Charles Fol

35 exploits Active since May 2007
CVE-2024-2961 NOMISEC HIGH WORKING POC
GNU C Library <2.39 - Buffer Overflow
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
504 stars
CVSS 7.3
CVE-2018-13784 NOMISEC CRITICAL WORKING POC
PrestaShop <1.6.1.20 & <1.7.3.4 - Info Disclosure
PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.
48 stars
CVSS 9.1
CVE-2019-0211 NOMISEC HIGH WORKING POC
Apache HTTP Server < 2.4.38 - Use After Free
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
11 stars
CVSS 7.8
CVE-2024-34102 METASPLOIT CRITICAL ruby WORKING POC
CosmicSting: Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow in the iconv() function of glibc (CVE-2024-2961)
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
CVSS 9.8
CVE-2008-6657 EXPLOITDB php WORKING POC
Simple Machines Forum - CSRF
Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action.
CVE-2008-1506 EXPLOITDB php WORKING POC
PEEL <3.x - Info Disclosure
PEEL, possibly 3.x and earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
CVE-2008-1496 EXPLOITDB php WORKING POC
PEEL <3.x - SQL Injection
Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to (a) membre.php, and the (2) timestamp parameter to (b) the details action in achat/historique_commandes.php and (c) the facture action in factures/facture_html.php.
CVE-2008-1495 EXPLOITDB php WORKING POC
PEEL <3.x - RCE
Unrestricted file upload vulnerability in administrer/produits.php in PEEL, possibly 3.x and earlier, allows remote authenticated administrators to upload and execute arbitrary PHP files via a modified content type in an ajout action, as demonstrated by (1) image/gif and (2) application/pdf.
CVE-2017-7581 METASPLOIT CRITICAL ruby WORKING POC
TYPO3 News module <5.3.2 - SQL Injection
SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.
CVSS 9.8
CVE-2019-6340 METASPLOIT HIGH ruby WORKING POC
Drupal < 8.5.11 - Insecure Deserialization
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)
CVSS 8.1
CVE-2020-12720 METASPLOIT CRITICAL ruby WORKING POC
vBulletin <5.5.6pl1, <5.6.0pl1, <5.6.1pl1 - Privilege Escalation
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
CVSS 9.8
CVE-2020-12720 METASPLOIT CRITICAL ruby WORKING POC
vBulletin <5.5.6pl1, <5.6.0pl1, <5.6.1pl1 - Privilege Escalation
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
CVSS 9.8
CVE-2024-2961 METASPLOIT HIGH ruby WORKING POC
GNU C Library <2.39 - Buffer Overflow
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
CVSS 7.3
CVE-2008-7124 EXPLOITDB php WORKING POC
Zkup - Authentication Bypass
zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator.
CVE-2008-7124 EXPLOITDB php WORKING POC
Zkup - Authentication Bypass
zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator.
EIP-2026-112838 EXPLOITDB python WORKING POC
TYPO3 Extension News - SQL Injection
CVE-2008-6658 EXPLOITDB php WORKING POC
Simple Machines Forum - Path Traversal
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated administrators to install packages from arbitrary directories via a .. (dot dot) in the package parameter during an install2 action, as demonstrated by a predictable package filename in attachments/ that was uploaded through a post2 action to index.php.
CVE-2018-13784 EXPLOITDB CRITICAL text WORKING POC
PrestaShop <1.6.1.20 & <1.7.3.4 - Info Disclosure
PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.
CVSS 9.1
EIP-2026-111221 EXPLOITDB php WORKING POC
phpTournois G4 - Arbitrary File Upload / Code Execution
CVE-2018-13784 EXPLOITDB CRITICAL python WORKING POC
PrestaShop <1.6.1.20 & <1.7.3.4 - Info Disclosure
PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.
CVSS 9.1
CVE-2008-1295 EXPLOITDB php WORKING POC
phpMyNewsletter <0.8 beta 5 - SQL Injection
SQL injection vulnerability in archives.php in Gregory Kokanosky (aka Greg's Place) phpMyNewsletter 0.8 beta 5 and earlier allows remote attackers to execute arbitrary SQL commands via the msg_id parameter.
EIP-2026-110891 EXPLOITDB php WORKING POC
PHP-Nuke Platinium 7.6.b.5 - Remote Code Execution
CVE-2008-1507 EXPLOITDB php WORKING POC
PEEL <3.x - Info Disclosure
PEEL, possibly 3.x and earlier, has (1) a default [email protected] account with password admin, and (2) a default [email protected] account with password cinema, which allows remote attackers to gain administrative access.
EIP-2026-109988 EXPLOITDB php WORKING POC
Nuked-klaN 1.7.6 - Multiple Vulnerabilities
CVE-2007-2556 EXPLOITDB php WORKING POC
Nuked-klaN <1.7.6 - SQL Injection
SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, as demonstrated by a request to the /nk/ URI.