Federico Scalco

3 exploits Active since Apr 2018
CVE-2018-7747 EXPLOITDB MEDIUM text WRITEUP
Caldera Forms < 1.6.0-rc.1 - Stored Cross-Site Scripting via Greeting Message, Email Log, or Imported Form
Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log, or (3) an imported form.
CVSS 4.8
EIP-2026-101749 EXPLOITDB ruby WORKING POC
Gemtek CPE7000 - WLTCS-106 'sysconf.cgi' Remote Command Execution (Metasploit)
EIP-2026-101750 EXPLOITDB ruby WORKING POC
Gemtek CPE7000 - WLTCS-106 Administrator SID Retriever (Metasploit)