txt 08/09/2023 07:12 PM 6,152 metabase_setup_token_rce.rb.txt 08/07/2023 06:56 PM 875 moosocial318-xss.txt 08/01/2023 07:42 PM 1,809 odlm10-sql.txt 08/31/2023 06:08 PM 1,435 oidg10-sqlshell.txt 08/11/2023 04:09 PM 687 outsystemsss115330-dllhijack.txt 08/22/2023 06:10 PM 1,362 ovoompcms333-sql.txt 08/04/2023 06:05 PM 660 ozekismsgateway103208-fileread.txt 08/02/2023 07:02 PM 1,179 perchcms32-xss.txt 08/14/2023 08:08 PM 5,649 phoenixctcc2-xssdos.txt 08/22/2023 06:18 PM 971 phpjabbersbds32-xssxsrf.txt 08/31/2023 06:13 PM 1,944 phpjabbersprs10-xss.txt 08/09/2023 06:58 PM 1,110 phpjabbersvrs40-xsrf.txt 08/03/2023 04:47 PM 965 phpjabc50-xss.txt 08/03/2023 05:09 PM 1,789 phpjbrs11-sql.txt 08/03/2023 04:49 PM 954 phpjbrs11-xss.txt 08/03/2023 04:56 PM 876 phpjcb10-xss.txt 08/03/2023 04:54 PM 895 phpjncb10-xss.txt 08/03/2023 04:57 PM 905 phpjrpb20-xss.txt 08/03/2023 04:53 PM 748 phpjsbs10-xss.txt 08/03/2023 04:54 PM 884 phpjservicebs10-xss.txt 08/03/2023 04:57 PM 869 phpjtb20-xss.txt 08/29/2023 06:47 PM 1,495 phpvalleymj201-idor.txt 08/09/2023 07:10 PM 2,642 pyrocms39-ssti.txt 08/15/2023 06:32 PM 3,534 raspap_rce.rb.txt 08/11/2023 04:11 PM 1,417 requestsbaskets121-ssrf.txt 08/04/2023 05:51 PM 8,952 reyeeos12041614-mitm.txt 08/03/2023 04:58 PM 3,053 savantws31-overflow.txt 08/04/2023 05:45 PM 2,123 shellypro4pm0110-bypass.txt 08/07/2023 06:57 PM 1,211 socialcommerce316-xss.txt 08/28/2023 05:44 PM 1,248 spacartecomcm1903-sql.txt 08/28/2023 05:43 PM 1,018 spacartecomcms1903-xss.txt 08/04/2023 06:50 PM 7,695 subrion_cms_file_upload_rce.rb.txt 08/16/2023 07:48 PM 6,878 SYSS-2022-052.txt 08/16/2023 07:51 PM 6,276 SYSS-2022-054.txt 08/16/2023 07:44 PM 7,781 SYSS-2022-055.txt 08/04/2023 06:54 PM 5,269 SYSS-2023-011.txt 08/11/2023 04:14 PM 663 systemd246-escalate.txt 08/22/2023 06:09 PM 1,292 taskhubcrmtool286-sql.txt 08/11/2023 04:16 PM 2,860 tplinkarcherax21-exec.txt 08/01/2023 08:43 PM 4,404 TRSA-2303-01.txt 08/22/2023 06:28 PM 2,228 tsplus1600-insecure.txt 08/22/2023 06:30 PM 4,677 tsplus1600f-insecure.txt 08/22/2023 06:35 PM 4,997 tsplus160214-inscure.txt 08/24/2023 05:20 PM 989 urlums30-sql.txt 08/24/2023 05:22 PM 1,067 urlums30-xss.txt 08/01/2023 08:16 PM 1,646 uvdesk113-shell.txt 08/24/2023 05:19 PM 6,586 uvdesk114-xss.txt 08/08/2023 06:40 PM 1,351 videoflixcms13-insecure.txt 08/04/2023 06:09 PM 1,353 videoplay130-insecure.txt 08/04/2023 03:22 PM 1,345 videoprocms20-insecure.txt 08/08/2023 06:42 PM 1,078 videowhisperconf101-xss.txt 08/04/2023 05:58 PM 1,319 virtualsnipersdms10-sql.txt 08/08/2023 06:38 PM 1,231 virtuescpanelcms10-sql.txt 08/04/2023 05:58 PM 1,231 virtuscpanelcms10-sql.txt 08/08/2023 06:47 PM 1,328 vnms22-insecure.txt 08/04/2023 05:48 PM 1,172 vocbseco13-disclose.txt 08/08/2023 06:38 PM 1,376 voodochat13-xss.txt 08/04/2023 05:54 PM 1,172 voodoochat10rc1b-disclose.txt 08/09/2023 06:38 PM 1,633 wchat16-htmlinject.txt 08/03/2023 04:56 PM 9,552 webcalendar13-xsrf.txt 08/03/2023 04:56 PM 1,165 webcodercms10-sql.txt 08/03/2023 04:55 PM 1,326 webcomcms10-sql.txt 08/04/2023 06:14 PM 3,228 webeditioncms2988-exec.txt 08/04/2023 06:15 PM 2,709 webeditioncms2988-xss.txt 08/03/2023 04:50 PM 1,277 webincorpcms10-xss.txt 08/03/2023 04:34 PM 1,192 webinstamm13-disclose.txt 08/04/2023 05:42 PM 1,614 webportalpeoplecms28-redirect.txt 08/07/2023 06:12 PM 1,623 webportalpeoplecms28-xss.txt 08/04/2023 05:41 PM 1,360 webstock30-idor.txt 08/04/2023 06:13 PM 1,280 webutler32-shell.txt 08/07/2023 06:12 PM 2,267 webwizforums1206-disclose.txt 08/04/2023 05:41 PM 1,207 webwizforums1206-sql.txt 08/03/2023 04:31 PM 1,445 wolfcms081-addadmin.txt 08/03/2023 04:28 PM 1,492 wondercms06beta-rfi.txt 08/03/2023 05:14 PM 1,085 wpadihavatp23-sql.txt 08/04/2023 06:33 PM 950 wpadivahatravel23-xss.txt 