John Page (hyp3rlinx)

25 exploits Active since Jun 2015
CVE-2022-47529 NOMISEC MEDIUM WORKING POC
RSA NetWitness <12.2 - Privilege Escalation
Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification.
1 stars
CVSS 6.7
CVE-2015-6517 EXPLOITDB WRITEUP
Phpliteadmin - CSRF
Cross-site request forgery (CSRF) vulnerability in phpLiteAdmin 1.1 allows remote attackers to hijack the authentication of users for requests that drop database tables via the droptable parameter to phpliteadmin.php.
CVE-2015-3221 EXPLOITDB WRITEUP
OpenStack Neutron <2014.2.4 - DoS
OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.
CVE-2025-34095 EXPLOITDB CRITICAL ruby WORKING POC
Mako Server 2.5-2.6 - Command Injection
An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically within the tutorial interface provided by the examples/save.lsp endpoint. An unauthenticated attacker can send a crafted PUT request containing arbitrary Lua os.execute() code, which is then persisted on disk and triggered via a subsequent GET request to examples/manage.lsp. This allows remote command execution on the underlying operating system, impacting both Windows and Unix-based deployments.
CVE-2015-7346 EXPLOITDB CRITICAL text WORKING POC
Zcms - SQL Injection
SQL injection vulnerability in ZCMS 1.1.
CVSS 9.8
CVE-2025-34095 METASPLOIT CRITICAL ruby WORKING POC
Mako Server 2.5-2.6 - Command Injection
An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically within the tutorial interface provided by the examples/save.lsp endpoint. An unauthenticated attacker can send a crafted PUT request containing arbitrary Lua os.execute() code, which is then persisted on disk and triggered via a subsequent GET request to examples/manage.lsp. This allows remote command execution on the underlying operating system, impacting both Windows and Unix-based deployments.
EIP-2026-119453 EXPLOITDB text WRITEUP
Wing FTP Server Admin 4.4.5 - Multiple Vulnerabilities
EIP-2026-116362 EXPLOITDB text WORKING POC
Symantec Endpoint Protection 12.1.4013 - Service Disabling
EIP-2026-116587 EXPLOITDB python WORKING POC
XAMPP Control Panel - Denial Of Service
EIP-2026-113445 EXPLOITDB text WORKING POC
Wing FTP Server Admin 4.4.5 - Cross-Site Request Forgery (Add User)
EIP-2026-113058 EXPLOITDB text WRITEUP
VFront 0.99.2 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
EIP-2026-112402 EXPLOITDB text WORKING POC
SQLBuddy 1.3.3 - Directory Traversal
EIP-2026-111211 EXPLOITDB text WORKING POC
phpSQLiteCMS - Multiple Vulnerabilities
CVE-2015-6518 EXPLOITDB text WORKING POC
Phpliteadmin - XSS
Multiple cross-site scripting (XSS) vulnerabilities in phpLiteAdmin 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) droptable parameter, or (3) table parameter to phpliteadmin.php.
EIP-2026-111046 EXPLOITDB text WORKING POC
phpFileManager 0.9.8 - Remote Command Execution
EIP-2026-111045 EXPLOITDB text WORKING POC
phpFileManager 0.9.8 - Cross-Site Request Forgery
EIP-2026-109822 EXPLOITDB text WORKING POC
Nagios Network Analyzer 2.2.1 - Multiple Cross-Site Request Forgery Vulnerabilities
EIP-2026-109830 EXPLOITDB text WORKING POC
Nakid CMS - Multiple Vulnerabilities
EIP-2026-109098 EXPLOITDB text WORKING POC
Lepton CMS 2.2.0/2.2.1 - Directory Traversal
EIP-2026-109099 EXPLOITDB text WORKING POC
Lepton CMS 2.2.0/2.2.1 - PHP Code Injection
CVE-2015-5066 EXPLOITDB text WRITEUP
Metalgenix Genixcms - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) content or (2) title field in an add action in the posts page to index.php or the (3) q parameter in the posts page to index.php.
EIP-2026-104275 EXPLOITDB text WRITEUP
Hawkeye-G 3.0.1.4912 - Persistent Cross-Site Scripting / Information Leakage
CVE-2015-2878 EXPLOITDB HIGH text WORKING POC
Hexis HawkEye G 3.0.1.4912 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2) Url matching, (3) DNS Inject, or (4) IP Redirect Sensor in a request to interface/rest/dpi/setEnabled/1; or (5) perform whitelisting of malware MD5 hash IDs via the id parameter to interface/rest/md5-threats/whitelist.
CVSS 8.8
CVE-2015-7347 EXPLOITDB MEDIUM text WORKING POC
Zcms - XSS
Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages Content Management System 1.1.
CVSS 4.8
EIP-2026-102490 EXPLOITDB text WORKING POC
JSPMyAdmin 1.1 - Multiple Vulnerabilities