Marco Rivoli

6 exploits Active since Apr 2017
CVE-2017-7581 METASPLOIT CRITICAL ruby WORKING POC
TYPO3 News module <5.3.2 - SQL Injection
SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.
CVSS 9.8
CVE-2025-34100 METASPLOIT CRITICAL ruby WORKING POC
BuilderEngine 3.5.0 - Code Injection
An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder 2.0 file manager and its use of the jQuery File Upload plugin. The plugin fails to properly validate or restrict file types or locations during upload operations, allowing an attacker to upload a malicious .php file and subsequently execute arbitrary PHP code on the server under the context of the web server process. While the root vulnerability lies within the jQuery File Upload component, BuilderEngine’s improper integration and lack of access controls expose this functionality to unauthenticated users, resulting in full remote code execution.
CVE-2025-34096 METASPLOIT CRITICAL ruby WORKING POC
Easy File Sharing HTTP Server 7.2 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2. The flaw is triggered when a crafted POST request is sent to the /sendemail.ghp endpoint containing an overly long Email parameter. The application fails to properly validate the length of this field, resulting in a memory corruption condition. An unauthenticated remote attacker can exploit this to execute arbitrary code with the privileges of the server process.
CVE-2017-9544 METASPLOIT CRITICAL ruby WORKING POC
EFS Software Easy Chat Server <3.1 - Buffer Overflow
There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.
CVSS 9.8
EIP-2026-118459 EXPLOITDB ruby WORKING POC
Easy File Sharing HTTP Server 7.2 - POST Buffer Overflow (Metasploit)
EIP-2026-104717 EXPLOITDB ruby WORKING POC
BuilderEngine 3.5.0 - Arbitrary File Upload and Execution (Metasploit)