Brendan Coles

95 exploits Active since Oct 2006
EIP-2026-113179 EXPLOITDB text WORKING POC
WANem - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-112475 EXPLOITDB text WRITEUP
SugarCRM Community Edition 6.5.2 (Build 8410) - Multiple Vulnerabilities
EIP-2026-112474 EXPLOITDB text WORKING POC
SugarCRM Community Edition - Multiple Information Disclosure Vulnerabilities
EIP-2026-110307 EXPLOITDB text WORKING POC
OpenFiler 2.3 - Multiple Cross-Site Scripting / Information Disclosure Vulnerabilities
EIP-2026-107772 EXPLOITDB text WORKING POC
iGiveTest 2.1.0 - SQL Injection
EIP-2026-107976 EXPLOITDB text WORKING POC
iSupport 1.8 - SQL Injection
EIP-2026-105675 EXPLOITDB text WORKING POC
Cachelogic Expired Domains Script 1.0 - Multiple Vulnerabilities
EIP-2026-105618 EXPLOITDB text WORKING POC
BrewBlogger 2.3.2 - Multiple Vulnerabilities
CVE-2017-1092 EXPLOITDB CRITICAL ruby WORKING POC
IBM Informix Open Admin Tool <12.1 - RCE
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.
CVSS 9.8
EIP-2026-104781 EXPLOITDB ruby WORKING POC
TestLink 1.9.3 - Arbitrary File Upload (Metasploit)
CVE-2014-9567 EXPLOITDB ruby WORKING POC
ProjectSend r100-r561 - Unauthenticated Arbitrary File Upload and Remote Code Execution via process-upload.php
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory.
CVE-2011-4275 EXPLOITDB ruby WORKING POC
iTop 1.1.181 and 1.2.0-RC-282 - Cross-Site Scripting via Multiple Input Vectors
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.
EIP-2026-104724 EXPLOITDB ruby WORKING POC
eXtplorer 2.1 - Arbitrary File Upload (Metasploit)
CVE-2018-6849 EXPLOITDB MEDIUM ruby WORKING POC
DuckDuckGo 4.2.0 - Private IP Address Exposure via WebRTC STUN Request
In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.
CVSS 4.3
EIP-2026-104514 EXPLOITDB python WORKING POC
Zenoss 3.2.1 - (Authenticated) Remote Command Execution
CVE-2013-6366 EXPLOITDB ruby WORKING POC
VMware Hyperic HQ 4.6.6 - Authenticated Remote Code Execution via Groovy Script Console
The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call.
CVE-2018-14665 EXPLOITDB MEDIUM ruby WORKING POC
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
CVSS 6.6
CVE-2017-6516 EXPLOITDB MEDIUM ruby WORKING POC
MagniComp SysInfo mcsiwrapper Privilege Escalation
A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-to-root access in order to access restricted system files and make restricted kernel calls. This access could be exploited by a local attacker to gain a root shell prompt using the right combination of environment variables and command line arguments.
CVSS 6.7
EIP-2026-103138 EXPLOITDB ruby WORKING POC
HID discoveryd - 'command_blink_on' Remote Code Execution (Metasploit)
CVE-2017-7494 EXPLOITDB CRITICAL ruby WORKING POC
Samba is_known_pipename() Arbitrary Module Load
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
CVSS 9.8
CVE-2018-0707 EXPLOITDB HIGH ruby WORKING POC
QNAP Q'center < 1.7.1063 - Authenticated OS Command Injection via Change Password
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS 7.2
CVE-2013-1349 EXPLOITDB ruby WORKING POC
openSIS 4.5-5.2 - Remote Code Execution via ajax.php modname Parameter
Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter.
EIP-2026-103137 EXPLOITDB ruby WORKING POC
HID discoveryd - 'command_blink_on' Remote Code Execution (Metasploit)
CVE-2014-7910 EXPLOITDB ruby WORKING POC
Google Chrome < 39.0.2171.65 - Denial of Service or Other Impact
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2010-3847 EXPLOITDB ruby WORKING POC
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation
elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.