An independent security researcher

14 exploits Active since Sep 2016
CVE-2017-1000353 GITHUB CRITICAL WRITEUP
Jenkins < 2.56 and < 2.46.1 - Unauthenticated Remote Code Execution via Java Deserialization
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default.
3,480 stars
CVSS 9.8
CVE-2017-1000353 GITHUB CRITICAL WRITEUP
Jenkins < 2.56 and < 2.46.1 - Unauthenticated Remote Code Execution via Java Deserialization
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default.
14 stars
CVSS 9.8
CVE-2016-2183 EXPLOITDB HIGH text WORKING POC
Redhat Jboss Enterprise Application Platform - Information Disclosure
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
CVSS 7.5
CVE-2017-1092 EXPLOITDB CRITICAL text WORKING POC
IBM Informix Open Admin Tool <12.1 - RCE
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.
CVSS 9.8
EIP-2026-119686 EXPLOITDB text WORKING POC
Trend Micro Deep Security 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution
CVE-2017-11471 EXPLOITDB CRITICAL WORKING POC
IDERA Uptime Monitor 7.8 - SQL Injection
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter.
CVSS 9.8
EIP-2026-107614 EXPLOITDB text WRITEUP
Horde Groupware Webmail 3/4/5 - Multiple Remote Code Executions
CVE-2017-5815 EXPLOITDB CRITICAL WORKING POC
HPE Intelligent Management Center PLAT 7.3 E0504P04 - Remote Code Execution
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
CVSS 9.8
CVE-2017-15647 EXPLOITDB HIGH WORKING POC
FiberHome Routers - Local File Inclusion
On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
CVSS 7.5
CVE-2017-16934 EXPLOITDB CRITICAL WORKING POC
dbltek web_server - Authenticated OS Command Injection via change_password.csp passwd Parameter
The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a change_password.csp request, which supports a "<%%25call system.exec:" string in the passwd parameter.
CVSS 9.8
CVE-2017-12243 EXPLOITDB HIGH WORKING POC
Cisco UCS Manager - Privilege Escalation
A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The vulnerability is due to improper validation of string input in the shell application. An attacker could exploit this vulnerability through the use of malicious commands. A successful exploit could allow the attacker to obtain root shell privileges on the device. Cisco Bug IDs: CSCvf20741, CSCvf60078.
CVSS 7.8
CVE-2017-14335 EXPLOITDB HIGH WORKING POC
Beijing Hanbang Hanbanggaoke - Info Disclosure
On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change.
CVSS 7.5
CVE-2017-15236 EXPLOITDB HIGH WORKING POC
Tiandy IP Camera Firmware 5.56.17.120 - Unauthenticated Sensitive Information Exposure via TCP Port 3001
Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config* files and extendword.txt.
CVSS 7.5
CVE-2017-11502 EXPLOITDB CRITICAL WORKING POC
Technicolor DPC3928AD - Info Disclosure
Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321.
CVSS 9.8