Justin Steven

7 exploits Active since Jul 2017
CVE-2015-8239 NOMISEC HIGH WORKING POC
sudo - Race Condition in SHA-2 Digest Handling
The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.
CVSS 7.0
CVE-2017-1000047 WRITEUP CRITICAL WRITEUP
rbenv - Directory Traversal and Arbitrary Code Execution via Ruby Version Specification
rbenv (all current versions) is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution
CVSS 9.8
CVE-2022-25891 WRITEUP HIGH WRITEUP
containrrr/shoutrrr < 0.6.0 - Denial of Service via util.PartitionMessage Function
The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are vulnerable to Denial of Service (DoS) via the util.PartitionMessage function. Exploiting this vulnerability is possible by sending exactly 2000, 4000, or 6000 characters messages.
CVSS 7.5
CVE-2021-22204 METASPLOIT MEDIUM ruby WORKING POC
GitLab Unauthenticated Remote ExifTool Command Injection
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
CVSS 6.8
CVE-2020-7384 METASPLOIT HIGH ruby WORKING POC
Metasploit < 4.19.0 - Command Injection via Malicious APK File
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.
CVSS 7.0
EIP-2026-103983 EXPLOITDB ruby WORKING POC
Metasploit Web UI - Diagnostic Console Command Execution (Metasploit)
CVE-2020-7384 EXPLOITDB HIGH python WORKING POC
Metasploit < 4.19.0 - Command Injection via Malicious APK File
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.
CVSS 7.0