Dolev Farhi

40 exploits Active since May 2014
CVE-2015-4420 EXPLOITDB text WORKING POC
Opsview < 4.6.2 - Cross-Site Scripting via Crafted Check Plugin or Host Profile Description
Multiple cross-site scripting (XSS) vulnerabilities in Opsview 4.6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) crafted check plugin, the (2) description in a host profile, or the (3) plugin_args parameter to a Test service check page.
EIP-2026-104364 EXPLOITDB python WORKING POC
ntop-ng 2.5.160805 - Username Enumeration
CVE-2015-8368 EXPLOITDB text WRITEUP
ntopng < 2.0.151021 - Authenticated Privilege Escalation via User Cookie and Username Parameter
ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.
EIP-2026-104274 EXPLOITDB python WORKING POC
Hasura GraphQL 2.2.0 - Information Disclosure
CVE-2014-3840 EXPLOITDB text WRITEUP
Mayan EDMS 0.13 - Authenticated Stored Cross-Site Scripting via Tag, Title, Name, or Smart Link Fields
Multiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a (1) tag or the (2) title of a source in a Staging folder, (3) Name field in a bootstrap setup, or Title field in a (4) smart link or (5) web form.
CVE-2014-3738 EXPLOITDB text WORKING POC
Zenoss 4.2.5 - Stored Cross-Site Scripting via Device Title
Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the title of a device.
CVE-2020-14181 EXPLOITDB MEDIUM python WORKING POC
Atlassian Jira Server/Data Center <7.13.6, 8.0.0-8.5.7 - User Enumeration via ViewUserHover.jspa
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0.
CVSS 5.3
EIP-2026-104164 EXPLOITDB python WORKING POC
Apache Superset 1.1.0 - Time-Based Account Enumeration
EIP-2026-103314 EXPLOITDB text WORKING POC
RabbitMQ Web Management < 3.7.6 - Cross-Site Request Forgery (Add Admin)
EIP-2026-103269 EXPLOITDB python WORKING POC
Cobbler 2.8.0 - (Authenticated) Remote Code Execution
EIP-2026-101861 EXPLOITDB text WRITEUP
Netgear DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure
EIP-2026-101904 EXPLOITDB text WRITEUP
OpenFiler 2.99.1 - Multiple Persistent Cross-Site Scripting Vulnerabilities
EIP-2026-101903 EXPLOITDB text WORKING POC
OpenFiler 2.99.1 - Arbitrary Code Execution
EIP-2026-101862 EXPLOITDB text WRITEUP
Netgear DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting
EIP-2026-101775 EXPLOITDB text WORKING POC
Hitron Router CGN3ACSMR 4.5.8.16 - Arbitrary Code Execution