08/15/2023 06:03 PM 1,534 wpcore562-xpath.txt 08/22/2023 06:38 PM 4,160 wpdfc17012-escalate.txt 08/04/2023 06:20 PM 627 wpeventoncalendar44-idor.txt 08/04/2023 03:02 PM 744 wpeventoncalendar44post-idor.txt 08/04/2023 06:04 PM 2,860 wpforminator1246-shell.txt 08/04/2023 06:19 PM 5,791 wpninjaforms3625-xss.txt 08/01/2023 08:40 PM 4,751 wppgswi377-bypass.txt 08/10/2023 06:06 PM 4,414 wpwpm264-escalate.txt 08/04/2023 06:23 PM 1,001 xlightftp3936-overflow.txt 08/03/2023 04:27 PM 1,465 xzengine17-addadmin.txt 08/03/2023 04:26 PM 1,411 yourdoctorcms15-idor.txt 08/09/2023 07:14 PM 1,706 ZSL-2023-5782.txt 08/09/2023 07:18 PM 1,801 ZSL-2023-5783.txt 08/09/2023 07:19 PM 1,706 ZSL-2023-5784.txt 306 File(s) 683,391 bytes 2 Dir(s) 22,110,568,448 bytes free Download: 202308-exploits.tgz (197.4 KB) Source
  14. Zen 2 flaw more simple than Spectre, exploit code already out there – get patching when you can AMD has started issuing some patches for its processors affected by a serious silicon-level bug dubbed Zenbleed that can be exploited by rogue users and malware to steal passwords, cryptographic keys, and other secrets from software running on a vulnerable system. Zenbleed affects Ryzen and Epyc Zen 2 chips, and can be abused to swipe information at a rate of at least 30Kb per core per second. That's practical enough for someone on a shared server, such as a cloud-hosted box, to spy on other tenants. Exploiting Zenbleed involves abusing speculative execution, though unlike the related Spectre family of design flaws, the bug is pretty easy to exploit. It is more on a par with Meltdown. Malware already running on a system, or a rogue logged-in user, can exploit Zenbleed without any special privileges and inspect data as it is being processed by applications and the operating system, which can include sensitive secrets, such as passwords. It's understood a malicious webpage, running some carefully crafted JavaScript, could quietly exploit Zenbleed on a personal computer to snoop on this information. The vulnerability was highlighted today by Google infosec guru Tavis Ormandy, who discovered the data-leaking vulnerability while fuzzing hardware for flaws, and reported it to AMD in May. Ormandy, who acknowledged some of his colleagues for their help in investigating the security hole, said AMD intends to address the flaw with microcode upgrades, and urged users to "please update" their vulnerable machines as soon as they are able to. Proof-of-concept exploit code, produced by Ormandy, is available here, and we've confirmed it works on a Zen 2 Epyc server system when running on the bare metal. While the exploit runs, it shows off the sensitive data being processed by the box, which can appear in fragments or in whole depending on the code running at the time. If you stick any emulation layer in between, such as Qemu, then the exploit understandably fails. What's hit? The bug affects all AMD Zen 2 processors including the following series: Ryzen 3000; Ryzen Pro 3000; Ryzen Threadripper 3000; Ryzen 4000 Pro; Ryzen 4000, 5000, and 7020 with Radeon Graphics; and Epyc Rome datacenter processors. AMD today issued a security advisory here, using the identifiers AMD-SB-7008 and CVE-2023-20593 to track the vulnerability. The chip giant scored the flaw as a medium severity one, describing it as a "cross-process information leak." A microcode patch for Epyc 7002 processors is available now. As for the rest of its affected silicon: AMD is targeting December 2023 for updates for desktop systems (eg, Ryzen 3000 and Ryzen 4000 with Radeon); October for high-end desktops (eg, Threadripper 3000); November and December for workstations (eg, Threadripper Pro 3000); and November to December for