Cale Black

7 exploits Active since Jun 2018
CVE-2020-7388 NOMISEC CRITICAL WORKING POC
Sage X3 AdxAdmin < 93.2.53 - Unauthenticated Remote Command Execution via AdxDSrv.exe Authentication Bypass
Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can be learned by exploiting CVE-2020-7387. This issue was fixed in AdxAdmin 93.2.53, which ships with updates for on-premises versions of Sage X3 including Version 9 (components shipped with Syracuse 9.22.7.2 and later), Sage X3 HR & Payroll Version 9 (those components that ship with Syracuse 9.24.1.3), Version 11 (components shipped with Syracuse 11.25.2.6 and later), and Version 12 (components shipped with Syracuse 12.10.2.8 and later) of Sage X3. Other on-premises versions of Sage X3 are unsupported by the vendor.
1 stars
CVSS 10.0
CVE-2018-10661 METASPLOIT CRITICAL ruby WORKING POC
Axis IP Cameras - Access Control Bypass
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.
CVSS 9.8
CVE-2018-10662 METASPLOIT CRITICAL ruby WORKING POC
Axis IP Cameras - Exposed Insecure Interface
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.
CVSS 9.8
CVE-2018-10661 EXPLOITDB CRITICAL ruby WORKING POC
Axis IP Cameras - Access Control Bypass
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.
CVSS 9.8
CVE-2018-10660 EXPLOITDB CRITICAL ruby WORKING POC
Axis IP Cameras - OS Command Injection
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.
CVSS 9.8
CVE-2018-10660 METASPLOIT CRITICAL ruby WORKING POC
Axis IP Cameras - OS Command Injection
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.
CVSS 9.8
CVE-2018-10662 EXPLOITDB CRITICAL ruby WORKING POC
Axis IP Cameras - Exposed Insecure Interface
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.
CVSS 9.8