Chris Lyne

21 exploits Active since Jan 2018
CVE-2019-12989 EXPLOITDB CRITICAL python WORKING POC
Citrix SD-WAN 10.2.0-10.2.2 and NetScaler SD-WAN 10.0.0-10.0.7 - SQL Injection
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.
CVSS 9.8
CVE-2018-15708 EXPLOITDB CRITICAL python WORKING POC
Nagios XI Magpie_debug.php Root Remote Code Execution
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.
CVSS 9.8
CVE-2018-15705 EXPLOITDB MEDIUM python WORKING POC
Advantech WebAccess 8.3.1-8.3.2 - Authenticated Path Traversal and Arbitrary File Write via WADashboard writeFile API
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code.
CVSS 6.5
CVE-2017-5817 METASPLOIT CRITICAL ruby WORKING POC
HPE Intelligent Management Center < 7.3 - Remote Code Execution
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
CVSS 9.8
CVE-2017-5816 METASPLOIT CRITICAL ruby WORKING POC
HPE Intelligent Management Center < 7.3 - Remote Code Execution
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
CVSS 9.8
CVE-2020-5741 METASPLOIT HIGH ruby WORKING POC
Plex Media Server < 1.19.3 - Authenticated Remote Code Execution via Unpickle Deserialization
Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.
CVSS 7.2
CVE-2020-5752 METASPLOIT HIGH ruby WORKING POC
Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
CVSS 7.8
CVE-2020-5791 METASPLOIT HIGH ruby WORKING POC
Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
CVSS 7.2
CVE-2020-5792 METASPLOIT HIGH ruby WORKING POC
Nagios XI 5.7.3 - Command Injection
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.
CVSS 7.2
CVE-2017-16720 EXPLOITDB CRITICAL python WORKING POC
Advantech WebAccess <= 8.3.2 - Path Traversal
A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device.
CVSS 9.8
CVE-2017-16716 EXPLOITDB CRITICAL python WORKING POC
Advantech WebAccess < 8.3 - SQL Injection
A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands.
CVSS 9.8
CVE-2017-5792 EXPLOITDB CRITICAL text WORKING POC
HPE Intelligent Management Center PLAT 7.3 E0504P2 - Remote Code Execution via Untrusted Data Deserialization
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
CVSS 9.8
CVE-2017-5817 EXPLOITDB CRITICAL ruby WORKING POC
HPE Intelligent Management Center < 7.3 - Remote Code Execution
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
CVSS 9.8
CVE-2017-5816 EXPLOITDB CRITICAL ruby WORKING POC
HPE Intelligent Management Center < 7.3 - Remote Code Execution
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
CVSS 9.8
CVE-2017-5816 EXPLOITDB CRITICAL python WORKING POC
HPE Intelligent Management Center < 7.3 - Remote Code Execution
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
CVSS 9.8
CVE-2017-5817 EXPLOITDB CRITICAL python WORKING POC
HPE Intelligent Management Center < 7.3 - Remote Code Execution
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
CVSS 9.8
EIP-2026-118243 EXPLOITDB python WORKING POC
Advantech WebAccess < 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow
CVE-2019-3999 EXPLOITDB HIGH text WORKING POC
Druva inSync Windows Client 6.5.0 - Unauthenticated OS Command Injection
Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
CVSS 7.8
CVE-2018-15710 EXPLOITDB HIGH python WORKING POC
Nagios XI 5.5.6 - Authenticated Privilege Escalation via Autodiscover_new.php
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
CVSS 7.8
CVE-2019-12991 EXPLOITDB HIGH python WORKING POC
Citrix SD-WAN 10.2.0-10.2.2 and NetScaler SD-WAN 10.0.0-10.0.7 - OS Command Injection
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).
CVSS 8.8
CVE-2018-15707 EXPLOITDB MEDIUM python WORKING POC
Advantech WebAccess 8.3.1 and 8.3.2 - Cross-Site Scripting in Bwmainleft.asp
Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things.
CVSS 5.4