Michele 'cyberaz0r' Di Bonaventura

9 exploits Active since Dec 2023
CVE-2023-46454 NOMISEC CRITICAL WORKING POC
GL.iNET GL-AR300M <4.3.7 - Command Injection
In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality.
3 stars
CVSS 9.8
CVE-2024-35539 GITHUB MEDIUM go WORKING POC
Typecho - Authentication Bypass by Spoofing
Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. This vulnerability allows attackers to post several comments before the spam protection checks if the comments are posted too frequently.
1 stars
CVSS 6.5
CVE-2024-35540 GITHUB CRITICAL go WORKING POC
Typecho < 1.2.1 - XSS
A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
1 stars
CVSS 9.0
CVE-2024-35538 NOMISEC MEDIUM WORKING POC
Typecho - HTTP Request Smuggling
Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.
1 stars
CVSS 5.3
CVE-2024-35540 EXPLOITDB CRITICAL go WORKING POC
Typecho < 1.2.1 - XSS
A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS 9.0
CVE-2024-35539 EXPLOITDB MEDIUM go WORKING POC
Typecho - Authentication Bypass by Spoofing
Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. This vulnerability allows attackers to post several comments before the spam protection checks if the comments are posted too frequently.
CVSS 6.5
CVE-2023-46456 EXPLOITDB CRITICAL python WORKING POC
GL.iNET GL-AR300M <3.216 - Command Injection
In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality.
CVSS 9.8
CVE-2023-46454 EXPLOITDB CRITICAL python WORKING POC
GL.iNET GL-AR300M <4.3.7 - Command Injection
In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality.
CVSS 9.8
CVE-2023-46455 EXPLOITDB HIGH python WORKING POC
GL.iNET GL-AR300M <4.3.7 - Path Traversal
In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality.
CVSS 7.5