John Page (aka hyp3rlinx)

88 exploits Active since Oct 2017
CVE-2018-9233 EXPLOITDB HIGH text WRITEUP
Sophos Endpoint Protection 10.7 - Info Disclosure
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches.
CVSS 7.8
CVE-2018-10507 EXPLOITDB MEDIUM text WRITEUP
Trend Micro OfficeScan <11.0 SP1 - Privilege Escalation
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have administrator privileges in order to exploit this vulnerability.
CVSS 4.4
EIP-2026-118027 EXPLOITDB text WRITEUP
Trend Micro OfficeScan 11.0/XG (12.0) - Image File Execution Bypass
EIP-2026-118026 EXPLOITDB text WRITEUP
Trend Micro Maximum Security 2019 - Privilege Escalation
EIP-2026-118025 EXPLOITDB text WRITEUP
Trend Micro Maximum Security 2019 - Arbitrary Code Execution
CVE-2018-7581 EXPLOITDB HIGH text WRITEUP
Weblogexpert Weblog Expert - Incorrect Permission Assignment
\ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert Web Server Enterprise 9.4 has weak permissions (BUILTIN\Users:(ID)C), which allows local users to set a cleartext password and login as admin.
CVSS 7.8
CVE-2018-4863 EXPLOITDB MEDIUM text WORKING POC
Sophos Endpoint Protection - Security Feature Bypass
Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key.
CVSS 5.5
CVE-2017-11309 EXPLOITDB CRITICAL text WORKING POC
Avaya IP Office < 10.1.1 - Memory Corruption
Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.
CVSS 9.6
EIP-2026-118117 EXPLOITDB text WORKING POC
Windows TCPIP Finger Command - C2 Channel and Bypassing Security Software
EIP-2026-117545 EXPLOITDB text WRITEUP
Microsoft Windows .Group File - Code Execution
CVE-2025-24054 EXPLOITDB MEDIUM text WRITEUP
Windows NTLM - Path Traversal
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
CVSS 6.5
EIP-2026-117478 EXPLOITDB text WORKING POC
Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection
EIP-2026-117480 EXPLOITDB text WORKING POC
Microsoft Enterprise Mode Site List Manager - XML External Entity Injection
EIP-2026-117491 EXPLOITDB text WORKING POC
Microsoft Game Definition File Editor 6.3.9600 - XML External Entity Injection
EIP-2026-117497 EXPLOITDB text WORKING POC
Microsoft Internet Explorer / ActiveX Control - Security Bypass
EIP-2026-117500 EXPLOITDB text WORKING POC
Microsoft Internet Explorer 11 - XML External Entity Injection
CVE-2018-8527 EXPLOITDB MEDIUM text WORKING POC
Microsoft SQL Server Management Studio <18.0 - Info Disclosure
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8532, CVE-2018-8533.
CVSS 5.5
CVE-2018-8532 EXPLOITDB MEDIUM text WORKING POC
Microsoft SQL Server Management Studio <18.0 - Info Disclosure
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8533.
CVSS 5.5
CVE-2018-8533 EXPLOITDB MEDIUM text WORKING POC
Microsoft SQL Server Management Studio <18 - Info Disclosure
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8532.
CVSS 5.5
EIP-2026-117520 EXPLOITDB ruby WORKING POC
Microsoft Windows - Contact File Format Arbitary Code Execution (Metasploit)
EIP-2026-117521 EXPLOITDB ruby WORKING POC
Microsoft Windows - Contact File Format Arbitary Code Execution (Metasploit)
EIP-2026-117544 EXPLOITDB text WORKING POC
Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing
EIP-2026-117546 EXPLOITDB text WRITEUP
Microsoft Windows .Reg File - Dialog Spoof / Mitigation Bypass
EIP-2026-117561 EXPLOITDB text WORKING POC
Microsoft Windows cmd.exe - Stack Buffer Overflow
EIP-2026-117562 EXPLOITDB text WRITEUP
Microsoft Windows CONTACT - HTML Injection / Remote Code Execution