Mohin Paramasivam (Shad0wQu35t)

8 exploits Active since Jul 2019
CVE-2019-14287 NOMISEC HIGH WORKING POC
Sudo <1.8.28 - Privilege Escalation
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
1 stars
CVSS 8.8
CVE-2018-19571 NOMISEC HIGH WORKING POC
GitLab CE/EE <11.3.11-11.5.1 - SSRF
GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.
CVSS 7.7
EIP-2026-114684 EXPLOITDB python WORKING POC
Sentry 8.2.0 - Remote Code Execution (RCE) (Authenticated)
EIP-2026-114104 EXPLOITDB python WORKING POC
WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection (2)
CVE-2023-27350 EXPLOITDB CRITICAL python WORKING POC
Papercut MF < 20.1.7 - Improper Access Control
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
CVSS 9.8
CVE-2019-14287 EXPLOITDB HIGH python WORKING POC
Sudo <1.8.28 - Privilege Escalation
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
CVSS 8.8
EIP-2026-102787 EXPLOITDB bash WORKING POC
Bash 5.0 Patch 11 - SUID Priv Drop Exploit
CVE-2019-20085 EXPLOITDB HIGH python WORKING POC
TVT Nvms-1000 Firmware - Path Traversal
TVT NVMS-1000 devices allow GET /.. Directory Traversal
CVSS 7.5