Lorenzo Cantoni

7 exploits Active since Dec 2012
EIP-2026-118319 EXPLOITDB python WORKING POC
BigAnt Server 2.52 SP5 - Remote Stack Overflow ROP-Based (SEH) (ASLR + DEP Bypass)
CVE-2012-4750 EXPLOITDB CRITICAL text WORKING POC
Ezhometech EzServer 7.0 - Remote Code Execution via AMF Request memcpy Overflow
A Code Execution vulnerability exists in the memcpy function when processing AMF requests in Ezhometech EzServer 7.0, which could let a remote malicious user execute arbitrary code or cause a Denial of Service
CVSS 9.8
CVE-2012-3872 EXPLOITDB text WORKING POC
Openconstructor - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) the q parameter to confirm.php, or (3) the keyword parameter to users/users.php.
CVE-2012-3873 EXPLOITDB text WRITEUP
Openconstructor - SQL Injection
Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestbook/edit.php, (3) data/file/edit.php, (4) data/htmltext/edit.php, (5) data/publication/edit.php, or (6) data/event/edit.php.
CVE-2012-3872 EXPLOITDB text WORKING POC
Openconstructor - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) the q parameter to confirm.php, or (3) the keyword parameter to users/users.php.
CVE-2012-3872 EXPLOITDB text WORKING POC
Openconstructor - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) the q parameter to confirm.php, or (3) the keyword parameter to users/users.php.
CVE-2013-4362 EXPLOITDB text WORKING POC
davfs2 1.4.6-1.4.7 - Privilege Escalation via System Function in kernel_interface.c and mount_davfs.c
WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users to gain privileges via unknown attack vectors in (1) kernel_interface.c and (2) mount_davfs.c, related to the "system" function.