Kacper Szurek

72 exploits Active since Nov 2014
EIP-2026-111163 EXPLOITDB text WRITEUP
phpMyFAQ 2.9.0 - Persistent Cross-Site Scripting
CVE-2014-9254 EXPLOITDB text WORKING POC
MiniBB < 3.1 - SQL Injection via Unsubscribe Code Parameter
bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php.
EIP-2026-107414 EXPLOITDB python WORKING POC
GitList 0.6 - Remote Code Execution
CVE-2014-9258 EXPLOITDB text WORKING POC
GLPI < 0.85 - Authenticated SQL Injection via Dropdown Condition Parameter
SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.
EIP-2026-107415 EXPLOITDB python WORKING POC
GitStack 2.3.10 - Remote Code Execution
CVE-2018-5955 EXPLOITDB CRITICAL WORKING POC
GitStack <2.3.10 - Privilege Escalation
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI.
CVSS 9.8
CVE-2015-6512 EXPLOITDB php WORKING POC
FreiChat 9.6 - SQL Injection via Time Parameter
SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom.php in FreiChat 9.6 allows remote attackers to execute arbitrary SQL commands via the time parameter to server/freichat.php.
EIP-2026-106667 EXPLOITDB php WORKING POC
e107 CMS 2.1.2 - Privilege Escalation
EIP-2026-106531 EXPLOITDB text WORKING POC
Dolphin 7.3.0 - Error-Based SQL Injection
CVE-2014-9261 EXPLOITDB text WORKING POC
Codoforum 2.5.1 - Path Traversal via Path Parameter
The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php.
EIP-2026-105810 EXPLOITDB text WORKING POC
Chamilo LMS 1.9.8 - Blind SQL Injection
EIP-2026-104728 EXPLOITDB ruby WORKING POC
GitList 0.6.0 - Argument Injection (Metasploit)
EIP-2026-104885 EXPLOITDB WORKING POC
AbanteCart 1.2.7 - Cross-Site Scripting
EIP-2026-104729 EXPLOITDB ruby WORKING POC
GitList 0.6.0 - Argument Injection (Metasploit)
EIP-2026-104266 EXPLOITDB python WORKING POC
Gitea 1.4.0 - Remote Code Execution
EIP-2026-102343 EXPLOITDB ruby WORKING POC
Manage Engine Exchange Reporter Plus - Remote Code Execution (Metasploit)
EIP-2026-102404 EXPLOITDB python WORKING POC
ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution
CVE-2017-11346 EXPLOITDB CRITICAL ruby WORKING POC
ManageEngine Desktop Central < 10.0 - Remote Code Execution via Help Desk Video Upload
Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos.
CVSS 9.8
EIP-2026-102344 EXPLOITDB ruby WORKING POC
Manage Engine Exchange Reporter Plus - Remote Code Execution (Metasploit)
EIP-2026-102113 EXPLOITDB text WORKING POC
WD My Cloud Mirror 2.11.153 - Authentication Bypass / Remote Code Execution
CVE-2017-11155 EXPLOITDB HIGH python WORKING POC
Synology Photo Station < 6.7.3-3432 and 6.3-2967 - Exposure of Sensitive System Information via index.php
An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors.
CVSS 7.5
EIP-2026-101301 EXPLOITDB python WORKING POC
HomeMatic Zentrale CCU2 - Remote Code Execution