Maximilian Barz

7 exploits Active since Oct 2020
CVE-2020-15906 NOMISEC CRITICAL WORKING POC
Tiki < 21.2 - Brute Force
tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts.
49 stars
CVSS 9.8
CVE-2020-29669 NOMISEC HIGH WORKING POC
Macally WIFISD2-2A82 Media and Travel Router 2.000.010 - Privilege Escalation
In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password. This process has a vulnerability which can be used to take over the administrator account and results in shell access. As the admin user may read the /etc/shadow file, the password hashes of each user (including root) can be dumped. The root hash can be cracked easily which results in a complete system compromise.
2 stars
CVSS 8.8
CVE-2020-15906 GITLAB CRITICAL WORKING POC
Tiki < 21.2 - Brute Force
tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts.
CVSS 9.8
CVE-2020-29669 INTHEWILD HIGH WORKING POC
Macally WIFISD2-2A82 Media and Travel Router 2.000.010 - Privilege Escalation
In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password. This process has a vulnerability which can be used to take over the administrator account and results in shell access. As the admin user may read the /etc/shadow file, the password hashes of each user (including root) can be dumped. The root hash can be cracked easily which results in a complete system compromise.
CVSS 8.8
CVE-2023-30367 EXPLOITDB HIGH text WORKING POC
Mremoteng < 1.76.20 - Cleartext Storage
Multi-Remote Next Generation Connection Manager (mRemoteNG) is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version <= v1.76.20 and <= 1.77.3-dev loads configuration files in plain text into memory (after decrypting them if necessary) at application start-up, even if no connection has been established yet. This allows attackers to access contents of configuration files in plain text through a memory dump and thus compromise user credentials when no custom password encryption key has been set. This also bypasses the connection configuration file encryption setting by dumping already decrypted configurations from memory.
CVSS 7.5
EIP-2026-112680 EXPLOITDB python WORKING POC
Tiki Wiki CMS Groupware 21.1 - Authentication Bypass
EIP-2026-101840 EXPLOITDB python WORKING POC
Macally WIFISD2-2A82 2.000.010 - Guest to Root Privilege Escalation