Matt "hostess" Andreko

9 exploits Active since Jan 2013
CVE-2013-10065 METASPLOIT HIGH ruby WORKING POC
Sysax Multi-Server 6.10 - DoS
A denial-of-service vulnerability exists in Sysax Multi-Server version 6.10 via its SSH daemon. A specially crafted SSH key exchange packet can trigger a crash in the service, resulting in loss of availability. The flaw is triggered during the handling of malformed key exchange data, including a non-standard byte (\x28) in place of the expected SSH protocol delimiter.
CVSS 7.5
CVE-2013-4615 METASPLOIT ruby WORKING POC
Canon Printers - DoS
The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/pages_MacUS/cgi_lan.cgi followed by a direct request to English/pages_MacUS/lan_set_content.html. NOTE: the vendor has apparently responded by stating "Canon believes that its printers will not have to deal with unauthorized access to the network from an external location as long as the printers are used in a secured environment."
CVE-2014-0659 METASPLOIT ruby SCANNER
Cisco Rvs4000 Firmware < 2.0.3.2 - OS Command Injection
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.
CVE-2012-10024 METASPLOIT HIGH ruby WORKING POC
XBMC 11 - Path Traversal
XBMC version 11, including builds up to the 2012-11-04 nightly release, contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An attacker can exploit this flaw to read arbitrary files from the host filesystem, including sensitive configuration or credential files.
CVE-2012-6530 METASPLOIT ruby WORKING POC
Sysax Multi Server < 5.50 - Memory Corruption
Stack-based buffer overflow in Sysax Multi Server before 5.52, when HTTP is enabled, allows remote authenticated users with the create folder permission to execute arbitrary code via a crafted request.
EIP-2026-119200 EXPLOITDB ruby WORKING POC
Sysax Multi Server 5.64 - Create Folder Buffer Overflow (Metasploit)
EIP-2026-117270 EXPLOITDB python WORKING POC
HexChat 2.9.4 - Local Overflow
EIP-2026-116370 EXPLOITDB ruby WORKING POC
Sysax Multi Server 6.10 - SSH Denial of Service
CVE-2014-0659 EXPLOITDB ruby WORKING POC
Cisco Rvs4000 Firmware < 2.0.3.2 - OS Command Injection
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.