Ivan Huertas

25 exploits Active since Mar 2018
CVE-2018-0706 METASPLOIT HIGH ruby WORKING POC
QNAP Q'center Virtual Appliance <1.7.1063 - Info Disclosure
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.
CVSS 8.8
CVE-2018-1204 EXPLOITDB MEDIUM text WORKING POC
Dell Emc Isilon Onefs < 7.2.1.6 - Path Traversal
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges.
CVSS 6.7
CVE-2018-1203 EXPLOITDB MEDIUM text WORKING POC
Dell Emc Isilon Onefs < 8.0.0.6 - Incorrect Permission Assignment
In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges.
CVSS 6.7
CVE-2018-1202 EXPLOITDB MEDIUM text WORKING POC
Dell Emc Isilon < 8.0.0.6 - XSS
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
CVSS 4.8
CVE-2018-1201 EXPLOITDB MEDIUM text WORKING POC
Dell Emc Isilon < 8.0.0.6 - XSS
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
CVSS 4.8
CVE-2018-1189 EXPLOITDB MEDIUM text WORKING POC
Dell EMC Isilon - XSS
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
CVSS 4.8
CVE-2018-1188 EXPLOITDB MEDIUM text WORKING POC
Dell EMC Isilon - XSS
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
CVSS 4.8
CVE-2018-1187 EXPLOITDB MEDIUM text WORKING POC
Dell EMC Isilon - XSS
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
CVSS 4.8
CVE-2018-1186 EXPLOITDB MEDIUM text WORKING POC
Dell EMC Isilon - XSS
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
CVSS 4.8
CVE-2018-0709 EXPLOITDB HIGH text WORKING POC
Qnap Q'center < 1.7.1063 - OS Command Injection
Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS 8.8
CVE-2018-0708 EXPLOITDB HIGH text WORKING POC
Qnap Q'center < 1.7.1063 - OS Command Injection
Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS 8.8
CVE-2018-0707 EXPLOITDB HIGH text WORKING POC
Qnap Q'center < 1.7.1063 - OS Command Injection
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS 7.2
CVE-2018-0706 EXPLOITDB HIGH ruby WORKING POC
QNAP Q'center Virtual Appliance <1.7.1063 - Info Disclosure
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.
CVSS 8.8
CVE-2018-0706 EXPLOITDB HIGH text WORKING POC
QNAP Q'center Virtual Appliance <1.7.1063 - Info Disclosure
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.
CVSS 8.8
CVE-2018-0707 METASPLOIT HIGH ruby WORKING POC
Qnap Q'center < 1.7.1063 - OS Command Injection
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS 7.2
EIP-2026-107885 EXPLOITDB text WORKING POC
Interscan Web Security 5.0 - Persistent Cross-Site Scripting
EIP-2026-104256 EXPLOITDB text WRITEUP
FreePBX 2.5.x < 2.6.0 - Persistent Cross-Site Scripting
EIP-2026-104254 EXPLOITDB text WRITEUP
FreePBX 2.5.1 - SQL Injection
EIP-2026-104255 EXPLOITDB text WRITEUP
FreePBX 2.5.x - Information Disclosure
EIP-2026-104285 EXPLOITDB text WRITEUP
Interscan Web Security Virtual Appliance 5.0 - Arbitrary File Download
EIP-2026-104284 EXPLOITDB text WRITEUP
Interscan Web Security 5.0 - Arbitrary File Upload / Privilege Escalation
CVE-2018-1213 EXPLOITDB HIGH text WORKING POC
Dell Emc Isilon Onefs < 7.2.1.6 - CSRF
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.
CVSS 8.8
CVE-2018-0707 EXPLOITDB HIGH ruby WORKING POC
Qnap Q'center < 1.7.1063 - OS Command Injection
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS 7.2
CVE-2018-0710 EXPLOITDB HIGH text WORKING POC
Qnap Q'center < 1.7.1063 - OS Command Injection
Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS 8.8
EIP-2026-101485 EXPLOITDB text WORKING POC
Trend Micro Interscan Web Security Virtual Appliance - Multiple Vulnerabilities