Ege Balcı

5 exploits Active since Mar 2018
CVE-2018-8065 NOMISEC HIGH WORKING POC
Flexense SyncBreeze Enterprise <10.6.24 - Memory Corruption
An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory region that can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs.
6 stars
CVSS 7.5
CVE-2023-30625 METASPLOIT HIGH ruby WORKING POC
Rudder Server SQLI Remote Code Execution
rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue.
CVSS 8.8
CVE-2023-40498 METASPLOIT CRITICAL ruby WORKING POC
LG Simple Editor - Path Traversal
LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the cp command implemented in the makeDetailContent method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19925.
CVSS 9.8
EIP-2026-104709 EXPLOITDB ruby WORKING POC
Agent Tesla Botnet - Arbitrary Code Execution (Metasploit)
EIP-2026-104715 EXPLOITDB ruby WORKING POC
Baldr Botnet Panel - Arbitrary Code Execution (Metasploit)