Alexander

5 exploits Active since Dec 2004
CVE-2025-21617 WRITEUP MEDIUM WRITEUP
Guzzle OAuth Subscriber < 0.8.1 - Use of Cryptographically Weak PRNG in Nonce Generation
Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0. Prior to 0.8.1, Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source. This can leave servers vulnerable to replay attacks when TLS is not used. This vulnerability is fixed in 0.8.1.
CVE-2023-38831 METASPLOIT HIGH ruby WORKING POC
WinRAR CVE-2023-38831 Exploit
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.
CVSS 7.8
EIP-2026-110483 EXPLOITDB text WORKING POC
Parnian Opendata CMS - SQL Injection
CVE-2004-2344 EXPLOITDB c WORKING POC
VocalTec VGW120 and VGW480 - Denial of Service in ASN.1/H.323/H.225 Stack
Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec VGW120 and VGW480 allows remote attackers to cause a denial of service.
EIP-2026-100566 EXPLOITDB text WORKING POC
SoftXMLCMS - Arbitrary File Upload