Eric Flokstra

6 exploits Active since Oct 2014
CVE-2017-5982 EXPLOITDB HIGH text WRITEUP
Kodi Chorus2 2.4.2 - Path Traversal via Encoded Dot-Dot-Slash in Image Path
Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.
CVSS 7.5
CVE-2017-5982 METASPLOIT HIGH ruby WORKING POC
Kodi Chorus2 2.4.2 - Path Traversal via Encoded Dot-Dot-Slash in Image Path
Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.
CVSS 7.5
CVE-2015-2084 EXPLOITDB text WORKING POC
Easy Social Icons < 1.2.2 - Cross-Site Request Forgery via Image File Parameter
Cross-site request forgery (CSRF) vulnerability in the Easy Social Icons plugin before 1.2.3 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the image_file parameter in an edit action in the cnss_social_icon_add page to wp-admin/admin.php.
CVE-2014-2531 EXPLOITDB text WORKING POC
InterWorx Web Control Panel <5.0.14 - SQL Injection
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) Resellers interface, as demonstrated by the "or" key in a pgn8state object in an i object in a JSON object.
CVE-2022-24632 EXPLOITDB MEDIUM python WORKING POC
AudioCodes Device Manager Express <7.8.20002.47752 - Path Traversal
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter.
CVSS 5.3
EIP-2026-100783 EXPLOITDB text WORKING POC
Davolink DV-2051 - Multiple Vulnerabilities