Chris Lyne

21 exploits Active since Jan 2018
CVE-2019-12989 EXPLOITDB CRITICAL python WORKING POC
Citrix Netscaler Sd-wan < 10.0.8 - SQL Injection
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.
CVSS 9.8
CVE-2018-15708 EXPLOITDB CRITICAL python WORKING POC
Nagios XI Magpie_debug.php Root Remote Code Execution
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.
CVSS 9.8
CVE-2018-15705 EXPLOITDB MEDIUM python WORKING POC
Advantech Webaccess - Path Traversal
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code.
CVSS 6.5
CVE-2017-5817 METASPLOIT CRITICAL ruby WORKING POC
HP Intelligent Management Center < 7.3 - Improper Input Validation
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
CVSS 9.8
CVE-2017-5816 METASPLOIT CRITICAL ruby WORKING POC
HP Intelligent Management Center < 7.3 - Improper Input Validation
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
CVSS 9.8
CVE-2020-5741 METASPLOIT HIGH ruby WORKING POC
Plex Media Server - Code Injection
Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.
CVSS 7.2
CVE-2020-5752 METASPLOIT HIGH ruby WORKING POC
Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
CVSS 7.8
CVE-2020-5791 METASPLOIT HIGH ruby WORKING POC
Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
CVSS 7.2
CVE-2020-5792 METASPLOIT HIGH ruby WORKING POC
Nagios XI 5.7.3 - Command Injection
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.
CVSS 7.2
CVE-2017-16720 EXPLOITDB CRITICAL python WORKING POC
WebAccess <8.3.2 - Path Traversal
A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device.
CVSS 9.8
CVE-2017-16716 EXPLOITDB CRITICAL python WORKING POC
WebAccess <8.3 - SQL Injection
A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands.
CVSS 9.8
CVE-2017-5792 EXPLOITDB CRITICAL text WORKING POC
HP Intelligent Management Center - Insecure Deserialization
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
CVSS 9.8
CVE-2017-5817 EXPLOITDB CRITICAL ruby WORKING POC
HP Intelligent Management Center < 7.3 - Improper Input Validation
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
CVSS 9.8
CVE-2017-5816 EXPLOITDB CRITICAL ruby WORKING POC
HP Intelligent Management Center < 7.3 - Improper Input Validation
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
CVSS 9.8
CVE-2017-5816 EXPLOITDB CRITICAL python WORKING POC
HP Intelligent Management Center < 7.3 - Improper Input Validation
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
CVSS 9.8
CVE-2017-5817 EXPLOITDB CRITICAL python WORKING POC
HP Intelligent Management Center < 7.3 - Improper Input Validation
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
CVSS 9.8
EIP-2026-118243 EXPLOITDB python WORKING POC
Advantech WebAccess < 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow
CVE-2019-3999 EXPLOITDB HIGH text WORKING POC
Druva Insync Client - OS Command Injection
Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
CVSS 7.8
CVE-2018-15710 EXPLOITDB HIGH python WORKING POC
Nagios XI - OS Command Injection
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
CVSS 7.8
CVE-2019-12991 EXPLOITDB HIGH python WORKING POC
Citrix Netscaler Sd-wan < 10.0.8 - OS Command Injection
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).
CVSS 8.8
CVE-2018-15707 EXPLOITDB MEDIUM python WORKING POC
Advantech Webaccess - XSS
Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things.
CVSS 5.4