Juan Manuel Fernández - Security Researcher - Exploit Intelligence Platform

CVE-2019-12386 GITHUB MEDIUM python WORKING POC

Ampache < 3.9.1 - Stored Cross-Site Scripting via LocalPlay Add Instance

An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known by the attacker.

11 stars

CVSS 5.4

View Code

CVE-2022-26952 GITHUB HIGH python WORKING POC

Digi Passport Firmware <1.5.1 - Buffer Overflow

Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page.

11 stars

CVSS 7.5

View Code

CVE-2022-26952 WRITEUP HIGH WRITEUP

Digi Passport Firmware <1.5.1 - Buffer Overflow

Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page.

CVSS 7.5

View Code

CVE-2022-26953 WRITEUP HIGH WRITEUP

Digi Passport Firmware <1.5.1 - Buffer Overflow

Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the string is concatenated to the HTML body.

CVSS 7.5

View Code