Dolev Farhi

40 exploits Active since May 2014
CVE-2020-37085 EXPLOITDB HIGH python WORKING POC
VirtualTablet Server 3.0.2 - DoS
VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit the vulnerability by sending a long string to the send_say() method, causing the server to become unresponsive.
CVSS 7.5
CVE-2021-47901 EXPLOITDB CRITICAL text WORKING POC
Dirsearch 0.4.1 - Code Injection
Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that allows attackers to inject formulas through redirected endpoints. Attackers can craft malicious server redirects with comma-separated paths containing Excel formulas to manipulate the generated CSV report.
CVSS 9.8
CVE-2021-47748 EXPLOITDB CRITICAL python WORKING POC
Hasura Graphql Engine - OS Command Injection
Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell commands through SQL query manipulation. Attackers can inject commands into the run_sql endpoint by crafting malicious GraphQL queries that execute system commands through PostgreSQL's COPY FROM PROGRAM functionality.
CVSS 9.8
CVE-2021-47715 EXPLOITDB MEDIUM python WORKING POC
Hasura Graphql Engine - SSRF
Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerability that allows attackers to inject arbitrary remote schema URLs through the add_remote_schema endpoint. Attackers can exploit the vulnerability by sending crafted POST requests to the /v1/query endpoint with malicious URL definitions to potentially access internal network resources.
CVSS 5.3
CVE-2021-47714 EXPLOITDB MEDIUM python WORKING POC
Hasura Graphql Engine - SQL Injection
Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files through SQL injection in the query endpoint. Attackers can exploit the pg_read_file() PostgreSQL function by crafting malicious SQL queries to read arbitrary files on the server.
CVSS 5.5
CVE-2021-47713 EXPLOITDB HIGH python WORKING POC
Hasura Graphql Engine - Resource Allocation Without Limits
Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resources and potentially crash the GraphQL endpoint.
CVSS 7.5
CVE-2020-36969 EXPLOITDB HIGH python WORKING POC
M/Monit 3.7.4 - Privilege Escalation
M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standard user account.
CVSS 8.8
CVE-2020-36968 EXPLOITDB MEDIUM python WORKING POC
M/Monit 3.7.4 - Auth Bypass
M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for all users.
CVSS 6.5
CVE-2020-36941 EXPLOITDB CRITICAL text WRITEUP
Knockpy 4.1.1 - Code Injection
Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet applications.
CVSS 9.8
CVE-2019-11393 EXPLOITDB CRITICAL python WORKING POC
M/Monit <3.7.3 - Privilege Escalation
An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter.
CVSS 9.8
CVE-2014-6607 EXPLOITDB text WORKING POC
M/Monit <3.3.2 - Privilege Escalation
M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409.
CVE-2014-3740 EXPLOITDB text WORKING POC
Spiceworks < 7.2.00190 - XSS
Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page.
EIP-2026-116651 EXPLOITDB python STUB
ZOC SSH Client - Buffer Overflow (SEH) (PoC)
EIP-2026-112933 EXPLOITDB python WORKING POC
UserSpice 4.3 - Blind SQL Injection
EIP-2026-112936 EXPLOITDB python WORKING POC
userSpice 4.3.24 - Username Enumeration
EIP-2026-112935 EXPLOITDB perl WORKING POC
userSpice 4.3.24 - 'X-Forwarded-For' Cross-Site Scripting
EIP-2026-112934 EXPLOITDB text WORKING POC
userSpice 4.3 - Cross-Site Scripting
CVE-2014-3866 EXPLOITDB html WORKING POC
Usercake < 2.0.2 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in user_settings.php in Usercake 2.0.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that change the (1) administrative password via the passwordc parameter or (2) administrative e-mail address via the email parameter.
EIP-2026-110007 EXPLOITDB html WORKING POC
Observium 0.16.7533 - Cross-Site Request Forgery
EIP-2026-110006 EXPLOITDB text WORKING POC
Observium 0.16.7533 - (Authenticated) Arbitrary Command Execution
CVE-2014-7190 EXPLOITDB html WORKING POC
Openfiler 2.99.1 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Openfiler 2.99.1 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown or (2) reboot the server via a request to admin/system_shutdown.html.
CVE-2014-6409 EXPLOITDB text WORKING POC
M/Monit <3.3.2 - CSRF
Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update.
CVE-2014-3225 EXPLOITDB text WRITEUP
Cobbler < 2.6.4 - Path Traversal
Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.
EIP-2026-104687 EXPLOITDB python WORKING POC
WordPress Plugin WPGraphQL 1.3.5 - Denial of Service
CVE-2015-4420 EXPLOITDB text WORKING POC
Opsview < 4.6.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Opsview 4.6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) crafted check plugin, the (2) description in a host profile, or the (3) plugin_args parameter to a Test service check page.