John Page a.k.a hyp3rlinx

10 exploits Active since Apr 2017
CVE-2017-9413 EXPLOITDB HIGH text WORKING POC
Subsonic 6.1.1 - Cross-Site Request Forgery in Podcast Feature
Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. NOTE: These vulnerabilities can be exploited to conduct server-side request forgery (SSRF) attacks.
CVSS 8.8
CVE-2017-9414 EXPLOITDB HIGH text WORKING POC
Subsonic 6.1.1 - Cross-Site Request Forgery in Podcast Subscription
Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly have unspecified other impact via the name parameter to playerSettings.view.
CVSS 8.8
CVE-2017-9415 EXPLOITDB HIGH text WORKING POC
subsonic 6.1.1 - Cross-Site Request Forgery via userSettings.view
Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view.
CVSS 7.5
EIP-2026-118755 EXPLOITDB text WORKING POC
Mako Web Server 2.5 - Multiple Vulnerabilities
CVE-2017-6331 EXPLOITDB HIGH c WORKING POC
Symantec Endpoint Protection <SEP 14 RU1 - Privilege Escalation
Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients.
CVSS 7.1
CVE-2017-9355 EXPLOITDB HIGH text WORKING POC
Subsonic 6.1.1 - Server-Side Request Forgery via Import Playlist Feature
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.
CVSS 7.4
CVE-2017-7620 EXPLOITDB MEDIUM text WORKING POC
MantisBT < 1.3.11, 2.x < 2.3.3, 2.4.x < 2.4.1 - Cross-Site Request Forgery via Permalink Injection
MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI.
CVSS 6.5
CVE-2017-7615 EXPLOITDB HIGH text WORKING POC
MantisBT < 2.3.0 - Unauthenticated Arbitrary Password Reset via Empty Confirm Hash
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
CVSS 8.8
CVE-2017-8928 EXPLOITDB HIGH text WORKING POC
mailcow 0.14 - Cross-Site Request Forgery
mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF.
CVSS 8.8
CVE-2017-7725 EXPLOITDB MEDIUM text WORKING POC
concrete5 8.1.0 - Cross-Site Scripting via Host Header Injection
concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored and allows for arbitrary domains to be set for certain links displayed to subsequent visitors, potentially an XSS vector.
CVSS 6.1