Benjamin Kunz Mejri

139 exploits Active since Jan 2012
CVE-2020-37087 EXPLOITDB text WORKING POC
Easy Transfer Wifi Transfer v1.7 - XSS
Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input validation via POST requests to execute arbitrary JavaScript in the context of the mobile web application.
CVE-2020-37086 EXPLOITDB MEDIUM text WORKING POC
Easy Transfer 1.7 iOS - Path Traversal
Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download sensitive system files and inject malicious scripts into application parameters.
CVSS 6.2
CVE-2020-37081 EXPLOITDB HIGH text WORKING POC
Fishing Reservation System 7.5 - SQL Injection
Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database management system and web application without user interaction.
CVSS 7.1
CVE-2020-37022 EXPLOITDB MEDIUM text WORKING POC
OpenZ ERP 3.6.60 - XSS
OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerability in the Employee module's name and description parameters. Attackers can inject malicious scripts through POST requests to , enabling session hijacking and manipulation of application modules.
CVSS 6.4
CVE-2020-37014 EXPLOITDB MEDIUM text WORKING POC
Tryton 5.4 - XSS
Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user interfaces.
CVSS 6.4
CVE-2020-37003 EXPLOITDB MEDIUM text WORKING POC
Sellacious eCommerce 4.6 - XSS
Sellacious eCommerce 4.6 contains a persistent cross-site scripting vulnerability in the Manage Your Addresses module that allows attackers to inject malicious scripts. Attackers can exploit multiple address input fields like full name, company, and address to execute persistent script code that can hijack user sessions and manipulate application modules.
CVSS 6.4
CVE-2020-36978 EXPLOITDB MEDIUM text WORKING POC
Froxlor Server Management Panel <0.10.16 - XSS
Froxlor Server Management Panel 0.10.16 contains a persistent cross-site scripting vulnerability in customer registration input fields. Attackers can inject malicious scripts through username, name, and firstname parameters to execute code when administrators view customer traffic modules.
CVSS 6.4
CVE-2020-36948 EXPLOITDB CRITICAL text WORKING POC
VestaCP 0.9.8-26 - Auth Bypass
VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative permissions.
CVSS 9.8
CVE-2013-6793 EXPLOITDB text WRITEUP
Olat - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allow remote attackers to inject arbitrary web script or HTML via the (1) event name or (2) date field.
CVE-2011-5149 EXPLOITDB text WRITEUP
Spamtitan < 5.08 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) testaddr or (2) testpass parameter to auth-settings.php; (3) hostname, (4) domainname, or (5) mailserver parameter to setup-relay.php; or (6) subnetmask or (7) defaultroute parameter to setup-network.php.
EIP-2026-119358 EXPLOITDB text WRITEUP
Dell PacketTrap MSP RMM 6.6.x - Multiple Cross-Site Scripting Vulnerabilities
CVE-2016-7851 EXPLOITDB MEDIUM text WRITEUP
Adobe Connect < 9.5.6 - XSS
Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks.
CVSS 6.1
CVE-2013-3179 EXPLOITDB text WRITEUP
Microsoft SharePoint Server - XSS
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."
EIP-2026-119435 EXPLOITDB text WRITEUP
SonicWALL Scrutinizer 9.5.2 - SQL Injection
EIP-2026-119433 EXPLOITDB text WRITEUP
SonicWALL email security 7.3.5 - Multiple Vulnerabilities
CVE-2012-4992 EXPLOITDB text WRITEUP
FlashFXP 4.2 - RCE
Multiple buffer overflows in FlashFXP.exe in FlashFXP 4.2 allow remote authenticated users to execute arbitrary code via a long unicode string to (1) TListbox or (2) TComboBox.
EIP-2026-117337 EXPLOITDB text WORKING POC
Internet Download Manager 6.37.11.1 - Stack Buffer Overflow (PoC)
EIP-2026-116431 EXPLOITDB text WRITEUP
Trend Micro DirectPass 1.5.0.1060 - Multiple Software Vulnerabilities
EIP-2026-116532 EXPLOITDB text WORKING POC
Wickr Desktop 2.2.1 Windows - Denial of Service
EIP-2026-116664 EXPLOITDB text WORKING POC
Zoner Photo Studio 15 b3 - Buffer Overflow (PoC)
CVE-2016-6186 EXPLOITDB MEDIUM text WRITEUP
Django <1.8.14, <1.9.x, <1.10rc1 - XSS
Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.
CVSS 6.1
EIP-2026-114349 EXPLOITDB text WORKING POC
WordPress Theme ShopperPress - SQL Injection / Cross-Site Scripting
EIP-2026-112952 EXPLOITDB text WRITEUP
VamCart CMS 0.9 - Multiple Vulnerabilities
EIP-2026-113159 EXPLOITDB text WRITEUP
VTiger v7.0 CRM - 'To' Persistent XSS
EIP-2026-112367 EXPLOITDB text WRITEUP
SpamTitan Application 5.08x - SQL Injection