John Page (aka hyp3rlinx)

88 exploits Active since Oct 2017
CVE-2018-7449 NOMISEC HIGH WORKING POC
SEGGER embOS/IP FTP Server < 3.22a - Denial of Service via Invalid LIST STOR or RETR Command
SEGGER FTP Server for Windows before 3.22a allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command.
2 stars
CVSS 7.5
CVE-2017-15644 EXPLOITDB HIGH WORKING POC
Webmin < 1.850 - Server-Side Request Forgery via PATH_INFO to tunnel/link.cgi
SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.
CVSS 8.6
CVE-2017-15645 EXPLOITDB HIGH WORKING POC
Webmin < 1.850 - Cross-Site Request Forgery via create_job.cgi URI Parameter
CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands.
CVSS 8.8
CVE-2020-37152 EXPLOITDB MEDIUM text WORKING POC
PHP-Fusion 9.03.50 - Cross-Site Scripting via Panel Content POST Parameter
PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted input to the 'panel_content' field in panels.php, resulting in execution of malicious scripts in the context of the affected site.
CVSS 6.1
CVE-2024-22318 EXPLOITDB MEDIUM text WRITEUP
IBM i Access Client Solutions <1.1.2-1.1.4, <1.1.4.3-1.1.9.4 - Info...
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091.
CVSS 5.1
CVE-2018-15745 EXPLOITDB HIGH text WORKING POC
Argus Surveillance DVR 4.0.0.0 - Directory Traversal
Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.
CVSS 7.5
CVE-2018-7756 EXPLOITDB CRITICAL text WORKING POC
DEWESoft X3 SP1 - Unauthenticated Remote Code Execution via RunExeFile.exe TCP Port 1999
RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command that launches a .EXE file located at an arbitrary external URL, or a "SETFIREWALL Off" command.
CVSS 9.8
EIP-2026-119642 EXPLOITDB text WORKING POC
Microsoft Windows Defender - VBScript Detection Bypass
EIP-2026-119659 EXPLOITDB text WORKING POC
Microsoft Excel 2016 1901 - XML External Entity Injection
EIP-2026-119643 EXPLOITDB text WORKING POC
Microsoft Windows Defender Bypass - Detection Mitigation Bypass
CVE-2017-14086 EXPLOITDB HIGH text WORKING POC
Trend Micro OfficeScan 11.0 - Use After Free
Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests.
CVSS 7.5
EIP-2026-119422 EXPLOITDB text WORKING POC
ServersCheck Monitoring Software 14.3.3 - 'id' SQL Injection
EIP-2026-119513 EXPLOITDB c WORKING POC
Argus Surveillance DVR 4.0.0.0 - Privilege Escalation
CVE-2019-13577 EXPLOITDB CRITICAL python WORKING POC
MAPLE WBT SNMP Admin <2.0.195.15 - Buffer Overflow
SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthenticated Remote Buffer Overflow via a long string to the CE Remote feature listening on Port 987.
CVSS 9.8
EIP-2026-119655 EXPLOITDB text WRITEUP
Windows PowerShell - Event Log Bypass Single Quote Code Execution
EIP-2026-119663 EXPLOITDB text WORKING POC
Visual Studio 2008 - XML External Entity Injection
EIP-2026-119126 EXPLOITDB text WORKING POC
ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write
CVE-2017-14084 EXPLOITDB HIGH text WRITEUP
Trend Micro OfficeScan 11.0 and XG (12.0) - Remote Code Execution via Man-in-the-Middle Attack
A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations.
CVSS 8.1
CVE-2018-17980 EXPLOITDB HIGH c WORKING POC
NoMachine < 5.3.27 and 6.x < 6.3.6 - Untrusted Search Path via Trojan Horse wintab32.dll
NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and the Trojan horse code is executed. (The directory could, in general, be on a local filesystem or a network share.).
CVSS 7.8
CVE-2018-12589 EXPLOITDB HIGH c WORKING POC
Polaris Office 2017 8.1 - Remote Code Execution via Trojan Horse DLL in Current Working Directory
Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory.
CVSS 7.8
EIP-2026-118871 EXPLOITDB text WORKING POC
Microsoft Windows - 'dnslint.exe' Drive-By Download
EIP-2026-118783 EXPLOITDB text WORKING POC
Microsoft DirectX SDK - 'Xact.exe' Remote Code Execution
EIP-2026-118885 EXPLOITDB text WORKING POC
Microsoft Windows PowerShell ISE - Remote Code Execution
CVE-2018-6892 EXPLOITDB CRITICAL python WORKING POC
CloudMe Sync < 1.10.9 - Unauthenticated Remote Buffer Overflow via Port 8888
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution.
CVSS 9.8
CVE-2018-4863 EXPLOITDB MEDIUM text WORKING POC
Sophos Endpoint Protection 10.7 - Tamper Protection Bypass via Registry Key Deletion
Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key.
CVSS 5.5