Dolev Farhi

40 exploits Active since May 2014
CVE-2018-25350 EXPLOITDB CRITICAL python SCANNER
userSpice 4.3.24 Username Enumeration via existingUsernameCheck.php
userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to identify existing accounts in the system.
CVSS 9.8
CVE-2018-25349 EXPLOITDB MEDIUM perl WORKING POC
userSpice 4.3.24 Cross-Site Scripting via X-Forwarded-For Header
userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the backup.php endpoint with XSS payloads in the X-Forwarded-For header that execute when administrators visit the audit log page.
CVSS 6.1
CVE-2021-47959 EXPLOITDB HIGH python WORKING POC
WordPress Plugin WPGraphQL 1.3.5 Denial of Service
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field duplication payloads to trigger server out-of-memory conditions and MySQL connection errors.
CVSS 7.5
CVE-2020-37085 EXPLOITDB HIGH python WORKING POC
VirtualTablet Server 3.0.2 - Denial of Service via Oversized Thrift Payload
VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit the vulnerability by sending a long string to the send_say() method, causing the server to become unresponsive.
CVSS 7.5
CVE-2021-47901 EXPLOITDB CRITICAL text WORKING POC
dirsearch 0.4.1 - CSV Injection via Redirect Endpoint Path
Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that allows attackers to inject formulas through redirected endpoints. Attackers can craft malicious server redirects with comma-separated paths containing Excel formulas to manipulate the generated CSV report.
CVSS 9.8
CVE-2021-47748 EXPLOITDB CRITICAL python WORKING POC
Hasura GraphQL 1.3.3 - Remote Code Execution via SQL Query Manipulation in run_sql Endpoint
Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell commands through SQL query manipulation. Attackers can inject commands into the run_sql endpoint by crafting malicious GraphQL queries that execute system commands through PostgreSQL's COPY FROM PROGRAM functionality.
CVSS 9.8
CVE-2021-47715 EXPLOITDB MEDIUM python WORKING POC
Hasura GraphQL 1.3.3 - Server-Side Request Forgery via Remote Schema Injection
Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerability that allows attackers to inject arbitrary remote schema URLs through the add_remote_schema endpoint. Attackers can exploit the vulnerability by sending crafted POST requests to the /v1/query endpoint with malicious URL definitions to potentially access internal network resources.
CVSS 5.3
CVE-2021-47714 EXPLOITDB MEDIUM python WORKING POC
Hasura GraphQL 1.3.3 - Local File Read via SQL Injection in Query Endpoint
Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files through SQL injection in the query endpoint. Attackers can exploit the pg_read_file() PostgreSQL function by crafting malicious SQL queries to read arbitrary files on the server.
CVSS 5.5
CVE-2021-47713 EXPLOITDB HIGH python WORKING POC
Hasura GraphQL 1.3.3 - Denial of Service via Malicious GraphQL Query
Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resources and potentially crash the GraphQL endpoint.
CVSS 7.5
CVE-2020-36969 EXPLOITDB HIGH python WORKING POC
M/Monit 3.7.4 - Privilege Escalation
M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standard user account.
CVSS 8.8
CVE-2020-36968 EXPLOITDB MEDIUM python WORKING POC
M/Monit 3.7.4 - Authenticated Password Hash Exposure via Admin API Endpoints
M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for all users.
CVSS 6.5
CVE-2020-36941 EXPLOITDB CRITICAL text WRITEUP
Knockpy 4.1.1 - CSV Injection via Server Header Manipulation
Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet applications.
CVSS 9.8
CVE-2019-11393 EXPLOITDB CRITICAL python WORKING POC
M/Monit <3.7.3 - Privilege Escalation
An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter.
CVSS 9.8
CVE-2014-6607 EXPLOITDB text WORKING POC
M/Monit <3.3.2 - Privilege Escalation
M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409.
CVE-2014-3740 EXPLOITDB text WORKING POC
Spiceworks < 7.2.00190 - Authenticated Cross-Site Scripting via Ticket Summary Field
Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page.
EIP-2026-116651 EXPLOITDB python STUB
ZOC SSH Client - Buffer Overflow (SEH) (PoC)
EIP-2026-112933 EXPLOITDB python WORKING POC
UserSpice 4.3 - Blind SQL Injection
EIP-2026-112934 EXPLOITDB text WORKING POC
userSpice 4.3 - Cross-Site Scripting
CVE-2014-3866 EXPLOITDB html WORKING POC
Usercake < 2.0.2 - Cross-Site Request Forgery via User Settings
Multiple cross-site request forgery (CSRF) vulnerabilities in user_settings.php in Usercake 2.0.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that change the (1) administrative password via the passwordc parameter or (2) administrative e-mail address via the email parameter.
CVE-2014-7190 EXPLOITDB html WORKING POC
Openfiler 2.99.1 - Cross-Site Request Forgery via System Shutdown/Reboot
Multiple cross-site request forgery (CSRF) vulnerabilities in Openfiler 2.99.1 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown or (2) reboot the server via a request to admin/system_shutdown.html.
EIP-2026-110006 EXPLOITDB text WORKING POC
Observium 0.16.7533 - (Authenticated) Arbitrary Command Execution
EIP-2026-110007 EXPLOITDB html WORKING POC
Observium 0.16.7533 - Cross-Site Request Forgery
CVE-2014-6409 EXPLOITDB text WORKING POC
m/monit < 3.3.2 - Cross-Site Request Forgery via User Update Endpoint
Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update.
CVE-2014-3225 EXPLOITDB text WRITEUP
Cobbler 2.4.x-2.6.x - Authenticated Path Traversal via Kickstart Field
Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.
CVE-2014-6070 EXPLOITDB text WORKING POC
Adiscon LogAnalyzer < 3.6.6 - Cross-Site Scripting via Hostname Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in (1) index.php or (2) detail.php.