Marcelo Vázquez (aka s4vitar)

9 exploits Active since Mar 2019
CVE-2019-9599 NOMISEC HIGH WORKING POC
AirDroid <4.2.1.6 - DoS
The AirDroid application through 4.2.1.6 for Android allows remote attackers to cause a denial of service (service crash) via many simultaneous sdctl/comm/lite_auth/ requests.
65 stars
CVSS 7.5
CVE-2019-9834 EXPLOITDB MEDIUM text WORKING POC
Netdata <1.13.0 - XSS
The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to steal authentication credentials or to control how the site is rendered to the user. NOTE: the vendor disputes the risk because there is a clear warning next to the button for importing a snapshot
CVSS 6.1
CVE-2019-17624 EXPLOITDB HIGH python WORKING POC
X.org X Server < 1.20.4 - Out-of-Bounds Write
"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact. Note: It is disputed if the X.Org X Server is involved or if there is a stack overflow.
CVSS 7.8
CVE-2019-9601 EXPLOITDB HIGH python WORKING POC
ApowerManager <3.1.7 - DoS
The ApowerManager application through 3.1.7 for Android allows remote attackers to cause a denial of service via many simultaneous /?Key=PhoneRequestAuthorization requests.
CVSS 7.5
CVE-2019-9599 EXPLOITDB HIGH bash WORKING POC
AirDroid <4.2.1.6 - DoS
The AirDroid application through 4.2.1.6 for Android allows remote attackers to cause a denial of service (service crash) via many simultaneous sdctl/comm/lite_auth/ requests.
CVSS 7.5
CVE-2019-9833 EXPLOITDB HIGH python WORKING POC
Screen Stream <3.0.15 - DoS
The Screen Stream application through 3.0.15 for Android allows remote attackers to cause a denial of service via many simultaneous /start-stop requests.
CVSS 7.5
CVE-2019-9600 EXPLOITDB HIGH python WORKING POC
Olive Tree FTP Server <1.32 - DoS
The Olive Tree FTP Server (aka com.theolivetree.ftpserver) application through 1.32 for Android allows remote attackers to cause a denial of service via a client that makes many connection attempts and drops certain packets.
CVSS 7.5
CVE-2019-9832 EXPLOITDB HIGH c WORKING POC
AirDrop <2.0 - DoS
The AirDrop application through 2.0 for Android allows remote attackers to cause a denial of service via a client that makes many socket connections through a configured port.
CVSS 7.5
CVE-2019-9831 EXPLOITDB HIGH python WORKING POC
AirMore <1.6.1 - DoS
The AirMore application through 1.6.1 for Android allows remote attackers to cause a denial of service (system hang) via many simultaneous /?Key=PhoneRequestAuthorization requests.
CVSS 7.5