Ivan Huertas

25 exploits Active since Mar 2018
CVE-2018-0706 METASPLOIT HIGH ruby WORKING POC
QNAP Q'center Virtual Appliance <1.7.1063 - Info Disclosure
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.
CVSS 8.8
CVE-2018-1204 EXPLOITDB MEDIUM text WORKING POC
Dell EMC Isilon OneFS Path Traversal in isi_phone_home
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges.
CVSS 6.7
CVE-2018-1203 EXPLOITDB MEDIUM text WORKING POC
Dell EMC Isilon OneFS 8.0.0.0-8.0.0.6 - Privilege Escalation via Sudo tcpdump
In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges.
CVSS 6.7
CVE-2018-1202 EXPLOITDB MEDIUM text WORKING POC
Dell EMC Isilon 7.1.1.11 8.0.0.0-8.0.0.6 8.0.1.0-8.0.1.2 8.1.0.0-8.1.0.1 - Cross-Site Scripting in NDMP Page
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
CVSS 4.8
CVE-2018-1201 EXPLOITDB MEDIUM text WORKING POC
Dell EMC Isilon 7.1.1.11, 7.2.1.x, 8.0.0.0-8.0.0.6, 8.0.1.0-8.0.1.2, 8.1.0.0-8.1.0.1 XSS in Job Operations
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
CVSS 4.8
CVE-2018-1189 EXPLOITDB MEDIUM text WORKING POC
Dell EMC Isilon 7.1.1.11-8.1.0.1 Cross-Site Scripting in Antivirus Page
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
CVSS 4.8
CVE-2018-1188 EXPLOITDB MEDIUM text WORKING POC
Dell EMC Isilon 7.2.1.0-7.2.1.5, 8.0.0.0-8.0.0.6, 8.0.1.0-8.0.1.2, 8.1.0.0-8.1.0.1 XSS in Authorization Providers
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
CVSS 4.8
CVE-2018-1187 EXPLOITDB MEDIUM text WORKING POC
Dell EMC Isilon 8.0.0.0-8.0.0.6 - Cross-Site Scripting in Network Configuration Page
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
CVSS 4.8
CVE-2018-1186 EXPLOITDB MEDIUM text WORKING POC
Dell EMC Isilon 7.1.1.11-8.1.0.1 Stored XSS in Cluster Description
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
CVSS 4.8
CVE-2018-0709 EXPLOITDB HIGH text WORKING POC
QNAP Q'center < 1.7.1063 - Authenticated OS Command Injection via Date Parameter
Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS 8.8
CVE-2018-0708 EXPLOITDB HIGH text WORKING POC
QNAP Q'center < 1.7.1063 - Authenticated OS Command Injection
Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS 8.8
CVE-2018-0707 EXPLOITDB HIGH text WORKING POC
QNAP Q'center < 1.7.1063 - Authenticated OS Command Injection via Change Password
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS 7.2
CVE-2018-0706 EXPLOITDB HIGH ruby WORKING POC
QNAP Q'center Virtual Appliance <1.7.1063 - Info Disclosure
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.
CVSS 8.8
CVE-2018-0706 EXPLOITDB HIGH text WORKING POC
QNAP Q'center Virtual Appliance <1.7.1063 - Info Disclosure
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.
CVSS 8.8
CVE-2018-0707 METASPLOIT HIGH ruby WORKING POC
QNAP Q'center < 1.7.1063 - Authenticated OS Command Injection via Change Password
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS 7.2
EIP-2026-107885 EXPLOITDB text WORKING POC
Interscan Web Security 5.0 - Persistent Cross-Site Scripting
EIP-2026-104256 EXPLOITDB text WRITEUP
FreePBX 2.5.x < 2.6.0 - Persistent Cross-Site Scripting
EIP-2026-104254 EXPLOITDB text WRITEUP
FreePBX 2.5.1 - SQL Injection
EIP-2026-104255 EXPLOITDB text WRITEUP
FreePBX 2.5.x - Information Disclosure
EIP-2026-104285 EXPLOITDB text WRITEUP
Interscan Web Security Virtual Appliance 5.0 - Arbitrary File Download
EIP-2026-104284 EXPLOITDB text WRITEUP
Interscan Web Security 5.0 - Arbitrary File Upload / Privilege Escalation
CVE-2018-1213 EXPLOITDB HIGH text WORKING POC
Dell EMC Isilon OneFS CSRF (7.1.1.11, 7.2.1.0-7.2.1.5, 8.0.0.0-8.0.0.6, 8.0.1.0-8.0.1.2, 8.1.0.0-8.1.0.2)
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.
CVSS 8.8
CVE-2018-0707 EXPLOITDB HIGH ruby WORKING POC
QNAP Q'center < 1.7.1063 - Authenticated OS Command Injection via Change Password
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS 7.2
CVE-2018-0710 EXPLOITDB HIGH text WORKING POC
QNAP Q'center < 1.7.1063 - Authenticated OS Command Injection via SSH
Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS 8.8
EIP-2026-101485 EXPLOITDB text WORKING POC
Trend Micro Interscan Web Security Virtual Appliance - Multiple Vulnerabilities