Martino Sani

4 exploits Active since Feb 2017
CVE-2017-6078 WRITEUP MEDIUM WORKING POC
Faststone Maxview - Improper Input Validation
FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with a crafted biSize field in the BITMAPINFOHEADER section.
CVSS 5.5
CVE-2017-8114 WRITEUP HIGH WRITEUP
Roundcube Webmail < 1.0.11 - Improper Privilege Management
Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.
CVSS 8.8
CVE-2018-18519 WRITEUP HIGH WRITEUP
Bestxsoftware Best Free Keylogger < 5.2.9 - Untrusted Search Path
BestXsoftware Best Free Keylogger before 6.0.0 allows local users to gain privileges via a Trojan horse "%PROGRAMFILES%\BFK 5.2.9\syscrb.exe" file because of insecure permissions for the BUILTIN\Users group.
CVSS 7.8
EIP-2026-104295 EXPLOITDB text WORKING POC
Joomla! Component com_jem 2.1.4 - Multiple Vulnerabilities