Matteo Cantoni

21 exploits Active since Feb 1996
CVE-2006-2369 METASPLOIT ruby SCANNER
Realvnc - Authentication Bypass
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.
CVE-2006-5702 METASPLOIT ruby WORKING POC
Tikiwiki Cms/groupware - Information Disclosure
Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, and (21) tiki-webmail_contacts.php, which reveal the information in certain database error messages.
CVE-2006-3392 METASPLOIT ruby WORKING POC
Webmin <1.290 - Info Disclosure
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.
CVE-2015-6522 METASPLOIT ruby WORKING POC
Wpsymposium WP Symposium < 15.7 - SQL Injection
SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php.
CVE-2007-3389 METASPLOIT ruby WORKING POC
Wireshark - Improper Input Validation
Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload.
CVE-1999-0502 METASPLOIT ruby SCANNER
Unix - Info Disclosure
A Unix account has a default, null, blank, or missing password.
CVE-1999-0103 METASPLOIT ruby SCANNER
Echo/Chargen - DoS
Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm.
CVE-2008-3273 METASPLOIT ruby SCANNER
Jboss Enterprise Application Platform < 4.2.0.cp03 - Access Control
JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.
CVE-1999-0508 METASPLOIT ruby SCANNER
Router/FW - Info Disclosure
An account on a router, firewall, or other network device has a default, null, blank, or missing password.
CVE-2006-1551 METASPLOIT ruby WORKING POC
PAJAX <0.5.1 - Code Injection
Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to execute arbitrary code via the (1) $method and (2) $args parameters.
CVE-2005-0116 METASPLOIT ruby WORKING POC
Awstats < 6.3 - Improper Input Validation
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.
CVE-2006-4602 METASPLOIT ruby WORKING POC
Tikiwiki Cms/groupware - Unrestricted File Upload
Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory.
CVE-2007-5423 METASPLOIT ruby WORKING POC
Tikiwiki Cms/groupware - Code Injection
tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function.
CVE-2005-2733 METASPLOIT ruby WORKING POC
Simple PHP Blog - RCE
upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly restrict file extensions of uploaded files, which could allow remote attackers to execute arbitrary code.
CVE-2016-5734 METASPLOIT CRITICAL ruby WORKING POC
phpMyAdmin <4.0.10.16, <4.4.15.7, <4.6.3 - RCE
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.
CVSS 9.8
CVE-2006-4602 EXPLOITDB ruby WORKING POC
Tikiwiki Cms/groupware - Unrestricted File Upload
Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory.
CVE-2007-5423 EXPLOITDB ruby WORKING POC
Tikiwiki Cms/groupware - Code Injection
tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function.
CVE-2005-2733 EXPLOITDB ruby WORKING POC
Simple PHP Blog - RCE
upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly restrict file extensions of uploaded files, which could allow remote attackers to execute arbitrary code.
CVE-2006-1551 EXPLOITDB ruby WORKING POC
PAJAX <0.5.1 - Code Injection
Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to execute arbitrary code via the (1) $method and (2) $args parameters.
CVE-2005-0116 EXPLOITDB ruby WORKING POC
Awstats < 6.3 - Improper Input Validation
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.
CVE-2005-0116 EXPLOITDB ruby WORKING POC
Awstats < 6.3 - Improper Input Validation
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.