Juan Manuel Fernandez - Security Researcher - Exploit Intelligence Platform

CVE-2018-10024 GITHUB CRITICAL python WORKING POC

ubiQuoss Switch VP5208A - Info Disclosure

ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. The file can be reached via an HTTP request. The credentials can be used to access the system via SSH (or TELNET if it is enabled).

11 stars

CVSS 9.8

View Code

CVE-2019-12725 GITHUB CRITICAL python WORKING POC

Zeroshell - OS Command Injection

Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.

11 stars

CVSS 9.8

View Code

CVE-2019-14459 GITHUB HIGH python WORKING POC

nfdump <1.6.17 - DoS

nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service).

11 stars

CVSS 7.5

View Code

CVE-2017-8893 GITHUB HIGH python WORKING POC

AeroAdmin 4.1 - Buffer Overflow

AeroAdmin 4.1 uses a function to copy data between two pointers where the size of the data copied is taken directly from a network packet. This can cause a buffer overflow and denial of service.

11 stars

CVSS 7.5

View Code

CVE-2018-15503 GITHUB HIGH python WORKING POC

Swoole - Insecure Deserialization

The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV.

11 stars

CVSS 7.5

View Code

CVE-2020-26878 NOMISEC HIGH WORKING POC

Ruckus <1.5.1.0.21 - Command Injection

Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.

CVSS 8.8

View Code

CVE-2019-12725 EXPLOITDB CRITICAL ruby WORKING POC

Zeroshell - OS Command Injection

Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.

CVSS 9.8

View Code