Denis Andzakovic

10 exploits Active since Nov 2013
CVE-2025-34121 EXPLOITDB CRITICAL ruby WORKING POC
Idera Up.Time Monitoring Station <=7.2 - RCE
An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station versions up to and including 7.2. The `wizards/post2file.php` script accepts arbitrary POST parameters, allowing attackers to upload crafted PHP files to the webroot. Successful exploitation results in remote code execution as the web server user. NOTE: The bypass for this vulnerability is tracked as CVE-2015-9263.
CVE-2025-34087 METASPLOIT HIGH ruby WORKING POC
Pi-hole < 3.3 - Authenticated OS Command Injection via Allowlist Domain Parameter
An authenticated command injection vulnerability exists in Pi-hole versions up to 3.3. When adding a domain to the allowlist via the web interface, the domain parameter is not properly sanitized, allowing an attacker to append OS commands to the domain string. These commands are executed on the underlying operating system with the privileges of the Pi-hole service user. This behavior was present in the legacy AdminLTE interface and has since been patched in later versions.
CVSS 8.8
CVE-2025-34121 METASPLOIT CRITICAL ruby WORKING POC
Idera Up.Time Monitoring Station <=7.2 - RCE
An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station versions up to and including 7.2. The `wizards/post2file.php` script accepts arbitrary POST parameters, allowing attackers to upload crafted PHP files to the webroot. Successful exploitation results in remote code execution as the web server user. NOTE: The bypass for this vulnerability is tracked as CVE-2015-9263.
CVE-2018-10900 METASPLOIT HIGH ruby WORKING POC
Network Manager VPNC Username Privilege Escalation
Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root.
CVSS 7.8
CVE-2013-6875 EXPLOITDB text WORKING POC
Nagios XI < 2012r2.4 - SQL Injection via tfPassword Parameter
SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php.
EIP-2026-104733 EXPLOITDB ruby WORKING POC
Idera Up.Time Monitoring Station 7.4 - 'post2file.php' Arbitrary File Upload (Metasploit)
CVE-2018-10900 EXPLOITDB HIGH ruby WORKING POC
Network Manager VPNC Username Privilege Escalation
Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root.
CVSS 7.8
CVE-2015-6908 EXPLOITDB text WORKING POC
OpenLDAP < 2.4.42 - Denial of Service via Crafted BER Data
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
EIP-2026-102754 EXPLOITDB python WORKING POC
Uptime Agent 5.0.1 - Stack Overflow
EIP-2026-102707 EXPLOITDB c WORKING POC
OpenLitespeed 1.3.9 - Use-After-Free (Denial of Service)