mobile (laptop-grade) Ryzens. Shared systems are the priority, it would seem, which makes sense given the nature of the design blunder. Ormandy noted at least some microcode updates from AMD are making their way into the Linux kernel. OpenBSD has some details here. Our advice is to keep an eye out for AMD's Zenbleed microcode updates, and for any security updates for your operating system, and apply them as necessary when available. There's no word yet on whether there will be a performance hit from installing these but we can imagine it'll mostly depend on your workloads. There is a workaround in the meantime, which Ormandy set out in his write-up of the bug (archived copy as his site was being pummeled with traffic earlier). This involves setting a control bit that disables some functionality that prevents exploitation. We imagine this dials back some of the speculative execution required to exploit Zenbleed, and this may cause some kind of performance hit. How does the bug work? For the full technical details, see the above write-up. But we'll summarize it here; understanding of how CPU cores work at the machine-code level is useful here. As a modern x86 processor family, AMD's Zen 2 chips offer vector registers, a bunch of long registers for performing operations. These vector registers are used by applications and operating systems to do all kinds of things, such as doing math operations and processing strings. As such these registers have all sorts of data flying through them, including passwords and keys. There is an instruction called vzeroupper [AMD PDF, page 860] that zeroes some of these vector registers, and it's used in OS and application library routines that are invoked hundreds or thousands of times a second by all processor cores in a box. For example, the strlen() function uses vzeroupper, and that's called quite a lot. When AMD's chips execute vzeroupper, they simply mark the affected registers as zero by setting a special bit, and then allow those registers to be used for other operations. If vzeroupper is speculatively executed – the processor anticipates it will need to run that instruction – it sets this zero bit and frees the registers in the register file for reuse. This can happen if the vzeroupper instruction lies right after a branch instruction; if the processor thinks the branch is unlikely to be taken, it will start the vzeroupper speculatively. As we saw with Spectre and Meltdown, CPUs do this kind of thing to gain big performance boosts. If the processor core realizes soon after, actually, it shouldn't have speculatively executed the vzeroupper instruction, it tries to rewind that decision and undo the zeroing by clearing the bit that indicates the registers are zero. Unfortunately, by that point, the registers are probably in use by some other code, and are no longer marked as zero, so their contents from the previous operation are now accessible to that other code. This is why the flaw is being compared to a use-after-free()-style vulnerability. With threads being scheduled all over the processor core complex, and with some clever exploit code, it is possible to cause vzeroupper to be incorrectly speculatively executed, rewound, and data to leak by observing the content of those vector registers. It relies on the speculative execution of vzeroupper and the fact that registers are stored in a large register file and reassigned to operations as needed. As Ormandy noted, "bits and bytes are flowing into these vector registers from all over your system constantly." He continued: His takeaway: "It turns out that memory management is hard, even in silicon." We've asked AMD for further comment. ® Via theregister.com
×
×
  • Create New...