Juan Manuel Fernandez

7 exploits Active since Jul 2017
CVE-2018-10024 GITHUB CRITICAL python WORKING POC
ubiQuoss Switch VP5208A - Info Disclosure
ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. The file can be reached via an HTTP request. The credentials can be used to access the system via SSH (or TELNET if it is enabled).
11 stars
CVSS 9.8
CVE-2019-12725 GITHUB CRITICAL python WORKING POC
ZeroShell 3.9.0 - Unauthenticated Remote Command Execution via HTTP Parameter Injection
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.
11 stars
CVSS 9.8
CVE-2019-14459 GITHUB HIGH python WORKING POC
nfdump < 1.6.17 - Denial of Service via Integer Overflow in Process_ipfix_template_withdraw
nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service).
11 stars
CVSS 7.5
CVE-2017-8893 GITHUB HIGH python WORKING POC
AeroAdmin 4.1 - Denial of Service via Buffer Overflow
AeroAdmin 4.1 uses a function to copy data between two pointers where the size of the data copied is taken directly from a network packet. This can cause a buffer overflow and denial of service.
11 stars
CVSS 7.5
CVE-2018-15503 GITHUB HIGH python WORKING POC
Swoole 4.0.4 - Denial of Service via Unpack Deserialization Size Check Bypass
The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV.
11 stars
CVSS 7.5
CVE-2020-26878 NOMISEC HIGH WORKING POC
Ruckus <1.5.1.0.21 - Command Injection
Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.
CVSS 8.8
CVE-2019-12725 EXPLOITDB CRITICAL ruby WORKING POC
ZeroShell 3.9.0 - Unauthenticated Remote Command Execution via HTTP Parameter Injection
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.
CVSS 9.8