Narendra Shinde

15 exploits Active since Jul 2011
CVE-2018-14665 NOMISEC MEDIUM WORKING POC
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
17 stars
CVSS 6.6
CVE-2018-14665 METASPLOIT MEDIUM ruby WORKING POC
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
CVSS 6.6
CVE-2018-14665 METASPLOIT MEDIUM ruby WORKING POC
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
CVSS 6.6
CVE-2018-14665 METASPLOIT MEDIUM ruby WORKING POC
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
CVSS 6.6
EIP-2026-119408 EXPLOITDB text WRITEUP
NetSaro Enterprise Messenger 2.0 - Multiple Vulnerabilities
CVE-2018-14665 EXPLOITDB MEDIUM ruby WORKING POC
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
CVSS 6.6
EIP-2026-110332 EXPLOITDB text WORKING POC
OpenX Ad Server 2.8.7 - Cross-Site Request Forgery
CVE-2014-8690 EXPLOITDB text WRITEUP
Exponent CMS < 2.1.4, 2.2.x < 2.2.3, 2.3.x < 2.3.1 - Cross-Site Scripting via PATH_INFO or User Profile Fields
Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) src parameter in a none action to index.php, or the (3) "First Name" or (4) "Last Name" field to users/edituser.
EIP-2026-104328 EXPLOITDB text WRITEUP
ManageEngine ServiceDesk Plus 8.0.0 Build 8013 - Improper User Privileges
CVE-2018-14665 EXPLOITDB MEDIUM ruby WORKING POC
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
CVSS 6.6
EIP-2026-102500 EXPLOITDB text WRITEUP
ManageEngine ServiceDesk Plus 8.0 Build 8013 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2012-1417 EXPLOITDB text WRITEUP
Yealink VOIP Phones - Authenticated Stored Cross-Site Scripting via User Field
Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.
CVE-2011-2522 EXPLOITDB text WORKING POC
Samba 3.x < 3.5.10 - Cross-Site Request Forgery in SWAT
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
CVE-2012-0389 EXPLOITDB text WORKING POC
MailEnable < 4.26, 5.x < 5.53, 6.x < 6.03 - Cross-Site Scripting via ForgottenPassword.aspx Username Parameter
Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter.
CVE-2018-14665 EXPLOITDB MEDIUM perl WORKING POC
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
CVSS 6.6