Jonatas Fil

6 exploits Active since Dec 2005
CVE-2019-25356 EXPLOITDB MEDIUM text WORKING POC
Bematech MP-4200 TH - Stored Cross-Site Scripting via Admin Configuration Page Parameters
Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a cross-site scripting vulnerability in the admin configuration page. Attackers can inject malicious scripts via crafted POST requests with malformed 'admin' and 'person' parameters, allowing execution of arbitrary JavaScript in the context of an authenticated user's browser session.
CVSS 6.1
CVE-2019-25401 EXPLOITDB HIGH text WORKING POC
Bematech MP-4200 TH - Denial of Service via Malformed Admin Configuration Parameters
Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a denial of service vulnerability in the admin configuration page. Remote attackers can send crafted POST requests with malformed 'admin' and 'person' parameters to crash the printer's web service, causing a denial of service condition.
CVSS 7.5
EIP-2026-114008 EXPLOITDB bash WORKING POC
WordPress Plugin Rest Google Maps < 7.11.18 - SQL Injection
CVE-2005-4664 EXPLOITDB text WRITEUP
OcoMon 1.21 - SQL Injection via Logon Page
SQL injection vulnerability in OcoMon 1.21, and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the logon page, a different vulnerability than CVE-2005-4662.
EIP-2026-102356 EXPLOITDB python WORKING POC
Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
EIP-2026-101902 EXPLOITDB text WORKING POC
OpenDreamBox 2.0.0 Plugin WebAdmin - Remote Code Execution