Milton Valencia (wetw0rk)

6 exploits Active since Oct 2017
CVE-2022-24706 METASPLOIT CRITICAL ruby WORKING POC
Apache Couchdb Erlang RCE
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
CVSS 9.8
CVE-2020-24719 METASPLOIT CRITICAL ruby WORKING POC
Couchbase Server 6.5.1 - Remote Command Execution via Exposed Erlang Cookie
Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlang node and run OS level commands on the system running the Erlang node. Affects version: 6.5.1. Fix version: 6.6.0.
CVSS 9.8
CVE-2017-14980 METASPLOIT CRITICAL ruby WORKING POC
Flexense Syncbreeze - Memory Corruption
Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attackers to have unspecified impact via a long username parameter to /login.
CVSS 9.8
EIP-2026-103898 EXPLOITDB ruby WORKING POC
Erlang - Port Mapper Daemon Cookie Remote Code Execution (Metasploit)
EIP-2026-103899 EXPLOITDB ruby WORKING POC
Erlang - Port Mapper Daemon Cookie Remote Code Execution (Metasploit)
EIP-2026-103900 EXPLOITDB python WORKING POC
Erlang Cookie - Remote Code Execution