Anastasios Monachos

16 exploits Active since Jul 2012
EIP-2026-117785 EXPLOITDB ruby WORKING POC
POP Peeper 3.7 - Local Overflow (SEH)
EIP-2026-115233 EXPLOITDB ruby WORKING POC
Fake Webcam 6.1 - Local Crash (PoC)
EIP-2026-115288 EXPLOITDB perl WORKING POC
FoxPlayer 2.3.0 - '.m3u' Buffer Overflow
CVE-2014-9619 EXPLOITDB HIGH text WRITEUP
Netsweeper < 3.1.10, 4.0.x < 4.0.9, 4.1.x < 4.1.2 - Authenticated PHP Code Execution via File Upload
Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file with a double extension, then accessing it via a direct request to the file in webadmin/deny/images/, as demonstrated by secuid0.php.gif.
CVSS 7.2
CVE-2014-9612 EXPLOITDB CRITICAL text WRITEUP
Netsweeper < 3.1.10, 4.0.x < 4.0.9, 4.1.x < 4.1.2 - SQL Injection via Server Parameter
SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter.
CVSS 9.8
CVE-2014-9610 EXPLOITDB MEDIUM text WRITEUP
Netsweeper <3.1.10, <4.0.9, <4.1.2 - Auth Bypass
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php.
CVSS 5.3
CVE-2014-9618 EXPLOITDB CRITICAL text WRITEUP
Netsweeper <3.1.10, <4.0.9, <4.1.2 - Auth Bypass
The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.
CVSS 9.8
CVE-2014-9605 EXPLOITDB text WORKING POC
Netsweeper <3.1.10, <4.0.9, <4.1.2 - Auth Bypass
WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webupgrade/webupgrade.php. NOTE: this was originally reported as an SQL injection vulnerability, but this may be inaccurate.
EIP-2026-109892 EXPLOITDB text WORKING POC
Netsweeper 4.0.9 - Arbitrary File Upload / Execution
CVE-2014-9613 EXPLOITDB CRITICAL text WRITEUP
Netsweeper <2.6.29.10 - SQL Injection
Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid parameter to webadmin/deny/index.php.
CVSS 9.8
CVE-2014-9611 EXPLOITDB CRITICAL text WRITEUP
netsweeper < 4.0.4 - Unauthenticated Authentication Bypass via webadmin/nslam/index.php
Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php.
CVSS 9.8
CVE-2014-8728 EXPLOITDB text WRITEUP
Subex ROC Fraud Mgmt <7.4 - SQL Injection
SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ranger_user[name] parameter.
CVE-2015-2166 EXPLOITDB text WRITEUP
Ericsson Drutt Mobile Service Delivery Platform 4,5,6 Path Traversal via Dot Dot Encoded Slash
Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI.
CVE-2014-8727 EXPLOITDB text WORKING POC
F5 BIG-IP Local Traffic Manager < 10.2.1 - Authenticated Path Traversal via Archive Properties or Form Name Parameter
Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form.
CVE-2012-4032 EXPLOITDB text WRITEUP
WebsitePanel < 1.2.2.1 - Open Redirect via ReturnUrl Parameter
Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx.
EIP-2026-100434 EXPLOITDB text WORKING POC
MIMEsweeper For SMTP - Multiple Cross-Site Scripting Vulnerabilities