Daniele Linguaglossa

16 exploits Active since Oct 2014
CVE-2018-5725 EXPLOITDB HIGH text WRITEUP
MASTER IPCAMERA01 <3.3.4.2103 - Info Disclosure
MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Change, as demonstrated by the port number of the web server.
CVSS 7.5
CVE-2018-5724 EXPLOITDB CRITICAL text WRITEUP
MASTER IPCAMERA01 <3.3.4.2103 - Info Disclosure
MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as demonstrated by restore.cgi.
CVSS 9.8
CVE-2018-5723 EXPLOITDB CRITICAL text WRITEUP
MASTER IPCAMERA01 <3.3.4.2103 - Info Disclosure
MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account.
CVSS 9.8
CVE-2014-6287 METASPLOIT CRITICAL ruby WORKING POC
Rejetto HTTP File Server <2.3c - RCE
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
CVSS 9.8
CVE-2014-7226 EXPLOITDB text WORKING POC
Rejetto HTTP File Server <2.3c - RCE
The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols.
CVE-2014-6287 EXPLOITDB CRITICAL ruby WORKING POC
Rejetto HTTP File Server <2.3c - RCE
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
CVSS 9.8
CVE-2014-6287 EXPLOITDB CRITICAL text WORKING POC
Rejetto HTTP File Server <2.3c - RCE
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
CVSS 9.8
EIP-2026-118235 EXPLOITDB python WORKING POC
Acunetix WVS 10 - Remote Command Execution
CVE-2015-4027 EXPLOITDB python WORKING POC
Acunetix Web Vulnerability Scanner < 10 - Access Control
The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner (WVS) before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a params JSON object to api/addScan.
CVE-2017-12763 EXPLOITDB HIGH python WORKING POC
Nomachine < 5.3.9 - Incorrect Default Permissions
An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files.
CVSS 8.8
EIP-2026-102106 EXPLOITDB python WORKING POC
Vodafone Mobile Wifi - Reset Admin Password
EIP-2026-101760 EXPLOITDB python WORKING POC
GLiNet - Router Authentication Bypass
CVE-2023-30350 EXPLOITDB HIGH python WORKING POC
FS S3900-24T4S - Privilege Escalation
FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin password.
CVSS 8.8
CVE-2018-5997 EXPLOITDB CRITICAL python WORKING POC
RAVPower Filehub <2.000.056 - RCE
An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root.
CVSS 9.8
CVE-2018-5726 EXPLOITDB CRITICAL text WRITEUP
MASTER IPCAMERA01 <3.3.4.2103 - Info Disclosure
MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain sensitive information via a crafted HTTP request, as demonstrated by the username, password, and configuration settings.
CVSS 9.8
CVE-2018-5319 EXPLOITDB HIGH python WORKING POC
RAVPower FileHub 2.000.056 - Info Disclosure
RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request.
CVSS 7.5