Martino Sani

4 exploits Active since Feb 2017
CVE-2017-6078 WRITEUP MEDIUM WORKING POC
FastStone MaxView 3.0 and 3.1 - Denial of Service via Malformed BMP Image
FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with a crafted biSize field in the BITMAPINFOHEADER section.
CVSS 5.5
CVE-2017-8114 WRITEUP HIGH WRITEUP
Roundcube Webmail < 1.0.11, 1.1.x < 1.1.9, 1.2.x < 1.2.5 - Authenticated Arbitrary Password Reset via Password Plugin
Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.
CVSS 8.8
CVE-2018-18519 WRITEUP HIGH WRITEUP
Best Free Keylogger < 5.2.9 - Privilege Escalation via Insecure File Permissions
BestXsoftware Best Free Keylogger before 6.0.0 allows local users to gain privileges via a Trojan horse "%PROGRAMFILES%\BFK 5.2.9\syscrb.exe" file because of insecure permissions for the BUILTIN\Users group.
CVSS 7.8
EIP-2026-104295 EXPLOITDB text WORKING POC
Joomla! Component com_jem 2.1.4 - Multiple Vulnerabilities