Andrea Intilangelo

12 exploits Active since Dec 2020
CVE-2021-47787 EXPLOITDB HIGH text WRITEUP
TotalAV <5.15.69 - Privilege Escalation
TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially gain SYSTEM-level access by exploiting the service path configuration.
CVSS 7.8
CVE-2021-34110 EXPLOITDB HIGH text WRITEUP
Nica Winwaste.net - Incorrect Permission Assignment
WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowing a local unprivileged user to replace the executable with a malicious file that will be executed with "LocalSystem" privileges.
CVSS 7.8
CVE-2023-25438 EXPLOITDB HIGH text WRITEUP
Genomedics Millegpg - Incorrect Permission Assignment
An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalated privileges via modifying specific files.
CVSS 7.8
CVE-2021-3394 EXPLOITDB HIGH text WRITEUP
Millewin - Incorrect Default Permissions
Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.39.28.3342, and 13.39.146.1 has insecure folder permissions allowing a malicious user for a local privilege escalation.
CVSS 8.8
CVE-2021-35312 EXPLOITDB HIGH text WORKING POC
CIR 2000 / Gestionale Amica Prodigy v1.7 - Privilege Escalation
A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable "RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it with a malicious file that will be executed with "LocalSystem" privileges.
CVSS 7.8
CVE-2023-26918 EXPLOITDB CRITICAL text WRITEUP
Diasoft File Replication Pro 7.5.0 - Privilege Escalation
Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:(F) access.
CVSS 9.8
CVE-2020-35416 EXPLOITDB MEDIUM text WORKING POC
Onlineonly Phpjabbers Appointment Scheduler - XSS
Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML.
CVSS 6.1
CVE-2022-27308 EXPLOITDB MEDIUM text WORKING POC
Phprojekt Phpsimplygest - XSS
A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title.
CVSS 5.4
CVE-2023-25440 EXPLOITDB MEDIUM text WRITEUP
Civicrm - XSS
Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field.
CVSS 5.4
CVE-2023-25439 EXPLOITDB MEDIUM text WRITEUP
Squarepiginteractive Fusioninvoice - XSS
Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionInvoice 2023-1.0, allows attackers to execute arbitrary code via the description or content fields to the expenses, tasks, and customer details.
CVSS 6.1
CVE-2022-29296 EXPLOITDB MEDIUM text WORKING POC
Avantune Genialcloud ProJ <10 - XSS
A reflected cross-site scripting (XSS) vulnerability in the login portal of Avantune Genialcloud ProJ - 10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS 6.1
CVE-2003-20001 EXPLOITDB MEDIUM text WRITEUP
Mitel ICP VoIP 3100 - Info Disclosure
An issue was discovered on Mitel ICP VoIP 3100 devices. When a remote user attempts to log in via TELNET during the login wait time and an external call comes in, the system incorrectly divulges information about the call and any SMDR records generated by the system. The information provided includes the service type, extension number and other parameters, related to the call activity.
CVSS 5.6