H4rk3nz0

13 exploits Active since Sep 2022
CVE-2023-20598 NOMISEC HIGH WORKING POC
AMD Radeon Software < 23.9.2 and < 23.q4 - Authenticated Arbitrary Code Execution via IOCTL Request
An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.
8 stars
CVSS 7.8
CVE-2024-3912 NOMISEC CRITICAL WORKING POC
ASUS Router - Remote Code Execution
Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device.
CVSS 9.8
CVE-2023-52252 EXPLOITDB CRITICAL python WORKING POC
Unified Remote 3.13.0 - Remote Code Execution via Remote Upload Endpoint
Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint.
CVSS 9.8
CVE-2022-3218 EXPLOITDB CRITICAL python WORKING POC
Necta WiFi Mouse Server - Remote Code Execution via Client-Side Authentication Bypass
Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution.
CVSS 9.8
CVE-2022-3218 EXPLOITDB CRITICAL python WORKING POC
Necta WiFi Mouse Server - Remote Code Execution via Client-Side Authentication Bypass
Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution.
CVSS 9.8
CVE-2021-47891 EXPLOITDB CRITICAL python WORKING POC
Unified Remote 3.9.0.2463 - Remote Code Execution via Crafted Network Packets
Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that allows attackers to send crafted network packets to execute arbitrary commands. Attackers can exploit the service by connecting to port 9512 and sending specially crafted packets to open a command prompt and download and execute malicious payloads.
CVSS 9.8
CVE-2022-4978 METASPLOIT CRITICAL ruby WORKING POC
Remote Control Server 3.1.1.12 - RCE
Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. The server exposes a custom UDP-based control protocol that accepts remote keyboard input events without verification. An attacker on the same network can issue a sequence of keystroke commands to launch a system shell and execute arbitrary commands, resulting in full system compromise.
CVE-2022-3229 METASPLOIT CRITICAL ruby WORKING POC
Unified Remote < 3.11.0.2483 - Unauthenticated Remote Code Execution via Web Management Interface
Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing.
CVSS 9.8
CVE-2022-3218 METASPLOIT CRITICAL ruby WORKING POC
Necta WiFi Mouse Server - Remote Code Execution via Client-Side Authentication Bypass
Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution.
CVSS 9.8
CVE-2022-3365 METASPLOIT CRITICAL ruby WORKING POC
Remote Mouse Server <4.110 - Command Injection
Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit module was written and tested against version 4.110, the current version when this CVE was reserved.
CVSS 9.8
EIP-2026-118284 EXPLOITDB python WORKING POC
ASUS Remote Link 1.1.2.13 - Remote Code Execution
EIP-2026-114049 EXPLOITDB python WORKING POC
WordPress Plugin Simple File List 4.2.2 - Arbitrary File Upload
CVE-2023-36266 EXPLOITDB MEDIUM WORKING POC
Keeper Password Manager <17.2 - Info Disclosure
An issue was discovered in Keeper Password Manager for Desktop version 16.10.2 (fixed in 17.2), and the KeeperFill Browser Extensions version 16.5.4 (fixed in 17.2), allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout. NOTE: the vendor disputes this for two reasons: the information is inherently available during a logged-in session when the attacker can read from arbitrary memory locations, and information only remains available after logout because of memory-management limitations of web browsers (not because the Keeper technology itself is retaining the information).
CVSS 5.5