Juan Manuel Fernandez (@TheXC3LL)

11 exploits Active since Jul 2017
CVE-2023-26258 NOMISEC CRITICAL WORKING POC
Arcserve UDP <9.0.6034 - Auth Bypass
Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute any task as administrator.
23 stars
CVSS 9.8
CVE-2017-14339 GITHUB HIGH python WORKING POC
YADIFA <2.2.6 - DoS
The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and makes the server unresponsive.
11 stars
CVSS 7.5
CVE-2024-22107 GITHUB HIGH python WORKING POC
GTB Central Console 15.17.1-30814.NG - Command Injection
An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAction at /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php is vulnerable to command injection via the /old/react/v1/api/system/dns/data endpoint. An authenticated attacker can abuse it to inject an arbitrary command and compromise the platform.
11 stars
CVSS 7.2
CVE-2017-11318 GITHUB HIGH python WORKING POC
Cobiansoft Cobian Backup - OS Command Injection
Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. In addition, the attacker can execute system commands remotely by abusing pre-backup events.
11 stars
CVSS 8.1
CVE-2019-18956 WRITEUP CRITICAL WORKING POC
Divisa Proxia Suite <9.12.16-10.1.5, SparkSpace <1.0.30-1.2.4, Prox...
Divisa Proxia Suite 9 < 9.12.16, 9.11.19, 9.10.26, 9.9.8, 9.8.43 and 9.7.10, 10.0 < 10.0.32, and 10.1 < 10.1.5, SparkSpace 1.0 < 1.0.30, 1.1 < 1.1.2, and 1.2 < 1.2.4, and Proxia PHR 1.0 < 1.0.30 and 1.1 < 1.1.2 allows remote code execution via untrusted Java deserialization. The proxia-error cookie is insecurely deserialized in every request (GET or POST). Thus, an unauthenticated attacker can easily craft a seria1.0lized payload in order to execute arbitrary code via the prepareError function in the com.divisait.dv2ee.controller.MVCControllerServlet class of the dv2eemvc.jar component. allows remote code execution via untrusted Java deserialization. The proxia-error cookie is insecurely deserialized in every request (GET or POST). Thus, an unauthenticated attacker can easily craft a serialized payload in order to execute arbitrary code via the prepareError function in the com.divisait.dv2ee.controller.MVCControllerServlet class of the dv2eemvc.jar component. Affected products include Proxia Premium Edition 2017 and Sparkspace.
CVSS 9.8
CVE-2020-12606 WRITEUP CRITICAL WORKING POC
DB Soft SGLAC <20.05.001 - SQL Injection
An issue was discovered in DB Soft SGLAC before 20.05.001. The ProcedimientoGenerico method in the SVCManejador.svc webservice of the SGLAC web frontend allows an attacker to run arbitrary SQL commands on the SQL Server. Command execution can be easily achieved by using the xp_cmdshell stored procedure.
CVSS 9.8
CVE-2020-35577 WRITEUP MEDIUM WORKING POC
Endalia Selection Portal <4.205.0 - Info Disclosure
In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference (IDOR) allows any authenticated user to download every file uploaded to the platform by changing the value of the file identifier (aka CommonDownload identification number).
CVSS 6.5
CVE-2021-33207 WRITEUP CRITICAL WORKING POC
MashZone NextGen <10.7 - Deserialization
The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code.
CVSS 9.8
CVE-2021-33208 WRITEUP HIGH WORKING POC
MashZone NextGen <10.7 - XML External Entity
The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file.
CVSS 7.2
CVE-2021-33523 WRITEUP HIGH WORKING POC
MashZone NextGen <10.7 GA - Command Injection
MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in com.idsscheer.ppmmashup.business.jdbc.DriverUploadController.
CVSS 7.2
CVE-2021-33581 WRITEUP HIGH WORKING POC
MashZone NextGen <10.7 GA - SSRF
MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService.
CVSS 7.2