Emanuele 'emgent' Gentili

8 exploits Active since Dec 2010
CVE-2010-5330 EXPLOITDB CRITICAL text WORKING POC
Ubiquiti - Command Injection
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.
CVSS 9.8
EIP-2026-118785 EXPLOITDB python WORKING POC
Microsoft IIS - ASP Multiple Extensions Security Bypass 5.x/6.x Vulnerabilities
CVE-2010-4480 EXPLOITDB text WORKING POC
Phpmyadmin - XSS
error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".
EIP-2026-106583 EXPLOITDB text WRITEUP
Drupal 6.15 - Multiple Persistent Cross-Site Scripting Vulnerabilities
EIP-2026-103958 EXPLOITDB text WORKING POC
KDE 4.4.1 - Ksysguard Remote Code Execution (via Cross Application Scripting)
EIP-2026-103573 EXPLOITDB html WORKING POC
Mozilla Firefox 3.6.12 - Remote Denial of Service
EIP-2026-101852 EXPLOITDB text WORKING POC
My Book World Edition NAS - Multiple Vulnerabilities
CVE-2010-3906 EXPLOITDB text WORKING POC
Git < 1.7.3.3 - XSS
Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.