John Page aka hyp3rlinx

64 exploits Active since Jan 2016
EIP-2026-117486 EXPLOITDB text WORKING POC
Microsoft Excel Starter 2010 - XML External Entity Injection
CVE-2019-0948 EXPLOITDB MEDIUM text WORKING POC
Windows Event Viewer - Info Disclosure
An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. To exploit the vulnerability, an attacker could create a file containing specially crafted XML content and convince an authenticated user to import the file. The update addresses the vulnerability by modifying the way that the Event Viewer parses XML input.
CVSS 4.7
EIP-2026-117439 EXPLOITDB python WORKING POC
MakeSFX.exe 1.44 - Local Stack Buffer Overflow
CVE-2017-3141 EXPLOITDB HIGH text WRITEUP
ISC Bind < 9.2.9 - Privilege Escalation
The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1.
CVSS 7.2
CVE-2016-8742 EXPLOITDB HIGH text WRITEUP
Apache CouchDB <2.0.0 - Privilege Escalation
The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service launcher, or CouchDB batch or binary files. A subsequent service or server restart will then run that binary with administrator privilege. This issue affected CouchDB 2.0.0 (Windows platform only) and was addressed in CouchDB 2.0.0.1.
CVSS 7.8
EIP-2026-117239 EXPLOITDB text WORKING POC
Ghostscript 9.20 - 'Filename' Command Execution
EIP-2026-117283 EXPLOITDB text WRITEUP
HP TouchSmart Calendar 4.1.4245 - Insecure File Permissions Privilege Escalation
CVE-2015-7422 EXPLOITDB MEDIUM text WORKING POC
IBM i Access 7.1 - DoS
Buffer overflow in IBM i Access 7.1 on Windows allows local users to cause a denial of service (application crash) via unspecified vectors.
CVSS 5.5
CVE-2017-3006 EXPLOITDB HIGH text WORKING POC
Adobe Creative Cloud < 3.9.5.353 - Incorrect Permission Assignment
Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications.
CVSS 8.8
CVE-2017-7456 EXPLOITDB HIGH text WORKING POC
Moxa MXView 2.8 - DoS
Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials.
CVSS 7.5
CVE-2017-7183 EXPLOITDB HIGH text WORKING POC
ExtraPuTTY <0.30 - DoS
The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message.
CVSS 7.5
CVE-2017-5359 EXPLOITDB HIGH text WORKING POC
EasyCom SQL iPlug - DoS
EasyCom SQL iPlug allows remote attackers to cause a denial of service via the D$EVAL parameter to the default URI.
CVSS 7.5
CVE-2017-5358 EXPLOITDB CRITICAL text WORKING POC
EasyCom for PHP 4.0.0.29 - Buffer Overflow
Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to execute arbitrary code via the server argument to the (1) i5_connect, (2) i5_pconnect, or (3) i5_private_connect API function.
CVSS 9.8
EIP-2026-115085 EXPLOITDB python WORKING POC
Core FTP LE 2.2 - 'SSH/SFTP' Remote Buffer Overflow (PoC)
CVE-2016-7866 EXPLOITDB CRITICAL text WRITEUP
Adobe Animate < 15.2.1.95 - Memory Corruption
Adobe Animate versions 15.2.1.95 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
CVSS 9.8
EIP-2026-114969 EXPLOITDB text WORKING POC
Axessh 4.2 - Denial of Service
EIP-2026-115251 EXPLOITDB text WORKING POC
Firefox 54.0.1 - Denial of Service
EIP-2026-114465 EXPLOITDB text WORKING POC
Xoops 2.5.7.2 - Cross-Site Request Forgery (Arbitrary User Deletions)
EIP-2026-114466 EXPLOITDB text WRITEUP
XOOPS 2.5.7.2 - Directory Traversal Bypass
EIP-2026-113255 EXPLOITDB text WORKING POC
WebCalendar 1.2.7 - Multiple Vulnerabilities
CVE-2016-4309 EXPLOITDB HIGH text WRITEUP
Symphony CMS 2.6.7 - Info Disclosure
Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter.
CVSS 7.5
CVE-2016-5304 EXPLOITDB MEDIUM text WORKING POC
Symantec Endpoint Protection Manager < 12.1.6 - Open Redirect
Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVSS 6.8
EIP-2026-111049 EXPLOITDB text WRITEUP
PHPfileNavigator 2.3.3 - Cross-Site Scripting
EIP-2026-111203 EXPLOITDB text WRITEUP
PHPShell 2.4 - Session Fixation
EIP-2026-111050 EXPLOITDB text WORKING POC
PHPfileNavigator 2.3.3 - Privilege Escalation