Billy Rios

6 exploits Active since Aug 2007
CVE-2018-10622 WRITEUP MEDIUM WRITEUP
Medtronic MyCareLink Patient Monitor - Info Disclosure
Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication.
CVSS 5.2
CVE-2018-10626 WRITEUP MEDIUM WRITEUP
Medtronic MyCareLink - Info Disclosure
Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network.
CVSS 4.4
CVE-2007-3845 EXPLOITDB text WORKING POC
Mozilla Firefox <2.0.0.6, Thunderbird <1.5.0.13 & 2.x <2.0.0.6, Sea...
Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."
CVE-2007-3896 EXPLOITDB text WORKING POC
Internet Explorer - Remote Code Execution via Invalid URI Handler Sequences
The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
EIP-2026-118642 EXPLOITDB ruby WORKING POC
Honeywell Tema Remote Installer - ActiveX Remote Code Execution (Metasploit)
CVE-2009-0162 EXPLOITDB xml WORKING POC
Safari < 3.2.3 - Cross-Site Scripting via Crafted feed: URL
Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL.