Gregor Kopf

3 exploits Active since Oct 2010
CVE-2010-3714 METASPLOIT ruby WORKING POC
Typo3 < 4.2.15 - Access Control
The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2018-7300 EXPLOITDB CRITICAL ruby WORKING POC
Eq-3 Homematic Ccu2 Firmware < 2.29.22 - Path Traversal
Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
CVSS 9.8
CVE-2018-7297 EXPLOITDB CRITICAL ruby WORKING POC
Eq-3 Homematic Central Control Unit C... - Remote Code Execution
Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
CVSS 9.8