Prophaze
  • What is Prophaze AppSec Platform? How it works?
    • Performance
    • SSL Termination
    • Modes of Operation
  • Prophaze AppSec Best Practices
  • Application Onboarding
    • Account Creation
    • Deployment Models
      • Cloud
      • On-Premise
      • Kubernetes Deployment
    • Multi-Cloud Setup
  • DASHBOARD UI OVERVIEW
    • Dashboard
    • Traffic Analysis
    • API Security
    • Attack Analytics
    • DDOS Attacks
    • Rules Page
    • Bot Mitigation
    • Anomaly Detection
    • Reporting
    • Attack Types
    • Incidents
    • AppSec Toggle Mode
    • SSL Certificate
  • HTTP Support
    • Encoding Types
    • Protocol Validation
  • Protection Use Cases
    • HTTP Protocol Violation
    • Protocol Anomalies
    • Bot Detection
    • Injection Prevention
    • HTTP Request Smuggling
    • HTTP Response Splitting
    • XSS Prevention
    • LFI and RFI
    • Session Fixation
    • SQL Injection Prevention
    • Layer 7 Dos Attack Prevention
    • PHP Application Protection
  • Detection Techniques
    • Normalization
    • Negative Security Model
    • Signature and Rule Database
  • FAQ
    • Onboarding Process
    • Dashboard Terminology
    • Attack Section
    • Rule Set
    • Traffic 360: General Traffic Logs
    • ML Based Bot Mitigation
    • Generating Reports
    • Anomaly Detection
    • General
  • Software Updates
    • Release Notes v2.3.0
  • Release Notes v2.4.0
  • Release Notes v2.5.0
  • API Security Dashboard
    • API Security Features of Prophaze
    • API security scoring
    • Host-Based API Quality Score
    • How to Enable API Security and Dashboard
    • API Security Section
  • CVE
    • CVE-2024
    • CVE-2023
    • CVE-2022
    • CVE-2021
    • CVE-2020
    • CVE-2019
    • CVE-2018
    • CVE-2017
    • CVE-2012
    • CVE-2011
    • CVE-2009
    • CVE-2008
    • CVE-2001
Powered by GitBook
On this page

Was this helpful?

  1. CVE

CVE-2020

CVE
CVE Description
Reference

CVE-2020-35151

The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection.

CVE-2020-20139

Cross Site Scripting (XSS) vulnerability in the Remote JSON component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17.

CVE-2020-20142

Cross Site Scripting (XSS) vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17.

CVE-2020-20141

Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17.

CVE-2020-20140

Cross Site Scripting (XSS) vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17.

CVE-2020-25494

Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook.

CVE-2020-25495

A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'.

CVE-2020-35416

Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML.

CVE-2020-2230

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.

CVE-2020-2229

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.

CVE-2020-29477

Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. This vulnerability can allow an attacker to inject the XSS payload in Field Name and each time any user will open that, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.

CVE-2020-29469

WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Menu component. This vulnerability can allow an attacker to inject the XSS payload in the Setting - Menu and each time any user will visits the website directory, the XSS triggers and attacker can steal the cookie according to the crafted payload.

CVE-2020-14073

XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access.

CVE-2020-29395

The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.

CVE-2020-35313

A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer.

CVE-2020-10963

FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued.

CVE-2020-29470

OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. This vulnerability can allow an attacker to inject the XSS payload in the Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.

CVE-2020-29471

OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger.

CVE-2020-28092

PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=

CVE-2020-25820

BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field.

CVE-2020-29475

nopCommerce Store 4.30 is affected by cross-site scripting (XSS) in the Schedule tasks name field. This vulnerability can allow an attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload.

CVE-2020-7934

In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will then be rendered when a user utilizes the search feature to search for other users (i.e., if a user with modified fields occurs in the search results). This issue was fixed in Liferay Portal CE version 7.3.0 GA1.

CVE-2020-29233

WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component. This vulnerability can allow an attacker to inject the XSS payload in the Page description and each time any user will visits the website, the XSS triggers and attacker can steal the cookie according to the crafted payload.

CVE-2020-15478

The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.

