Alessandro Magnosi

7 exploits Active since Oct 2019
CVE-2019-25437 EXPLOITDB MEDIUM python WORKING POC
Foscam VMS 1.1.6.6 - Buffer Overflow
Foscam Video Management System 1.1.6.6 contains a buffer overflow vulnerability in the UID field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 5000-character buffer into the UID parameter during device addition to trigger an application crash when the Login Check function is invoked.
CVSS 6.2
CVE-2019-25436 EXPLOITDB MEDIUM python WORKING POC
Sricam DeviceViewer 3.12.0.1 - Auth Bypass
Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows authenticated users to change passwords without proper validation of the old password field. Attackers can inject a large payload into the old password parameter during the change password process to bypass validation and set an arbitrary new password.
CVSS 6.5
CVE-2019-25435 EXPLOITDB HIGH python WORKING POC
Sricam DeviceViewer 3.12.0.1 - Buffer Overflow
Sricam DeviceViewer 3.12.0.1 contains a local buffer overflow vulnerability in the user management add user function that allows authenticated attackers to execute arbitrary code by bypassing data execution prevention. Attackers can inject a malicious payload through the Username field in User Management to trigger a stack-based buffer overflow and execute commands via ROP chain gadgets.
CVSS 7.8
CVE-2019-18219 WRITEUP MEDIUM WRITEUP
Sitemagic CMS 4.4.1 - Cross-Site Scripting via GET/POST Parameters
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulnerability, as it fails to validate user input. The affected components (index.php, upgrade.php) allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter.
CVSS 6.1
CVE-2019-18220 WRITEUP HIGH WRITEUP
Sitemagic CMS 4.4.1 - Cross-Site Request Forgery
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemagic users into performing unwarranted actions.
CVSS 8.8
CVE-2019-25062 EXPLOITDB MEDIUM python WORKING POC
Sricam IP CCTV Camera - Memory Corruption
A vulnerability was found in Sricam IP CCTV Camera and classified as critical. This issue affects some unknown processing of the component Device Viewer. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
CVSS 5.3
EIP-2026-100658 EXPLOITDB python WORKING POC
NopCommerce 4.2.0 - Privilege Escalation