Dino Barlattani

5 exploits Active since Jan 2017
CVE-2019-9017 EXPLOITDB HIGH text WORKING POC
SolarWinds DameWare Mini Remote Control 10.0 - Buffer Overflow via Machine Name Size Field
DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name.
CVSS 7.5
CVE-2016-3411 EXPLOITDB MEDIUM text WORKING POC
Zimbra Collaboration Suite < 8.6.0 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609.
CVSS 6.1
CVE-2018-17428 EXPLOITDB CRITICAL text WORKING POC
OPAC EasyWeb Five <5.7 - SQL Injection
An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter.
CVSS 9.8
CVE-2022-45639 EXPLOITDB HIGH text WORKING POC
the_sleuth_kit 4.11.1 - OS Command Injection via m Parameter
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the user account that entered the command line.
CVSS 7.8
CVE-2018-18437 EXPLOITDB MEDIUM text WORKING POC
AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0 - Cross-Site Scripting via Error_Desc Parameter
In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter.
CVSS 6.1