Fady Mohammed Osman

18 exploits Active since Jan 2012
CVE-2014-9567 METASPLOIT ruby WORKING POC
ProjectSend r100-r561 - Unauthenticated Arbitrary File Upload and Remote Code Execution via process-upload.php
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory.
EIP-2026-118692 EXPLOITDB python WORKING POC
Internet Download Accelerator 6.10.1.1527 - FTP Buffer Overflow (SEH)
CVE-2011-5052 EXPLOITDB ruby WORKING POC
CoCSoft Stream Down 6.8.0 - Stack-Based Buffer Overflow via Long Download Response
Stack-based buffer overflow in CoCSoft Stream Down 6.8.0 allows remote web servers to execute arbitrary code via a long response to a download request.
EIP-2026-118333 EXPLOITDB python WORKING POC
Bsplayer 2.68 - HTTP Response Universal
EIP-2026-117505 EXPLOITDB text WORKING POC
Microsoft Power Point 2016 - Java Code Execution
EIP-2026-116803 EXPLOITDB ruby WORKING POC
Apple iTunes 10.6.1.7 - '.pls' Title Buffer Overflow
EIP-2026-116568 EXPLOITDB text WORKING POC
WinZip 15.0 - WZFLDVW.OCX Text Property Denial of Service
EIP-2026-116567 EXPLOITDB text WORKING POC
WinZip 15.0 - WZFLDVW.OCX IconIndex Property Denial of Service
EIP-2026-112401 EXPLOITDB text WRITEUP
SQL Buddy 1.3.3 - Remote Code Execution
EIP-2026-111903 EXPLOITDB html WORKING POC
Saurus CMS Admin Panel - Multiple Cross-Site Request Forgery Vulnerabilities
CVE-2014-9567 EXPLOITDB python WORKING POC
ProjectSend r100-r561 - Unauthenticated Arbitrary File Upload and Remote Code Execution via process-upload.php
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory.
CVE-2014-9567 EXPLOITDB ruby WORKING POC
ProjectSend r100-r561 - Unauthenticated Arbitrary File Upload and Remote Code Execution via process-upload.php
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory.
CVE-2021-28379 EXPLOITDB HIGH html WORKING POC
Vesta Control Panel <0.9.8-27 - Open Redirect
web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin.
CVSS 8.8
CVE-2019-6706 EXPLOITDB HIGH text WRITEUP
Lua 5.3.5 - Use-After-Free in lua_upvaluejoin
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
CVSS 7.5
EIP-2026-101787 EXPLOITDB python WORKING POC
Huawei Home Gateway UPnP/1.0 IGD/1.00 - Password Change
EIP-2026-101788 EXPLOITDB python WORKING POC
Huawei Home Gateway UPnP/1.0 IGD/1.00 - Password Disclosure
CVE-2014-7910 EXPLOITDB ruby WORKING POC
Google Chrome < 39.0.2171.65 - Denial of Service or Other Impact
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
EIP-2026-100646 EXPLOITDB text WRITEUP
Check Box 2016 Q2 Survey - Multiple Vulnerabilities