John Page aka hyp3rlinx

64 exploits Active since Jan 2016
CVE-2016-3653 EXPLOITDB HIGH text WORKING POC
Symantec Endpoint Protection Manager < 12.1.6 - Authenticated Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users.
CVSS 8.0
CVE-2016-3652 EXPLOITDB MEDIUM text WORKING POC
Symantec Endpoint Protection Manager <12.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS 5.4
CVE-2015-2023 EXPLOITDB HIGH text WORKING POC
IBM i Access 7.1 - Local Privilege Escalation via Buffer Overflow
Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors.
CVSS 8.8
CVE-2017-12970 EXPLOITDB HIGH text WORKING POC
Apache2Triad 1.5.4 - Cross-Site Request Forgery in User Account Management
Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php.
CVSS 8.8
CVE-2017-12965 EXPLOITDB CRITICAL text WORKING POC
Apache2Triad 1.5.4 - Info Disclosure
Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
CVSS 9.8
CVE-2016-5537 EXPLOITDB MEDIUM text WORKING POC
Oracle NetBeans 8.1 - Directory Traversal and Arbitrary File Write via ZIP Project Import
Unspecified vulnerability in the NetBeans component in Oracle Fusion Middleware 8.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the October 2016 CPU. Oracle has not commented on third-party claims that this issue is a directory traversal vulnerability which allows local users with certain permissions to write to arbitrary files and consequently gain privileges via a .. (dot dot) in a archive entry in a ZIP file imported as a project.
CVSS 5.7
CVE-2016-4311 EXPLOITDB HIGH text WORKING POC
WSO2 Identity Server 5.1.0 - Cross-Site Request Forgery in XACML Flow
Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that process XACML requests via an entitlement/eval-policy-submit.jsp request.
CVSS 8.8
CVE-2017-6803 EXPLOITDB HIGH html WORKING POC
SolarWinds FTP Voyager 16.2.0 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the scheduler, or (3) possibly execute arbitrary commands via crafted requests to Admin/XML/Result.xml.
CVSS 8.8
EIP-2026-119279 EXPLOITDB python WORKING POC
WinaXe 7.7 'FTP client' - Remote Buffer Overflow
CVE-2017-5496 EXPLOITDB CRITICAL text WRITEUP
Sawmill Enterprise 8.7.9 - Authentication Bypass via Password Hash
Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of a password hash.
CVSS 9.8
CVE-2017-9024 EXPLOITDB HIGH text WORKING POC
Secure Bytes SCA 3.0 - Path Traversal
Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname.
CVSS 7.5
EIP-2026-119076 EXPLOITDB text WORKING POC
Rapid PHP Editor 14.1 - Remote Command Execution
CVE-2017-7237 EXPLOITDB CRITICAL text WRITEUP
Spiceworks Inventory <7.5 - Path Traversal
The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ (aka Write request) operation for a configuration file or an executable file.
CVSS 9.8
CVE-2017-7455 EXPLOITDB HIGH text WORKING POC
Moxa MXView 2.8 - Unauthenticated Exposure of Sensitive Information via Private Key File
Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control.
CVSS 7.5
CVE-2017-7457 EXPLOITDB MEDIUM text WORKING POC
Moxa MX-AOPC Server 1.5 - Info Disclosure
XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure.
CVSS 5.0
CVE-2017-6805 EXPLOITDB MEDIUM text WORKING POC
MobaXterm Personal Edition 9.4 - Path Traversal
Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command.
CVSS 5.3
CVE-2017-11567 EXPLOITDB HIGH text WORKING POC
Mongoose Embedded Web Server Library < 6.8 - Cross-Site Request Forgery via __mg_admin?save
Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely.
CVSS 8.8
EIP-2026-118450 EXPLOITDB text WORKING POC
DzSoft PHP Editor 4.2.7 - File Enumeration
EIP-2026-118197 EXPLOITDB text WORKING POC
Zend Studio IDE 13.5.1 - Insecure File Permissions Privilege Escalation
EIP-2026-117439 EXPLOITDB python WORKING POC
MakeSFX.exe 1.44 - Local Stack Buffer Overflow
EIP-2026-117486 EXPLOITDB text WORKING POC
Microsoft Excel Starter 2010 - XML External Entity Injection
EIP-2026-117502 EXPLOITDB text WORKING POC
Microsoft MSINFO32.EXE 6.1.7601 - '.NFO' XML External Entity Injection
EIP-2026-117570 EXPLOITDB text WORKING POC
Microsoft Windows Media Center 6.1.7600 - 'ehshell.exe' XML External Entity Injection
EIP-2026-117707 EXPLOITDB python WORKING POC
NScan 0.9.1 - 'Target' Local Buffer Overflow
CVE-2017-0045 EXPLOITDB MEDIUM text WORKING POC
Windows DVD Maker - Information Disclosure via Crafted .msdvd File Parsing
Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise a target system, aka "Windows DVD Maker Cross-Site Request Forgery Vulnerability."
CVSS 5.5