Eslam Kamal (Strik3r)

10 exploits Active since Nov 2022
CVE-2022-44354 VULNCHECK_XDB CRITICAL WRITEUP
SolarView Compact <5.0 - Unrestricted File Upload
SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file.
CVSS 9.8
CVE-2023-37831 WRITEUP MEDIUM WRITEUP
Elenos ETG150 FM transmitter <3.12 - Info Disclosure
An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted.
CVSS 5.3
CVE-2023-37832 WRITEUP HIGH WRITEUP
Elenos ETG150 Firmware v3.12 - Unauthenticated Brute Force Attack via Lack of Rate Limiting
A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user credentials via brute force and cause other unspecified impacts.
CVSS 7.5
CVE-2023-37833 WRITEUP LOW WRITEUP
Elenos ETG150 FM Transmitter 3.12 - Improper Access Control
Improper access control in Elenos ETG150 FM transmitter v3.12 allows attackers to make arbitrary configuration edits that are only accessed by privileged users.
CVSS 2.7
CVE-2023-39695 WRITEUP MEDIUM WRITEUP
Elenos ETG150 FM Transmitter 3.12 - Insufficient Session Expiration
Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out.
CVSS 5.3
CVE-2023-45396 WRITEUP MEDIUM WRITEUP
Elenos ETG150 Firmware 3.12 - Authorization Bypass via Insecure Direct Object Reference
An Insecure Direct Object Reference (IDOR) vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12.
CVSS 6.5
CVE-2024-1707 WRITEUP MEDIUM WRITEUP
GARO WALLBOX GLB+ T2EV7 0.5 - Stored Cross-Site Scripting via Reference Parameter in Software Update Handler
A vulnerability, which was classified as problematic, was found in GARO WALLBOX GLB+ T2EV7 0.5. This affects an unknown part of the file /index.jsp#settings of the component Software Update Handler. The manipulation of the argument Reference leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254397 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3
CVE-2024-3125 WRITEUP LOW WRITEUP
Zebra ZTC GK420d 1.0 - Cross-Site Scripting via Alert Setup Page Address Parameter
A vulnerability classified as problematic was found in Zebra ZTC GK420d 1.0. This vulnerability affects unknown code of the file /settings of the component Alert Setup Page. The manipulation of the argument Address leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258868. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.4
CVE-2024-3141 WRITEUP LOW WRITEUP
Clavister E10 and E80 <= 14.00.10 - Cross-Site Scripting via Misc Settings Page Parameters
A vulnerability has been found in Clavister E10 and E80 up to 14.00.10 and classified as problematic. This vulnerability affects unknown code of the file /?Page=Node&OBJ=/System/AdvancedSettings/DeviceSettings/MiscSettings of the component Misc Settings Page. The manipulation of the argument WatchdogTimerTime/BufFloodRebootTime/MaxPipeUsers/AVCache Lifetime/HTTPipeliningMaxReq/Reassembly MaxConnections/Reassembly MaxProcessingMem/ScrSaveTime leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 14.00.11 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258916.
CVSS 2.4
CVE-2024-3142 WRITEUP MEDIUM WRITEUP
Clavister E10 and E80 <= 14.00.10 - Cross-Site Request Forgery in Setting Handler
A vulnerability was found in Clavister E10 and E80 up to 14.00.10 and classified as problematic. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 14.00.11 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-258917 was assigned to this vulnerability.
CVSS 4.3