Ege Balcı

7 exploits Active since Mar 2018
CVE-2018-8065 NOMISEC HIGH WORKING POC
Flexense SyncBreeze Enterprise <10.6.24 - Memory Corruption
An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory region that can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs.
6 stars
CVSS 7.5
CVE-2018-16946 WRITEUP HIGH WORKING POC
LG Smart Network Camera Firmware 1310250-1508190 - Unauthenticated Sensitive Information Exposure
LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password.
CVSS 7.5
CVE-2018-8065 WRITEUP HIGH WORKING POC
Flexense SyncBreeze Enterprise <10.6.24 - Memory Corruption
An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory region that can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs.
CVSS 7.5
CVE-2023-30625 METASPLOIT HIGH ruby WORKING POC
Rudder Server SQLI Remote Code Execution
rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue.
CVSS 8.8
CVE-2023-40498 METASPLOIT CRITICAL ruby WORKING POC
LG Simple Editor - Unauthenticated Remote Code Execution via Path Traversal in cp Command
LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the cp command implemented in the makeDetailContent method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19925.
CVSS 9.8
EIP-2026-104709 EXPLOITDB ruby WORKING POC
Agent Tesla Botnet - Arbitrary Code Execution (Metasploit)
EIP-2026-104715 EXPLOITDB ruby WORKING POC
Baldr Botnet Panel - Arbitrary Code Execution (Metasploit)