Febin

4 exploits Active since Jan 2019
CVE-2023-44451 NOMISEC HIGH WORKING POC
Linux Mint Xreader - Remote Code Execution via EPUB File Parsing Path Traversal
Linux Mint Xreader EPUB File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EPUB files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-21897.
10 stars
CVSS 7.8
CVE-2019-6447 NOMISEC HIGH WORKING POC
ES File Explorer File Manager < 4.1.9.7.4 - Unauthenticated Arbitrary File Read via TCP Port 59777
The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP.
CVSS 8.1
CVE-2023-52076 VULNCHECK_XDB HIGH WORKING POC
Atril Document Viewer <1.26.2 - Path Traversal
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn't stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability.
CVSS 8.5
EIP-2026-119275 EXPLOITDB bash WORKING POC
WiFiMouse 1.8.3.4 - Remote Code Execution (RCE)