Michael Heinzl

33 exploits Active since Nov 2022
CVE-2024-7399 METASPLOIT HIGH ruby WORKING POC
Samsung MagicINFO 9 Server Remote Code Execution (CVE-2024-7399)
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.
CVSS 8.8
CVE-2023-40504 METASPLOIT CRITICAL ruby WORKING POC
LG Simple Editor Command Injection (CVE-2023-40504)
LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the readVideoInfo method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19953.
CVSS 9.8
CVE-2024-4548 METASPLOIT CRITICAL ruby WORKING POC
DIAEnergie SQL Injection (CVE-2024-4548)
An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field.
CVSS 9.8
CVE-2024-47407 METASPLOIT CRITICAL ruby WORKING POC
mySCADA myPRO Manager Unauthenticated Command Injection (CVE-2024-47407)
A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands.
CVSS 10.0
CVE-2023-28384 METASPLOIT HIGH ruby WORKING POC
mySCADA MyPRO Authenticated Command Injection (CVE-2023-28384)
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.
CVSS 8.8
CVE-2024-43425 METASPLOIT HIGH ruby WORKING POC
Moodle Remote Code Execution (CVE-2024-43425)
A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions.
CVSS 8.1
CVE-2024-9464 METASPLOIT MEDIUM ruby WORKING POC
Palo Alto Networks Expedition 1.2.0-1.2.95 - Authenticated OS Command Injection
An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
CVSS 6.5
CVE-2024-31214 METASPLOIT CRITICAL ruby WORKING POC
Traccar 5.1-5.12 - Unauthenticated Arbitrary File Upload via Device Image API
Traccar is an open source GPS tracking system. Traccar versions 5.1 through 5.12 allow arbitrary files to be uploaded through the device image upload API. Attackers have full control over the file contents, full control over the directory where the file is stored, full control over the file extension, and partial control over the file name. While it's not for an attacker to overwrite an existing file, an attacker can create new files with certain names and attacker-controlled extensions anywhere on the file system. This can potentially lead to remote code execution, XSS, DOS, etc. The default install of Traccar makes this vulnerability more severe. Self-registration is enabled by default, allowing anyone to create an account to exploit this vulnerability. Traccar also runs by default with root/system privileges, allowing files to be placed anywhere on the file system. Version 6.0 contains a fix for the issue. One may also turn off self-registration by default, as that would make most vulnerabilities in the application much harder to exploit by default and reduce the severity considerably.
CVSS 9.6