Che-Chun Kuo

4 exploits Active since Mar 2018
CVE-2018-15832 EXPLOITDB HIGH text WORKING POC
Ubisoft Uplay - Improper Input Validation
upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process.
CVSS 8.8
CVE-2018-1321 EXPLOITDB HIGH text WORKING POC
Apache Syncope < 1.2.11 - Improper Input Validation
An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.
CVSS 7.2
CVE-2018-1306 EXPLOITDB HIGH text WORKING POC
Apache Pluto < 3.0.1 - Information Disclosure
The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.
CVSS 7.5
CVE-2018-1322 EXPLOITDB MEDIUM text WORKING POC
Apache Syncope < 1.2.11 - Information Disclosure
An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters.
CVSS 4.9