Antonio Cuomo (arkantolo)

8 exploits Active since Dec 2025
CVE-2023-53907 EXPLOITDB MEDIUM python WORKING POC
Bludit <3.13.1 - Authenticated File Download
Bludit versions before 3.13.1 contain an authenticated file download vulnerability in the Backup Plugin that allows logged-in users to access arbitrary files. Attackers can exploit the plugin's download functionality by manipulating file path parameters to read sensitive system files through directory traversal.
CVSS 6.5
CVE-2022-50936 EXPLOITDB HIGH python WORKING POC
WBCE CMS 1.5.2 - Authenticated RCE
WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by crafting a specially designed zip file payload.
CVSS 8.8
CVE-2022-50921 EXPLOITDB HIGH text WRITEUP
WOW21 5.0.1.9 - Code Injection
WOW21 5.0.1.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during service startup.
CVSS 7.8
CVE-2022-50920 EXPLOITDB HIGH text WRITEUP
Sandboxie-Plus 5.50.2 - Code Injection
Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
CVSS 8.4
EIP-2026-117489 EXPLOITDB text WRITEUP
Microsoft Exchange Mailbox Assistants 15.0.847.40 - 'Service MSExchangeMailboxAssistants' Unquoted Service Path
EIP-2026-117487 EXPLOITDB text WRITEUP
Microsoft Exchange Active Directory Topology 15.0.847.40 - 'Service MSExchangeADTopology' Unquoted Service Path
EIP-2026-113289 EXPLOITDB text WORKING POC
WebHMI 4.1 - Stored Cross Site Scripting (XSS) (Authenticated)
EIP-2026-113290 EXPLOITDB python WORKING POC
WebHMI 4.1.1 - Remote Code Execution (RCE) (Authenticated)