Andrea Fabrizi

15 exploits Active since Oct 2009
CVE-2013-3585 EXPLOITDB WORKING POC
Samsung Smart Viewer - Cleartext Credential Storage
Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file or (2) the user-setup web page.
CVE-2009-4554 EXPLOITDB text WORKING POC
Snitz Forums 2000 3.4.07 - Cross-Site Scripting via IMG or Sound Tag Onload Attribute
Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter to pop_send_to_friend.asp, related to a crafted onload attribute of an IMG element; or (2) an onload attribute in a sound tag.
CVE-2009-4554 EXPLOITDB text WORKING POC
Snitz Forums 2000 3.4.07 - Cross-Site Scripting via IMG or Sound Tag Onload Attribute
Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter to pop_send_to_friend.asp, related to a crafted onload attribute of an IMG element; or (2) an onload attribute in a sound tag.
CVE-2009-4571 EXPLOITDB text WRITEUP
PhpShop 0.8.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execute arbitrary SQL commands via the (1) module_id parameter in an admin/function_list action, the (2) vendor_id parameter in a vendor/vendor_form action, the (3) module_id parameter in an admin/module_form action, the (4) user_id parameter in an admin/user_form action, the (5) vendor_category_id parameter in a vendor/vendor_category_form action, the (6) user_id parameter in a store/user_form action, the (7) payment_method_id parameter in a store/payment_method_form action, the (8) tax_rate_id parameter in a tax/tax_form action, or the (9) category parameter in a shop/browse action. NOTE: the product_id vector is already covered by CVE-2008-0681.
EIP-2026-108583 EXPLOITDB text WORKING POC
Joomla! Component com_virtuemart 1.1.6 - SQL Injection
CVE-2009-4742 EXPLOITDB text WORKING POC
Docebo 3.6.0.3 - SQL Injection via FAQ Word Parameter
Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the word parameter in a play help action to the faq module, reachable through index.php; (2) the word parameter in a play keyw action to the link module, reachable through index.php; (3) the id_certificate parameter in an elemmetacertificate action to the meta_certificate module, reachable through index.php; or (4) the id_certificate parameter in an elemcertificate action to the certificate module, reachable through index.php.
CVE-2009-3828 EXPLOITDB text SUSPICIOUS
Everfocus EDR1600 - Unauthenticated Authentication Bypass
The web interface for Everfocus EDR1600 DVR allows remote attackers to bypass authentication and access live cams via certain vectors.
CVE-2011-5028 EXPLOITDB text WRITEUP
Novell Sentinel Log Manager < 1.2.0.1_938 - Authenticated Path Traversal via FileDownload Filename Parameter
Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.
EIP-2026-103324 EXPLOITDB text WORKING POC
Synology DiskStation Manager (DSM) 4.3-3776 - Multiple Vulnerabilities
EIP-2026-102103 EXPLOITDB text WRITEUP
Visual Tools DVR3.0.6.16_ vx series 4.2.19.2 - Multiple Vulnerabilities
CVE-2013-3586 EXPLOITDB text WORKING POC
Samsung Smart Viewer - Unauthenticated Authentication Bypass via SessionID Cookie
Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie.
EIP-2026-101936 EXPLOITDB text WRITEUP
QNAP Turbo NAS TS-1279U-RP - Multiple Path Injections
EIP-2026-101578 EXPLOITDB text WRITEUP
Buffalo TeraStation TS-Series - Multiple Vulnerabilities
CVE-2013-6987 EXPLOITDB text WORKING POC
Synology DiskStation Manager - Path Traversal via FileBrowser Components
Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/.
CVE-2009-4554 EXPLOITDB text WORKING POC
Snitz Forums 2000 3.4.07 - Cross-Site Scripting via IMG or Sound Tag Onload Attribute
Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter to pop_send_to_friend.asp, related to a crafted onload attribute of an IMG element; or (2) an onload attribute in a sound tag.