Maximiliano Vidal

31 exploits Active since May 2017
CVE-2017-14094 EXPLOITDB CRITICAL WORKING POC
Trend Micro Smart Protection Server <3.2 - Command Injection
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system.
CVSS 9.8
CVE-2017-14097 EXPLOITDB CRITICAL WORKING POC
Trend Micro Smart Protection Server <3.2 - Info Disclosure
An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system.
CVSS 9.8
CVE-2017-9813 EXPLOITDB MEDIUM text WORKING POC
Kaspersky Anti-Virus for Linux File Server <8.0.4.312 - XSS
In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS).
CVSS 6.1
CVE-2018-1213 EXPLOITDB HIGH text WORKING POC
Dell EMC Isilon OneFS CSRF (7.1.1.11, 7.2.1.0-7.2.1.5, 8.0.0.0-8.0.0.6, 8.0.1.0-8.0.1.2, 8.1.0.0-8.1.0.2)
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.
CVSS 8.8
CVE-2017-8852 EXPLOITDB HIGH python WORKING POC
SAP SAPCAR 721.510 - Heap-Based Buffer Overflow via Crafted CAR Archive
SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560.
CVSS 7.8
CVE-2018-6230 EXPLOITDB MEDIUM text WORKING POC
Trend Micro Email Encryption Gateway 5.5 - SQL Injection via Search Configuration Script
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.
CVSS 6.8