CVE-2020-26218

touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. The vulnerability allows an attacker to inject HTML payloads which could result in defacement, user redirection to a malicious webpage/website etc. The issue is patched in version 2.0.

CVE-2020-15255

In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example, when a cell value starts with an equal sign). This is fixed in version 1.19.23.5325.

CVE-2020-28249

Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note.

CVE-2020-27533

A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages.

CVE-2020-14864

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVE-2020-5791

Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.

CVE-2020-25270

PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City.

CVE-2020-35241

FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can steal the cookie according to the crafted payload.

CVE-2020-25762

An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc.

CVE-2020-9467

Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.

CVE-2020-13260

A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as the static key file in Configuration-Services-Security-OpenVPN-Static Keys. This payload will execute each time a user opens an affected web page. This could be exploited in conjunction with CVE-2020-13259.

CVE-2020-24609

TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and earlier has XSS which can result in an attacker injecting the XSS payload in the User Registration section and each time the admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie via crafted payload.

CVE-2020-24223

Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters.

CVE-2020-23835

A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Tailor Management System v1.0 allows remote attackers to harvest keys pressed by an unauthenticated victim who clicks on a malicious URL and begins typing.

CVE-2020-24609

TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and earlier has XSS which can result in an attacker injecting the XSS payload in the User Registration section and each time the admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie via crafted payload.

CVE-2020-17506

Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.

CVE-2020-15038

The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS.

CVE-2020-8163

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.

CVE-2020-5902

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.

CVE-2020-15364

The Nexos theme through 1.7 for WordPress allows top-map/?search_location= reflected XSS.

CVE-2020-15046

The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88.

CVE-2020-15600

An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.

https://www.exploit-db.com/exploits/48679

CVE-2020-14946

downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. When downloading the files, a user is able to view local files on the web server by manipulating the FileName and FilePath parameters in the URL, or while using a proxy. This vulnerability could be used to view local sensitive files or configuration files.

CVE-2020-3452

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.

CVE-2020-15046

The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88.

CVE-2020-5902

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.

CVE-2020-15599

Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.

https://www.exploit-db.com/exploits/48626

CVE-2020-14943

The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.7234.24750 and earlier are vulnerable to stored cross-site scripting (XSS) via Update User Profile.

CVE-2020-13228

An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter.

CVE-2020-5192

PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information to be fully compromised.

CVE-2020-5191

PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.

CVE-2020-7991

dive Framework 2.0.8 has admin/config CSRF to change the Administrator password.

CVE-2020-8512

In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.

CVE-2020-8839

Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter devices before 1.16.00, as demonstrated by the /if.cgi TF_submask field.

CVE-2020-8825

index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS.

CVE-2020-10173

Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi.

https://www.exploit-db.com/exploits/48142

CVE-2020-6756

languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to remotely execute code via the lang parameter.

CVE-2020-8656

An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php.

CVE-2020-8947

unctions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224.

CVE-2020-9374

On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature.

CVE-2020-8776

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file.

CVE-2020-8777

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document.

CVE-2020-8778

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.

CVE-2020-9371

Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.

CVE-2020-9372

The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection.

CVE-2020-10221

lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter.

CVE-2020-15468

Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit.php active parameter.

CVE-2020-8865

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10469.

CVE-2020-8866

This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10125.

CVE-2020-10230

CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter.

CVE-2020-10387

Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter file.

CVE-2020-10386

admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory.

CVE-2020-11455

LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.

CVE-2020-5726

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.

CVE-2020-11530

A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.

CVE-2020-13118

An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community.php via the parameter community.

CVE-2020-3952

Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.

CVE-2020-13448

QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter.

CVE-2020-12704

UliCMS before 2020.2 has PageController stored XSS.

CVE-2020-10385

A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress.

CVE-2020-12707

An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements.

CVE-2020-11456

LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups).

CVE-2020-11457

pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.

