Chris Anastasio

6 exploits Active since Feb 2018
EIP-2026-116956 EXPLOITDB text WRITEUP
Check Point ZoneAlarm 8.8.1.110 - Local Privilege Escalation
EIP-2026-109581 EXPLOITDB python WORKING POC
Moodle 3.11.5 - SQLi (Authenticated)
CVE-2017-17417 EXPLOITDB CRITICAL text WORKING POC
Quest NetVault Backup 11.3.0.12 - SQL Injection
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Acknowledge method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4228.
CVSS 9.8
CVE-2016-6566 EXPLOITDB CRITICAL text WRITEUP
Sungard eTRAKiT3 <3.2.1.17 - SQL Injection
The valueAsString parameter inside the JSON payload contained by the ucLogin_txtLoginId_ClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may then be executed by the backend server. eTRAKiT 3.2.1.17 was tested, but other versions may also be vulnerable.
CVSS 9.8
EIP-2026-100375 EXPLOITDB text WORKING POC
IssueTrak 7.0 - SQL Injection
EIP-2026-100391 EXPLOITDB text WORKING POC
Kronos Telestaff < 2.92EU29 - SQL Injection