# PoC

CVE-2013-3928 METASPLOIT ruby WORKING POC

Jpchacha Chasys Draw Ies < 4.10.01 - Memory Corruption

Stack-based buffer overflow in the ReadFile function in flt_BMP.dll in Chasys Draw IES before 4.11.02 allows remote attackers to execute arbitrary code via crafted biPlanes and biBitCount fields in a BMP file.

View Code

CVE-2022-37042 METASPLOIT CRITICAL ruby WORKING POC

Synacor Zimbra Collaboration Suite - Path Traversal

Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.

CVSS 9.8

View Code