Nikolay Ermishkin

6 exploits Active since May 2016
CVE-2016-3717 EXPLOITDB MEDIUM text WORKING POC
ImageMagick <6.9.3-10, <7.0.1-1 - Info Disclosure
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
CVSS 5.5
CVE-2016-3716 EXPLOITDB LOW text WORKING POC
ImageMagick <7.0.1-1 - Path Traversal
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
CVSS 3.3
CVE-2016-3715 EXPLOITDB MEDIUM text WORKING POC
ImageMagick <6.9.3-10, <7.0.1-1 - RCE
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
CVSS 5.5
CVE-2016-3714 EXPLOITDB HIGH text WORKING POC
ImageMagick <6.9.3-10 & <7.0.1-1 - RCE
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
CVSS 8.4
CVE-2016-3714 EXPLOITDB HIGH ruby WORKING POC
ImageMagick <6.9.3-10 & <7.0.1-1 - RCE
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
CVSS 8.4
CVE-2016-3718 EXPLOITDB MEDIUM text WORKING POC
ImageMagick <6.9.3-10, <7.0.1-1 - SSRF
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
CVSS 5.5