Amirhossein Bahramizadeh

14 exploits Active since Apr 2020
CVE-2023-28293 EXPLOITDB HIGH c WORKING POC
Windows Kernel - Integer Underflow Elevation of Privilege
Windows Kernel Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2023-3320 EXPLOITDB MEDIUM python WORKING POC
WP Sticky Social <= 1.0.1 - Cross-Site Request Forgery and Stored Cross-Site Scripting via Missing Nonce Validation
The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~/admin/views/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS 6.1
CVE-2020-11027 EXPLOITDB MEDIUM python WORKING POC
WordPress <5.4.1 - Info Disclosure
In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
CVSS 6.1
CVE-2023-2779 EXPLOITDB MEDIUM python WORKING POC
Social Share, Social Login and Social Comments < 7.13.52 - Reflected Cross-Site Scripting
The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVSS 6.1
CVE-2023-36346 EXPLOITDB MEDIUM python WORKING POC
POS Codekop v2.0 - Reflected Cross-Site Scripting via nm_member Parameter
POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.
CVSS 6.1
CVE-2023-30198 EXPLOITDB HIGH python WORKING POC
winbizpayment <= 1.0.2 - Path Traversal via download.php
Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download.php.
CVSS 7.5
CVE-2023-33592 EXPLOITDB CRITICAL python WORKING POC
Lost and Found Information System v1.0 - SQL Injection
Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information.
CVSS 9.8
CVE-2023-28288 EXPLOITDB HIGH c WORKING POC
Microsoft SharePoint Server - Server-Side Request Forgery
Microsoft SharePoint Server Spoofing Vulnerability
CVSS 8.1
CVE-2023-23408 EXPLOITDB MEDIUM python STUB
Azure HDInsight - Cross-Site Scripting in Apache Ambari
Azure Apache Ambari Spoofing Vulnerability
CVSS 4.5
EIP-2026-103155 EXPLOITDB c WORKING POC
LBT-T300-mini1 - Remote Buffer Overflow
EIP-2026-102817 EXPLOITDB bash WORKING POC
Dell Security Management Server <1.9.0 - Local Privilege Escalation
CVE-2023-36355 EXPLOITDB CRITICAL python WORKING POC
TP-Link TL-WR940N V4 - Buffer Overflow
TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
CVSS 9.9
EIP-2026-101484 EXPLOITDB c STUB
TPC-110W - Missing Authentication for Critical Function
CVE-2023-25187 EXPLOITDB MEDIUM c WORKING POC
Nokia Airscale ASIKA Firmware - Use of Hard-coded SSH Keys
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change (factory-time installed) default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH server (disabled by default) continues to apply the default SSH public/private key values. These keys don't give access to BTS, because service user authentication is username/password-based on top of SSH. Nokia factory installed default SSH keys are meant to be changed from operator-specific values during the BTS deployment commissioning phase. However, before the 21B release, BTS commissioning manuals did not provide instructions to change default SSH keys (to BTS operator-specific values). This leads to a possibility for malicious operations staff (inside a CSP network) to attempt MITM exploitation of BTS service user access, during the moments that SSH is enabled for Nokia service personnel to perform troubleshooting activities.
CVSS 6.3