Kacper Szurek

72 exploits Active since Nov 2014
CVE-2018-5955 NOMISEC CRITICAL WORKING POC
GitStack <2.3.10 - Privilege Escalation
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI.
10 stars
CVSS 9.8
CVE-2018-25332 EXPLOITDB CRITICAL python WORKING POC
GitBucket 4.23.1 Unauthenticated Remote Code Execution
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR plugin via the git-lfs endpoint, and execute system commands through an exposed exploit endpoint.
CVSS 9.8
CVE-2014-9013 EXPLOITDB HIGH WORKING POC
WP Marketplace <2.4.0 - Privilege Escalation
The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmp_pp_ajax_call with an execution target of wp_insert_user.
CVSS 8.8
CVE-2017-20112 WRITEUP HIGH WORKING POC
IVPN Client <2.6.6120.33863 - Privilege Escalation
A vulnerability has been found in IVPN Client 2.6.6120.33863 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument --up cmd leads to improper privilege management. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.6.2 is able to address this issue. It is recommended to upgrade the affected component.
CVSS 7.8
CVE-2017-20123 WRITEUP HIGH WORKING POC
Viscosity <1.6.8 - Untrusted Search Path
A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component.
CVSS 8.8
CVE-2017-18378 EXPLOITDB HIGH text WORKING POC
NETGEAR ReadyNAS Surveillance <1.4.3-17 x86 & <1.1.4-7 ARM - RCE via upgrade_handle.php
In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution.
CVSS 8.4
CVE-2015-9316 EXPLOITDB CRITICAL text WORKING POC
WP Fastest Cache < 0.8.4.9 - SQL Injection via poll_id Parameter
The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter.
CVSS 9.8
CVE-2017-11154 EXPLOITDB HIGH python WORKING POC
Synology Photo Station < 6.7.3-3432 and 6.3-2967 - Unrestricted File Upload via PixlrEditorHandler.php Type Parameter
Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter.
CVSS 7.2
CVE-2017-11153 EXPLOITDB CRITICAL python WORKING POC
Synology Photo Station < 6.7.3-3432 RCE via Deserialization in synophoto_csPhotoMisc.php
Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload.
CVSS 9.8
CVE-2017-11152 EXPLOITDB HIGH python WORKING POC
Synology Photo Station < 6.7.3-3432 Path Traversal & Arbitrary File Write via PixlrEditorHandler.php
Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter.
CVSS 7.5
CVE-2017-11151 EXPLOITDB CRITICAL python WORKING POC
Synology Photo Station < 6.7.3-3432 and 6.3-2967 - Unauthenticated Arbitrary File Upload via synotheme_upload.php
A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action.
CVSS 9.8
CVE-2015-2199 EXPLOITDB text WORKING POC
WonderPlugin Audio Player < 2.0 - Authenticated SQL Injection via item[id] Parameter
Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php.
CVE-2018-5955 METASPLOIT CRITICAL ruby WORKING POC
GitStack <2.3.10 - Privilege Escalation
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI.
CVSS 9.8
CVE-2014-8799 METASPLOIT ruby WORKING POC
dukapress < 2.5.3 - Path Traversal via src Parameter in dp_image.php
Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.
CVE-2014-9308 METASPLOIT ruby WORKING POC
WP EasyCart < 3.0.8 - Authenticated Arbitrary File Upload via Banner Upload Script
Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in products/banners/.
CVE-2018-1000533 METASPLOIT CRITICAL ruby WORKING POC
GitList <= 0.6.0 - Remote Code Execution via Search Form Input
klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. This attack appear to be exploitable via Send POST request using search form. This vulnerability appears to have been fixed in 0.7 after commit 87b8c26b023c3fc37f0796b14bb13710f397b322.
CVSS 9.8
CVE-2014-9312 METASPLOIT HIGH ruby WORKING POC
Photo Gallery 1.2.5 - Info Disclosure
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.
CVSS 8.8
CVE-2018-5955 METASPLOIT CRITICAL ruby WORKING POC
GitStack <2.3.10 - Privilege Escalation
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI.
CVSS 9.8
CVE-2018-5955 EXPLOITDB CRITICAL ruby WORKING POC
GitStack <2.3.10 - Privilege Escalation
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI.
CVSS 9.8
EIP-2026-117901 EXPLOITDB python WORKING POC
SentryHD 02.01.12e - Local Privilege Escalation
EIP-2026-118129 EXPLOITDB java WORKING POC
WinPower 4.9.0.4 - Local Privilege Escalation
EIP-2026-117903 EXPLOITDB python WORKING POC
ShadeYouVPN Client 2.0.1.11 - Local Privilege Escalation
EIP-2026-118068 EXPLOITDB text WRITEUP
Viscosity 1.6.7 - Local Privilege Escalation
EIP-2026-117025 EXPLOITDB python WORKING POC
Dell Customer Connect 1.3.28.0 - Local Privilege Escalation
EIP-2026-117011 EXPLOITDB WORKING POC
CyberGhost 6.0.4.2205 - Local Privilege Escalation