Ege Balci

17 exploits Active since Feb 2016
CVE-2022-29154 NOMISEC HIGH WRITEUP
rsync < 3.2.5 - Arbitrary File Write via Insufficient File Name Validation
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).
9 stars
CVSS 7.4
CVE-2023-38096 METASPLOIT CRITICAL ruby WORKING POC
NETGEAR ProSafe Network Management System 300 Arbitrary File Upload
NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of NETGEAR ProSAFE Network Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MyHandlerInterceptor class. The issue results from improper implementation of the authentication mechanism. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-19718.
CVSS 9.8
CVE-2016-1525 METASPLOIT HIGH ruby WORKING POC
NETGEAR Management System NMS300 <1.5.0.11 - Path Traversal
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.
CVSS 8.6
CVE-2022-31704 METASPLOIT CRITICAL ruby WORKING POC
VMware vRealize Log Insight 3.0-4.8 - Unauthenticated Remote Code Execution via Broken Access Control
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.
CVSS 9.8
CVE-2022-31706 METASPLOIT CRITICAL ruby WORKING POC
VMware vRealize Log Insight 3.0-4.8 - Unauthenticated Path Traversal and Remote Code Execution
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
CVSS 9.8
CVE-2018-8065 METASPLOIT HIGH ruby WORKING POC
Flexense SyncBreeze Enterprise <10.6.24 - Memory Corruption
An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory region that can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs.
CVSS 7.5
CVE-2025-34073 METASPLOIT CRITICAL ruby WORKING POC
stamparm/maltrail <=0.54 - Command Injection
An unauthenticated command injection vulnerability exists in stamparm/maltrail (Maltrail) versions <=0.54. A remote attacker can execute arbitrary operating system commands via the username parameter in a POST request to the /login endpoint. This occurs due to unsafe handling of user-supplied input passed to subprocess.check_output() in core/http.py, allowing injection of shell metacharacters. Exploitation does not require authentication and commands are executed with the privileges of the Maltrail process.
CVE-2022-39986 METASPLOIT CRITICAL ruby WORKING POC
raspap 2.8.0-2.8.7 - Unauthenticated Command Injection via cfg_id Parameter
A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.
CVSS 9.8
CVE-2023-32560 METASPLOIT CRITICAL ruby WORKING POC
Ivanti Avalanche < 6.4.1 - Remote Code Execution via Crafted Message
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1.
CVSS 9.8
CVE-2023-38098 METASPLOIT HIGH ruby WORKING POC
NETGEAR ProSAFE Network Management System < 1.7.0.20 - Remote Code Execution via UpLoadServlet Unrestricted File Upload
NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19720.
CVSS 8.8
CVE-2022-31711 METASPLOIT MEDIUM ruby WORKING POC
VMware vRealize Log Insight 3.0-4.8 - Unauthenticated Exposure of Sensitive Session Information
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.
CVSS 5.3
EIP-2026-104715 EXPLOITDB ruby WORKING POC
Baldr Botnet Panel - Arbitrary Code Execution (Metasploit)
EIP-2026-104709 EXPLOITDB ruby WORKING POC
Agent Tesla Botnet - Arbitrary Code Execution (Metasploit)
CVE-2018-8065 EXPLOITDB HIGH ruby WORKING POC
Flexense SyncBreeze Enterprise <10.6.24 - Memory Corruption
An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory region that can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs.
CVSS 7.5
CVE-2018-16946 EXPLOITDB HIGH python WORKING POC
LG Smart Network Camera Firmware 1310250-1508190 - Unauthenticated Sensitive Information Exposure
LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password.
CVSS 7.5
CVE-2016-9244 EXPLOITDB HIGH text WORKING POC
BIG-IP Local Traffic Manager - Exposure of Sensitive Information via Session Tickets
A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well.
CVSS 7.5
CVE-2020-6627 EXPLOITDB CRITICAL ruby WORKING POC
Seagate Central NAS STCG2000300 STCG3000300 STCG4000300 - OS Command Injection via mv_backend_launch
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_helper.php by leveraging the "start" state and sending a check_device_name request.
CVSS 9.8