Bryan Leong

9 exploits Active since May 2003
CVE-2011-2523 NOMISEC CRITICAL WORKING POC
vsftpd 2.3.4 - Backdoor Command Execution
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
3 stars
CVSS 9.8
CVE-2021-46422 NOMISEC CRITICAL WORKING POC
Telesquare SDT-CW3B1 1.1.0 - Command Injection
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.
1 stars
CVSS 9.8
CVE-2019-12744 NOMISEC HIGH WORKING POC
seeddms < 5.1.11 - Remote Command Execution via Unvalidated PHP File Upload
SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940.
1 stars
CVSS 7.5
CVE-2003-0264 NOMISEC WORKING POC
SLMail 5.1.0.4420 - Buffer Overflow
Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to execute arbitrary code via (1) a long EHLO argument to slmail.exe, (2) a long XTRN argument to slmail.exe, (3) a long string to POPPASSWD, or (4) a long password to the POP3 server.
CVE-2009-0182 EXPLOITDB HIGH python WORKING POC
VUPlayer < 2.49 - Buffer Overflow via Long URL in .pls File
Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in a File line in a .pls file, as demonstrated by an http URL on a File1 line.
CVSS 8.8
CVE-2019-12744 EXPLOITDB HIGH python WORKING POC
seeddms < 5.1.11 - Remote Command Execution via Unvalidated PHP File Upload
SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940.
CVSS 7.5
EIP-2026-110380 EXPLOITDB python WORKING POC
osCommerce 2.3.4.1 - Remote Code Execution (2)
EIP-2026-101877 EXPLOITDB python WORKING POC
Netgear WNAP320 2.0.3 - 'macAddress' Remote Code Execution (RCE) (Unauthenticated)
CVE-2021-46422 EXPLOITDB CRITICAL python WORKING POC
Telesquare SDT-CW3B1 1.1.0 - Command Injection
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.
CVSS 9.8