MaYaSeVeN

5 exploits Active since Sep 2016
CVE-2016-6662 NOMISEC CRITICAL WORKING POC
Oracle MySQL, MariaDB, Percona Server - Privilege Escalation via my.cnf
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
29 stars
CVSS 9.8
CVE-2019-12562 NOMISEC MEDIUM WORKING POC
Dnnsoftware Dotnetnuke < 9.4.0 - XSS
Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting.
8 stars
CVSS 6.1
EIP-2026-115918 EXPLOITDB python WORKING POC
Netcut 2.0 - Denial of Service
CVE-2019-11013 EXPLOITDB MEDIUM text WORKING POC
Softvelum Nimble Streamer < 3.5.4-9 - Path Traversal
Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of the restricted directory on the remote server.
CVSS 6.5
CVE-2019-12562 EXPLOITDB MEDIUM python WORKING POC
Dnnsoftware Dotnetnuke < 9.4.0 - XSS
Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting.
CVSS 6.1