Dmitry Chastuhin

8 exploits Active since Feb 2016
CVE-2020-6207 METASPLOIT CRITICAL ruby WORKING POC
SAP Solution Manager 7.2 - Auth Bypass
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.
CVSS 9.8
CVE-2020-6287 METASPLOIT CRITICAL ruby WORKING POC
SAP NetWeaver AS JAVA - Missing Authentication Check
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check.
CVSS 10.0
CVE-2020-6207 METASPLOIT CRITICAL ruby WORKING POC
SAP Solution Manager 7.2 - Auth Bypass
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.
CVSS 9.8
EIP-2026-119106 EXPLOITDB ruby WORKING POC
SAP ConfigServlet - Remote Payload Execution (Metasploit)
CVE-2018-2636 EXPLOITDB HIGH python WORKING POC
Oracle Hospitality Simphony <2.9 - RCE
Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Security). Supported versions that are affected are 2.7, 2.8 and 2.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS 8.1
EIP-2026-104069 EXPLOITDB ruby WORKING POC
SAP ConfigServlet - OS Command Execution (Metasploit)
CVE-2016-2389 EXPLOITDB HIGH text WORKING POC
SAP Netweaver - Path Traversal
Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978.
CVSS 7.5
CVE-2017-3549 EXPLOITDB CRITICAL text WORKING POC
Oracle E-Business Suite <12.2.6 - RCE
Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Scripting Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Scripting accessible data as well as unauthorized access to critical data or complete access to all Oracle Scripting accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
CVSS 9.1