Daniel Monzón

11 exploits Active since Feb 2020
CVE-2022-4985 EXPLOITDB HIGH python WORKING POC
Vodafone H500s <3.5.10 - Info Disclosure
Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500) expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document that contains the wifi_password field. This allows an unauthenticated attacker to obtain the WiFi credentials and gain unauthorized access to the wireless network, compromising confidentiality of network traffic and attached systems.
CVE-2020-8641 EXPLOITDB HIGH text WORKING POC
Lotus Core CMS 1.0.1 - Path Traversal
Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter.
CVSS 8.8
CVE-2020-12429 EXPLOITDB CRITICAL text WORKING POC
Online Course Registration 2.0 - SQL Injection
Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete database compromise and authentication bypass in the login pages: admin/change-password.php, admin/check_availability.php, admin/index.php, change-password.php, check_availability.php, includes/header.php, index.php, and pincode-verification.php.
CVSS 9.8
CVE-2020-11548 EXPLOITDB CRITICAL text WORKING POC
Search Meter < 2.13.2 - Remote Code Execution
The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed.
CVSS 9.8
CVE-2020-7361 METASPLOIT CRITICAL ruby WORKING POC
Easycorp Zentao Pro < 8.8.2 - OS Command Injection
The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component. After authenticating to the ZenTao dashboard, attackers may construct and send arbitrary OS commands via the POST parameter 'path', and those commands will run in an elevated SYSTEM context on the underlying Windows operating system.
CVSS 9.6
EIP-2026-114614 EXPLOITDB python WORKING POC
ZenTao Pro 8.8.2 - Command Injection
EIP-2026-113884 EXPLOITDB text WRITEUP
WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion
CVE-2020-9372 EXPLOITDB HIGH text WORKING POC
Codepeople Appointment Booking Calendar - Remote Code Execution
The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection.
CVSS 7.8
EIP-2026-111692 EXPLOITDB python WORKING POC
rConfig 3.9.5 - Remote Code Execution (Unauthenticated)
EIP-2026-110111 EXPLOITDB text WRITEUP
Online Healthcare Patient Record Management System 1.0 - Authentication Bypass
CVE-2020-13144 EXPLOITDB HIGH text WORKING POC
Open edX Ironwood 2.5 - RCE
Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and execute Python code. This leads to arbitrary code execution.
CVSS 8.8