Matt "hostess" Andreko

9 exploits Active since Jan 2013
CVE-2013-10065 METASPLOIT HIGH ruby WORKING POC
Sysax Multi-Server 6.10 - Denial of Service via Malformed SSH Key Exchange Packet
A denial-of-service vulnerability exists in Sysax Multi-Server version 6.10 via its SSH daemon. A specially crafted SSH key exchange packet can trigger a crash in the service, resulting in loss of availability. The flaw is triggered during the handling of malformed key exchange data, including a non-standard byte (\x28) in place of the expected SSH protocol delimiter.
CVSS 7.5
CVE-2013-4615 METASPLOIT ruby WORKING POC
Canon MG3100 MG5300 MG6100 MP495 MX340 MX870 MX890 MX920 MX922 - Denial of Service via LAN_TXT24 Parameter
The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/pages_MacUS/cgi_lan.cgi followed by a direct request to English/pages_MacUS/lan_set_content.html. NOTE: the vendor has apparently responded by stating "Canon believes that its printers will not have to deal with unauthorized access to the network from an external location as long as the printers are used in a secured environment."
CVE-2014-0659 METASPLOIT ruby SCANNER
Cisco RVS4000, WRVS4400N, and WAP4410N Firmware - Remote Code Execution via Test Interface
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.
CVE-2012-10024 METASPLOIT HIGH ruby WORKING POC
XBMC/Media Center < 11.0 - Authenticated Path Traversal via HTTP Server URI
XBMC version 11.0 contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An attacker can exploit this flaw to read arbitrary files from the host filesystem, including sensitive configuration or credential files.
CVE-2012-6530 METASPLOIT ruby WORKING POC
Sysax Multi Server < 5.52 - Authenticated Stack-Based Buffer Overflow via HTTP Request
Stack-based buffer overflow in Sysax Multi Server before 5.52, when HTTP is enabled, allows remote authenticated users with the create folder permission to execute arbitrary code via a crafted request.
EIP-2026-119200 EXPLOITDB ruby WORKING POC
Sysax Multi Server 5.64 - Create Folder Buffer Overflow (Metasploit)
EIP-2026-117270 EXPLOITDB python WORKING POC
HexChat 2.9.4 - Local Overflow
EIP-2026-116370 EXPLOITDB ruby WORKING POC
Sysax Multi Server 6.10 - SSH Denial of Service
CVE-2014-0659 EXPLOITDB ruby WORKING POC
Cisco RVS4000, WRVS4400N, and WAP4410N Firmware - Remote Code Execution via Test Interface
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.