Cody Sixteen

4 exploits Active since Nov 2017
CVE-2019-25671 EXPLOITDB HIGH python WORKING POC
VA MAX 8.3.4 Remote Code Execution via changeip.php
VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the mtu_eth0 parameter. Attackers can send POST requests to the changeip.php endpoint with malicious payload in the mtu_eth0 field to execute commands as the apache user.
CVSS 8.8
CVE-2017-16542 EXPLOITDB HIGH text WORKING POC
Zoho ManageEngine Applications Manager <13 - SQL Injection
Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.
CVSS 8.8
CVE-2017-16543 EXPLOITDB CRITICAL text WORKING POC
Zoho ManageEngine Applications Manager <13 - SQL Injection
Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.
CVSS 9.8
EIP-2026-100945 EXPLOITDB python WORKING POC
Zen Load Balancer 3.10.1 - Remote Code Execution