CVE-2020-12706

Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or shoutbox_panel/shoutbox_admin.php

CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

PreviousCVE-2021NextCVE-2019

Last updated 2 months ago

Was this helpful?

https://www.exploit-db.com/exploits/49307
https://www.exploit-db.com/exploits/49305
https://www.exploit-db.com/exploits/49304
https://www.exploit-db.com/exploits/49303
https://www.exploit-db.com/exploits/49302
https://www.exploit-db.com/exploits/49301
https://www.exploit-db.com/exploits/49300
https://www.exploit-db.com/exploits/49281
https://www.exploit-db.com/exploits/49237
https://www.exploit-db.com/exploits/49232
https://www.exploit-db.com/exploits/49188
https://www.exploit-db.com/exploits/49164
https://www.exploit-db.com/exploits/49156
https://www.exploit-db.com/exploits/49130
https://www.exploit-db.com/exploits/49154
https://www.exploit-db.com/exploits/49112
https://www.exploit-db.com/exploits/49099
https://www.exploit-db.com/exploits/49098
https://www.exploit-db.com/exploits/49072
https://www.exploit-db.com/exploits/49070
https://www.exploit-db.com/exploits/49093
https://www.exploit-db.com/exploits/49091
https://www.exploit-db.com/exploits/49085
https://www.exploit-db.com/exploits/49044
https://www.exploit-db.com/exploits/49040
https://www.exploit-db.com/exploits/49027
https://www.exploit-db.com/exploits/49024
https://www.exploit-db.com/exploits/48974
https://www.exploit-db.com/exploits/48964
https://www.exploit-db.com/exploits/48959
https://www.exploit-db.com/exploits/48905
https://www.exploit-db.com/exploits/48826
https://www.exploit-db.com/exploits/48889
https://www.exploit-db.com/exploits/48814
https://www.exploit-db.com/exploits/48807
https://www.exploit-db.com/exploits/48785
https://www.exploit-db.com/exploits/48777
https://www.exploit-db.com/exploits/48813
https://www.exploit-db.com/exploits/48753
https://www.exploit-db.com/exploits/48744
https://www.exploit-db.com/exploits/48724
https://www.exploit-db.com/exploits/48716
https://www.exploit-db.com/exploits/48711
https://www.exploit-db.com/exploits/48682
https://www.exploit-db.com/exploits/48668
https://www.exploit-db.com/exploits/48666
https://www.exploit-db.com/exploits/48722
https://www.exploit-db.com/exploits/48652
https://www.exploit-db.com/exploits/48643
https://www.exploit-db.com/exploits/48619
https://www.exploit-db.com/exploits/48582
https://www.exploit-db.com/exploits/47840
https://www.exploit-db.com/exploits/47841
https://www.exploit-db.com/exploits/47966
https://www.exploit-db.com/exploits/47988
https://www.exploit-db.com/exploits/48040
https://www.exploit-db.com/exploits/48042
https://www.exploit-db.com/exploits/47899
https://www.exploit-db.com/exploits/48025
https://www.exploit-db.com/exploits/48064
https://www.exploit-db.com/exploits/48155
https://www.exploit-db.com/exploits/48162
https://www.exploit-db.com/exploits/48162
https://www.exploit-db.com/exploits/48162
https://www.exploit-db.com/exploits/48204
https://www.exploit-db.com/exploits/48204
https://www.exploit-db.com/exploits/48207
https://www.exploit-db.com/exploits/48190
https://www.exploit-db.com/exploits/48209
https://www.exploit-db.com/exploits/48209
https://www.exploit-db.com/exploits/48212
https://www.exploit-db.com/exploits/48220
https://www.exploit-db.com/exploits/48221
https://www.exploit-db.com/exploits/48297
https://www.exploit-db.com/exploits/48270
https://www.exploit-db.com/exploits/48457
https://www.exploit-db.com/exploits/48474
https://www.exploit-db.com/exploits/48535
https://www.exploit-db.com/exploits/48536
https://www.exploit-db.com/exploits/48244
https://www.exploit-db.com/exploits/48245
https://www.exploit-db.com/exploits/48250
https://www.exploit-db.com/exploits/48289
https://www.exploit-db.com/exploits/48300
https://www.exploit-db.com/exploits/48404
https://www.exploit-db.com/exploits/49767