Daniel Monzón (stark0de)

12 exploits Active since Feb 2020
CVE-2020-9371 EXPLOITDB MEDIUM WRITEUP
Appointment Booking Calendar < 1.3.35 - Stored Cross-Site Scripting in Calendar Name Input
Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.
CVSS 4.8
CVE-2022-4985 EXPLOITDB HIGH python WORKING POC
Vodafone H500s <3.5.10 - Info Disclosure
Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500) expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document that contains the wifi_password field. This allows an unauthenticated attacker to obtain the WiFi credentials and gain unauthorized access to the wireless network, compromising confidentiality of network traffic and attached systems.
CVE-2020-8641 EXPLOITDB HIGH text WORKING POC
Lotus Core CMS 1.0.1 - Path Traversal
Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter.
CVSS 8.8
CVE-2020-27461 EXPLOITDB HIGH python WORKING POC
SEOPanel 4.6.0 - Authenticated Remote Code Execution via Import Website File Upload
A remote code execution vulnerability in SEOPanel 4.6.0 has been fixed for 4.7.0. This vulnerability allowed for remote code execution through an authenticated file upload via the Settings Panel>Import website function.
CVSS 8.8
CVE-2020-12429 EXPLOITDB CRITICAL text WORKING POC
Online Course Registration 2.0 - SQL Injection
Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete database compromise and authentication bypass in the login pages: admin/change-password.php, admin/check_availability.php, admin/index.php, change-password.php, check_availability.php, includes/header.php, index.php, and pincode-verification.php.
CVSS 9.8
CVE-2020-11548 EXPLOITDB CRITICAL text WORKING POC
Search Meter < 2.13.2 - Remote Code Execution via CSV Injection in Search Export
The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed.
CVSS 9.8
EIP-2026-113884 EXPLOITDB text WRITEUP
WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion
CVE-2020-9372 EXPLOITDB HIGH text WORKING POC
Appointment Booking Calendar < 1.3.35 - CSV Injection via Booking Form Fields
The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection.
CVSS 7.8
EIP-2026-111692 EXPLOITDB python WORKING POC
rConfig 3.9.5 - Remote Code Execution (Unauthenticated)
EIP-2026-110111 EXPLOITDB text WRITEUP
Online Healthcare Patient Record Management System 1.0 - Authentication Bypass
CVE-2020-13144 EXPLOITDB HIGH text WORKING POC
Open edX Ironwood 2.5 - Unauthenticated Remote Code Execution via Custom Python Evaluated Code
Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and execute Python code. This leads to arbitrary code execution.
CVSS 8.8
CVE-2020-26567 EXPLOITDB MEDIUM text WRITEUP
D-Link DSR-250N < 3.17b - Unauthenticated Denial of Service via upgradeStatusReboot.cgi
An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes.
CVSS 5.5