Benjamin Harris

7 exploits Active since Sep 2014
CVE-2014-5520 EXPLOITDB python WORKING POC
xrms_crm - SQL Injection via user_id Parameter
SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php.
CVE-2014-5470 METASPLOIT CRITICAL ruby WORKING POC
Actual Analyzer <2014-08-29 - Code Injection
Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation.
CVSS 9.8
CVE-2014-5519 METASPLOIT ruby WORKING POC
PhpWiki 1.5.0 - Remote Code Execution via Ploticus Module Device Option
The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp. NOTE: some of these details are obtained from third party information.
CVE-2014-5470 EXPLOITDB CRITICAL ruby WORKING POC
Actual Analyzer <2014-08-29 - Code Injection
Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation.
CVSS 9.8
CVE-2014-5521 EXPLOITDB python WORKING POC
xrms_crm - Authenticated Remote Code Execution via Username Parameter
plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter.
CVE-2014-5519 EXPLOITDB python WORKING POC
PhpWiki 1.5.0 - Remote Code Execution via Ploticus Module Device Option
The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp. NOTE: some of these details are obtained from third party information.
EIP-2026-104927 EXPLOITDB python WORKING POC
ActualAnalyzer Lite 2.81 - Command Execution