David Cámara Galindo

3 exploits Active since Sep 2019
CVE-2019-16398 GITLAB MEDIUM WORKING POC
Keeper K5 <20.1.0.25-20.1.0.63 - RCE
On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskj_script_run.sh that executes a reverse shell.
CVSS 6.8
CVE-2019-18651 GITLAB MEDIUM WORKING POC
3xLogic Infinias Access Control <=6.6.9586.0 - CSRF
A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias Access Control through 6.6.9586.0 allows remote attackers to execute malicious and unauthorized actions (e.g., delete application users) by sending a crafted HTML document or encoded URL to a user that the website trusts. The user needs to have an active privileged session.
CVSS 6.5
CVE-2019-18652 GITLAB MEDIUM WORKING POC
WatchGuard XMT515 <12.1.3 - XSS
A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link. The payload was tested in Microsoft Internet Explorer 11.418.18362.0 and Microsoft Edge 44.18362.387.0 (Microsoft EdgeHTML 18.18362).
CVSS 6.1