Bhadresh Patel

10 exploits Active since Mar 2013
CVE-2013-5581 EXPLOITDB WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
CVE-2020-11552 EXPLOITDB CRITICAL text WRITEUP
Zohocorp ManageEngine ADSelfService Plus < 6003 - Privilege Escalation
An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a Windows host. An attacker does not require any privilege on the target system in order to exploit this vulnerability. One option is the self-service option on the Windows login screen. Upon selecting this option, the thick-client software is launched, which connects to a remote ADSelfService Plus server to facilitate self-service operations. An unauthenticated attacker having physical access to the host could trigger a security alert by supplying a self-signed SSL certificate to the client. The View Certificate option from the security alert allows an attacker to export a displayed certificate to a file. This can further cascade to a dialog that can open Explorer as SYSTEM. By navigating from Explorer to \windows\system32, cmd.exe can be launched as a SYSTEM.
CVSS 9.8
CVE-2015-6023 EXPLOITDB HIGH text WORKING POC
NetCommWireless HSPA 3G10WVE - Auth Bypass
ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands.
CVSS 7.3
CVE-2017-0199 EXPLOITDB HIGH python WORKING POC
Microsoft Office Word Malicious Hta Execution
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."
CVSS 7.8
CVE-2013-5582 EXPLOITDB HIGH text WORKING POC
Ammyy Admin < 3.2 - Improper Authentication via Fixed Memory Location
Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extracts a field from the AA_v3.2.exe file.
CVSS 7.8
CVE-2013-2690 EXPLOITDB text WRITEUP
Synchroweb SynConnect 2.0 - SQL Injection via LoginID Parameter
SQL injection vulnerability in index.php in Synchroweb Technology SynConnect 2.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter in a logoff action.
EIP-2026-104494 EXPLOITDB html WORKING POC
Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery
CVE-2016-9834 EXPLOITDB MEDIUM text WORKING POC
Sophos Cyberoam Firewall Firmware <= 10.6.4 - Stored Cross-Site Scripting via LiveConnectionDetail.jsp Parameters
An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of a request to the "LiveConnectionDetail.jsp" application. GET parameters "applicationname" and "username" are improperly sanitized allowing an attacker to inject arbitrary JavaScript into the page. This can be abused by an attacker to perform a cross-site scripting attack on the user. A vulnerable URI is /corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp.
CVSS 6.1
CVE-2015-5999 EXPLOITDB text WORKING POC
D-Link DIR-816L <2.06.B09_BETA - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.
CVE-2015-6024 EXPLOITDB CRITICAL text WORKING POC
NetCommWireless HSPA 3G10WVE - Command Injection
ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the DIA_IPADDRESS parameter.
CVSS 9.8